Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.04.2013, 04:08   #1
Speedbones
 
Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten - Standard

Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten



Hallo zusammen habe von meiner Nachbarin einen PC bekommen soweit ich konnte hab ich den PC wieder zum laufen bekommen leider bekomme ich es nicht fertig den Sicherheitsdienst bzw. den Windows-Verwaltungsinstrumentation Dienst wieder zu starten. Infizierte Dateien wurde soweit gefunden gelöscht Java wurde Temp gelehrt und AVG findet nichts mehr. Gescannt habe wie in einem Thread zuvor angegeben mit Malwarebytes Anti-Malware und OTL wobei er bei Malwarebytes doch noch was gefunden hat sie Log. Auch reagiert das System sehr träge. Die Kinderschutzsoftware von Salfeld ist gewünscht ! Danke schon einmal für die Hilfe

P.S. 2 Logs hab ich als rar angehängt da er mir die Dateien sonst nicht uppen lies
Angehängte Dateien
Dateityp: txt Extras.Txt (42,0 KB, 154x aufgerufen)

Alt 29.04.2013, 08:10   #2
Psychotic
/// Malwareteam
 
Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten - Standard

Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten



Windows nochmal drüber installiert und gehofft, das MBAM alles findet?
WAS genau hast du gemacht? WAS wurde entfernt?

Bitte zippe mir ALLE Logfiles von MBAM und hänge sie als zip hier an.
Außerdem eine möglichst detaillierte Auflistung, welche Maßnhamen bisher unternommen wurden.
__________________

__________________

Alt 29.04.2013, 14:36   #3
Speedbones
 
Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten - Standard

Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten



Befallen "war" der Computer mit : Bundespolizei, National Cyber Crimes Unit -Scareware
ich bitte zu entschuldigen dass ich keine genauere Angaben machen kann da ich mich auf das entfernen konzentriert habe und leider auf die Dokumentation dabei verzichtet hatte.
-Mit AVG Rescue CD wurde gescannt (aktuelle Updates wurden geladen) 6 Funde (einer war in einem Java Ordner)wurde entfernt Protokoll wurde leider keins angelegt.
- Befallenes System wurde dann im abgesicherten Modus gestartet und alle Dienste Systemstarts deaktiviert außer den MS Diensten.
- normaler Neustart mit 2 Fehlermeldungen Anwendungen konnten nicht gestartet werden Namen nicht mehr bekannt.
- Windows Systemwiederherstellung deaktiviert.
- Das schon bereits installierte Norton 360 geupdatet und vollen Systemscan druchgeführt keine Funde.
- Währendessen :
- Java - > Temp : gelöscht
- Java - > geupdatet ältere Installationen entfernt.
- Revo Uninstaller, Tuneup 2013 Testversion, CCleaner installiert
- angefangen unnötige Programme "Ask Toolbar" "Bing bar" usw. mit revo uninstaller zu entferenen.
- Registrierung mit Tuneup gescannt und "bereinigt" leider sind die Details nicht mir im Tuneuprescue Center.
- Neustart ohne Fehlermeldung. Aber sehr träge.
- Nachdem der Sonarschutz von Norton sich deaktivierte und Supportcenter mit Fehlern abbrach. deinstallation von Norton 360 und AVG Free Antivirus installiert
- Angefangen Dienste zu überprüfen :
- Benutzerkontensteuerung wieder aktiviert.
- Sicherheitscenter versucht zu starten : Fehlermeldung 1068: Der Abhängingkeitsdienst oder Abhängigkeitsgruppe konnte nicht gestartet werden
- Ereignisse gelöscht neu gestart.
- Ereignissprotokoll durchforstet und Windowsverwaltungsinstrumentation als Fehler für Sicherheitscenter gefunden.
- Windowsverwaltungsinstrumentation versucht zu starten : Fehler 126: Das angegebene Modul wurde nicht gefunden

- Nach Lösungen gesucht und auf euer Forum gestoßen :-)
- Wie in einem Thread zuvor oben angegebene Schritte gemacht. MBAM und OTL siehe Logs. P.S. in OTL.rar ist die 2te Log von MBAM
Mittlerweile veruscht mit Windows Upgrade System wieder herstellen bricht aber leider mit der Meldung ab das das installierte Windows neuer ist.
__________________

Geändert von Speedbones (29.04.2013 um 14:42 Uhr) Grund: ergänzung

Alt 29.04.2013, 14:49   #4
Psychotic
/// Malwareteam
 
Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten - Standard

Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.



