Virenmeldung- hier die Logs

T203004 · 18.07.2012, 20:00

Hallo,
bei meinem letzten Standardscan von Avira kamen leider ein paar Meldungen und ich sollte etwas in Quarantäne verschieben. Habe daher anschließend ein paar Scans mit den hier empfohlenen Programmen durchgeführt und würde mich über eine Auswertung der Logs freuen. Vielen Dank!

OTL-Log ist im Anhang, Malewarebytes findet nichts.

Hier der ESET-Log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dcfba92e6655b24c8e9eafbd16580a98
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-18 06:28:06
# local_time=2012-07-18 08:28:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 22363067 22363067 0 0
# compatibility_mode=5893 16776573 100 94 27081 94255845 0 0
# compatibility_mode=8192 67108863 100 0 188 188 0 0
# scanned=176064
# found=0
# cleaned=0
# scan_time=10090

cosinus · 23.07.2012, 08:44

Zitat:

bei meinem letzten Standardscan von Avira kamen leider ein paar Meldungen und ich sollte etwas in Quarantäne verschieben.

Und wo sind die Logs von Avira?!

T203004 · 26.07.2012, 23:17

Hallo, danke für deine Antwort. Der Log von Avira ist hier:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 18. Juli 2012 04:09

Es wird nach 3866964 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : SONYVAIO

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 13.05.2012 07:47:04
AVSCAN.DLL : 12.3.0.15 66256 Bytes 13.05.2012 07:47:04
LUKE.DLL : 12.3.0.15 68304 Bytes 13.05.2012 07:47:04
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 13.05.2012 07:47:05
AVREG.DLL : 12.3.0.17 232200 Bytes 13.05.2012 07:47:05
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 02:06:47
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 22:23:35
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:47:19
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 17:24:15
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 17:24:15
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 17:24:18
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 17:24:18
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 17:24:19
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 17:24:19
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 17:24:20
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 17:24:20
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 17:24:21
VBASE014.VDF : 7.11.34.201 169472 Bytes 02.07.2012 16:05:03
VBASE015.VDF : 7.11.35.19 122368 Bytes 04.07.2012 16:05:06
VBASE016.VDF : 7.11.35.87 146944 Bytes 06.07.2012 16:05:10
VBASE017.VDF : 7.11.35.143 126464 Bytes 09.07.2012 16:05:06
VBASE018.VDF : 7.11.35.235 151552 Bytes 12.07.2012 16:05:13
VBASE019.VDF : 7.11.35.236 2048 Bytes 12.07.2012 16:05:15
VBASE020.VDF : 7.11.35.237 2048 Bytes 12.07.2012 16:05:17
VBASE021.VDF : 7.11.35.238 2048 Bytes 12.07.2012 16:05:18
VBASE022.VDF : 7.11.35.239 2048 Bytes 12.07.2012 16:05:18
VBASE023.VDF : 7.11.35.240 2048 Bytes 12.07.2012 16:05:21
VBASE024.VDF : 7.11.35.241 2048 Bytes 12.07.2012 16:05:21
VBASE025.VDF : 7.11.35.242 2048 Bytes 12.07.2012 16:05:25
VBASE026.VDF : 7.11.35.243 2048 Bytes 12.07.2012 16:05:25
VBASE027.VDF : 7.11.35.244 2048 Bytes 12.07.2012 16:05:26
VBASE028.VDF : 7.11.35.245 2048 Bytes 12.07.2012 16:05:27
VBASE029.VDF : 7.11.35.246 2048 Bytes 12.07.2012 16:05:28
VBASE030.VDF : 7.11.35.247 2048 Bytes 12.07.2012 16:05:30
VBASE031.VDF : 7.11.36.10 69632 Bytes 12.07.2012 16:06:19
Engineversion : 8.2.10.110
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 16:07:18
AESCRIPT.DLL : 8.1.4.32 455034 Bytes 08.07.2012 16:06:03
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 15:47:17
AESBX.DLL : 8.2.5.12 606578 Bytes 01.07.2012 17:25:06
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06
AEPACK.DLL : 8.3.0.12 807286 Bytes 10.07.2012 16:07:01
AEOFFICE.DLL : 8.1.2.40 201082 Bytes 01.07.2012 17:25:00
AEHEUR.DLL : 8.1.4.64 5009782 Bytes 08.07.2012 16:06:00
AEHELP.DLL : 8.1.23.2 258422 Bytes 01.07.2012 17:24:42
AEGEN.DLL : 8.1.5.32 434548 Bytes 08.07.2012 16:05:26
AEEXP.DLL : 8.1.0.62 86389 Bytes 11.07.2012 16:04:52
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 16:05:48
AECORE.DLL : 8.1.27.2 201078 Bytes 10.07.2012 16:05:38
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 13.05.2012 07:47:03
AVPREF.DLL : 12.3.0.15 51920 Bytes 13.05.2012 07:47:04
AVREP.DLL : 12.3.0.15 179208 Bytes 13.05.2012 07:47:05
AVARKT.DLL : 12.3.0.15 211408 Bytes 13.05.2012 07:47:04
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 13.05.2012 07:47:04
SQLITE3.DLL : 3.7.0.1 398288 Bytes 13.05.2012 07:47:04
AVSMTP.DLL : 12.3.0.15 63440 Bytes 13.05.2012 07:47:04
NETNT.DLL : 12.3.0.15 17104 Bytes 13.05.2012 07:47:04
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 13.05.2012 07:47:03
RCTEXT.DLL : 12.3.0.15 98512 Bytes 13.05.2012 07:47:03

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\alldrives.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, G:, D:, E:, F:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Mittwoch, 18. Juli 2012 04:09

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'G:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Im Laufwerk 'D:\' ist kein Datenträger eingelegt!
Bootsektor 'E:\'
[INFO] Im Laufwerk 'E:\' ist kein Datenträger eingelegt!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'update.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerInstaller.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avnotify.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'updrgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'update.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NclMSBTSrvEx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'listener.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ServiceLayer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NokiaSuite.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BluetoothHeadsetProxy.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'uCamMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMBDeviceInfoProvider.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPLaserJetService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NitroPDFPrinterMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MarketingTools.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMBVolumeWatcher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VoipBuster.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2214' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Program Files\WinRAR\rarnew.dat
[WARNUNG] Das Archiv ist unbekannt oder defekt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Adviva-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\BurstMedia-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0001.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0001.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0001.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\FastClick-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0001.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Log-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Log-0001.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Macromedia.FlashPlayer.Cookies-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MediaPlex-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectInput-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Management Console-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Right Media-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Statcounter-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Tradedoubler-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\WebTrends live-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0001.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\WinRAR-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Zedo-0000.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\jimmythebob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\21661e10-7df0bbd1
[0] Archivtyp: ZIP
--> Atomic.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.CJ
--> Homi.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.A.197
--> Kook.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.AR
--> Lmpo.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2008-5353.AM
--> Oinc.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Treams.BO
--> Sinaval.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Treams.BP
--> Third.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.A.191
Beginne mit der Suche in 'G:\' <Volume>
Beginne mit der Suche in 'D:\'
Beginne mit der Suche in 'E:\'
Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'F:\'
Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.

Beginne mit der Desinfektion:
C:\Users\jimmythebob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\21661e10-7df0bbd1
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.CJ
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5504d8ca.qua' verschoben!

Ende des Suchlaufs: Mittwoch, 18. Juli 2012 10:46
Benötigte Zeit: 6:36:42 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

31866 Verzeichnisse wurden überprüft
643358 Dateien wurden geprüft
8 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
643350 Dateien ohne Befall
3713 Archive wurden durchsucht
34 Warnungen
1 Hinweise

cosinus · 27.07.2012, 08:27

Bitte auch alles von Malwarebytes posten
Die Logs enthalten ein paar mehr Infos als nur Fund oder kein Fund.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

T203004 · 27.07.2012, 11:23

Hallo, hier ist der Log vom Quick Scan vom 18.7.
Heute habe ich einen vollständigen Suchlauf gemacht, das Log ist weiter unten.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
jimmythebob :: SONYVAIO [Administrator]

Schutz: Aktiviert

18.07.2012 17:26:59
mbam-log-2012-07-18 (17-26-59).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 216746
Laufzeit: 6 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.27.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
jimmythebob :: SONYVAIO [Administrator]

Schutz: Aktiviert

27.07.2012 11:02:59
mbam-log-2012-07-27 (11-02-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 351856
Laufzeit: 1 Stunde(n), 7 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 27.07.2012, 13:33

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

T203004 · 27.07.2012, 17:08

Super, danke für deine Hilfe. Hier die Logdatei:

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/27/2012 at 18:07:10
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : jimmythebob - SONYVAIO
# Running from : C:\Users\jimmythebob\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Software
[x64] Key Found : HKCU\Software\Softonic

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

Profile name : default 
File : C:\Users\jimmythebob\AppData\Roaming\Mozilla\Firefox\Profiles\54qofvpe.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1274 octets] - [27/07/2012 18:07:10]

########## EOF - C:\AdwCleaner[R1].txt - [1402 octets] ##########

cosinus · 27.07.2012, 20:56

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

T203004 · 27.07.2012, 21:58

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/27/2012 at 22:55:53
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : jimmythebob - SONYVAIO
# Running from : C:\Users\jimmythebob\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

Profile name : default 
File : C:\Users\jimmythebob\AppData\Roaming\Mozilla\Firefox\Profiles\54qofvpe.default\prefs.js

[OK] File is clean.

