Ordner auf externer Festplatte sind nur noch Verknüpfungen! RECYCLER

Alex95 · 06.10.2012, 19:45

Hallo liebe Helfer,
zu aller erst mal Danke schön, dass Ihr Euch die Zeit nehmt dass alles zu lesen. Ich hab folgendes Problem:
Alle meine Ordner auf meiner externen Festplatte sind nur noch Verknüpfung, die ich nicht mehr öffnen kann. Außerdem sind plötzlich noch drei neue Ordner hinzugekommen:

System Volume Information
Recycled
$RECYCLE.BIN

Auf meiner Festplatte sind Bilder, Dokumente und Musik, die ich leider nur dort abgespeichert habe/hatte...

Meine Frage wäre nun
Wie werde ich diesen Trojaner/Virus wieder los?

Was muss ich tun dass es nicht noch weite Festplatten genauso geht?

Ist es möglich meine Daten wieder herzustellen?

Ich wäre Euch wirklich sehr dankbar, wenn Ihr mir weiterhelfen könntet..
Schon mal vielen lieben Dank im vorraus.
Alex

cosinus · 07.10.2012, 08:37

Zitat:

Außerdem sind plötzlich noch drei neue Ordner hinzugekommen:

System Volume Information
Recycled
$RECYCLE.BIN

Einmal Google anschmeißen und du wüsstest quasi sofort was für Ordner das sind

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Alex95 · 08.10.2012, 22:20

Danke für die schnell Antwort, ich hoffe ich hab ds hier richtig gemacht:

Hier das Log von Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.08.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
user :: USER-PC [Administrator]

08.10.2012 16:45:02
mbam-log-2012-10-08 (16-45-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 473794
Laufzeit: 3 Stunde(n), 1 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\user\SETUP.EXE (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Hier der Code von dem Online Scanner:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=80dadeed2773e8418fea4b2300f4e5eb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-08 08:51:10
# local_time=2012-10-08 10:51:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 28246047 28246047 0 0
# compatibility_mode=5892 16776637 100 100 9434 187252490 0 0
# compatibility_mode=8192 67108863 100 0 299 299 0 0
# scanned=278692
# found=17
# cleaned=0
# scan_time=9708
C:\Program Files\Yontoo Layers\YontooIEClient.dll	Win32/Adware.Yontoo.A application (unable to clean)	00000000000000000000000000000000	I
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application (unable to clean)	00000000000000000000000000000000	I
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application (unable to clean)	00000000000000000000000000000000	I
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4851ed5r.default\extensions\plugin@yontoo.com\content\overlay.js	Win32/Adware.Yontoo application (unable to clean)	00000000000000000000000000000000	I
C:\Users\user\Downloads\SoftonicDownloader_fuer_java-se-runtime-environment-jre.exe	a variant of Win32/SoftonicDownloader.E application (unable to clean)	00000000000000000000000000000000	I
G:\$RECYCLE.BIN.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
G:\System Volume Information.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
G:\Musik.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
G:\Bilder.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
G:\Filme.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
G:\Recycled.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
G:\Schule.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
G:\Sonstiges.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
G:\titanic.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
G:\GTR 2.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
G:\Alla PC.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
G:\System Volume Information\_restore{14B0F0FE-7F78-4989-B1EF-0C7CFB32D048}\RP877\A0196518.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I

cosinus · 09.10.2012, 12:08

Code:

ATTFilter

C:\Users\user\Downloads\SoftonicDownloader_fuer_java-se-runtime-environment-jre.exe

Vermüllte Software von Softonic scheint gerade stark in Mode zu sein!

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Alex95 · 09.10.2012, 12:45

Hier die Textdatei des Suchlaufs:

Code:

ATTFilter

# AdwCleaner v2.004 - Datei am 09/10/2012 um 13:41:01 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzer : user - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\user\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\.autoreg
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\FreeMake
Ordner Gefunden : C:\ProgramData\FreeMake
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMake
Ordner Gefunden : C:\ProgramData\Tarma Installer

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Freemake
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Freemake
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreeMake Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3214568
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\Freemake
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{913AD778-4D63-4176-8950-38AA7F316C04}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E29F0771-5179-4827-960B-FC8977451E47}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeMake Toolbar
Schlüssel Gefunden : HKLM\Software\Tarma Installer
Schlüssel Gefunden : HKU\S-1-5-21-607869263-2521240367-2525269947-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19088

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3214568

-\\ Mozilla Firefox v3.5.19 (de)

-\\ Google Chrome v [Version kann nicht ermittelt werden]

*************************

AdwCleaner[R1].txt - [6020 octets] - [09/10/2012 13:41:01]

########## EOF - C:\AdwCleaner[R1].txt - [6080 octets] ##########

Heute morgen ist mir noch eingefallen, dass mein Bruder den "Skype-Virus" hatte. In dieser Zeit hat auch er meine Festplatte benutzt. Könntet es sein, dass es da einen Zusammenhang gibt?

cosinus · 09.10.2012, 15:19

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Alex95 · 09.10.2012, 16:14

Code:

ATTFilter

# AdwCleaner v2.004 - Datei am 09/10/2012 um 17:03:50 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzer : user - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\user\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\.autoreg
Gelöscht mit Neustart : C:\Program Files\FreeMake
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\ProgramData\FreeMake
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMake
Ordner Gelöscht : C:\ProgramData\Tarma Installer

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Freemake
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Freemake
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreeMake Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3214568
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Freemake
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{913AD778-4D63-4176-8950-38AA7F316C04}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E29F0771-5179-4827-960B-FC8977451E47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ADCA5064-9E30-43FE-9856-58B07A3149FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04CEFF5B-A46D-4417-8018-43A059BDF9A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeMake Toolbar
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19088

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3214568 --> hxxp://www.google.com

-\\ Mozilla Firefox v3.5.19 (de)

-\\ Google Chrome v [Version kann nicht ermittelt werden]

*************************

AdwCleaner[R1].txt - [6149 octets] - [09/10/2012 13:41:01]
AdwCleaner[S1].txt - [5963 octets] - [09/10/2012 17:03:50]

########## EOF - C:\AdwCleaner[S1].txt - [6023 octets] ##########

cosinus · 09.10.2012, 16:22

Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Alex95 · 09.10.2012, 16:38

An meinem PC selbst ist mir nichts aufgefallen, alles funktioniert noch wie zuvor, nur die externe Festplatte nicht... Ich verstehe nicht ganz was Sie mit dem normalen Modus von Windows meinen.. Wie gesagt, ich weiß nur dass mein Bruder den Skype-Virus hatte, also auch er die Festplatte noch benutz hat.

cosinus · 09.10.2012, 18:45

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Alex95 · 09.10.2012, 21:00

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.10.2012 20:46:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = c:\Users\user\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,36% Memory free
6,19 Gb Paging File | 4,75 Gb Available in Paging File | 76,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,06 Gb Total Space | 205,31 Gb Free Space | 71,52% Space Free | Partition Type: NTFS
Drive F: | 308,62 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 465,65 Gb Total Space | 280,75 Gb Free Space | 60,29% Space Free | Partition Type: FAT32
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.09 20:30:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Users\user\Downloads\OTL.exe
PRC - [2012.08.08 20:31:25 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.14 17:13:20 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.05.14 17:13:20 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.14 17:13:20 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.14 17:13:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.14 17:13:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.14 17:13:20 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.10 15:26:52 | 000,008,704 | ---- | M] (Microsoft) -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2012.02.02 14:22:42 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.02.02 14:22:40 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.11.06 16:48:24 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2009.10.05 19:46:32 | 000,024,576 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\Marketing Tools\MarketingTools.exe
PRC - [2009.04.02 19:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2008.12.05 01:16:42 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\Network Utility\LANUtil.exe
PRC - [2008.12.04 23:23:56 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\Network Utility\NSUService.exe
PRC - [2008.11.05 18:32:28 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe
PRC - [2008.11.05 18:32:28 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.14 17:07:30 | 002,300,456 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008.10.14 17:07:30 | 000,776,744 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.10.01 18:18:48 | 000,369,952 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008.09.11 19:28:26 | 000,446,464 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008.09.08 09:59:54 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008.09.08 09:59:52 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008.08.28 20:21:36 | 000,870,240 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Update 4\VAIOUpdt.exe
PRC - [2008.08.20 16:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.08.20 16:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.06.11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008.04.03 20:32:48 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\ISB Utility\ISBMgr.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.12.14 17:19:26 | 000,132,624 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
PRC - [2007.12.13 08:32:00 | 004,243,232 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- c:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2005.06.04 18:14:23 | 000,301,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Encarta\Encarta 2006 Enzyklopaedie DVD\EDICT.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.09 20:44:20 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.06.22 13:16:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2011.06.22 13:15:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011.06.22 13:08:54 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.06.22 13:08:26 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.06.22 13:08:10 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.06.22 13:06:25 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.06.22 13:04:46 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010.07.07 21:29:32 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2008.10.14 16:56:08 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.12.21 05:06:58 | 002,969,600 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\SonicStage Effect Plugins\Sony Limiter Plugin.dll
MOD - [2007.04.04 13:14:06 | 000,344,064 | ---- | M] () -- C:\Windows\System32\SSMSIppCustom.dll
MOD - [2006.12.10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006.12.10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2005.06.04 18:15:11 | 000,326,352 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Reference 2006\MSENCXML.DLL
MOD - [2005.06.04 18:15:11 | 000,248,528 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Reference 2006\ERSREGPR.DLL
MOD - [2005.06.04 18:15:11 | 000,203,472 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Reference 2006\MSENCDAT.DLL
MOD - [2005.06.04 18:15:10 | 000,178,896 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Reference 2006\ENCCONT.DLL
MOD - [2005.06.04 18:14:23 | 000,051,920 | ---- | M] () -- C:\Program Files\Microsoft Encarta\Encarta 2006 Enzyklopaedie DVD\EDICTITS.EBK
 