Schritt 1: Custom scan mit OTL




Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread




Schritt 2: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.




Schritt 3: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 29.04.2013, 17:27   #5
Speedbones
 
Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten - Standard

Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten



Also hab jetzt alles wie oben beschrieben ausgeführt. Nur aswMBR Scan bricht er mir wenn er C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStuidoTools.Applications aber mit der Meldung aswMBR frunktoniert nicht mehr. Hab den Schritt nochmal im "abgesicherter Modus mit Eingabeaufforderung" durchgeführt und konnte dort wenigstens das Log bis zum Ansturz speichern.
OTL :
Code:
ATTFilter
OTL logfile created on: 29.04.2013 16:41:04 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Manuela\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 46,02% Memory free
3,50 Gb Paging File | 2,14 Gb Available in Paging File | 61,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 351,74 Gb Free Space | 75,52% Space Free | Partition Type: NTFS
 
Computer Name: MANUELA-PC | User Name: Manuela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Manuela\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\tray\wintmr.exe (Salfeld Computer)
PRC - C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer)
PRC - C:\Windows\System32\cchservice.exe (Salfeld Computer)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Winmgmt) -- C:\PROGRA~2\1je4o.dat File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Windows-CCHook-Service) -- C:\Windows\System32\cchservice.exe (Salfeld Computer)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ksupmgr) -- C:\Windows\System32\ksupmgr.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (cpuz132) -- C:\Users\ADMINI~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (DrvAgent32) -- C:\Windows\System32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SipIMNDI) -- C:\Windows\System32\drivers\SipIMNDI.sys (T-Systems International GmbH)
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- C:\Windows\System32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (VMUVC) -- C:\Windows\System32\drivers\VMUVC.sys (Vimicro Corporation)
DRV - (vvftUVC) -- C:\Windows\System32\drivers\vvftUVC.sys (Vimicro Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.wortmann.de
IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 9F 20 9C 7A 9D CC 01  [binary data]
IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\..\SearchScopes,DefaultScope = {9B10233B-AC09-49B9-8B63-4E5A5642D470}
IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\..\SearchScopes\{6E17CA7D-67F7-48C8-A3B2-9449C2E0BD1C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=7F6C5DC1-444B-47D3-8F3D-E4445E3AB187&apn_sauid=D4E0E3C9-13EE-4AEE-8840-AAD495BA4C0C
IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\..\SearchScopes\{9B10233B-AC09-49B9-8B63-4E5A5642D470}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.28 21:49:32 | 000,000,000 | ---D | M]
 
[2013.04.28 21:50:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuela\AppData\Roaming\mozilla\Extensions
[2013.04.28 23:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuela\AppData\Roaming\mozilla\Firefox\Profiles\hgddy3qq.default\extensions
[2013.04.28 23:47:02 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Manuela\AppData\Roaming\mozilla\firefox\profiles\hgddy3qq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.28 21:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Ask Toolbar = C:\Users\Manuela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.36218_0\
CHR - Extension: YouTube = C:\Users\Manuela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Manuela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\Manuela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ChicoSys] C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKU\S-1-5-18..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F45DCB1A-DE08-488A-AB2E-79A94513086B}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\coverdes.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\discspeed.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\drivespeed.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\infotool.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nero.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neroburnrights.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nerohome.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neromediahome.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neroscoutoptions.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nerostartsmart.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neroupgrade.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nerovision.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\pccompanion.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\recode.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\setupx.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\showtime.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b4e1339b-00f1-11df-996c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b4e1339b-00f1-11df-996c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: winmgmt - C:\PROGRA~2\1je4o.dat File not found
 