*************************

cosinus · 27.07.2012, 22:41

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

T203004 · 27.07.2012, 23:35

Hallo,
der normale Modus funktioniert einwandfrei.

Ich habe im Startmenü z.B. den Ordner "Programme", welcher leer ist, dafür sind aber alle Programme einzeln im Startmenü vorhanden. Das stört mich nicht und ist auch schon länger so (s. meine älteren Beiträge hier im Forum). Ich merke keine Probleme am PC, wurde halt nur durch die Meldung von Avira misstrauisch.

cosinus · 27.07.2012, 23:43

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

T203004 · 28.07.2012, 00:27

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.07.2012 01:09:13 - Run 4
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\jimmythebob\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 63,65% Memory free
7,84 Gb Paging File | 5,93 Gb Available in Paging File | 75,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 161,29 Gb Total Space | 91,60 Gb Free Space | 56,79% Space Free | Partition Type: NTFS
Drive D: | 951,94 Mb Total Space | 951,88 Mb Free Space | 99,99% Space Free | Partition Type: FAT
Drive G: | 126,89 Gb Total Space | 83,78 Gb Free Space | 66,03% Space Free | Partition Type: NTFS
 
Computer Name: SONYVAIO | User Name: jimmythebob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.28 01:07:12 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\jimmythebob\Downloads\OTL(4).exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.13 09:47:04 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.13 09:47:04 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.13 09:47:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011.01.29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010.10.23 21:25:09 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe
PRC - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
PRC - [2010.05.06 03:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.01.21 20:31:32 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
PRC - [2009.11.30 19:20:00 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
PRC - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe
PRC - [2009.09.04 23:35:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.08.26 19:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
PRC - [2009.05.14 12:12:40 | 000,209,216 | ---- | M] () -- C:\Program Files (x86)\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.05.14 12:12:40 | 000,209,216 | ---- | M] () -- C:\Program Files (x86)\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
MOD - [2008.12.12 16:48:50 | 000,507,904 | ---- | M] () -- C:\Program Files (x86)\Common Files\BCL Technologies\NitroPDF6\bepprint.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.02.08 00:52:50 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2012.01.13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011.05.19 20:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011.02.18 23:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2011.01.20 13:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010.10.25 18:55:26 | 000,387,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2010.08.11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2010.04.07 15:04:24 | 000,127,800 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2009.11.30 19:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009.09.04 23:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.07.27 01:02:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.19 14:49:59 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.13 09:47:04 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.13 09:47:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.22 07:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.01.20 13:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010.10.12 16:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010.09.27 16:13:26 | 000,074,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2010.09.10 09:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010.09.10 09:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.05.06 03:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.08.31 01:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.08.31 01:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.24 10:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.13 09:47:05 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.13 09:47:05 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.22 07:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.09 11:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.01.09 11:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.01.09 11:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.01.09 11:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.10.11 16:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.06.22 04:51:14 | 000,035,840 | ---- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010.05.06 03:46:36 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2010.03.06 01:41:05 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.18 22:07:14 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.11.18 22:07:13 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.11.18 22:07:13 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.11.18 22:07:12 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.18 22:06:44 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.11.12 22:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.11.12 22:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.11.12 22:05:01 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.11.11 22:05:13 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.11.06 22:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009.10.27 22:06:59 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.15 22:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009.08.19 22:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.08.05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.05.20 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\..\SearchScopes,DefaultScope = {1661D042-EE5F-4896-863D-6056F542E24F}
IE - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\..\SearchScopes\{03C86783-9293-4E7A-8AC3-AEF83F45BD7D}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\..\SearchScopes\{1661D042-EE5F-4896-863D-6056F542E24F}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
IE - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\..\SearchScopes\{6029794D-EE94-4045-A89C-1A7071EE8645}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\..\SearchScopes\{E9FD1855-39B6-4E54-AA2E-6F34B97BAB09}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {899DF1F8-2F43-4394-8315-37F6744E6319}:1.0.8
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.19 14:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 19:50:06 | 000,000,000 | ---D | M]
 
[2010.10.23 23:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jimmythebob\AppData\Roaming\Mozilla\Extensions
[2012.07.12 07:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jimmythebob\AppData\Roaming\Mozilla\Firefox\Profiles\54qofvpe.default\extensions
[2012.06.29 09:42:52 | 000,000,000 | ---D | M] (WÃ¶rterbuch Deutsch (de-DE), Hunspell-unterstÃ¼tzt) -- C:\Users\jimmythebob\AppData\Roaming\Mozilla\Firefox\Profiles\54qofvpe.default\extensions\de_DE@dicts.j3e.de
[2010.11.18 09:52:42 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\jimmythebob\AppData\Roaming\Mozilla\Firefox\Profiles\54qofvpe.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.10.25 23:36:41 | 000,002,036 | ---- | M] () -- C:\Users\jimmythebob\AppData\Roaming\Mozilla\Firefox\Profiles\54qofvpe.default\searchplugins\alle-preise---guenstigerde.xml
[2012.07.27 00:17:35 | 000,002,400 | ---- | M] () -- C:\Users\jimmythebob\AppData\Roaming\Mozilla\Firefox\Profiles\54qofvpe.default\searchplugins\google-deutschland.xml
[2011.10.18 17:47:57 | 000,001,330 | ---- | M] () -- C:\Users\jimmythebob\AppData\Roaming\Mozilla\Firefox\Profiles\54qofvpe.default\searchplugins\wikipedia-en.xml
[2012.05.19 14:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.07.12 07:32:57 | 000,287,803 | ---- | M] () (No name found) -- C:\USERS\JIMMYTHEBOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\54QOFVPE.DEFAULT\EXTENSIONS\{899DF1F8-2F43-4394-8315-37F6744E6319}.XPI
[2012.05.19 14:49:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.11 15:58:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.20 14:51:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.20 14:51:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.20 14:51:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.20 14:51:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.20 14:51:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.20 14:51:12 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.04.02 18:10:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files (x86)\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-21-4072554069-706762954-2387328221-1001..\Run: []  File not found
O4 - HKU\S-1-5-21-4072554069-706762954-2387328221-1001..\Run: [VoipBuster] "C:\Program Files (x86)\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CA2638F-A594-4D24-80BE-A37A7C278809}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F7B8B16-ED6E-472B-A1CB-E39E5D4F0CE5}: NameServer = 202.106.195.68 202.106.46.151
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC1D3BD1-7EF4-4F82-A281-023520EA827B}: NameServer = 202.106.195.68 202.106.46.151
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F080DE39-A95A-4ECD-9EF4-659C412F3AD6}: DhcpNameServer = 202.99.96.68 60.30.102.92
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX:64bit: >{DB562198-3A06-4B5D-86EF-D9ED5AD005BC} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.27 18:21:17 | 000,000,000 | ---D | C] -- C:\Users\jimmythebob\Desktop\Neuer Ordner
[2012.07.27 12:30:19 | 000,000,000 | ---D | C] -- C:\Users\jimmythebob\Desktop\Unterlagen Sonja
[2012.07.18 20:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.07.18 20:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.07.18 17:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.18 17:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.18 17:23:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.18 12:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.07.18 12:00:17 | 000,000,000 | ---D | C] -- C:\Users\jimmythebob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.07.08 15:23:50 | 000,000,000 | ---D | C] -- C:\Users\jimmythebob\Desktop\Peking Juli
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.28 01:10:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.28 01:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.28 00:31:04 | 000,089,016 | ---- | M] () -- C:\test.xml
[2012.07.28 00:28:32 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012.07.27 23:09:23 | 000,014,144 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 23:09:23 | 000,014,144 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 23:05:10 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.27 23:05:10 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.27 23:05:10 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.27 23:05:10 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.27 23:05:10 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.27 22:57:51 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.07.27 22:57:42 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.27 22:56:55 | 3156,807,680 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.18 20:58:36 | 000,010,363 | ---- | M] () -- C:\Users\jimmythebob\Desktop\OTL.rar
[2012.07.18 12:20:24 | 000,452,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.07.18 20:58:36 | 000,010,363 | ---- | C] () -- C:\Users\jimmythebob\Desktop\OTL.rar
[2012.04.02 18:03:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.04.02 18:03:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.04.02 18:03:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.04.02 18:03:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.04.02 18:03:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.02.20 13:21:37 | 000,024,772 | ---- | C] () -- C:\ProgramData\P1100DEF.css
[2012.02.20 13:21:37 | 000,004,271 | ---- | C] () -- C:\ProgramData\P1100OS.HTM
[2012.02.20 13:21:37 | 000,002,944 | ---- | C] () -- C:\ProgramData\P1100SIG.GIF
[2011.01.02 17:28:46 | 000,029,184 | ---- | C] () -- C:\Users\jimmythebob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.23 21:11:57 | 000,001,607 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat
 