 
========== Services (SafeList) ==========
 
SRV - [2012.05.14 17:13:20 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.05.14 17:13:20 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.14 17:13:20 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 17:13:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.14 17:13:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.10 15:26:52 | 000,008,704 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012.02.02 14:22:40 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009.09.28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.08.24 14:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.12.04 23:23:56 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008.11.18 19:03:56 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.11.05 18:32:28 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008.10.21 10:52:38 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008.10.21 10:52:38 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008.10.21 10:52:36 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008.10.17 19:16:54 | 000,415,584 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008.10.01 18:18:48 | 000,369,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008.09.19 10:06:22 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008.09.11 19:28:26 | 000,446,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008.09.08 09:59:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008.09.08 09:59:54 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008.09.08 09:59:52 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008.08.20 16:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.08.20 16:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.05.20 01:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008.05.20 01:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008.05.20 01:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- c:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.14 17:13:21 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.14 17:13:21 | 000,112,032 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012.05.14 17:13:21 | 000,091,968 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012.05.14 17:13:21 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:48:39 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.02.11 23:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2010.09.05 13:22:21 | 000,053,760 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV76.sys -- (SSHDRV76)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2009.03.20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.11.05 02:14:31 | 007,585,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.11.05 02:13:26 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.10.23 02:02:26 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008.10.23 02:02:05 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008.08.28 23:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.08.22 17:22:42 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008.08.22 02:06:22 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008.07.04 02:04:22 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.06.07 02:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008.04.24 14:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0369DC93-0D85-4B42-B095-DC11AA0D22F0}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.sonystyle-europe.com?cs [Binary data over 200 bytes]
IE - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\..\SearchScopes,DefaultScope = {234F0765-A432-49A3-965C-BE927F70E348}
IE - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\..\SearchScopes\{0369DC93-0D85-4B42-B095-DC11AA0D22F0}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
IE - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\..\SearchScopes\{234F0765-A432-49A3-965C-BE927F70E348}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7SNYK_de
IE - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=8Lgl36VUGK9oizguCdCoCyT4FZ8?q={searchTerms}
IE - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledItems: fmconverter@gmail.com:1.0.0
FF - prefs.js..extensions.enabledItems: fmdownloader@gmail.com:1.0.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {adca5064-9e30-43fe-9856-58b07a3149fe}:3.13.0.6
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.06 16:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.21 16:22:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.21 16:23:44 | 000,000,000 | ---D | M]
 
[2009.10.16 23:26:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012.09.12 15:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4851ed5r.default\extensions
[2009.10.19 19:49:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4851ed5r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.11 17:19:00 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4851ed5r.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.12 19:15:04 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4851ed5r.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.27 18:45:53 | 000,000,000 | ---D | M] (FreeMake Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4851ed5r.default\extensions\{adca5064-9e30-43fe-9856-58b07a3149fe}
[2011.07.15 12:57:51 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4851ed5r.default\extensions\plugin@yontoo.com
[2012.06.08 18:31:32 | 000,000,961 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\4851ed5r.default\searchplugins\icqplugin-1.xml
[2011.12.23 19:13:34 | 000,001,069 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\4851ed5r.default\searchplugins\icqplugin.xml
[2011.06.13 18:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.10.17 14:47:15 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.06.03 21:03:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.06.13 18:19:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX
[2011.11.06 16:49:24 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.07.26 12:48:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.07.26 12:48:59 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.26 12:48:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.07.26 12:48:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.07.26 12:48:59 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.conduit.com/?ctid=CT3214568&SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\npFreemake.dll
CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: 9GAG Mini = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmkmihphgjhmeabggdcokmkjhbnmdml\0.5_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Tumblr Dashboard = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\1.4.0_0\
CHR - Extension: Facebook Notifications = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Plugin Install] C:\Program Files\QuickTime\Plugins\DeleteMe1.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-607869263-2521240367-2525269947-1000..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-607869263-2521240367-2525269947-1000..\Run: [E06DXLRD_2096840] C:\Program Files\Microsoft Encarta\Encarta 2006 Enzyklopaedie DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-607869263-2521240367-2525269947-1000..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk = C:\Program Files\sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O7 - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA12F58C-7750-4568-9945-BC7415E13B65}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.08.12 19:40:55 | 000,000,030 | RH-- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{835a11fc-01e0-11df-a67b-00214fba7f95}\Shell\AutoRun\command - "" = G:\Jobrocket-starten.exe
O33 - MountPoints2\{c3837d34-a856-11df-abcb-c4149f13a2db}\Shell\AutoRun\command - "" = G:\Seagate\Installer\InstallSeagateManager.exe
O33 - MountPoints2\{c3837d34-a856-11df-abcb-c4149f13a2db}\Shell\Install\command - "" = G:\Seagate\Installer\InstallSeagateManager.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - L3CODECA.ACM (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.i420 - i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.MKVC - KMVIDC32.DLL ()
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.08 20:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.08 16:42:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012.10.08 16:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.08 16:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.08 16:41:38 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.08 16:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.30 19:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.09.30 16:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind
[2012.09.30 16:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\FreeMind
[2012.09.28 17:22:36 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\back_pattern
[2012.09.25 18:18:16 | 000,000,000 | ---D | C] -- C:\a17910c52bcb953275fe
[2012.09.20 19:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.20 19:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.20 19:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.20 19:35:04 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.09.15 13:32:54 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Bluetooth-Exchange-Ordner
[2012.05.15 19:38:42 | 001,193,064 | ---- | C] (Ellora Assets Corporation                                   ) -- C:\Users\user\FreemakeVideoDownloaderSetup.exe
[2012.05.15 19:37:54 | 001,192,776 | ---- | C] (Ellora Assets Corporation                                   ) -- C:\Users\user\FreemakeVideoConverterSetup.exe
[1 C:\Users\user\*.tmp files -> C:\Users\user\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.09 21:08:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 21:08:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 20:54:24 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.09 19:33:51 | 000,091,508 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.10.09 19:33:51 | 000,091,508 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.10.09 19:32:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.09 19:00:25 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.10.09 18:54:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.09 17:45:27 | 000,022,554 | ---- | M] () -- C:\Users\user\AppData\Local\recently-used.xbel
[2012.10.09 17:39:35 | 000,007,168 | -H-- | M] () -- C:\Users\user\Desktop\photothumb.db
[2012.10.09 17:05:05 | 000,007,460 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.08 23:23:25 | 000,002,591 | ---- | M] () -- C:\Users\user\Desktop\Microsoft Office Word 2007.lnk
[2012.10.08 16:41:40 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.04 18:56:41 | 000,717,983 | ---- | M] () -- C:\Users\user\Desktop\AnalysisLog.sr0
[2012.09.30 16:52:09 | 000,001,630 | ---- | M] () -- C:\Users\user\Desktop\FreeMind.lnk
[2012.09.27 19:47:51 | 301,598,898 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.24 20:49:56 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.24 20:49:56 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.24 20:49:56 | 000,131,218 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.24 20:49:56 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.20 19:37:33 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.17 19:51:17 | 000,451,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.17 19:21:22 | 000,310,779 | ---- | M] () -- C:\Users\user\Desktop\background.jpg
[1 C:\Users\user\*.tmp files -> C:\Users\user\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.09 17:45:27 | 000,022,554 | ---- | C] () -- C:\Users\user\AppData\Local\recently-used.xbel
[2012.10.08 16:41:40 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.04 18:55:42 | 000,717,983 | ---- | C] () -- C:\Users\user\Desktop\AnalysisLog.sr0
[2012.09.30 16:52:09 | 000,001,630 | ---- | C] () -- C:\Users\user\Desktop\FreeMind.lnk
[2012.09.20 19:37:33 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.17 19:21:21 | 000,310,779 | ---- | C] () -- C:\Users\user\Desktop\background.jpg
[2012.08.09 13:24:01 | 000,164,302 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.08.09 13:23:15 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.03.22 20:07:57 | 000,000,291 | ---- | C] () -- C:\Users\user\.gtk-bookmarks
[2012.03.18 18:13:38 | 000,017,757 | ---- | C] () -- C:\Users\user\quotep.jpg
[2012.03.18 18:13:21 | 000,440,338 | ---- | C] () -- C:\Users\user\quotep-jpg.xcf
[2012.03.10 15:49:11 | 000,042,639 | ---- | C] () -- C:\Users\user\Aufzeichnen2.JPG
[2012.03.10 15:48:37 | 000,042,027 | ---- | C] () -- C:\Users\user\Aufzeichnen.JPG
[2011.09.06 00:33:40 | 002,455,873 | ---- | C] () -- C:\Users\user\SETUP.DAT
[2011.09.06 00:33:40 | 000,000,256 | ---- | C] () -- C:\Users\user\SETUP.SPC
[2011.07.15 13:16:38 | 000,014,336 | -H-- | C] () -- C:\Users\user\photothumb.db
[2011.07.01 15:16:49 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2011.07.01 15:16:49 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2011.07.01 15:16:48 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2011.07.01 15:16:48 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010.12.15 14:55:46 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.12.14 18:51:41 | 000,006,410 | ---- | C] () -- C:\Users\user\phase-6-backpack-all-2010-12-14.p6a
[2010.10.12 15:38:56 | 000,001,254 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.07.18 13:35:37 | 000,000,310 | ---- | C] () -- C:\Users\user\Öffentlich - Verknüpfung.lnk
[2010.04.22 17:48:37 | 000,000,092 | ---- | C] () -- C:\Users\user\AppData\Local\fusioncache.dat
[2009.12.18 20:18:09 | 000,023,081 | ---- | C] () -- C:\Users\user\Unbenannt.jpg
[2009.10.23 19:18:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.17 18:24:16 | 000,113,152 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.06 09:06:52 | 000,008,268 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2008.11.18 17:56:26 | 000,091,508 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.11.18 17:53:45 | 000,091,508 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.12.23 22:38:39 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Roaming\.#
[2012.07.24 16:45:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2010.09.05 14:04:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Atari
[2011.12.04 14:56:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\avidemux
[2012.03.28 18:06:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon
[2011.07.01 15:16:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DataCast
[2011.11.12 19:15:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoft
[2011.11.12 19:15:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.28 12:28:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GetRightToGo
[2012.08.22 14:36:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0
[2012.08.12 15:56:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Image Zone Express
[2009.12.23 00:52:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\InterVideo
[2010.09.05 20:25:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2012.07.27 18:52:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy
[2012.07.08 19:02:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera
[2009.12.24 21:22:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite
[2010.11.25 16:19:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Phase6
[2011.09.06 17:57:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PhotoFiltre
[2011.12.01 16:04:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PhotoScape
[2012.08.09 14:10:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Printer Info Cache
[2012.04.11 14:58:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SAD-Europa-Führerschein
[2009.12.24 21:18:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung
[2012.02.04 15:28:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony
[2012.07.27 18:54:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2010.12.27 14:34:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.12.23 22:38:39 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Roaming\.#
[2012.07.24 16:45:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2011.03.12 19:21:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Adobe
[2011.11.28 23:08:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Apple Computer
[2009.10.22 21:16:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ArcSoft
[2010.09.05 14:04:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Atari
[2011.12.04 14:56:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\avidemux
[2011.11.16 23:03:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Avira
[2012.07.30 23:22:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVS4YOU
[2012.03.28 18:06:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon
[2011.07.01 15:16:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DataCast
[2010.12.15 19:05:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DivX
[2011.11.12 19:15:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoft
[2011.11.12 19:15:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.28 12:28:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GetRightToGo
[2010.06.10 14:51:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Google
[2012.08.22 14:36:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0
[2012.08.09 14:27:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HP
[2008.01.21 03:43:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Identities
[2012.08.12 15:56:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Image Zone Express
[2009.12.23 00:52:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\InterVideo
[2010.09.05 20:25:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2010.04.22 17:40:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macromedia
[2012.10.08 16:42:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Media Center Programs
[2011.03.12 19:21:47 | 000,000,000 | --SD | M] -- C:\Users\user\AppData\Roaming\Microsoft
[2010.11.25 16:20:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla
[2012.07.27 18:52:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy
[2012.07.08 19:02:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera
[2009.12.24 21:22:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite
[2010.11.25 16:19:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Phase6
[2011.09.06 17:57:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PhotoFiltre
[2011.12.01 16:04:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PhotoScape
[2012.08.09 14:10:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Printer Info Cache
[2012.06.02 23:01:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Real
[2012.04.11 14:58:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SAD-Europa-Führerschein
[2009.12.24 21:18:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung
[2010.09.05 20:42:10 | 000,000,000 | RH-D | M] -- C:\Users\user\AppData\Roaming\SecuROM
[2012.08.02 20:57:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Skype
[2011.05.30 21:14:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\skypePM
[2012.02.04 15:28:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony
[2010.03.26 16:36:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony Corporation
[2012.07.27 18:54:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2012.05.19 23:47:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\vlc
[2010.12.27 14:34:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WindSolutions
[2011.06.03 14:45:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.12.23 19:00:05 | 001,117,706 | ---- | M] () -- C:\Users\user\AppData\Roaming\.minecraft\mcpatcher-2.2.3.exe
[2011.02.10 17:50:15 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\user\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2010.03.09 19:12:55 | 000,010,134 | R--- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2012.06.26 00:13:38 | 027,565,504 | ---- | M] (TuneUp Software) -- C:\Users\user\AppData\Roaming\OpenCandy\5EEBD79AEDBB47A3B8E1F987E77C58D6\TuneUpUtilities2012_de-DE.exe
[2012.09.30 15:06:47 | 000,450,712 | ---- | M] (RealNetworks, Inc.) -- C:\Users\user\AppData\Roaming\Real\Update\temp\~Upg0\rnupgagent.exe
[2012.09.30 15:06:47 | 000,450,712 | ---- | M] (RealNetworks, Inc.) -- C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe
[2012.07.14 16:56:37 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe
[2012.08.08 13:01:53 | 028,133,344 | ---- | M] (RealNetworks, Inc.) -- C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer_de.exe
[2012.06.03 02:02:16 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer_de.exe
[2011.06.23 12:52:54 | 007,045,368 | ---- | M] (WindSolutions) -- C:\Users\user\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTrans.exe
[2011.04.04 22:59:40 | 003,461,672 | ---- | M] (WindSolutions) -- C:\Users\user\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
[2011.07.09 00:04:56 | 007,670,024 | ---- | M] (WindSolutions) -- C:\Users\user\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe
[2011.03.05 13:14:40 | 005,767,512 | ---- | M] (WindSolutions) -- C:\Users\user\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransPhoto.exe
[2011.03.05 13:00:56 | 003,462,184 | ---- | M] (WindSolutions) -- C:\Users\user\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTrans_Suite_v2.230_DE.exe
[2011.04.04 22:59:29 | 003,461,672 | ---- | M] (WindSolutions) -- C:\Users\user\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTrans_Suite_v2.270_DE.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\IaStor.sys
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
[2008.04.22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_054cd65f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,590 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.02.14 21:37:19 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.02.14 21:37:20 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
========== Files - Unicode (All) ==========
[2009.10.17 18:45:02 | 000,011,495 | ---- | C] ()(C:\Users\user\Documents\s?.docx) -- C:\Users\user\Documents\ση.docx
[2009.05.01 23:52:50 | 000,011,495 | ---- | M] ()(C:\Users\user\Documents\s?.docx) -- C:\Users\user\Documents\ση.docx