MsConfig - StartUpFolder: C:^Users^Manuela^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^msconfig.lnk -  - File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.29 16:37:40 | 000,000,000 | ---D | C] -- C:\Users\Manuela\Desktop\Gesendet
[2013.04.29 14:58:28 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Manuela\Desktop\tdsskiller.exe
[2013.04.29 14:52:10 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Manuela\Desktop\aswMBR.exe
[2013.04.29 04:02:23 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Roaming\WinRAR
[2013.04.29 04:02:23 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.04.29 04:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.04.29 04:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.04.29 03:01:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.29 02:03:39 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Roaming\Malwarebytes
[2013.04.29 02:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.29 02:03:22 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.29 02:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.29 02:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.04.29 02:03:09 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Local\Programs
[2013.04.29 01:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.04.29 01:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013.04.29 01:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT
[2013.04.29 01:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.04.29 01:13:17 | 000,000,000 | ---D | C] -- C:\AMD
[2013.04.29 00:49:48 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2013.04.29 00:49:48 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Local\eSupport.com
[2013.04.29 00:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.04.29 00:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.04.29 00:14:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Manuela\Desktop\OTL.exe
[2013.04.28 22:58:42 | 000,032,032 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2013.04.28 22:58:41 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2013.04.28 22:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013.04.28 22:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013
[2013.04.28 22:49:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.04.28 21:49:58 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Roaming\Mozilla
[2013.04.28 21:49:58 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Local\Mozilla
[2013.04.28 21:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.28 21:14:36 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Roaming\AVG2013
[2013.04.28 21:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.04.28 21:12:29 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013.04.28 21:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013.04.28 21:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013.04.28 21:10:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.04.28 21:10:29 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Local\MFAData
[2013.04.28 21:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.04.28 21:10:29 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Local\Avg2013
[2013.04.28 20:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.04.28 20:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013.04.28 20:11:54 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.04.28 19:52:18 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Local\Symantec
[2013.04.28 12:07:47 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.04.27 23:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.04.08 09:25:54 | 000,025,200 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2013.04.08 09:25:54 | 000,012,400 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2013.04.08 08:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2013.04.08 08:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.29 16:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.29 16:25:27 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.29 16:25:27 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.29 16:18:32 | 000,000,161 | ---- | M] () -- C:\Windows\System32\swctl.dll
[2013.04.29 16:18:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.29 14:58:32 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Manuela\Desktop\tdsskiller.exe
[2013.04.29 14:53:36 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Manuela\Desktop\aswMBR.exe
[2013.04.29 12:52:24 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013.04.29 12:52:24 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2013.04.29 12:51:35 | 000,002,888 | ---- | M] () -- C:\Users\Manuela\Desktop\Windows-Kompatibilitätsbericht.htm
[2013.04.29 04:02:49 | 000,090,204 | ---- | M] () -- C:\Users\Manuela\Desktop\OTL.rar
[2013.04.29 02:03:23 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.29 00:50:18 | 000,000,796 | ---- | M] () -- C:\Users\Manuela\Desktop\Find Drivers with DriverAgent.lnk
[2013.04.29 00:49:48 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2013.04.29 00:35:07 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.04.29 00:14:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manuela\Desktop\OTL.exe
[2013.04.28 23:51:44 | 000,419,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.28 23:50:22 | 000,004,197 | -H-- | M] () -- C:\NET.INI
[2013.04.28 23:43:11 | 000,007,629 | ---- | M] () -- C:\Users\Manuela\AppData\Local\Resmon.ResmonCfg
[2013.04.28 23:33:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.28 23:33:27 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.28 22:56:46 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.04.28 22:56:46 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013.04.28 20:23:06 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.04.28 20:11:54 | 000,001,233 | ---- | M] () -- C:\Users\Manuela\Desktop\Revo Uninstaller.lnk