========== LOP Check ==========
 
[2012.05.06 18:41:38 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Alle meine Passworte
[2012.02.08 18:05:03 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Downloaded Installations
[2011.11.15 17:38:51 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\elsterformular
[2012.02.07 01:49:42 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Netgear Live Parental Controls
[2012.04.24 11:00:57 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Nitro PDF
[2012.01.20 13:27:45 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Nokia
[2011.06.11 00:33:15 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Nokia Ovi Suite
[2011.11.22 18:08:41 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Nokia Suite
[2011.11.17 13:00:46 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\PC Suite
[2011.03.04 18:47:01 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\S.A.D
[2011.09.25 15:14:11 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\TuneUp Software
[2012.05.04 07:31:35 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\VoipBuster
[2012.06.11 19:33:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.04.07 01:09:46 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Adobe
[2012.05.06 18:41:38 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Alle meine Passworte
[2011.12.31 14:25:51 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Apple Computer
[2010.12.02 23:57:41 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\ArcSoft
[2011.11.02 22:42:40 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Avira
[2012.02.08 18:05:03 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Downloaded Installations
[2011.11.15 17:38:51 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\elsterformular
[2010.10.23 22:51:25 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Google
[2011.09.18 02:46:49 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\HP
[2010.10.23 22:39:25 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Identities
[2010.10.23 23:05:11 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\InstallShield
[2011.01.02 17:08:09 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Intel Corporation
[2010.10.23 22:59:31 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Macromedia
[2011.11.09 00:09:24 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Malwarebytes
[2009.11.20 02:27:16 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Media Center Programs
[2012.04.07 01:09:46 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Microsoft
[2010.10.23 23:14:51 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Mozilla
[2012.02.07 01:49:42 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Netgear Live Parental Controls
[2012.04.24 11:00:57 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Nitro PDF
[2012.01.20 13:27:45 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Nokia
[2011.06.11 00:33:15 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Nokia Ovi Suite
[2011.11.22 18:08:41 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Nokia Suite
[2011.11.17 13:00:46 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\PC Suite
[2011.03.13 13:43:06 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Roxio
[2011.03.04 18:47:01 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\S.A.D
[2012.07.27 00:37:44 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Skype
[2010.10.24 21:14:58 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Sony Corporation
[2011.09.25 15:14:11 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\TuneUp Software
[2012.05.04 07:31:35 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\VoipBuster
[2010.10.24 00:57:19 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.03.30 14:40:45 | 009,812,368 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\jimmythebob\AppData\Roaming\elsterformular\pluginmanager\tmp\install_est11.exe
[2012.03.12 18:14:06 | 008,547,008 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\jimmythebob\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_09_7094_8479.exe
[2012.03.12 18:14:49 | 007,468,376 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\jimmythebob\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_10_7094_8479.exe
[2012.03.12 18:13:17 | 012,362,088 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\jimmythebob\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_7094_8479.exe
[2011.11.14 22:49:31 | 006,489,448 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\jimmythebob\AppData\Roaming\elsterformular\update\ElsterFormular_update-12_3_2_6814p.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
[2009.10.13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

cosinus · 28.07.2012, 21:58

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

T203004 · 29.07.2012, 00:10

Code:

ATTFilter

 01:05:59.0553 4656	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
01:05:59.0626 4656	============================================================
01:05:59.0626 4656	Current date / time: 2012/07/29 01:05:59.0626
01:05:59.0626 4656	SystemInfo:
01:05:59.0627 4656	
01:05:59.0627 4656	OS Version: 6.1.7601 ServicePack: 1.0
01:05:59.0627 4656	Product type: Workstation
01:05:59.0627 4656	ComputerName: SONYVAIO
01:05:59.0627 4656	UserName: jimmythebob
01:05:59.0627 4656	Windows directory: C:\Windows
01:05:59.0627 4656	System windows directory: C:\Windows
01:05:59.0627 4656	Running under WOW64
01:05:59.0627 4656	Processor architecture: Intel x64
01:05:59.0627 4656	Number of processors: 4
01:05:59.0627 4656	Page size: 0x1000
01:05:59.0627 4656	Boot type: Normal boot
01:05:59.0627 4656	============================================================
01:06:00.0470 4656	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:06:00.0475 4656	Drive \Device\Harddisk2\DR2 - Size: 0x3B811E00 (0.93 Gb), SectorSize: 0x200, Cylinders: 0xEE0, SectorsPerTrack: 0x20, TracksPerCylinder: 0x10, Type 'W'
01:06:00.0477 4656	============================================================
01:06:00.0477 4656	\Device\Harddisk0\DR0:
01:06:00.0477 4656	MBR partitions:
01:06:00.0477 4656	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139F000, BlocksNum 0x32000
01:06:00.0477 4656	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13D1000, BlocksNum 0x142942B0
01:06:00.0509 4656	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15666000, BlocksNum 0xFDC8000
01:06:00.0509 4656	\Device\Harddisk2\DR2:
01:06:00.0510 4656	MBR partitions:
01:06:00.0510 4656	============================================================
01:06:00.0570 4656	C: <-> \Device\Harddisk0\DR0\Partition1
01:06:00.0619 4656	G: <-> \Device\Harddisk0\DR0\Partition2
01:06:00.0619 4656	============================================================
01:06:00.0619 4656	Initialize success
01:06:00.0619 4656	============================================================
01:06:49.0587 4944	============================================================
01:06:49.0587 4944	Scan started
01:06:49.0587 4944	Mode: Manual; SigCheck; TDLFS; 
01:06:49.0587 4944	============================================================
01:06:50.0766 4944	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:06:50.0953 4944	1394ohci - ok
01:06:51.0056 4944	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
01:06:51.0109 4944	ACDaemon - ok
01:06:51.0195 4944	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:06:51.0231 4944	ACPI - ok
01:06:51.0301 4944	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:06:51.0383 4944	AcpiPmi - ok
01:06:51.0507 4944	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:06:51.0522 4944	AdobeARMservice - ok
01:06:51.0697 4944	AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:06:51.0718 4944	AdobeFlashPlayerUpdateSvc - ok
01:06:51.0806 4944	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
01:06:51.0842 4944	adp94xx - ok
01:06:51.0909 4944	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
01:06:51.0935 4944	adpahci - ok
01:06:51.0948 4944	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
01:06:51.0966 4944	adpu320 - ok
01:06:52.0015 4944	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
01:06:52.0207 4944	AeLookupSvc - ok
01:06:52.0301 4944	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:06:52.0410 4944	AFD - ok
01:06:52.0467 4944	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:06:52.0494 4944	agp440 - ok
01:06:52.0537 4944	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
01:06:52.0623 4944	ALG - ok
01:06:52.0693 4944	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:06:52.0716 4944	aliide - ok
01:06:52.0726 4944	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:06:52.0746 4944	amdide - ok
01:06:52.0780 4944	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
01:06:52.0851 4944	AmdK8 - ok
01:06:52.0859 4944	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
01:06:52.0909 4944	AmdPPM - ok
01:06:53.0015 4944	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
01:06:53.0038 4944	amdsata - ok
01:06:53.0060 4944	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
01:06:53.0079 4944	amdsbs - ok
01:06:53.0095 4944	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
01:06:53.0108 4944	amdxata - ok
01:06:53.0213 4944	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
01:06:53.0242 4944	AntiVirSchedulerService - ok
01:06:53.0271 4944	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
01:06:53.0287 4944	AntiVirService - ok
01:06:53.0369 4944	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:06:53.0561 4944	AppID - ok
01:06:53.0590 4944	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
01:06:53.0664 4944	AppIDSvc - ok
01:06:53.0754 4944	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
01:06:53.0852 4944	Appinfo - ok
01:06:53.0989 4944	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
01:06:54.0015 4944	arc - ok
01:06:54.0025 4944	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
01:06:54.0039 4944	arcsas - ok
01:06:54.0060 4944	ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
01:06:54.0072 4944	ArcSoftKsUFilter - ok
01:06:54.0098 4944	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:06:54.0173 4944	AsyncMac - ok
01:06:54.0229 4944	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:06:54.0242 4944	atapi - ok
01:06:54.0372 4944	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
01:06:54.0509 4944	athr - ok
01:06:54.0678 4944	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:06:54.0790 4944	AudioEndpointBuilder - ok
01:06:54.0796 4944	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:06:54.0844 4944	AudioSrv - ok
01:06:55.0006 4944	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
01:06:55.0028 4944	avgntflt - ok
01:06:55.0044 4944	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
01:06:55.0066 4944	avipbb - ok
01:06:55.0077 4944	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
01:06:55.0088 4944	avkmgr - ok
01:06:55.0163 4944	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
01:06:55.0287 4944	AxInstSV - ok
01:06:55.0334 4944	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
01:06:55.0423 4944	b06bdrv - ok
01:06:55.0466 4944	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:06:55.0515 4944	b57nd60a - ok
01:06:55.0558 4944	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
01:06:55.0618 4944	BDESVC - ok
01:06:55.0635 4944	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:06:55.0736 4944	Beep - ok
01:06:55.0862 4944	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
01:06:55.0928 4944	BFE - ok
01:06:56.0049 4944	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
01:06:56.0187 4944	BITS - ok
01:06:56.0266 4944	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
01:06:56.0311 4944	blbdrive - ok
01:06:56.0378 4944	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:06:56.0411 4944	bowser - ok
01:06:56.0428 4944	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
01:06:56.0529 4944	BrFiltLo - ok
01:06:56.0542 4944	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
01:06:56.0563 4944	BrFiltUp - ok
01:06:56.0634 4944	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
01:06:56.0692 4944	BridgeMP - ok
01:06:56.0759 4944	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
01:06:56.0837 4944	Browser - ok
01:06:56.0888 4944	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:06:56.0992 4944	Brserid - ok
01:06:56.0999 4944	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:06:57.0044 4944	BrSerWdm - ok
01:06:57.0071 4944	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:06:57.0148 4944	BrUsbMdm - ok
01:06:57.0151 4944	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:06:57.0178 4944	BrUsbSer - ok
01:06:57.0261 4944	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
01:06:57.0348 4944	BthEnum - ok
01:06:57.0391 4944	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:06:57.0445 4944	BTHMODEM - ok
01:06:57.0493 4944	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
01:06:57.0596 4944	BthPan - ok
01:06:57.0711 4944	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
01:06:57.0804 4944	BTHPORT - ok
01:06:57.0839 4944	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
01:06:57.0917 4944	bthserv - ok
01:06:57.0973 4944	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
01:06:58.0033 4944	BTHUSB - ok
01:06:58.0080 4944	btusbflt        (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
01:06:58.0097 4944	btusbflt - ok
01:06:58.0137 4944	btwaudio        (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys
01:06:58.0160 4944	btwaudio - ok
01:06:58.0199 4944	btwavdt         (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
01:06:58.0218 4944	btwavdt - ok
01:06:58.0346 4944	btwdins         (31da517946ffe416442e864592548f8a) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
01:06:58.0376 4944	btwdins - ok
01:06:58.0417 4944	btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
01:06:58.0425 4944	btwl2cap - ok
01:06:58.0450 4944	btwrchid        (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
01:06:58.0461 4944	btwrchid - ok
01:06:58.0538 4944	BVRPMPR5a64     (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
01:06:58.0554 4944	BVRPMPR5a64 - ok
01:06:58.0581 4944	catchme - ok
01:06:58.0618 4944	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:06:58.0700 4944	cdfs - ok
01:06:58.0785 4944	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
01:06:58.0837 4944	cdrom - ok
01:06:58.0922 4944	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:06:59.0032 4944	CertPropSvc - ok
01:06:59.0077 4944	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
01:06:59.0112 4944	circlass - ok
01:06:59.0175 4944	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:06:59.0212 4944	CLFS - ok
01:06:59.0284 4944	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:06:59.0306 4944	clr_optimization_v2.0.50727_32 - ok
01:06:59.0352 4944	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:06:59.0375 4944	clr_optimization_v2.0.50727_64 - ok
01:06:59.0425 4944	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:06:59.0447 4944	clr_optimization_v4.0.30319_32 - ok
01:06:59.0476 4944	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:06:59.0489 4944	clr_optimization_v4.0.30319_64 - ok
01:06:59.0543 4944	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
01:06:59.0606 4944	CmBatt - ok
01:06:59.0669 4944	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:06:59.0690 4944	cmdide - ok
01:06:59.0767 4944	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