< End of report >

--- --- ---

cosinus · 10.10.2012, 10:50

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-607869263-2521240367-2525269947-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=8Lgl36VUGK9oizguCdCoCyT4FZ8?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {adca5064-9e30-43fe-9856-58b07a3149fe}:3.13.0.6
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - user.js - File not found
[2011.02.11 17:19:00 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4851ed5r.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.07.15 12:57:51 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4851ed5r.default\extensions\plugin@yontoo.com
[2012.06.08 18:31:32 | 000,000,961 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\4851ed5r.default\searchplugins\icqplugin-1.xml
[2011.12.23 19:13:34 | 000,001,069 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\4851ed5r.default\searchplugins\icqplugin.xml
[2011.06.13 18:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.10.17 14:47:15 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [NPSStartup]  File not found
:Files
C:\Users\user\AppData\Roaming\.#
C:\Program Files\Yontoo Layers
C:\ProgramData\Tarma Installer
C:\Users\All Users\Tarma Installer
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4851ed5r.default\extensions\plugin@yontoo.com
C:\Users\user\Downloads\SoftonicDownloader_fuer_java-se-runtime-environment-jre.exe
G:\*.lnk
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Alex95 · 10.10.2012, 18:21

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-607869263-2521240367-2525269947-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-607869263-2521240367-2525269947-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: plugin@yontoo.com:1.20.00 removed from extensions.enabledItems
Prefs.js: {adca5064-9e30-43fe-9856-58b07a3149fe}:3.13.0.6 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL
Folder C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4851ed5r.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Folder C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\4851ed5r.default\extensions\plugin@yontoo.com\ not found.
File C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\4851ed5r.default\searchplugins\icqplugin-1.xml not found.
File C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\4851ed5r.default\searchplugins\icqplugin.xml not found.
Folder C:\Program Files\Mozilla Firefox\extensions\ not found.
Folder C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup not found.
========== FILES ==========
File\Folder C:\Users\user\AppData\Roaming\.# not found.
File\Folder C:\Program Files\Yontoo Layers not found.
File\Folder C:\ProgramData\Tarma Installer not found.
File\Folder C:\Users\All Users\Tarma Installer not found.
File\Folder C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4851ed5r.default\extensions\plugin@yontoo.com not found.
File\Folder C:\Users\user\Downloads\SoftonicDownloader_fuer_java-se-runtime-environment-jre.exe not found.
File\Folder G:\*.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
c:\Users\user\Downloads\cmd.bat deleted successfully.
c:\Users\user\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: user
->Temp folder emptied: 219449 bytes
->Temporary Internet Files folder emptied: 486771 bytes
->Java cache emptied: 4770146 bytes
->FireFox cache emptied: 84023805 bytes
->Google Chrome cache emptied: 43609869 bytes
->Apple Safari cache emptied: 195821568 bytes
->Flash cache emptied: 3174248 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1030205784 bytes
RecycleBin emptied: 5107503844 bytes
 
Total Files Cleaned = 6.170,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 10102012_191154

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Vielen Lieben Dank für die Mühe, die Sie sich gemacht haben!

cosinus · 11.10.2012, 09:48

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Alex95 · 11.10.2012, 17:39

Code:

ATTFilter

18:35:29.0151 4536  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:35:29.0619 4536  ============================================================
18:35:29.0619 4536  Current date / time: 2012/10/11 18:35:29.0619
18:35:29.0619 4536  SystemInfo:
18:35:29.0619 4536  
18:35:29.0619 4536  OS Version: 6.0.6001 ServicePack: 1.0
18:35:29.0619 4536  Product type: Workstation
18:35:29.0619 4536  ComputerName: USER-PC
18:35:29.0619 4536  UserName: user
18:35:29.0619 4536  Windows directory: C:\Windows
18:35:29.0619 4536  System windows directory: C:\Windows
18:35:29.0619 4536  Processor architecture: Intel x86
18:35:29.0619 4536  Number of processors: 2
18:35:29.0619 4536  Page size: 0x1000
18:35:29.0619 4536  Boot type: Normal boot
18:35:29.0619 4536  ============================================================
18:35:30.0118 4536  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:35:30.0118 4536  Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:35:30.0118 4536  ============================================================
18:35:30.0118 4536  \Device\Harddisk0\DR0:
18:35:30.0133 4536  MBR partitions:
18:35:30.0133 4536  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x160D000, BlocksNum 0x23E21000
18:35:30.0133 4536  \Device\Harddisk3\DR3:
18:35:30.0133 4536  MBR partitions:
18:35:30.0133 4536  \Device\Harddisk3\DR3\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x3A384800
18:35:30.0133 4536  ============================================================
18:35:30.0196 4536  C: <-> \Device\Harddisk0\DR0\Partition1
18:35:30.0523 4536  G: <-> \Device\Harddisk3\DR3\Partition1
18:35:30.0523 4536  ============================================================
18:35:30.0523 4536  Initialize success
18:35:30.0523 4536  ============================================================
18:36:19.0493 6776  ============================================================
18:36:19.0493 6776  Scan started
18:36:19.0493 6776  Mode: Manual; SigCheck; TDLFS; 
18:36:19.0493 6776  ============================================================
18:36:20.0164 6776  ================ Scan system memory ========================
18:36:20.0164 6776  System memory - ok
18:36:20.0164 6776  ================ Scan services =============================
18:36:20.0710 6776  [ 35F57598F0589FEB3C3ABC1621BF329F ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:36:20.0819 6776  ACDaemon - ok
18:36:21.0349 6776  [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI            C:\Windows\system32\drivers\acpi.sys
18:36:21.0380 6776  ACPI - ok
18:36:21.0505 6776  [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 c:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
18:36:21.0505 6776  AdobeActiveFileMonitor6.0 - ok
18:36:21.0599 6776  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:36:21.0646 6776  adp94xx - ok
18:36:21.0692 6776  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:36:21.0708 6776  adpahci - ok
18:36:21.0755 6776  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
18:36:21.0770 6776  adpu160m - ok
18:36:21.0817 6776  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:36:21.0833 6776  adpu320 - ok
18:36:21.0880 6776  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:36:21.0989 6776  AeLookupSvc - ok
18:36:22.0114 6776  [ 48EB99503533C27AC6135648E5474457 ] AFD             C:\Windows\system32\drivers\afd.sys
18:36:22.0238 6776  AFD - ok
18:36:22.0285 6776  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:36:22.0301 6776  agp440 - ok
18:36:22.0348 6776  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
18:36:22.0363 6776  aic78xx - ok
18:36:22.0426 6776  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
18:36:22.0628 6776  ALG - ok
18:36:22.0660 6776  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:36:22.0675 6776  aliide - ok
18:36:22.0722 6776  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:36:22.0738 6776  amdagp - ok
18:36:22.0847 6776  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:36:22.0862 6776  amdide - ok
18:36:22.0925 6776  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
18:36:22.0972 6776  AmdK7 - ok
18:36:23.0003 6776  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:36:23.0050 6776  AmdK8 - ok
18:36:23.0206 6776  [ 6ACC11E9D2F01C88251123D26C1C5489 ] AntiVirFirewallService C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
18:36:23.0252 6776  AntiVirFirewallService - ok
18:36:23.0284 6776  [ B7FA28AEFA586FB5A04876C7B31D03E6 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
18:36:23.0330 6776  AntiVirMailService - ok
18:36:23.0393 6776  [ 2E35310D600F4CC64624786A813A041E ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:36:23.0393 6776  AntiVirSchedulerService - ok
18:36:23.0440 6776  [ 984102B9E2F6513008ED4E0C5AC4151D ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:36:23.0455 6776  AntiVirService - ok
18:36:23.0533 6776  [ 9BC7247FD7379307BCFF92CF8EB64B87 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:36:23.0564 6776  AntiVirWebService - ok
18:36:23.0642 6776  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
18:36:23.0689 6776  Appinfo - ok
18:36:23.0783 6776  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:36:23.0783 6776  Apple Mobile Device - ok
18:36:23.0798 6776  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
18:36:23.0814 6776  arc - ok
18:36:23.0861 6776  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:36:23.0861 6776  arcsas - ok
18:36:23.0923 6776  [ 857B48965A0503B7AB795D4BFE7CBD8B ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
18:36:23.0923 6776  ArcSoftKsUFilter - ok
18:36:24.0032 6776  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:36:24.0048 6776  aspnet_state - ok
18:36:24.0095 6776  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:36:24.0157 6776  AsyncMac - ok
18:36:24.0173 6776  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:36:24.0173 6776  atapi - ok
18:36:24.0454 6776  [ 8BE56F8300E1C37B578DA23C71816B7A ] athr            C:\Windows\system32\DRIVERS\athr.sys
18:36:24.0688 6776  athr - ok
18:36:24.0797 6776  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:36:24.0828 6776  AudioEndpointBuilder - ok
18:36:24.0844 6776  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:36:24.0875 6776  Audiosrv - ok
18:36:24.0968 6776  [ E6263CDD0EF3B98CFA2A251A21D8BE2E ] avfwim          C:\Windows\system32\DRIVERS\avfwim.sys
18:36:25.0000 6776  avfwim - ok
18:36:25.0093 6776  [ 48929A52C039738C3193581F7FC483A5 ] avfwot          C:\Windows\system32\DRIVERS\avfwot.sys
18:36:25.0093 6776  avfwot - ok
18:36:25.0156 6776  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
18:36:25.0171 6776  avgntflt - ok
18:36:25.0187 6776  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
18:36:25.0202 6776  avipbb - ok
18:36:25.0249 6776  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
18:36:25.0280 6776  avkmgr - ok
18:36:25.0421 6776  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:36:25.0514 6776  Beep - ok
18:36:25.0561 6776  [ 8582E233C346AEFE759833E8A30DD697 ] BFE             C:\Windows\System32\bfe.dll
18:36:25.0608 6776  BFE - ok
18:36:25.0686 6776  [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS            C:\Windows\System32\qmgr.dll
18:36:25.0780 6776  BITS - ok
18:36:25.0826 6776  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
18:36:25.0889 6776  blbdrive - ok
18:36:26.0029 6776  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:36:26.0060 6776  Bonjour Service - ok
18:36:26.0107 6776  [ 8153396D5551276227FA146900F734E6 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:36:26.0170 6776  bowser - ok
18:36:26.0201 6776  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
18:36:26.0248 6776  BrFiltLo - ok
18:36:26.0263 6776  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
18:36:26.0310 6776  BrFiltUp - ok
18:36:26.0404 6776  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
18:36:26.0528 6776  Browser - ok
18:36:26.0575 6776  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
18:36:26.0778 6776  Brserid - ok
18:36:26.0809 6776  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
18:36:26.0903 6776  BrSerWdm - ok
18:36:26.0981 6776  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
18:36:27.0059 6776  BrUsbMdm - ok
18:36:27.0121 6776  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
18:36:27.0277 6776  BrUsbSer - ok
18:36:27.0355 6776  [ AE19CFBBBA41800F3D5343E21D2CA09F ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
18:36:27.0433 6776  BthEnum - ok
18:36:27.0527 6776  [ 5FFA6988FF9597986FF2ADA736CC90C0 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:36:27.0574 6776  BTHMODEM - ok
18:36:27.0589 6776  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
18:36:27.0636 6776  BthPan - ok
18:36:27.0667 6776  [ 75F19DF0BC62992D05FDD8A32D968531 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
18:36:27.0730 6776  BTHPORT - ok
18:36:27.0792 6776  [ FC930B47A83F5F61DFADC64A0719DE43 ] BthServ         C:\Windows\System32\bthserv.dll
18:36:27.0839 6776  BthServ - ok
18:36:27.0839 6776  [ 4CE2A25C5936BC515357D60FEE73F221 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
18:36:27.0870 6776  BTHUSB - ok
18:36:27.0917 6776  [ 14164C0CFD9D5A2704FDAB93A9688630 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
18:36:27.0917 6776  btwaudio - ok
18:36:27.0948 6776  [ 94DC6E5F3F532C5054F078D845714129 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
18:36:27.0948 6776  btwavdt - ok
18:36:28.0026 6776  [ C832A3622A35CA7C595EA8CA385BA813 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
18:36:28.0088 6776  btwdins - ok
18:36:28.0120 6776  [ B9920FB30BCAFF10C111654909B275C9 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
18:36:28.0135 6776  btwl2cap - ok
18:36:28.0182 6776  [ 61E29BA977B972C9BAA847CC11D48C3D ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
18:36:28.0198 6776  btwrchid - ok
18:36:28.0307 6776  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:36:28.0369 6776  cdfs - ok
18:36:28.0416 6776  [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:36:28.0463 6776  cdrom - ok
18:36:28.0588 6776  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc     C:\Windows\System32\certprop.dll
18:36:28.0681 6776  CertPropSvc - ok
18:36:28.0697 6776  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
18:36:28.0744 6776  circlass - ok
18:36:28.0775 6776  [ 465745561C832B29F7C48B488AAB3842 ] CLFS            C:\Windows\system32\CLFS.sys
18:36:28.0790 6776  CLFS - ok
18:36:28.0822 6776  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:36:28.0837 6776  clr_optimization_v2.0.50727_32 - ok
18:36:28.0993 6776  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:36:28.0993 6776  clr_optimization_v4.0.30319_32 - ok
18:36:29.0071 6776  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:36:29.0102 6776  CmBatt - ok
18:36:29.0134 6776  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:36:29.0149 6776  cmdide - ok
18:36:29.0196 6776  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:36:29.0212 6776  Compbatt - ok
18:36:29.0212 6776  COMSysApp - ok
18:36:29.0274 6776  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:36:29.0290 6776  crcdisk - ok
18:36:29.0321 6776  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
18:36:29.0336 6776  Crusoe - ok
18:36:29.0430 6776  [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:36:29.0477 6776  CryptSvc - ok
18:36:29.0664 6776  [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:36:29.0758 6776  DcomLaunch - ok
18:36:29.0804 6776  [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:36:29.0867 6776  DfsC - ok
18:36:29.0976 6776  [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR            C:\Windows\system32\DFSR.exe
18:36:30.0163 6776  DFSR - ok
18:36:30.0226 6776  [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
18:36:30.0272 6776  Dhcp - ok
18:36:30.0319 6776  [ 64109E623ABD6955C8FB110B592E68B7 ] disk            C:\Windows\system32\drivers\disk.sys
18:36:30.0335 6776  disk - ok
18:36:30.0428 6776  [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall         C:\Windows\system32\DRIVERS\DMICall.sys