[2013.04.27 23:14:04 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv
[2013.04.27 12:04:56 | 095,023,320 | ---- | M] () -- C:\ProgramData\o4ej1.pad
[2013.04.19 16:01:39 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.19 16:01:39 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.19 16:01:39 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.19 16:01:39 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.19 15:59:36 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.04.15 17:10:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2013.04.15 17:10:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01009.Wdf
[2013.04.12 15:42:18 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.11 18:34:37 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013.04.08 09:25:54 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2013.04.08 09:25:54 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2013.04.29 12:42:49 | 000,002,888 | ---- | C] () -- C:\Users\Manuela\Desktop\Windows-Kompatibilitätsbericht.htm
[2013.04.29 12:36:09 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013.04.29 12:36:09 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2013.04.29 04:02:49 | 000,090,204 | ---- | C] () -- C:\Users\Manuela\Desktop\OTL.rar
[2013.04.29 02:03:23 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.29 00:50:18 | 000,000,796 | ---- | C] () -- C:\Users\Manuela\Desktop\Find Drivers with DriverAgent.lnk
[2013.04.29 00:35:07 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.04.28 23:51:30 | 000,419,456 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.28 23:04:54 | 000,007,629 | ---- | C] () -- C:\Users\Manuela\AppData\Local\Resmon.ResmonCfg
[2013.04.28 22:56:46 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.04.28 22:56:46 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013.04.28 22:56:44 | 000,002,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013.04.28 21:49:39 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.04.28 20:56:39 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.04.28 20:23:06 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.04.28 20:11:54 | 000,001,233 | ---- | C] () -- C:\Users\Manuela\Desktop\Revo Uninstaller.lnk
[2013.04.19 16:06:33 | 095,023,320 | ---- | C] () -- C:\ProgramData\o4ej1.pad
[2013.04.19 15:59:36 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.04.15 17:10:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2013.04.15 17:10:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01009.Wdf
[2012.11.16 21:53:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.11.16 21:53:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.04.18 18:39:06 | 000,028,672 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.03.06 19:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.01.25 19:37:39 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.06.20 17:49:02 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.03.14 19:53:10 | 000,000,025 | ---- | C] () -- C:\Users\Manuela\AppData\Roaming\bdfvconp.ini
[2010.01.14 15:41:00 | 000,001,024 | ---- | C] () -- C:\Users\Manuela\.rnd
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.04.28 21:14:36 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\AVG2013
[2010.01.14 13:11:00 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\BitDefender
[2010.01.20 14:16:34 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\TeamViewer
[2011.04.27 15:50:31 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Tific
[2013.04.28 22:53:06 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\TuneUp Software
[2013.02.22 17:53:58 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\.minecraft
[2010.01.20 14:04:10 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\BitDefender
[2011.08.27 12:44:08 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\HU2011
[2013.01.15 21:23:14 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Sony
[2012.01.23 16:06:41 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Template
[2010.01.20 14:06:09 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\TuneUp Software
[2012.12.08 18:40:50 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Unity
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.04.28 21:12:29 | 000,000,000 | -H-D | M] -- C:\$AVG
[2013.04.28 17:55:43 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013.04.29 01:13:18 | 000,000,000 | ---D | M] -- C:\AMD
[2013.04.29 00:44:09 | 000,000,000 | -HSD | M] -- C:\Boot
[2013.04.29 03:09:20 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2010.03.11 15:04:25 | 000,000,000 | ---D | M] -- C:\dafa9f63177c8d91e1431e
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.01.14 12:15:26 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.04.28 11:42:47 | 000,000,000 | ---D | M] -- C:\INST
[2010.01.20 14:26:47 | 000,000,000 | ---D | M] -- C:\MAGIX
[2012.01.23 20:28:05 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.04.29 04:02:14 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.04.29 03:07:06 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.01.14 12:15:26 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.01.14 12:15:27 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.04.29 03:15:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.10.16 20:01:46 | 000,000,000 | ---D | M] -- C:\temp
[2013.04.28 19:53:42 | 000,000,000 | R--D | M] -- C:\Users
[2013.04.29 15:21:58 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-04-29 01:01:32
 