01:06:59.0822 4944	CNG - ok
01:06:59.0859 4944	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
01:06:59.0874 4944	Compbatt - ok
01:06:59.0989 4944	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:07:00.0048 4944	CompositeBus - ok
01:07:00.0075 4944	COMSysApp - ok
01:07:00.0098 4944	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
01:07:00.0113 4944	crcdisk - ok
01:07:00.0182 4944	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
01:07:00.0260 4944	CryptSvc - ok
01:07:00.0340 4944	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:07:00.0438 4944	DcomLaunch - ok
01:07:00.0483 4944	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
01:07:00.0576 4944	defragsvc - ok
01:07:00.0660 4944	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:07:00.0743 4944	DfsC - ok
01:07:00.0834 4944	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
01:07:00.0897 4944	Dhcp - ok
01:07:00.0981 4944	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:07:01.0040 4944	discache - ok
01:07:01.0080 4944	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
01:07:01.0108 4944	Disk - ok
01:07:01.0175 4944	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
01:07:01.0244 4944	Dnscache - ok
01:07:01.0301 4944	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
01:07:01.0392 4944	dot3svc - ok
01:07:01.0444 4944	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
01:07:01.0542 4944	DPS - ok
01:07:01.0589 4944	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:07:01.0609 4944	drmkaud - ok
01:07:01.0707 4944	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:07:01.0752 4944	DXGKrnl - ok
01:07:01.0787 4944	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
01:07:01.0885 4944	EapHost - ok
01:07:02.0182 4944	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
01:07:02.0291 4944	ebdrv - ok
01:07:02.0425 4944	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
01:07:02.0468 4944	EFS - ok
01:07:02.0597 4944	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
01:07:02.0716 4944	ehRecvr - ok
01:07:02.0737 4944	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
01:07:02.0807 4944	ehSched - ok
01:07:02.0884 4944	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
01:07:02.0918 4944	elxstor - ok
01:07:02.0965 4944	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:07:03.0056 4944	ErrDev - ok
01:07:03.0120 4944	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
01:07:03.0210 4944	EventSystem - ok
01:07:03.0264 4944	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:07:03.0320 4944	exfat - ok
01:07:03.0347 4944	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:07:03.0419 4944	fastfat - ok
01:07:03.0537 4944	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
01:07:03.0640 4944	Fax - ok
01:07:03.0659 4944	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
01:07:03.0715 4944	fdc - ok
01:07:03.0765 4944	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
01:07:03.0851 4944	fdPHost - ok
01:07:03.0872 4944	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
01:07:03.0932 4944	FDResPub - ok
01:07:03.0987 4944	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:07:04.0014 4944	FileInfo - ok
01:07:04.0032 4944	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:07:04.0102 4944	Filetrace - ok
01:07:04.0127 4944	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
01:07:04.0166 4944	flpydisk - ok
01:07:04.0225 4944	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:07:04.0259 4944	FltMgr - ok
01:07:04.0370 4944	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
01:07:04.0485 4944	FontCache - ok
01:07:04.0574 4944	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:07:04.0594 4944	FontCache3.0.0.0 - ok
01:07:04.0643 4944	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:07:04.0666 4944	FsDepends - ok
01:07:04.0727 4944	fssfltr         (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
01:07:04.0746 4944	fssfltr - ok
01:07:04.0878 4944	fsssvc          (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
01:07:04.0921 4944	fsssvc - ok
01:07:05.0000 4944	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
01:07:05.0021 4944	Fs_Rec - ok
01:07:05.0091 4944	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:07:05.0128 4944	fvevol - ok
01:07:05.0174 4944	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
01:07:05.0189 4944	gagp30kx - ok
01:07:05.0274 4944	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
01:07:05.0360 4944	gpsvc - ok
01:07:05.0526 4944	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:07:05.0543 4944	gupdate - ok
01:07:05.0563 4944	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:07:05.0574 4944	gupdatem - ok
01:07:05.0602 4944	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:07:05.0666 4944	hcw85cir - ok
01:07:05.0763 4944	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:07:05.0800 4944	HdAudAddService - ok
01:07:05.0838 4944	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
01:07:05.0880 4944	HDAudBus - ok
01:07:05.0982 4944	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
01:07:06.0031 4944	HidBatt - ok
01:07:06.0068 4944	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
01:07:06.0121 4944	HidBth - ok
01:07:06.0154 4944	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
01:07:06.0205 4944	HidIr - ok
01:07:06.0249 4944	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
01:07:06.0341 4944	hidserv - ok
01:07:06.0395 4944	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
01:07:06.0420 4944	HidUsb - ok
01:07:06.0487 4944	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
01:07:06.0582 4944	hkmsvc - ok
01:07:06.0636 4944	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
01:07:06.0712 4944	HomeGroupListener - ok
01:07:06.0778 4944	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
01:07:06.0833 4944	HomeGroupProvider - ok
01:07:06.0943 4944	HP LaserJet Service (53dca61931847e35c950504bfb7559c6) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
01:07:06.0999 4944	HP LaserJet Service ( UnsignedFile.Multi.Generic ) - warning
01:07:06.0999 4944	HP LaserJet Service - detected UnsignedFile.Multi.Generic (1)
01:07:07.0079 4944	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:07:07.0107 4944	HpSAMD - ok
01:07:07.0164 4944	HPSIService     (5a539a3cbd6ec1609d5333b486d5f74c) C:\Windows\system32\HPSIsvc.exe
01:07:07.0188 4944	HPSIService - ok
01:07:07.0286 4944	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:07:07.0398 4944	HTTP - ok
01:07:07.0435 4944	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:07:07.0459 4944	hwpolicy - ok
01:07:07.0519 4944	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
01:07:07.0537 4944	i8042prt - ok
01:07:07.0617 4944	iaStor          (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
01:07:07.0644 4944	iaStor - ok
01:07:07.0730 4944	IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
01:07:07.0748 4944	IAStorDataMgrSvc - ok
01:07:07.0840 4944	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:07:07.0885 4944	iaStorV - ok
01:07:08.0082 4944	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:07:08.0133 4944	idsvc - ok
01:07:08.0179 4944	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
01:07:08.0193 4944	iirsp - ok
01:07:08.0295 4944	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
01:07:08.0390 4944	IKEEXT - ok
01:07:08.0446 4944	Impcd           (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\drivers\Impcd.sys
01:07:08.0512 4944	Impcd - ok
01:07:08.0745 4944	IntcAzAudAddService (5f35fe198ee7818221414776f8413ab0) C:\Windows\system32\drivers\RTKVHD64.sys
01:07:08.0834 4944	IntcAzAudAddService - ok
01:07:09.0022 4944	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:07:09.0043 4944	intelide - ok
01:07:09.0085 4944	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:07:09.0128 4944	intelppm - ok
01:07:09.0178 4944	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
01:07:09.0257 4944	IPBusEnum - ok
01:07:09.0334 4944	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:07:09.0387 4944	IpFilterDriver - ok
01:07:09.0486 4944	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
01:07:09.0549 4944	iphlpsvc - ok
01:07:09.0591 4944	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:07:09.0644 4944	IPMIDRV - ok
01:07:09.0693 4944	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:07:09.0775 4944	IPNAT - ok
01:07:09.0804 4944	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:07:09.0935 4944	IRENUM - ok
01:07:10.0037 4944	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:07:10.0059 4944	isapnp - ok
01:07:10.0116 4944	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:07:10.0141 4944	iScsiPrt - ok
01:07:10.0168 4944	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
01:07:10.0182 4944	kbdclass - ok
01:07:10.0210 4944	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
01:07:10.0254 4944	kbdhid - ok
01:07:10.0327 4944	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:07:10.0349 4944	KeyIso - ok
01:07:10.0393 4944	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
01:07:10.0415 4944	KSecDD - ok
01:07:10.0438 4944	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
01:07:10.0460 4944	KSecPkg - ok
01:07:10.0476 4944	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:07:10.0560 4944	ksthunk - ok
01:07:10.0613 4944	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
01:07:10.0698 4944	KtmRm - ok
01:07:10.0762 4944	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
01:07:10.0858 4944	LanmanServer - ok
01:07:10.0908 4944	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
01:07:11.0032 4944	LanmanWorkstation - ok
01:07:11.0078 4944	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:07:11.0150 4944	lltdio - ok
01:07:11.0206 4944	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
01:07:11.0279 4944	lltdsvc - ok
01:07:11.0316 4944	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
01:07:11.0358 4944	lmhosts - ok
01:07:11.0389 4944	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
01:07:11.0404 4944	LSI_FC - ok
01:07:11.0420 4944	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
01:07:11.0434 4944	LSI_SAS - ok
01:07:11.0441 4944	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
01:07:11.0454 4944	LSI_SAS2 - ok
01:07:11.0462 4944	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
01:07:11.0476 4944	LSI_SCSI - ok
01:07:11.0492 4944	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:07:11.0536 4944	luafv - ok
01:07:11.0611 4944	MBAMProtector   (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
01:07:11.0637 4944	MBAMProtector - ok
01:07:11.0751 4944	MBAMService     (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:07:11.0792 4944	MBAMService - ok