18:36:30.0444 6776  DMICall - ok
18:36:30.0491 6776  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:36:30.0553 6776  Dnscache - ok
18:36:30.0584 6776  [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:36:30.0600 6776  dot3svc - ok
18:36:30.0662 6776  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
18:36:30.0694 6776  Dot4 - ok
18:36:30.0787 6776  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:36:30.0803 6776  Dot4Print - ok
18:36:30.0865 6776  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
18:36:30.0959 6776  dot4usb - ok
18:36:30.0990 6776  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
18:36:31.0052 6776  DPS - ok
18:36:31.0115 6776  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:36:31.0146 6776  drmkaud - ok
18:36:31.0193 6776  [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:36:31.0364 6776  DXGKrnl - ok
18:36:31.0411 6776  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
18:36:31.0442 6776  E1G60 - ok
18:36:31.0474 6776  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
18:36:31.0520 6776  EapHost - ok
18:36:31.0567 6776  [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache          C:\Windows\system32\drivers\ecache.sys
18:36:31.0567 6776  Ecache - ok
18:36:31.0661 6776  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:36:31.0739 6776  ehRecvr - ok
18:36:31.0786 6776  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
18:36:31.0832 6776  ehSched - ok
18:36:31.0864 6776  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
18:36:31.0926 6776  ehstart - ok
18:36:32.0098 6776  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:36:32.0160 6776  elxstor - ok
18:36:32.0254 6776  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
18:36:32.0363 6776  EMDMgmt - ok
18:36:32.0441 6776  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:36:32.0503 6776  ErrDev - ok
18:36:32.0550 6776  [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem     C:\Windows\system32\es.dll
18:36:32.0597 6776  EventSystem - ok
18:36:32.0862 6776  [ BA6063E3375F9BC11A9C8450A7F61E70 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:36:32.0940 6776  EvtEng ( UnsignedFile.Multi.Generic ) - warning
18:36:32.0940 6776  EvtEng - detected UnsignedFile.Multi.Generic (1)
18:36:33.0049 6776  [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat           C:\Windows\system32\drivers\exfat.sys
18:36:33.0096 6776  exfat - ok
18:36:33.0158 6776  [ 3C489390C2E2064563727752AF8EAB9E ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:36:33.0205 6776  fastfat - ok
18:36:33.0283 6776  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:36:33.0330 6776  fdc - ok
18:36:33.0377 6776  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:36:33.0408 6776  fdPHost - ok
18:36:33.0424 6776  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:36:33.0517 6776  FDResPub - ok
18:36:33.0564 6776  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:36:33.0564 6776  FileInfo - ok
18:36:33.0580 6776  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:36:33.0658 6776  Filetrace - ok
18:36:33.0767 6776  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:36:33.0845 6776  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:36:33.0845 6776  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:36:33.0892 6776  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:36:33.0923 6776  flpydisk - ok
18:36:33.0938 6776  [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:36:33.0954 6776  FltMgr - ok
18:36:34.0110 6776  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:36:34.0110 6776  FontCache3.0.0.0 - ok
18:36:34.0344 6776  [ 93B5CD0AC126BE95F65B28AF3D9542DC ] FreemakeVideoCapture C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
18:36:34.0344 6776  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - warning
18:36:34.0344 6776  FreemakeVideoCapture - detected UnsignedFile.Multi.Generic (1)
18:36:34.0531 6776  [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk     C:\Windows\system32\FsUsbExDisk.SYS
18:36:34.0547 6776  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
18:36:34.0547 6776  FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
18:36:34.0594 6776  [ D3F9205CC4CB07553F2F9472C767EA87 ] FsUsbExService  C:\Windows\system32\FsUsbExService.Exe
18:36:34.0625 6776  FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
18:36:34.0625 6776  FsUsbExService - detected UnsignedFile.Multi.Generic (1)
18:36:34.0672 6776  [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:36:34.0750 6776  Fs_Rec - ok
18:36:34.0812 6776  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:36:34.0828 6776  gagp30kx - ok
18:36:34.0937 6776  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:36:34.0952 6776  GEARAspiWDM - ok
18:36:35.0046 6776  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
18:36:35.0062 6776  GoogleDesktopManager-051210-111108 - ok
18:36:35.0311 6776  [ D9F1113D9401185245573350712F92FC ] gpsvc           C:\Windows\System32\gpsvc.dll
18:36:35.0420 6776  gpsvc - ok
18:36:35.0514 6776  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
18:36:35.0530 6776  gupdate - ok
18:36:35.0545 6776  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:36:35.0545 6776  gupdatem - ok
18:36:35.0592 6776  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:36:35.0608 6776  gusvc - ok
18:36:35.0670 6776  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
18:36:35.0717 6776  hamachi - ok
18:36:35.0966 6776  [ 732ECA7B8647E7F39A875B3EE9CAEE9E ] Hamachi2Svc     C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
18:36:36.0044 6776  Hamachi2Svc - ok
18:36:36.0216 6776  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:36:36.0341 6776  HdAudAddService - ok
18:36:36.0372 6776  [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:36:36.0403 6776  HDAudBus - ok
18:36:36.0497 6776  [ 2FE6EF94B64D2DA60F400EB643086220 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:36:36.0544 6776  HidBth - ok
18:36:36.0559 6776  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:36:36.0653 6776  HidIr - ok
18:36:36.0700 6776  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv         C:\Windows\system32\hidserv.dll
18:36:36.0746 6776  hidserv - ok
18:36:36.0824 6776  [ E2B5BD48AFCC0F0974FB44641B223250 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:36:36.0856 6776  HidUsb - ok
18:36:36.0949 6776  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:36:37.0012 6776  hkmsvc - ok
18:36:37.0058 6776  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
18:36:37.0074 6776  HpCISSs - ok
18:36:37.0386 6776  [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:36:37.0417 6776  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
18:36:37.0417 6776  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
18:36:37.0448 6776  [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:36:37.0448 6776  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
18:36:37.0448 6776  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
18:36:37.0589 6776  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:36:37.0620 6776  HSFHWAZL - ok
18:36:37.0745 6776  [ 888D170D7FE1F2AB09ED72DA4CBD32D1 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:36:37.0963 6776  HSF_DPV - ok
18:36:37.0994 6776  [ 6734B167529A3542849CCDFEB49EE9F2 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:36:38.0057 6776  HSXHWAZL - ok
18:36:38.0088 6776  [ 96E241624C71211A79C84F50A8E71CAB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:36:38.0150 6776  HTTP - ok
18:36:38.0182 6776  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
18:36:38.0197 6776  i2omp - ok
18:36:38.0275 6776  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:36:38.0306 6776  i8042prt - ok
18:36:38.0416 6776  [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
18:36:38.0431 6776  iaStor - ok
18:36:38.0462 6776  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
18:36:38.0478 6776  iaStorV - ok
18:36:38.0572 6776  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:36:38.0587 6776  IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:36:38.0587 6776  IDriverT - detected UnsignedFile.Multi.Generic (1)
18:36:38.0759 6776  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:36:38.0852 6776  idsvc - ok
18:36:38.0899 6776  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:36:38.0899 6776  iirsp - ok
18:36:39.0071 6776  [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT          C:\Windows\System32\ikeext.dll
18:36:39.0149 6776  IKEEXT - ok
18:36:39.0352 6776  [ 5D26CCB06E1F3B5C26E863DF3F4F2611 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:36:39.0492 6776  IntcAzAudAddService - ok
18:36:39.0554 6776  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:36:39.0554 6776  intelide - ok
18:36:39.0601 6776  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:36:39.0648 6776  intelppm - ok
18:36:39.0679 6776  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:36:39.0726 6776  IPBusEnum - ok
18:36:39.0757 6776  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:36:39.0788 6776  IpFilterDriver - ok
18:36:39.0820 6776  [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:36:39.0866 6776  iphlpsvc - ok
18:36:39.0882 6776  IpInIp - ok
18:36:39.0913 6776  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
18:36:39.0960 6776  IPMIDRV - ok
18:36:39.0991 6776  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
18:36:40.0022 6776  IPNAT - ok
18:36:40.0163 6776  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:36:40.0225 6776  iPod Service - ok
18:36:40.0256 6776  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:36:40.0288 6776  IRENUM - ok
18:36:40.0303 6776  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:36:40.0319 6776  isapnp - ok
18:36:40.0381 6776  [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
18:36:40.0381 6776  iScsiPrt - ok
18:36:40.0412 6776  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
18:36:40.0412 6776  iteatapi - ok
18:36:40.0428 6776  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
18:36:40.0444 6776  iteraid - ok
18:36:40.0475 6776  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr       c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
18:36:40.0490 6776  IviRegMgr - ok
18:36:40.0553 6776  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:36:40.0568 6776  kbdclass - ok
18:36:40.0631 6776  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:36:40.0693 6776  kbdhid - ok
18:36:40.0740 6776  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso          C:\Windows\system32\lsass.exe
18:36:40.0818 6776  KeyIso - ok
18:36:40.0927 6776  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:36:40.0990 6776  KSecDD - ok
18:36:41.0036 6776  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:36:41.0083 6776  KtmRm - ok
18:36:41.0146 6776  [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:36:41.0224 6776  LanmanServer - ok
18:36:41.0255 6776  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:36:41.0317 6776  LanmanWorkstation - ok
18:36:41.0348 6776  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:36:41.0395 6776  lltdio - ok
18:36:41.0442 6776  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:36:41.0489 6776  lltdsvc - ok
18:36:41.0536 6776  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:36:41.0582 6776  lmhosts - ok
18:36:41.0645 6776  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:36:41.0660 6776  LSI_FC - ok
18:36:41.0692 6776  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:36:41.0707 6776  LSI_SAS - ok
18:36:41.0738 6776  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:36:41.0738 6776  LSI_SCSI - ok
18:36:41.0801 6776  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
18:36:41.0816 6776  luafv - ok
18:36:41.0863 6776  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:36:41.0879 6776  Mcx2Svc - ok
18:36:41.0957 6776  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:36:41.0972 6776  mdmxsdk - ok
18:36:42.0050 6776  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:36:42.0050 6776  megasas - ok