<           >
[2009.07.14 06:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.06.09 13:19:54 | 000,001,090 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.06.09 13:19:56 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.07.21 15:15:39 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >
         
aswMBR :
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-29 17:01:12
-----------------------------
17:01:12.405    OS Version: Windows 6.1.7601 Service Pack 1
17:01:12.405    Number of processors: 2 586 0x602
17:01:12.405    ComputerName: MANUELA-PC  UserName: Manuela
17:01:13.481    Initialize success
17:01:27.053    AVAST engine defs: 13042900
17:01:33.823    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:01:33.823    Disk 0 Vendor: WDC_WD5000AADS-00M2B0 01.00A01 Size: 476940MB BusType: 3
17:01:33.948    Disk 0 MBR read successfully
17:01:33.948    Disk 0 MBR scan
17:01:33.948    Disk 0 Windows 7 default MBR code
17:01:33.948    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       476937 MB offset 2048
17:01:33.964    Disk 0 scanning sectors +976771056
17:01:34.042    Disk 0 scanning C:\Windows\system32\drivers
17:01:44.291    Service scanning
17:02:02.824    Modules scanning
17:02:06.022    Disk 0 trace - called modules:
17:02:06.053    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
17:02:06.053    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85891740]
17:02:06.069    3 CLASSPNP.SYS[8879a59e] -> nt!IofCallDriver -> [0x853eb900]
17:02:06.069    5 ACPI.sys[881ba3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x857a0908]
17:02:07.442    AVAST engine scan C:\Windows
17:02:10.234    AVAST engine scan C:\Windows\system32
17:02:27.363    Disk 0 MBR has been saved successfully to "C:\Users\Manuela\Desktop\MBR.dat"
17:02:27.378    The log file has been saved successfully to "C:\Users\Manuela\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-29 17:08:13
-----------------------------
17:08:13.245    OS Version: Windows 6.1.7601 Service Pack 1
17:08:13.245    Number of processors: 2 586 0x602
17:08:13.245    ComputerName: MANUELA-PC  UserName: Manuela
17:08:13.962    Initialize success
17:08:29.250    AVAST engine defs: 13042900
17:08:34.695    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:08:34.695    Disk 0 Vendor: WDC_WD5000AADS-00M2B0 01.00A01 Size: 476940MB BusType: 3
17:08:34.773    Disk 0 MBR read successfully
17:08:34.788    Disk 0 MBR scan
17:08:34.788    Disk 0 Windows 7 default MBR code
17:08:34.788    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       476937 MB offset 2048
17:08:34.788    Disk 0 scanning sectors +976771056
17:08:34.851    Disk 0 scanning C:\Windows\system32\drivers
17:08:45.818    Service scanning
17:09:13.352    Modules scanning
17:09:15.489    Disk 0 trace - called modules:
17:09:15.505    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
17:09:15.536    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c7f8f0]
17:09:15.536    3 CLASSPNP.SYS[879af59e] -> nt!IofCallDriver -> [0x847db860]
17:09:15.536    5 ACPI.sys[8762a3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x847d1908]
17:09:16.721    AVAST engine scan C:\Windows
17:09:19.217    AVAST engine scan C:\Windows\system32
17:11:14.174    Disk 0 MBR has been saved successfully to "C:\Users\Manuela\Desktop\MBR.dat"
17:11:14.190    The log file has been saved successfully to "C:\Users\Manuela\Desktop\aswMBR.txt"
         