01:07:11.0847 4944	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
01:07:11.0898 4944	Mcx2Svc - ok
01:07:11.0959 4944	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
01:07:11.0981 4944	megasas - ok
01:07:12.0006 4944	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
01:07:12.0027 4944	MegaSR - ok
01:07:12.0058 4944	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:07:12.0140 4944	MMCSS - ok
01:07:12.0168 4944	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:07:12.0233 4944	Modem - ok
01:07:12.0273 4944	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:07:12.0327 4944	monitor - ok
01:07:12.0419 4944	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
01:07:12.0440 4944	mouclass - ok
01:07:12.0485 4944	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
01:07:12.0533 4944	mouhid - ok
01:07:12.0571 4944	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:07:12.0592 4944	mountmgr - ok
01:07:12.0703 4944	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:07:12.0725 4944	MozillaMaintenance - ok
01:07:12.0779 4944	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:07:12.0804 4944	mpio - ok
01:07:12.0840 4944	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:07:12.0896 4944	mpsdrv - ok
01:07:13.0016 4944	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
01:07:13.0113 4944	MpsSvc - ok
01:07:13.0156 4944	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:07:13.0179 4944	MRxDAV - ok
01:07:13.0233 4944	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:07:13.0312 4944	mrxsmb - ok
01:07:13.0365 4944	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:07:13.0401 4944	mrxsmb10 - ok
01:07:13.0425 4944	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:07:13.0438 4944	mrxsmb20 - ok
01:07:13.0495 4944	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:07:13.0516 4944	msahci - ok
01:07:13.0579 4944	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:07:13.0607 4944	msdsm - ok
01:07:13.0677 4944	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
01:07:13.0723 4944	MSDTC - ok
01:07:13.0767 4944	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:07:13.0826 4944	Msfs - ok
01:07:13.0845 4944	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:07:13.0911 4944	mshidkmdf - ok
01:07:13.0951 4944	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:07:13.0977 4944	msisadrv - ok
01:07:14.0007 4944	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
01:07:14.0082 4944	MSiSCSI - ok
01:07:14.0085 4944	msiserver - ok
01:07:14.0133 4944	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:07:14.0207 4944	MSKSSRV - ok
01:07:14.0231 4944	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:07:14.0315 4944	MSPCLOCK - ok
01:07:14.0318 4944	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:07:14.0372 4944	MSPQM - ok
01:07:14.0433 4944	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:07:14.0459 4944	MsRPC - ok
01:07:14.0504 4944	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:07:14.0517 4944	mssmbios - ok
01:07:14.0536 4944	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:07:14.0601 4944	MSTEE - ok
01:07:14.0627 4944	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
01:07:14.0641 4944	MTConfig - ok
01:07:14.0658 4944	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:07:14.0672 4944	Mup - ok
01:07:14.0731 4944	mvusbews        (8fa52b6049596fe2fdbc8a5e8b14ebfc) C:\Windows\system32\Drivers\mvusbews.sys
01:07:14.0758 4944	mvusbews - ok
01:07:14.0831 4944	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
01:07:14.0936 4944	napagent - ok
01:07:15.0025 4944	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:07:15.0085 4944	NativeWifiP - ok
01:07:15.0204 4944	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:07:15.0249 4944	NDIS - ok
01:07:15.0272 4944	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:07:15.0351 4944	NdisCap - ok
01:07:15.0386 4944	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:07:15.0471 4944	NdisTapi - ok
01:07:15.0553 4944	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:07:15.0644 4944	Ndisuio - ok
01:07:15.0693 4944	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:07:15.0764 4944	NdisWan - ok
01:07:15.0816 4944	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:07:15.0893 4944	NDProxy - ok
01:07:15.0968 4944	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:07:16.0057 4944	NetBIOS - ok
01:07:16.0109 4944	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:07:16.0213 4944	NetBT - ok
01:07:16.0260 4944	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:07:16.0286 4944	Netlogon - ok
01:07:16.0345 4944	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
01:07:16.0428 4944	Netman - ok
01:07:16.0481 4944	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
01:07:16.0577 4944	netprofm - ok
01:07:16.0648 4944	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:07:16.0673 4944	NetTcpPortSharing - ok
01:07:16.0717 4944	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
01:07:16.0733 4944	nfrd960 - ok
01:07:16.0910 4944	NitroReaderDriverReadSpool2 (f8aa2483aa9134b4a75efa9e9b240802) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
01:07:16.0943 4944	NitroReaderDriverReadSpool2 - ok
01:07:17.0041 4944	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
01:07:17.0135 4944	NlaSvc - ok
01:07:17.0202 4944	nmwcd           (5fe6f8c05f0769bbb74afac11453b182) C:\Windows\system32\drivers\ccdcmbx64.sys
01:07:17.0289 4944	nmwcd - ok
01:07:17.0320 4944	nmwcdc          (73c929945c0850b8d1fe2fea05fdf05d) C:\Windows\system32\drivers\ccdcmbox64.sys
01:07:17.0348 4944	nmwcdc - ok
01:07:17.0357 4944	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:07:17.0405 4944	Npfs - ok
01:07:17.0434 4944	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
01:07:17.0515 4944	nsi - ok
01:07:17.0552 4944	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:07:17.0622 4944	nsiproxy - ok
01:07:17.0768 4944	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:07:17.0841 4944	Ntfs - ok
01:07:17.0993 4944	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:07:18.0046 4944	Null - ok
01:07:18.0085 4944	NVHDA           (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
01:07:18.0108 4944	NVHDA - ok
01:07:18.0838 4944	nvlddmkm        (ca8447574e9dae22250c723819d3ef96) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:07:19.0215 4944	nvlddmkm - ok
01:07:19.0434 4944	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:07:19.0466 4944	nvraid - ok
01:07:19.0488 4944	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:07:19.0505 4944	nvstor - ok
01:07:19.0576 4944	nvsvc           (ad1e49bceb5d446a271c43bfa8fd71d2) C:\Windows\system32\nvvsvc.exe
01:07:19.0616 4944	nvsvc - ok
01:07:19.0642 4944	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:07:19.0658 4944	nv_agp - ok
01:07:19.0664 4944	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:07:19.0703 4944	ohci1394 - ok
01:07:19.0812 4944	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:07:19.0836 4944	ose - ok
01:07:20.0223 4944	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:07:20.0356 4944	osppsvc - ok
01:07:20.0478 4944	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:07:20.0564 4944	p2pimsvc - ok
01:07:20.0602 4944	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
01:07:20.0630 4944	p2psvc - ok
01:07:20.0688 4944	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
01:07:20.0715 4944	Parport - ok
01:07:20.0771 4944	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
01:07:20.0797 4944	partmgr - ok
01:07:20.0824 4944	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
01:07:20.0876 4944	PcaSvc - ok
01:07:20.0943 4944	pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
01:07:21.0014 4944	pccsmcfd - ok
01:07:21.0069 4944	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:07:21.0096 4944	pci - ok
01:07:21.0116 4944	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:07:21.0131 4944	pciide - ok
01:07:21.0165 4944	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
01:07:21.0187 4944	pcmcia - ok
01:07:21.0204 4944	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:07:21.0218 4944	pcw - ok
01:07:21.0266 4944	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:07:21.0361 4944	PEAUTH - ok
01:07:21.0438 4944	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
01:07:21.0482 4944	PerfHost - ok
01:07:21.0631 4944	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
01:07:21.0712 4944	pla - ok
01:07:21.0806 4944	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
01:07:21.0842 4944	PlugPlay - ok
01:07:21.0971 4944	PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
01:07:22.0003 4944	PMBDeviceInfoProvider - ok
01:07:22.0020 4944	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
01:07:22.0055 4944	PNRPAutoReg - ok
01:07:22.0101 4944	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:07:22.0121 4944	PNRPsvc - ok
01:07:22.0193 4944	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
01:07:22.0290 4944	PolicyAgent - ok
01:07:22.0325 4944	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
01:07:22.0400 4944	Power - ok
01:07:22.0499 4944	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:07:22.0586 4944	PptpMiniport - ok
01:07:22.0628 4944	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
01:07:22.0678 4944	Processor - ok
01:07:22.0738 4944	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
01:07:22.0834 4944	ProfSvc - ok
01:07:22.0883 4944	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:07:22.0908 4944	ProtectedStorage - ok
01:07:22.0965 4944	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:07:23.0038 4944	Psched - ok
01:07:23.0085 4944	PxHlpa64        (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
01:07:23.0105 4944	PxHlpa64 - ok
01:07:23.0223 4944	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
01:07:23.0283 4944	ql2300 - ok
01:07:23.0394 4944	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
01:07:23.0418 4944	ql40xx - ok
01:07:23.0451 4944	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
01:07:23.0478 4944	QWAVE - ok
01:07:23.0492 4944	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:07:23.0551 4944	QWAVEdrv - ok
01:07:23.0577 4944	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:07:23.0659 4944	RasAcd - ok
01:07:23.0708 4944	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:07:23.0767 4944	RasAgileVpn - ok
01:07:23.0778 4944	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
01:07:23.0843 4944	RasAuto - ok
01:07:23.0885 4944	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:07:24.0023 4944	Rasl2tp - ok
01:07:24.0124 4944	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
01:07:24.0209 4944	RasMan - ok