18:36:42.0128 6776  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
18:36:42.0144 6776  MegaSR - ok
18:36:42.0222 6776  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:36:42.0238 6776  Microsoft Office Groove Audit Service - ok
18:36:42.0269 6776  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
18:36:42.0300 6776  MMCSS - ok
18:36:42.0362 6776  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
18:36:42.0440 6776  Modem - ok
18:36:42.0472 6776  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:36:42.0534 6776  monitor - ok
18:36:42.0550 6776  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:36:42.0565 6776  mouclass - ok
18:36:42.0596 6776  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:36:42.0643 6776  mouhid - ok
18:36:42.0659 6776  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
18:36:42.0659 6776  MountMgr - ok
18:36:42.0752 6776  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:36:42.0752 6776  mpio - ok
18:36:42.0784 6776  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:36:42.0799 6776  mpsdrv - ok
18:36:42.0877 6776  [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:36:42.0955 6776  MpsSvc - ok
18:36:43.0049 6776  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
18:36:43.0064 6776  Mraid35x - ok
18:36:43.0096 6776  [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:36:43.0174 6776  MRxDAV - ok
18:36:43.0220 6776  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:36:43.0252 6776  mrxsmb - ok
18:36:43.0298 6776  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:36:43.0330 6776  mrxsmb10 - ok
18:36:43.0345 6776  [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:36:43.0361 6776  mrxsmb20 - ok
18:36:43.0423 6776  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
18:36:43.0439 6776  msahci - ok
18:36:43.0564 6776  [ A99D2C7E30AD63EF920A894131CAF5F7 ] MSCSPTISRV      C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
18:36:43.0579 6776  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
18:36:43.0579 6776  MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
18:36:43.0626 6776  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:36:43.0642 6776  msdsm - ok
18:36:43.0673 6776  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
18:36:43.0704 6776  MSDTC - ok
18:36:43.0751 6776  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:36:43.0829 6776  Msfs - ok
18:36:43.0891 6776  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:36:43.0907 6776  msisadrv - ok
18:36:43.0938 6776  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:36:44.0000 6776  MSiSCSI - ok
18:36:44.0000 6776  msiserver - ok
18:36:44.0032 6776  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:36:44.0078 6776  MSKSSRV - ok
18:36:44.0078 6776  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:36:44.0110 6776  MSPCLOCK - ok
18:36:44.0125 6776  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:36:44.0172 6776  MSPQM - ok
18:36:44.0188 6776  [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:36:44.0203 6776  MsRPC - ok
18:36:44.0234 6776  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:36:44.0250 6776  mssmbios - ok
18:36:44.0297 6776  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:36:44.0312 6776  MSTEE - ok
18:36:44.0359 6776  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup             C:\Windows\system32\Drivers\mup.sys
18:36:44.0375 6776  Mup - ok
18:36:44.0500 6776  [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent        C:\Windows\system32\qagentRT.dll
18:36:44.0546 6776  napagent - ok
18:36:44.0624 6776  [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:36:44.0656 6776  NativeWifiP - ok
18:36:44.0687 6776  [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:36:44.0718 6776  NDIS - ok
18:36:44.0765 6776  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:36:44.0827 6776  NdisTapi - ok
18:36:44.0858 6776  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:36:44.0890 6776  Ndisuio - ok
18:36:44.0936 6776  [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:36:44.0968 6776  NdisWan - ok
18:36:45.0014 6776  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:36:45.0030 6776  NDProxy - ok
18:36:45.0108 6776  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:36:45.0108 6776  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:36:45.0108 6776  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:36:45.0124 6776  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:36:45.0202 6776  NetBIOS - ok
18:36:45.0233 6776  [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
18:36:45.0311 6776  netbt - ok
18:36:45.0342 6776  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon        C:\Windows\system32\lsass.exe
18:36:45.0358 6776  Netlogon - ok
18:36:45.0420 6776  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
18:36:45.0498 6776  Netman - ok
18:36:45.0592 6776  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
18:36:45.0716 6776  netprofm - ok
18:36:45.0763 6776  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:36:45.0779 6776  NetTcpPortSharing - ok
18:36:46.0340 6776  [ BA420E8EBFCAD35581FE8E4C64F71469 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
18:36:46.0824 6776  NETw5v32 - ok
18:36:46.0871 6776  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:36:46.0886 6776  nfrd960 - ok
18:36:46.0949 6776  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:36:47.0042 6776  NlaSvc - ok
18:36:47.0120 6776  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] npf             C:\Windows\system32\drivers\npf.sys
18:36:47.0136 6776  npf - ok
18:36:47.0167 6776  [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:36:47.0261 6776  Npfs - ok
18:36:47.0370 6776  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
18:36:47.0401 6776  nsi - ok
18:36:47.0479 6776  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:36:47.0526 6776  nsiproxy - ok
18:36:47.0713 6776  [ B30F5C423B45A6668EADAD883678E2D0 ] NSUService      C:\Program Files\sony\Network Utility\NSUService.exe
18:36:47.0760 6776  NSUService ( UnsignedFile.Multi.Generic ) - warning
18:36:47.0760 6776  NSUService - detected UnsignedFile.Multi.Generic (1)
18:36:47.0838 6776  [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:36:47.0947 6776  Ntfs - ok
18:36:48.0056 6776  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
18:36:48.0166 6776  ntrigdigi - ok
18:36:48.0212 6776  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
18:36:48.0290 6776  Null - ok
18:36:48.0930 6776  [ E8651DCE7DB8094D06D2D2622DF98982 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:36:49.0975 6776  nvlddmkm - ok
18:36:50.0038 6776  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:36:50.0053 6776  nvraid - ok
18:36:50.0084 6776  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:36:50.0100 6776  nvstor - ok
18:36:50.0194 6776  [ 0B6471146E52A04F7788B895A82AC647 ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:36:50.0287 6776  nvsvc - ok
18:36:50.0318 6776  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:36:50.0334 6776  nv_agp - ok
18:36:50.0334 6776  NwlnkFlt - ok
18:36:50.0350 6776  NwlnkFwd - ok
18:36:50.0599 6776  [ E54AA592A65F317390EEE386A8821692 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:36:50.0662 6776  odserv - ok
18:36:50.0755 6776  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
18:36:50.0802 6776  ohci1394 - ok
18:36:50.0880 6776  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:36:50.0896 6776  ose - ok
18:36:50.0989 6776  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
18:36:51.0067 6776  p2pimsvc - ok
18:36:51.0083 6776  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:36:51.0145 6776  p2psvc - ok
18:36:51.0176 6776  [ 41C33FB4FD929FED732A00D2DAEF5BE0 ] PACSPTISVR      C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
18:36:51.0239 6776  PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
18:36:51.0239 6776  PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
18:36:51.0270 6776  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
18:36:51.0332 6776  Parport - ok
18:36:51.0364 6776  [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:36:51.0364 6776  partmgr - ok
18:36:51.0442 6776  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
18:36:51.0504 6776  Parvdm - ok
18:36:51.0551 6776  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:36:51.0598 6776  PcaSvc - ok
18:36:51.0707 6776  [ 175CC28DCF819F78CAA3FBD44AD9E52A ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
18:36:51.0754 6776  pccsmcfd - ok
18:36:51.0832 6776  [ 01B94418DEB235DFF777CC80076354B4 ] pci             C:\Windows\system32\drivers\pci.sys
18:36:51.0847 6776  pci - ok
18:36:51.0894 6776  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
18:36:51.0910 6776  pciide - ok
18:36:51.0972 6776  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:36:51.0988 6776  pcmcia - ok
18:36:52.0066 6776  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:36:52.0175 6776  PEAUTH - ok
18:36:52.0268 6776  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
18:36:52.0409 6776  pla - ok
18:36:52.0440 6776  [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:36:52.0502 6776  PlugPlay - ok
18:36:52.0612 6776  [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:36:52.0643 6776  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:36:52.0643 6776  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:36:52.0690 6776  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
18:36:52.0705 6776  PNRPAutoReg - ok
18:36:52.0736 6776  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
18:36:52.0768 6776  PNRPsvc - ok
18:36:52.0924 6776  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:36:53.0048 6776  PolicyAgent - ok
18:36:53.0095 6776  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:36:53.0142 6776  PptpMiniport - ok
18:36:53.0189 6776  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
18:36:53.0220 6776  Processor - ok
18:36:53.0282 6776  [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:36:53.0314 6776  ProfSvc - ok
18:36:53.0360 6776  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:36:53.0376 6776  ProtectedStorage - ok
18:36:53.0423 6776  [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
18:36:53.0501 6776  PSched - ok
18:36:53.0516 6776  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
18:36:53.0532 6776  PxHelp20 - ok
18:36:53.0750 6776  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:36:53.0828 6776  ql2300 - ok
18:36:53.0875 6776  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:36:53.0891 6776  ql40xx - ok
18:36:53.0969 6776  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
18:36:54.0016 6776  QWAVE - ok
18:36:54.0047 6776  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:36:54.0094 6776  QWAVEdrv - ok
18:36:54.0109 6776  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:36:54.0187 6776  RasAcd - ok
18:36:54.0250 6776  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
18:36:54.0328 6776  RasAuto - ok
18:36:54.0359 6776  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:36:54.0390 6776  Rasl2tp - ok
18:36:54.0452 6776  [ AFB474438762F0418060653F7294D92C ] RasMan          C:\Windows\System32\rasmans.dll
18:36:54.0515 6776  RasMan - ok
18:36:54.0530 6776  [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:36:54.0562 6776  RasPppoe - ok
18:36:54.0608 6776  [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:36:54.0624 6776  RasSstp - ok
18:36:54.0686 6776  [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:36:54.0749 6776  rdbss - ok
18:36:54.0796 6776  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:36:54.0858 6776  RDPCDD - ok
18:36:54.0920 6776  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
18:36:54.0952 6776  rdpdr - ok
18:36:54.0952 6776  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:36:54.0998 6776  RDPENCDD - ok
18:36:55.0045 6776  [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:36:55.0108 6776  RDPWD - ok
18:36:55.0139 6776  [ 001B4278407F4303EFC902A2B16F2453 ] regi            C:\Windows\system32\drivers\regi.sys