Alt 29.04.2013, 17:27   #6
Speedbones
 
Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten - Standard

Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten



tdskiller :
Code:
ATTFilter
17:15:20.0396 0208  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:15:20.0818 0208  ============================================================
17:15:20.0818 0208  Current date / time: 2013/04/29 17:15:20.0818
17:15:20.0818 0208  SystemInfo:
17:15:20.0818 0208  
17:15:20.0818 0208  OS Version: 6.1.7601 ServicePack: 1.0
17:15:20.0818 0208  Product type: Workstation
17:15:20.0818 0208  ComputerName: MANUELA-PC
17:15:20.0818 0208  UserName: Manuela
17:15:20.0818 0208  Windows directory: C:\Windows
17:15:20.0818 0208  System windows directory: C:\Windows
17:15:20.0818 0208  Processor architecture: Intel x86
17:15:20.0818 0208  Number of processors: 2
17:15:20.0818 0208  Page size: 0x1000
17:15:20.0818 0208  Boot type: Normal boot
17:15:20.0818 0208  ============================================================
17:15:22.0534 0208  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:15:22.0565 0208  ============================================================
17:15:22.0565 0208  \Device\Harddisk0\DR0:
17:15:22.0565 0208  MBR partitions:
17:15:22.0565 0208  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384FF0
17:15:22.0565 0208  ============================================================
17:15:22.0627 0208  C: <-> \Device\Harddisk0\DR0\Partition1
17:15:22.0627 0208  ============================================================
17:15:22.0627 0208  Initialize success
17:15:22.0627 0208  ============================================================
17:15:24.0858 0196  ============================================================
17:15:24.0858 0196  Scan started
17:15:24.0858 0196  Mode: Manual; 
17:15:24.0858 0196  ============================================================
17:15:25.0966 0196  ================ Scan system memory ========================
17:15:25.0966 0196  System memory - ok
17:15:25.0966 0196  ================ Scan services =============================
17:15:26.0122 0196  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:15:26.0137 0196  1394ohci - ok
17:15:26.0169 0196  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:15:26.0169 0196  ACPI - ok
17:15:26.0184 0196  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:15:26.0184 0196  AcpiPmi - ok
17:15:26.0293 0196  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:15:26.0293 0196  AdobeARMservice - ok
17:15:26.0340 0196  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:15:26.0340 0196  AdobeFlashPlayerUpdateSvc - ok
17:15:26.0387 0196  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:15:26.0387 0196  adp94xx - ok
17:15:26.0418 0196  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:15:26.0418 0196  adpahci - ok
17:15:26.0465 0196  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:15:26.0496 0196  adpu320 - ok
17:15:26.0512 0196  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:15:26.0527 0196  AeLookupSvc - ok
17:15:26.0543 0196  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
17:15:26.0543 0196  AFD - ok
17:15:26.0574 0196  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
17:15:26.0574 0196  agp440 - ok
17:15:26.0590 0196  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
17:15:26.0590 0196  aic78xx - ok
17:15:26.0605 0196  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
17:15:26.0605 0196  ALG - ok
17:15:26.0637 0196  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:15:26.0652 0196  aliide - ok
17:15:26.0683 0196  [ F9491B157A8CD70557745FA0312C1EEE ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:15:26.0683 0196  AMD External Events Utility - ok
17:15:26.0699 0196  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:15:26.0699 0196  amdagp - ok
17:15:26.0761 0196  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:15:26.0761 0196  amdide - ok
17:15:26.0777 0196  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:15:26.0777 0196  AmdK8 - ok
17:15:27.0651 0196  [ F53B89A4B976B534DAA8AEDAFEAF8EA3 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:15:27.0838 0196  amdkmdag - ok
17:15:27.0916 0196  [ 3DEA9B1D1B274C739C9367FB1E56185F ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
17:15:27.0916 0196  amdkmdap - ok
17:15:27.0931 0196  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:15:27.0947 0196  AmdPPM - ok
17:15:27.0978 0196  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:15:27.0978 0196  amdsata - ok
17:15:27.0978 0196  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:15:27.0994 0196  amdsbs - ok
17:15:28.0009 0196  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:15:28.0009 0196  amdxata - ok
17:15:28.0025 0196  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
17:15:28.0041 0196  AppID - ok
17:15:28.0056 0196  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:15:28.0056 0196  AppIDSvc - ok
17:15:28.0103 0196  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
17:15:28.0103 0196  Appinfo - ok
17:15:28.0103 0196  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:15:28.0103 0196  arc - ok
17:15:28.0134 0196  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:15:28.0134 0196  arcsas - ok
17:15:28.0165 0196  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:15:28.0165 0196  AsyncMac - ok
17:15:28.0181 0196  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
17:15:28.0181 0196  atapi - ok
17:15:28.0618 0196  [ F53B89A4B976B534DAA8AEDAFEAF8EA3 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:15:28.0665 0196  atikmdag - ok
17:15:28.0789 0196  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:15:28.0805 0196  AudioEndpointBuilder - ok
17:15:28.0821 0196  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:15:28.0821 0196  Audiosrv - ok
17:15:29.0242 0196  [ 0D8244A9DB70BC6C36E2FB56F6039AB6 ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
17:15:29.0289 0196  AVGIDSAgent - ok
17:15:29.0351 0196  [ 1A2213B7D94944861449CB07BF2D099E ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
17:15:29.0367 0196  AVGIDSDriver - ok
17:15:29.0398 0196  [ B0DEF92F4E1E6B9242E6C8FAB82703F7 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
17:15:29.0413 0196  AVGIDSHX - ok
17:15:29.0445 0196  [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
17:15:29.0445 0196  AVGIDSShim - ok
17:15:29.0491 0196  [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
17:15:29.0491 0196  Avgldx86 - ok