01:07:24.0252 4944	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:07:24.0342 4944	RasPppoe - ok
01:07:24.0372 4944	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:07:24.0462 4944	RasSstp - ok
01:07:24.0521 4944	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:07:24.0618 4944	rdbss - ok
01:07:24.0648 4944	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
01:07:24.0699 4944	rdpbus - ok
01:07:24.0732 4944	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:07:24.0789 4944	RDPCDD - ok
01:07:24.0796 4944	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:07:24.0863 4944	RDPENCDD - ok
01:07:24.0888 4944	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:07:24.0935 4944	RDPREFMP - ok
01:07:24.0979 4944	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
01:07:25.0034 4944	RDPWD - ok
01:07:25.0115 4944	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:07:25.0144 4944	rdyboost - ok
01:07:25.0177 4944	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
01:07:25.0262 4944	RemoteAccess - ok
01:07:25.0299 4944	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
01:07:25.0382 4944	RemoteRegistry - ok
01:07:25.0439 4944	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
01:07:25.0494 4944	RFCOMM - ok
01:07:25.0556 4944	rimspci         (5ca4abd888b602551b59baa26941c167) C:\Windows\system32\drivers\rimssne64.sys
01:07:25.0610 4944	rimspci - ok
01:07:25.0641 4944	risdsnpe        (bb6e138aeb351728959da5e2731d8140) C:\Windows\system32\drivers\risdsne64.sys
01:07:25.0706 4944	risdsnpe - ok
01:07:25.0788 4944	Roxio UPnP Renderer 10 (d151224bc11078895a60fa970728ff59) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
01:07:25.0820 4944	Roxio UPnP Renderer 10 - ok
01:07:25.0858 4944	Roxio Upnp Server 10 (5022a927944878bd750960bd21e751af) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
01:07:25.0885 4944	Roxio Upnp Server 10 - ok
01:07:25.0911 4944	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
01:07:25.0981 4944	RpcEptMapper - ok
01:07:26.0020 4944	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
01:07:26.0064 4944	RpcLocator - ok
01:07:26.0132 4944	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:07:26.0217 4944	RpcSs - ok
01:07:26.0281 4944	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:07:26.0368 4944	rspndr - ok
01:07:26.0461 4944	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:07:26.0487 4944	SamSs - ok
01:07:26.0536 4944	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:07:26.0553 4944	sbp2port - ok
01:07:26.0585 4944	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
01:07:26.0656 4944	SCardSvr - ok
01:07:26.0698 4944	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:07:26.0791 4944	scfilter - ok
01:07:26.0909 4944	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
01:07:26.0990 4944	Schedule - ok
01:07:27.0038 4944	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:07:27.0083 4944	SCPolicySvc - ok
01:07:27.0159 4944	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
01:07:27.0204 4944	sdbus - ok
01:07:27.0253 4944	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
01:07:27.0329 4944	SDRSVC - ok
01:07:27.0362 4944	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:07:27.0441 4944	secdrv - ok
01:07:27.0494 4944	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
01:07:27.0583 4944	seclogon - ok
01:07:27.0632 4944	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
01:07:27.0726 4944	SENS - ok
01:07:27.0762 4944	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
01:07:27.0792 4944	SensrSvc - ok
01:07:27.0821 4944	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
01:07:27.0836 4944	Serenum - ok
01:07:27.0851 4944	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
01:07:27.0889 4944	Serial - ok
01:07:27.0965 4944	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
01:07:28.0015 4944	sermouse - ok
01:07:28.0158 4944	ServiceLayer    (c15b813f2fdb44f87f23312472c6e790) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
01:07:28.0200 4944	ServiceLayer - ok
01:07:28.0261 4944	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
01:07:28.0341 4944	SessionEnv - ok
01:07:28.0367 4944	SFEP            (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\drivers\SFEP.sys
01:07:28.0434 4944	SFEP - ok
01:07:28.0480 4944	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:07:28.0549 4944	sffdisk - ok
01:07:28.0566 4944	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:07:28.0615 4944	sffp_mmc - ok
01:07:28.0644 4944	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:07:28.0692 4944	sffp_sd - ok
01:07:28.0722 4944	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:07:28.0758 4944	sfloppy - ok
01:07:28.0842 4944	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
01:07:28.0942 4944	SharedAccess - ok
01:07:29.0009 4944	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
01:07:29.0104 4944	ShellHWDetection - ok
01:07:29.0141 4944	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
01:07:29.0153 4944	SiSRaid2 - ok
01:07:29.0178 4944	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
01:07:29.0193 4944	SiSRaid4 - ok
01:07:29.0209 4944	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:07:29.0299 4944	Smb - ok
01:07:29.0354 4944	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
01:07:29.0394 4944	SNMPTRAP - ok
01:07:29.0498 4944	SOHCImp         (c3e69db0a4e59564230e053232f39ac7) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
01:07:29.0516 4944	SOHCImp - ok
01:07:29.0573 4944	SOHDms          (65cc4779a29c3e82b987bd4961790dff) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
01:07:29.0603 4944	SOHDms - ok
01:07:29.0620 4944	SOHDs           (f47d75cee1844eef4a9ea6ee768828fb) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
01:07:29.0630 4944	SOHDs - ok
01:07:29.0743 4944	SpfService      (65e5659e9c2a0762d05657c0e22a7ca2) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
01:07:29.0768 4944	SpfService - ok
01:07:29.0793 4944	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:07:29.0807 4944	spldr - ok
01:07:29.0891 4944	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
01:07:29.0964 4944	Spooler - ok
01:07:30.0235 4944	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
01:07:30.0407 4944	sppsvc - ok
01:07:30.0506 4944	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
01:07:30.0584 4944	sppuinotify - ok
01:07:30.0686 4944	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:07:30.0765 4944	srv - ok
01:07:30.0835 4944	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:07:30.0893 4944	srv2 - ok
01:07:30.0945 4944	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:07:30.0985 4944	srvnet - ok
01:07:31.0038 4944	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
01:07:31.0127 4944	SSDPSRV - ok
01:07:31.0157 4944	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
01:07:31.0205 4944	SstpSvc - ok
01:07:31.0229 4944	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
01:07:31.0242 4944	stexstor - ok
01:07:31.0332 4944	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
01:07:31.0383 4944	stisvc - ok
01:07:31.0421 4944	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
01:07:31.0435 4944	swenum - ok
01:07:31.0480 4944	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
01:07:31.0569 4944	swprv - ok
01:07:31.0639 4944	SynTP           (8f63178d1db81bb79270ae55ecdd8321) C:\Windows\system32\DRIVERS\SynTP.sys
01:07:31.0670 4944	SynTP - ok
01:07:31.0840 4944	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
01:07:31.0937 4944	SysMain - ok
01:07:32.0079 4944	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
01:07:32.0121 4944	TabletInputService - ok
01:07:32.0152 4944	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
01:07:32.0227 4944	TapiSrv - ok
01:07:32.0264 4944	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
01:07:32.0335 4944	TBS - ok
01:07:32.0540 4944	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
01:07:32.0605 4944	Tcpip - ok
01:07:32.0875 4944	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
01:07:32.0925 4944	TCPIP6 - ok
01:07:33.0058 4944	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:07:33.0142 4944	tcpipreg - ok
01:07:33.0186 4944	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:07:33.0254 4944	TDPIPE - ok
01:07:33.0306 4944	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
01:07:33.0350 4944	TDTCP - ok
01:07:33.0401 4944	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:07:33.0463 4944	tdx - ok
01:07:33.0534 4944	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
01:07:33.0547 4944	TermDD - ok
01:07:33.0610 4944	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
01:07:33.0681 4944	TermService - ok
01:07:33.0701 4944	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
01:07:33.0745 4944	Themes - ok
01:07:33.0793 4944	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:07:33.0856 4944	THREADORDER - ok
01:07:33.0870 4944	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
01:07:33.0939 4944	TrkWks - ok
01:07:34.0021 4944	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
01:07:34.0100 4944	TrustedInstaller - ok
01:07:34.0152 4944	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:07:34.0214 4944	tssecsrv - ok
01:07:34.0287 4944	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:07:34.0358 4944	TsUsbFlt - ok
01:07:34.0440 4944	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:07:34.0535 4944	tunnel - ok
01:07:34.0574 4944	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
01:07:34.0588 4944	uagp35 - ok
01:07:34.0660 4944	uCamMonitor     (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
01:07:34.0682 4944	uCamMonitor - ok
01:07:34.0747 4944	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:07:34.0846 4944	udfs - ok
01:07:34.0894 4944	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
01:07:34.0922 4944	UI0Detect - ok
01:07:34.0989 4944	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:07:35.0016 4944	uliagpkx - ok
01:07:35.0072 4944	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
01:07:35.0120 4944	umbus - ok
01:07:35.0161 4944	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
01:07:35.0208 4944	UmPass - ok
01:07:35.0269 4944	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
01:07:35.0367 4944	upnphost - ok
01:07:35.0417 4944	upperdev        (34afb83c7bba370e404e52cc2290350c) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
01:07:35.0478 4944	upperdev - ok
01:07:35.0550 4944	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
01:07:35.0578 4944	USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
01:07:35.0578 4944	USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