18:36:55.0139 6776  regi - ok
18:36:55.0201 6776  [ 7EEEEC28A34516E66137F355DCC15BDB ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:36:55.0217 6776  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
18:36:55.0217 6776  RegSrvc - detected UnsignedFile.Multi.Generic (1)
18:36:55.0264 6776  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:36:55.0295 6776  RemoteAccess - ok
18:36:55.0342 6776  [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:36:55.0373 6776  RemoteRegistry - ok
18:36:55.0420 6776  [ 23F486726DA7A9B2F3EC7326421A9C36 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
18:36:55.0435 6776  RFCOMM - ok
18:36:55.0482 6776  [ F7D9ECF41EBD3CF6C65944368150F66B ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
18:36:55.0544 6776  rimsptsk - ok
18:36:55.0591 6776  [ 1BE6C42767A7C67BA31AE32B293B37A3 ] risdptsk        C:\Windows\system32\DRIVERS\risdptsk.sys
18:36:55.0607 6776  risdptsk - ok
18:36:55.0622 6776  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
18:36:55.0700 6776  RpcLocator - ok
18:36:55.0732 6776  [ 301AE00E12408650BADDC04DBC832830 ] RpcSs           C:\Windows\system32\rpcss.dll
18:36:55.0763 6776  RpcSs - ok
18:36:55.0810 6776  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:36:55.0841 6776  rspndr - ok
18:36:55.0841 6776  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs           C:\Windows\system32\lsass.exe
18:36:55.0856 6776  SamSs - ok
18:36:55.0888 6776  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:36:55.0903 6776  sbp2port - ok
18:36:55.0934 6776  [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:36:56.0012 6776  SCardSvr - ok
18:36:56.0075 6776  [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule        C:\Windows\system32\schedsvc.dll
18:36:56.0122 6776  Schedule - ok
18:36:56.0231 6776  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:36:56.0262 6776  SCPolicySvc - ok
18:36:56.0309 6776  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
18:36:56.0387 6776  sdbus - ok
18:36:56.0418 6776  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:36:56.0496 6776  SDRSVC - ok
18:36:56.0512 6776  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:36:56.0574 6776  secdrv - ok
18:36:56.0590 6776  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
18:36:56.0621 6776  seclogon - ok
18:36:56.0668 6776  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
18:36:56.0730 6776  SENS - ok
18:36:56.0777 6776  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:36:56.0824 6776  Serenum - ok
18:36:56.0870 6776  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
18:36:56.0917 6776  Serial - ok
18:36:56.0980 6776  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:36:57.0011 6776  sermouse - ok
18:36:57.0182 6776  [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
18:36:57.0198 6776  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
18:36:57.0198 6776  ServiceLayer - detected UnsignedFile.Multi.Generic (1)
18:36:57.0260 6776  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:36:57.0292 6776  SessionEnv - ok
18:36:57.0385 6776  [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP            C:\Windows\system32\DRIVERS\SFEP.sys
18:36:57.0479 6776  SFEP - ok
18:36:57.0541 6776  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:36:57.0557 6776  sffdisk - ok
18:36:57.0604 6776  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:36:57.0666 6776  sffp_mmc - ok
18:36:57.0682 6776  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:36:57.0728 6776  sffp_sd - ok
18:36:57.0760 6776  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:36:57.0838 6776  sfloppy - ok
18:36:57.0916 6776  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:36:57.0994 6776  SharedAccess - ok
18:36:58.0118 6776  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:36:58.0212 6776  ShellHWDetection - ok
18:36:58.0228 6776  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
18:36:58.0228 6776  sisagp - ok
18:36:58.0274 6776  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
18:36:58.0274 6776  SiSRaid2 - ok
18:36:58.0321 6776  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:36:58.0321 6776  SiSRaid4 - ok
18:36:58.0664 6776  [ 0BA91E1358AD25236863039BB2609A2E ] slsvc           C:\Windows\system32\SLsvc.exe
18:36:58.0836 6776  slsvc - ok
18:36:58.0883 6776  [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
18:36:58.0945 6776  SLUINotify - ok
18:36:58.0961 6776  [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:36:59.0039 6776  Smb - ok
18:36:59.0070 6776  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:36:59.0086 6776  SNMPTRAP - ok
18:36:59.0226 6776  [ 1A9DD46C547646A54CDB4065C1996A07 ] SOHCImp         C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
18:36:59.0242 6776  SOHCImp - ok
18:36:59.0351 6776  [ 2E1B0D8278BB616148DDCA13DAE87544 ] SOHDms          C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
18:36:59.0398 6776  SOHDms - ok
18:36:59.0429 6776  [ 892529EE03211C35AEA7132E119F4862 ] SOHDs           C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
18:36:59.0429 6776  SOHDs - ok
18:36:59.0460 6776  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
18:36:59.0476 6776  spldr - ok
18:36:59.0522 6776  [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler         C:\Windows\System32\spoolsv.exe
18:36:59.0600 6776  Spooler - ok
18:36:59.0632 6776  [ F63102F289AE2039940B22E9B2A8E0BD ] SPTISRV         C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
18:36:59.0663 6776  SPTISRV ( UnsignedFile.Multi.Generic ) - warning
18:36:59.0663 6776  SPTISRV - detected UnsignedFile.Multi.Generic (1)
18:36:59.0694 6776  [ 2252AEF839B1093D16761189F45AF885 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:36:59.0741 6776  srv - ok
18:36:59.0803 6776  [ B7FF59408034119476B00A81BB53D5D1 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:36:59.0866 6776  srv2 - ok
18:36:59.0912 6776  [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:36:59.0944 6776  srvnet - ok
18:37:00.0022 6776  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:37:00.0053 6776  SSDPSRV - ok
18:37:00.0131 6776  [ EF3504DD32E2EA222BE0CBC9A0895F89 ] SSHDRV76        C:\Windows\system32\drivers\SSHDRV76.sys
18:37:00.0162 6776  SSHDRV76 ( UnsignedFile.Multi.Generic ) - warning
18:37:00.0162 6776  SSHDRV76 - detected UnsignedFile.Multi.Generic (1)
18:37:00.0209 6776  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
18:37:00.0224 6776  ssmdrv - ok
18:37:00.0271 6776  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:37:00.0318 6776  SstpSvc - ok
18:37:00.0349 6776  [ EAA66218CD39F5BB1B4853A78C67C787 ] ss_bbus         C:\Windows\system32\DRIVERS\ss_bbus.sys
18:37:00.0365 6776  ss_bbus - ok
18:37:00.0412 6776  [ 91765F99914ED8693D8BC76524F21581 ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
18:37:00.0427 6776  ss_bmdfl - ok
18:37:00.0490 6776  [ 840E7B738B03C10EE91D9B7D3D6EFF15 ] ss_bmdm         C:\Windows\system32\DRIVERS\ss_bmdm.sys
18:37:00.0505 6776  ss_bmdm - ok
18:37:00.0583 6776  [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc          C:\Windows\System32\wiaservc.dll
18:37:00.0599 6776  stisvc - ok
18:37:00.0630 6776  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:37:00.0646 6776  swenum - ok
18:37:00.0755 6776  [ B36C7CDB86F7F7A8E884479219766950 ] swprv           C:\Windows\System32\swprv.dll
18:37:00.0786 6776  swprv - ok
18:37:00.0817 6776  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
18:37:00.0833 6776  Symc8xx - ok
18:37:00.0880 6776  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
18:37:00.0895 6776  Sym_hi - ok
18:37:00.0911 6776  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
18:37:00.0926 6776  Sym_u3 - ok
18:37:01.0004 6776  [ A94629C2C456A6D002556563D6B8AD1A ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
18:37:01.0004 6776  SynTP - ok
18:37:01.0082 6776  [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain         C:\Windows\system32\sysmain.dll
18:37:01.0176 6776  SysMain - ok
18:37:01.0238 6776  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:37:01.0316 6776  TabletInputService - ok
18:37:01.0348 6776  [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:37:01.0426 6776  TapiSrv - ok
18:37:01.0472 6776  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
18:37:01.0550 6776  TBS - ok
18:37:01.0613 6776  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:37:01.0660 6776  Tcpip - ok
18:37:01.0675 6776  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
18:37:01.0800 6776  Tcpip6 - ok
18:37:01.0909 6776  [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:37:01.0972 6776  tcpipreg - ok
18:37:02.0018 6776  [ 55FE712F574DA1A726AD74B20886A529 ] TcUsb           C:\Windows\system32\Drivers\tcusb.sys
18:37:02.0018 6776  TcUsb - ok
18:37:02.0081 6776  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:37:02.0128 6776  TDPIPE - ok
18:37:02.0159 6776  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:37:02.0174 6776  TDTCP - ok
18:37:02.0237 6776  [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:37:02.0299 6776  tdx - ok
18:37:02.0346 6776  [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:37:02.0362 6776  TermDD - ok
18:37:02.0580 6776  [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService     C:\Windows\System32\termsrv.dll
18:37:02.0752 6776  TermService - ok
18:37:02.0830 6776  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes          C:\Windows\system32\shsvcs.dll
18:37:02.0861 6776  Themes - ok
18:37:02.0908 6776  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
18:37:02.0954 6776  THREADORDER - ok
18:37:03.0001 6776  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
18:37:03.0048 6776  TrkWks - ok
18:37:03.0282 6776  [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:37:03.0329 6776  TrustedInstaller - ok
18:37:03.0391 6776  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:37:03.0532 6776  tssecsrv - ok
18:37:03.0594 6776  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
18:37:03.0625 6776  tunmp - ok
18:37:03.0656 6776  [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:37:03.0688 6776  tunnel - ok
18:37:03.0734 6776  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:37:03.0750 6776  uagp35 - ok
18:37:03.0859 6776  [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor     C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
18:37:03.0859 6776  uCamMonitor - ok
18:37:03.0953 6776  [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:37:03.0984 6776  udfs - ok
18:37:04.0062 6776  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:37:04.0140 6776  UI0Detect - ok
18:37:04.0171 6776  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:37:04.0171 6776  uliagpkx - ok
18:37:04.0358 6776  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
18:37:04.0374 6776  uliahci - ok
18:37:04.0436 6776  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
18:37:04.0436 6776  UlSata - ok
18:37:04.0514 6776  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
18:37:04.0514 6776  ulsata2 - ok
18:37:04.0592 6776  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:37:04.0639 6776  umbus - ok
18:37:04.0764 6776  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
18:37:04.0858 6776  upnphost - ok
18:37:04.0982 6776  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
18:37:05.0060 6776  USBAAPL - ok
18:37:05.0107 6776  [ A7CD5B4ADEA26765CAB06BDAB7B07B13 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:37:05.0170 6776  usbccgp - ok
18:37:05.0201 6776  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:37:05.0279 6776  usbcir - ok
18:37:05.0310 6776  [ 686D4188AE36254C3008B71FEDACADF3 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:37:05.0341 6776  usbehci - ok
18:37:05.0357 6776  [ 4E42F665A658F08D153F7FFFE7C83806 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:37:05.0388 6776  usbhub - ok
18:37:05.0404 6776  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:37:05.0482 6776  usbohci - ok
18:37:05.0606 6776  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:37:05.0669 6776  usbprint - ok