17:15:29.0523 0196  [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
17:15:29.0523 0196  Avglogx - ok
17:15:29.0569 0196  [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
17:15:29.0601 0196  Avgmfx86 - ok
17:15:29.0679 0196  [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
17:15:29.0710 0196  Avgrkx86 - ok
17:15:29.0772 0196  [ 52448A41CF1769CB3627677A0509627B ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
17:15:29.0835 0196  Avgtdix - ok
17:15:29.0913 0196  [ DC98337F0D2A9F6C0B6FB682297ECE3B ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
17:15:29.0928 0196  avgwd - ok
17:15:29.0959 0196  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:15:29.0959 0196  AxInstSV - ok
17:15:29.0975 0196  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
17:15:29.0975 0196  b06bdrv - ok
17:15:30.0006 0196  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
17:15:30.0006 0196  b57nd60x - ok
17:15:30.0053 0196  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:15:30.0069 0196  BDESVC - ok
17:15:30.0084 0196  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:15:30.0084 0196  Beep - ok
17:15:30.0131 0196  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
17:15:30.0131 0196  BFE - ok
17:15:30.0162 0196  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
17:15:30.0193 0196  BITS - ok
17:15:30.0225 0196  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:15:30.0225 0196  blbdrive - ok
17:15:30.0256 0196  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:15:30.0256 0196  bowser - ok
17:15:30.0287 0196  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:15:30.0287 0196  BrFiltLo - ok
17:15:30.0287 0196  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:15:30.0287 0196  BrFiltUp - ok
17:15:30.0334 0196  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
17:15:30.0334 0196  Browser - ok
17:15:30.0365 0196  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:15:30.0365 0196  Brserid - ok
17:15:30.0381 0196  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:15:30.0381 0196  BrSerWdm - ok
17:15:30.0396 0196  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:15:30.0396 0196  BrUsbMdm - ok
17:15:30.0412 0196  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:15:30.0412 0196  BrUsbSer - ok
17:15:30.0443 0196  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:15:30.0443 0196  BTHMODEM - ok
17:15:30.0474 0196  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
17:15:30.0474 0196  bthserv - ok
17:15:30.0490 0196  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:15:30.0490 0196  cdfs - ok
17:15:30.0521 0196  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:15:30.0552 0196  cdrom - ok
17:15:30.0583 0196  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:15:30.0583 0196  CertPropSvc - ok
17:15:30.0599 0196  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:15:30.0599 0196  circlass - ok
17:15:30.0630 0196  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
17:15:30.0630 0196  CLFS - ok
17:15:30.0849 0196  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:15:30.0911 0196  clr_optimization_v2.0.50727_32 - ok
17:15:31.0098 0196  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:15:31.0597 0196  clr_optimization_v4.0.30319_32 - ok
17:15:31.0644 0196  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:15:31.0675 0196  CmBatt - ok
17:15:31.0769 0196  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:15:31.0769 0196  cmdide - ok
17:15:31.0878 0196  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
17:15:31.0878 0196  CNG - ok
17:15:31.0941 0196  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:15:31.0956 0196  Compbatt - ok
17:15:32.0003 0196  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:15:32.0003 0196  CompositeBus - ok
17:15:32.0019 0196  COMSysApp - ok
17:15:32.0050 0196  cpuz132 - ok
17:15:32.0081 0196  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:15:32.0097 0196  crcdisk - ok
17:15:32.0143 0196  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:15:32.0143 0196  CryptSvc - ok
17:15:32.0190 0196  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:15:32.0190 0196  DcomLaunch - ok
17:15:32.0237 0196  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:15:32.0237 0196  defragsvc - ok
17:15:32.0284 0196  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:15:32.0299 0196  DfsC - ok
17:15:32.0346 0196  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:15:32.0362 0196  Dhcp - ok
17:15:32.0424 0196  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
17:15:32.0440 0196  discache - ok
17:15:32.0440 0196  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:15:32.0440 0196  Disk - ok
17:15:32.0487 0196  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:15:32.0502 0196  Dnscache - ok
17:15:32.0580 0196  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:15:32.0596 0196  dot3svc - ok
17:15:32.0674 0196  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
17:15:32.0674 0196  DPS - ok
17:15:32.0705 0196  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:15:32.0705 0196  drmkaud - ok
17:15:32.0752 0196  [ 651554E483712B708EDE864D0CA1AA73 ] DrvAgent32      C:\Windows\system32\Drivers\DrvAgent32.sys
17:15:32.0752 0196  DrvAgent32 - ok
17:15:32.0939 0196  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:15:32.0970 0196  DXGKrnl - ok
17:15:33.0001 0196  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
17:15:33.0017 0196  EapHost - ok
17:15:33.0547 0196  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
17:15:33.0594 0196  ebdrv - ok
17:15:33.0625 0196  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
17:15:33.0625 0196  EFS - ok
17:15:33.0735 0196  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:15:33.0750 0196  ehRecvr - ok
17:15:33.0781 0196  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
17:15:33.0813 0196  ehSched - ok
17:15:33.0891 0196  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:15:33.0891 0196  elxstor - ok
17:15:33.0922 0196  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:15:33.0953 0196  ErrDev - ok
17:15:34.0000 0196  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
17:15:34.0000 0196  EventSystem - ok
17:15:34.0031 0196  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
17:15:34.0062 0196  exfat - ok
17:15:34.0093 0196  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:15:34.0109 0196  fastfat - ok
17:15:34.0234 0196  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