01:07:35.0628 4944	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
01:07:35.0700 4944	usbccgp - ok
01:07:35.0761 4944	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:07:35.0793 4944	usbcir - ok
01:07:35.0807 4944	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
01:07:35.0850 4944	usbehci - ok
01:07:35.0901 4944	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
01:07:35.0947 4944	usbhub - ok
01:07:35.0985 4944	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
01:07:36.0029 4944	usbohci - ok
01:07:36.0073 4944	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:07:36.0121 4944	usbprint - ok
01:07:36.0161 4944	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
01:07:36.0187 4944	usbscan - ok
01:07:36.0245 4944	usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
01:07:36.0327 4944	usbser - ok
01:07:36.0363 4944	UsbserFilt      (aa75e1efbee7186b4cbaaacf1f15e6ca) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
01:07:36.0431 4944	UsbserFilt - ok
01:07:36.0477 4944	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:07:36.0549 4944	USBSTOR - ok
01:07:36.0596 4944	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
01:07:36.0642 4944	usbuhci - ok
01:07:36.0736 4944	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
01:07:36.0768 4944	usbvideo - ok
01:07:36.0797 4944	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
01:07:36.0865 4944	UxSms - ok
01:07:36.0947 4944	VAIO Entertainment TV Device Arbitration Service (8e68e4aa2d7abbf7c9159d9d2a38ae0f) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
01:07:36.0965 4944	VAIO Entertainment TV Device Arbitration Service - ok
01:07:37.0062 4944	VAIO Event Service (6b31c9cb94927dbeeb62e15275f4cc54) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
01:07:37.0082 4944	VAIO Event Service - ok
01:07:37.0196 4944	VAIO Power Management (b8c9a7010afd5cbbe194cb9ef7c4fd14) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
01:07:37.0230 4944	VAIO Power Management - ok
01:07:37.0284 4944	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:07:37.0308 4944	VaultSvc - ok
01:07:37.0425 4944	VCFw            (d00058c1fff3f3de990444a5734e9639) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
01:07:37.0474 4944	VCFw - ok
01:07:37.0620 4944	VcmIAlzMgr      (f19275655b42086c884abcdae2c659ae) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
01:07:37.0674 4944	VcmIAlzMgr - ok
01:07:37.0751 4944	VcmINSMgr       (cbb9f0d1017e0bed4cb5bbc0ebf26dc1) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
01:07:37.0786 4944	VcmINSMgr - ok
01:07:37.0914 4944	VcmXmlIfHelper  (32a3735f6874b7783c6209ed5ca36d9d) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
01:07:37.0934 4944	VcmXmlIfHelper - ok
01:07:38.0013 4944	VCService       (d347d3abe070aa09c22fc37121555d52) C:\Program Files\Sony\VAIO Care\VCService.exe
01:07:38.0031 4944	VCService - ok
01:07:38.0169 4944	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:07:38.0191 4944	vdrvroot - ok
01:07:38.0270 4944	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
01:07:38.0381 4944	vds - ok
01:07:38.0423 4944	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:07:38.0439 4944	vga - ok
01:07:38.0458 4944	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:07:38.0519 4944	VgaSave - ok
01:07:38.0581 4944	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:07:38.0613 4944	vhdmp - ok
01:07:38.0626 4944	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:07:38.0642 4944	viaide - ok
01:07:38.0661 4944	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:07:38.0676 4944	volmgr - ok
01:07:38.0750 4944	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:07:38.0787 4944	volmgrx - ok
01:07:38.0827 4944	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:07:38.0848 4944	volsnap - ok
01:07:38.0945 4944	vpnagent        (caafa2333b428a12bfa97ecd389f59c5) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
01:07:38.0979 4944	vpnagent - ok
01:07:39.0004 4944	vpnva           (e526a69d932538ae8bc96b3f4a5a90b1) C:\Windows\system32\DRIVERS\vpnva64.sys
01:07:39.0013 4944	vpnva - ok
01:07:39.0046 4944	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
01:07:39.0063 4944	vsmraid - ok
01:07:39.0216 4944	VSNService      (047f22bdfdae6df6f1e47e747a1237a2) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
01:07:39.0271 4944	VSNService ( UnsignedFile.Multi.Generic ) - warning
01:07:39.0272 4944	VSNService - detected UnsignedFile.Multi.Generic (1)
01:07:39.0418 4944	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
01:07:39.0529 4944	VSS - ok
01:07:39.0780 4944	VUAgent         (fb4a1695d2d74f9c92ca5e84795cdbe1) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
01:07:39.0847 4944	VUAgent - ok
01:07:39.0959 4944	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
01:07:40.0016 4944	vwifibus - ok
01:07:40.0059 4944	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
01:07:40.0079 4944	vwififlt - ok
01:07:40.0099 4944	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
01:07:40.0119 4944	vwifimp - ok
01:07:40.0164 4944	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
01:07:40.0242 4944	W32Time - ok
01:07:40.0283 4944	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
01:07:40.0332 4944	WacomPen - ok
01:07:40.0422 4944	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:07:40.0516 4944	WANARP - ok
01:07:40.0520 4944	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:07:40.0567 4944	Wanarpv6 - ok
01:07:40.0724 4944	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
01:07:40.0788 4944	WatAdminSvc - ok
01:07:40.0911 4944	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
01:07:41.0008 4944	wbengine - ok
01:07:41.0111 4944	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
01:07:41.0156 4944	WbioSrvc - ok
01:07:41.0209 4944	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
01:07:41.0264 4944	wcncsvc - ok
01:07:41.0286 4944	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
01:07:41.0318 4944	WcsPlugInService - ok
01:07:41.0362 4944	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
01:07:41.0376 4944	Wd - ok
01:07:41.0435 4944	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:07:41.0472 4944	Wdf01000 - ok
01:07:41.0490 4944	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:07:41.0610 4944	WdiServiceHost - ok
01:07:41.0616 4944	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:07:41.0638 4944	WdiSystemHost - ok
01:07:41.0703 4944	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
01:07:41.0778 4944	WebClient - ok
01:07:41.0827 4944	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
01:07:41.0926 4944	Wecsvc - ok
01:07:41.0951 4944	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
01:07:42.0021 4944	wercplsupport - ok
01:07:42.0059 4944	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
01:07:42.0105 4944	WerSvc - ok
01:07:42.0170 4944	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:07:42.0219 4944	WfpLwf - ok
01:07:42.0237 4944	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:07:42.0250 4944	WIMMount - ok
01:07:42.0279 4944	WinDefend - ok
01:07:42.0285 4944	WinHttpAutoProxySvc - ok
01:07:42.0355 4944	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
01:07:42.0457 4944	Winmgmt - ok
01:07:42.0627 4944	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
01:07:42.0746 4944	WinRM - ok
01:07:42.0921 4944	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
01:07:42.0977 4944	WinUsb - ok
01:07:43.0072 4944	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
01:07:43.0146 4944	Wlansvc - ok
01:07:43.0216 4944	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:07:43.0263 4944	WmiAcpi - ok
01:07:43.0342 4944	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
01:07:43.0388 4944	wmiApSrv - ok
01:07:43.0433 4944	WMPNetworkSvc - ok
01:07:43.0468 4944	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
01:07:43.0497 4944	WPCSvc - ok
01:07:43.0549 4944	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
01:07:43.0567 4944	WPDBusEnum - ok
01:07:43.0601 4944	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:07:43.0647 4944	ws2ifsl - ok
01:07:43.0663 4944	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
01:07:43.0710 4944	wscsvc - ok
01:07:43.0713 4944	WSearch - ok
01:07:43.0914 4944	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
01:07:43.0990 4944	wuauserv - ok
01:07:44.0114 4944	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:07:44.0201 4944	WudfPf - ok
01:07:44.0232 4944	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:07:44.0276 4944	WUDFRd - ok
01:07:44.0322 4944	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
01:07:44.0368 4944	wudfsvc - ok
01:07:44.0412 4944	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
01:07:44.0462 4944	WwanSvc - ok
01:07:44.0537 4944	yukonw7         (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
01:07:44.0631 4944	yukonw7 - ok
01:07:44.0702 4944	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:07:45.0197 4944	\Device\Harddisk0\DR0 - ok
01:07:45.0206 4944	MBR (0x1B8)     (250f0789d9bc08602a1c1f29da8ac4ea) \Device\Harddisk2\DR2
01:08:09.0918 4944	\Device\Harddisk2\DR2 - ok
01:08:09.0921 4944	Boot (0x1200)   (63a9f81904866df5d46ca81628bf281f) \Device\Harddisk0\DR0\Partition0
01:08:09.0922 4944	\Device\Harddisk0\DR0\Partition0 - ok
01:08:09.0941 4944	Boot (0x1200)   (52e966cea2b7678b7caffd7475f9c64d) \Device\Harddisk0\DR0\Partition1
01:08:09.0942 4944	\Device\Harddisk0\DR0\Partition1 - ok
01:08:09.0970 4944	Boot (0x1200)   (a4525b2cb799c0c568d50d420b9df666) \Device\Harddisk0\DR0\Partition2
01:08:09.0972 4944	\Device\Harddisk0\DR0\Partition2 - ok
01:08:09.0973 4944	============================================================
01:08:09.0973 4944	Scan finished
01:08:09.0973 4944	============================================================
01:08:09.0982 5232	Detected object count: 3
01:08:09.0982 5232	Actual detected object count: 3
01:08:53.0400 5232	HP LaserJet Service ( UnsignedFile.Multi.Generic ) - skipped by user
01:08:53.0400 5232	HP LaserJet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:08:53.0401 5232	USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
01:08:53.0401 5232	USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
01:08:53.0402 5232	VSNService ( UnsignedFile.Multi.Generic ) - skipped by user
01:08:53.0402 5232	VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip

27.07.2012, 22:41	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virenmeldung- hier die Logs Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ --> Welcher Virenscanner? --> Programme richtig installieren --> Backup mit DriveSnapshot --> Das TB unterstützen

Virenmeldung- hier die Logs

Log-Analyse und Auswertung: Virenmeldung- hier die Logs