18:37:05.0716 6776  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:37:05.0762 6776  usbscan - ok
18:37:05.0825 6776  [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:37:05.0887 6776  USBSTOR - ok
18:37:05.0934 6776  [ 40F95A3D6D50D82F947F1D167C2EC39D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:37:05.0950 6776  usbuhci - ok
18:37:05.0996 6776  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:37:06.0028 6776  usbvideo - ok
18:37:06.0059 6776  [ 032A0ACC3909AE7215D524E29D536797 ] UxSms           C:\Windows\System32\uxsms.dll
18:37:06.0137 6776  UxSms - ok
18:37:06.0308 6776  [ 2A640DC735CB0112AC1DCD1E1549B27E ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
18:37:06.0324 6776  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
18:37:06.0324 6776  VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
18:37:06.0371 6776  [ 2C3DBB9B671AB95245DED1EFC5276CE9 ] VAIO Event Service C:\Program Files\sony\VAIO Event Service\VESMgr.exe
18:37:06.0371 6776  VAIO Event Service - ok
18:37:06.0636 6776  [ C1ED0F71D3B9EA8D774FC7C4CBF7EE7F ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
18:37:06.0652 6776  VAIO Power Management - ok
18:37:06.0839 6776  [ 7773EB681E99217FD92E5E8A5A199AE5 ] VCFw            C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
18:37:06.0870 6776  VCFw ( UnsignedFile.Multi.Generic ) - warning
18:37:06.0870 6776  VCFw - detected UnsignedFile.Multi.Generic (1)
18:37:07.0088 6776  [ 2686B87EDC54ED215CE479AC9B7675DE ] VcmIAlzMgr      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
18:37:07.0151 6776  VcmIAlzMgr - ok
18:37:07.0276 6776  [ BB5781ED436D3E121F85617C3BBB7AD5 ] VcmXmlIfHelper  C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
18:37:07.0291 6776  VcmXmlIfHelper - ok
18:37:07.0291 6776  Vcsw - ok
18:37:07.0432 6776  [ B13BC395B9D6116628F5AF47E0802AC4 ] vds             C:\Windows\System32\vds.exe
18:37:07.0572 6776  vds - ok
18:37:07.0681 6776  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:37:07.0759 6776  vga - ok
18:37:07.0775 6776  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:37:07.0806 6776  VgaSave - ok
18:37:07.0884 6776  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
18:37:07.0900 6776  viaagp - ok
18:37:07.0946 6776  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
18:37:07.0978 6776  ViaC7 - ok
18:37:08.0071 6776  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
18:37:08.0071 6776  viaide - ok
18:37:08.0118 6776  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:37:08.0134 6776  volmgr - ok
18:37:08.0212 6776  [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:37:08.0227 6776  volmgrx - ok
18:37:08.0243 6776  [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:37:08.0258 6776  volsnap - ok
18:37:08.0321 6776  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:37:08.0336 6776  vsmraid - ok
18:37:08.0664 6776  [ D5FB73D19C46ADE183F968E13F186B23 ] VSS             C:\Windows\system32\vssvc.exe
18:37:08.0742 6776  VSS - ok
18:37:08.0945 6776  [ 071634532066C2E29350D450C3412837 ] VzCdbSvc        C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
18:37:08.0945 6776  VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
18:37:08.0945 6776  VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
18:37:09.0023 6776  [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time         C:\Windows\system32\w32time.dll
18:37:09.0085 6776  W32Time - ok
18:37:09.0148 6776  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:37:09.0210 6776  WacomPen - ok
18:37:09.0241 6776  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
18:37:09.0304 6776  Wanarp - ok
18:37:09.0319 6776  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:37:09.0335 6776  Wanarpv6 - ok
18:37:09.0428 6776  [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:37:09.0460 6776  wcncsvc - ok
18:37:09.0475 6776  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:37:09.0506 6776  WcsPlugInService - ok
18:37:09.0538 6776  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
18:37:09.0553 6776  Wd - ok
18:37:09.0662 6776  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:37:09.0694 6776  Wdf01000 - ok
18:37:09.0740 6776  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:37:09.0818 6776  WdiServiceHost - ok
18:37:09.0818 6776  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:37:09.0865 6776  WdiSystemHost - ok
18:37:09.0912 6776  [ CF9A5F41789B642DB967021DE06A2713 ] WebClient       C:\Windows\System32\webclnt.dll
18:37:09.0943 6776  WebClient - ok
18:37:10.0037 6776  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:37:10.0115 6776  Wecsvc - ok
18:37:10.0162 6776  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:37:10.0193 6776  wercplsupport - ok
18:37:10.0286 6776  [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:37:10.0349 6776  WerSvc - ok
18:37:10.0396 6776  [ 090A2B8F055343815556A01F725F6C35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
18:37:10.0411 6776  WimFltr - ok
18:37:10.0598 6776  [ F1265727C078406299FF4B3B033E3132 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:37:10.0708 6776  winachsf - ok
18:37:11.0004 6776  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
18:37:11.0035 6776  WinDefend - ok
18:37:11.0035 6776  WinHttpAutoProxySvc - ok
18:37:11.0160 6776  [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:37:11.0207 6776  Winmgmt - ok
18:37:11.0534 6776  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:37:11.0675 6776  WinRM - ok
18:37:11.0846 6776  [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:37:11.0971 6776  Wlansvc - ok
18:37:12.0002 6776  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:37:12.0080 6776  WmiAcpi - ok
18:37:12.0174 6776  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:37:12.0268 6776  wmiApSrv - ok
18:37:12.0533 6776  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:37:12.0658 6776  WMPNetworkSvc - ok
18:37:12.0782 6776  [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:37:12.0860 6776  WPCSvc - ok
18:37:12.0892 6776  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:37:12.0938 6776  WPDBusEnum - ok
18:37:12.0985 6776  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
18:37:13.0016 6776  WpdUsb - ok
18:37:13.0562 6776  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:37:13.0625 6776  WPFFontCache_v0400 - ok
18:37:13.0656 6776  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:37:13.0718 6776  ws2ifsl - ok
18:37:13.0796 6776  [ 683DD16B590372F2C9661D277F35E49C ] wscsvc          C:\Windows\System32\wscsvc.dll
18:37:13.0828 6776  wscsvc - ok
18:37:13.0828 6776  WSearch - ok
18:37:14.0140 6776  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:37:14.0264 6776  wuauserv - ok
18:37:14.0374 6776  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:37:14.0436 6776  WUDFRd - ok
18:37:14.0483 6776  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:37:14.0545 6776  wudfsvc - ok
18:37:14.0608 6776  [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
18:37:14.0670 6776  XAudio - ok
18:37:14.0779 6776  [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
18:37:14.0904 6776  XAudioService - ok
18:37:15.0122 6776  [ 9EEA6D029FEF5F3016D089B1A603837D ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
18:37:15.0200 6776  xnacc - ok
18:37:15.0325 6776  [ EE9144207EE0211EB5656BA6808AC4A0 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
18:37:15.0341 6776  xusb21 - ok
18:37:15.0481 6776  [ 3E1C915C6291AB5D1CFCA680E1BD6BAD ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
18:37:15.0544 6776  yukonwlh - ok
18:37:15.0559 6776  ================ Scan global ===============================
18:37:15.0637 6776  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:37:15.0762 6776  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
18:37:15.0824 6776  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
18:37:15.0887 6776  [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
18:37:15.0902 6776  [Global] - ok
18:37:15.0902 6776  ================ Scan MBR ==================================
18:37:15.0918 6776  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:37:17.0306 6776  \Device\Harddisk0\DR0 - ok
18:37:17.0587 6776  [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk3\DR3
18:37:18.0320 6776  \Device\Harddisk3\DR3 - ok
18:37:18.0320 6776  ================ Scan VBR ==================================
18:37:18.0383 6776  [ 958F89750ACF553BC6FB0CADC9C404EC ] \Device\Harddisk0\DR0\Partition1
18:37:18.0383 6776  \Device\Harddisk0\DR0\Partition1 - ok
18:37:18.0430 6776  [ C037D88816CCE5C6E8EC47292939AE9F ] \Device\Harddisk3\DR3\Partition1
18:37:18.0430 6776  \Device\Harddisk3\DR3\Partition1 - ok
18:37:18.0430 6776  ============================================================
18:37:18.0430 6776  Scan finished
18:37:18.0430 6776  ============================================================
18:37:18.0445 4080  Detected object count: 20
18:37:18.0445 4080  Actual detected object count: 20
18:38:02.0719 4080  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0719 4080  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:02.0719 4080  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0719 4080  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:02.0719 4080  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0719 4080  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:02.0735 4080  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0735 4080  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:02.0735 4080  FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0735 4080  FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:02.0735 4080  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0735 4080  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:02.0735 4080  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0735 4080  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:02.0735 4080  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0735 4080  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:02.0735 4080  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0735 4080  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:02.0735 4080  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0750 4080  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:02.0750 4080  NSUService ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0750 4080  NSUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:02.0750 4080  PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0750 4080  PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:02.0750 4080  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0750 4080  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:02.0750 4080  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0750 4080  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:02.0750 4080  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0750 4080  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:02.0766 4080  SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0766 4080  SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:02.0766 4080  SSHDRV76 ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0766 4080  SSHDRV76 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:02.0766 4080  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0766 4080  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:02.0766 4080  VCFw ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0766 4080  VCFw ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:38:02.0766 4080  VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:38:02.0766 4080  VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

09.10.2012, 16:22	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Ordner auf externer Festplatte sind nur noch Verknüpfungen! RECYCLER Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

Ordner auf externer Festplatte sind nur noch Verknüpfungen! RECYCLER

Log-Analyse und Auswertung: Ordner auf externer Festplatte sind nur noch Verknüpfungen! RECYCLER