17:15:34.0249 0196  Fax - ok
17:15:34.0296 0196  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:15:34.0296 0196  fdc - ok
17:15:34.0312 0196  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
17:15:34.0312 0196  fdPHost - ok
17:15:34.0327 0196  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
17:15:34.0327 0196  FDResPub - ok
17:15:34.0343 0196  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:15:34.0343 0196  FileInfo - ok
17:15:34.0390 0196  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:15:34.0405 0196  Filetrace - ok
17:15:34.0421 0196  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:15:34.0437 0196  flpydisk - ok
17:15:34.0499 0196  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:15:34.0515 0196  FltMgr - ok
17:15:34.0702 0196  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
17:15:34.0702 0196  FontCache - ok
17:15:34.0858 0196  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:15:34.0858 0196  FontCache3.0.0.0 - ok
17:15:34.0889 0196  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:15:34.0905 0196  FsDepends - ok
17:15:34.0936 0196  [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
17:15:34.0936 0196  fssfltr - ok
17:15:35.0076 0196  [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:15:35.0092 0196  fsssvc - ok
17:15:35.0123 0196  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:15:35.0139 0196  Fs_Rec - ok
17:15:35.0185 0196  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:15:35.0201 0196  fvevol - ok
17:15:35.0217 0196  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:15:35.0232 0196  gagp30kx - ok
17:15:35.0279 0196  [ 93CA4D9A0433BE0EDD0B9F2F26D5E54C ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
17:15:35.0310 0196  ggflt - ok
17:15:35.0357 0196  [ 17E678AAB82CCDFB80E7614504933895 ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
17:15:35.0357 0196  ggsemc - ok
17:15:35.0482 0196  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:15:35.0497 0196  gpsvc - ok
17:15:35.0607 0196  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:15:35.0622 0196  gupdate - ok
17:15:35.0638 0196  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:15:35.0638 0196  gupdatem - ok
17:15:35.0685 0196  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:15:35.0685 0196  hcw85cir - ok
17:15:35.0763 0196  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:15:35.0763 0196  HdAudAddService - ok
17:15:35.0794 0196  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:15:35.0809 0196  HDAudBus - ok
17:15:35.0856 0196  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:15:35.0887 0196  HidBatt - ok
17:15:35.0919 0196  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:15:35.0934 0196  HidBth - ok
17:15:36.0012 0196  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:15:36.0059 0196  HidIr - ok
17:15:36.0090 0196  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
17:15:36.0090 0196  hidserv - ok
17:15:36.0168 0196  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:15:36.0184 0196  HidUsb - ok
17:15:36.0231 0196  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:15:36.0246 0196  hkmsvc - ok
17:15:36.0324 0196  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:15:36.0340 0196  HomeGroupListener - ok
17:15:36.0402 0196  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:15:36.0402 0196  HomeGroupProvider - ok
17:15:36.0449 0196  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:15:36.0465 0196  HpSAMD - ok
17:15:36.0558 0196  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:15:36.0574 0196  HTTP - ok
17:15:36.0621 0196  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:15:36.0652 0196  hwpolicy - ok
17:15:36.0714 0196  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:15:36.0714 0196  i8042prt - ok
17:15:36.0792 0196  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:15:36.0792 0196  iaStorV - ok
17:15:36.0995 0196  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:15:37.0011 0196  idsvc - ok
17:15:37.0042 0196  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:15:37.0057 0196  iirsp - ok
17:15:37.0104 0196  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:15:37.0120 0196  IKEEXT - ok
17:15:37.0588 0196  [ 0A0E3C041C20C4175E1CC6580138CA38 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:15:37.0635 0196  IntcAzAudAddService - ok
17:15:37.0666 0196  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:15:37.0666 0196  intelide - ok
17:15:37.0697 0196  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:15:37.0713 0196  intelppm - ok
17:15:37.0759 0196  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:15:37.0759 0196  IPBusEnum - ok
17:15:37.0806 0196  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:15:37.0853 0196  IpFilterDriver - ok
17:15:37.0993 0196  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:15:38.0056 0196  iphlpsvc - ok
17:15:38.0103 0196  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:15:38.0118 0196  IPMIDRV - ok
17:15:38.0149 0196  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:15:38.0149 0196  IPNAT - ok
17:15:38.0149 0196  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:15:38.0181 0196  IRENUM - ok
17:15:38.0243 0196  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:15:38.0243 0196  isapnp - ok
17:15:38.0337 0196  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:15:38.0368 0196  iScsiPrt - ok
17:15:38.0415 0196  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:15:38.0461 0196  kbdclass - ok
17:15:38.0493 0196  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:15:38.0508 0196  kbdhid - ok
17:15:38.0524 0196  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
17:15:38.0539 0196  KeyIso - ok
17:15:38.0586 0196  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:15:38.0602 0196  KSecDD - ok
17:15:38.0680 0196  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:15:38.0695 0196  KSecPkg - ok
17:15:38.0883 0196  [ 0036D3D626D8D186365688E43EFE5F47 ] ksupmgr         C:\Windows\system32\ksupmgr.exe
17:15:38.0898 0196  ksupmgr - ok
17:15:39.0070 0196  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:15:39.0117 0196  KtmRm - ok
17:15:39.0195 0196  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:15:39.0195 0196  LanmanServer - ok
17:15:39.0241 0196  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:15:39.0273 0196  LanmanWorkstation - ok
17:15:39.0335 0196  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:15:39.0351 0196  lltdio - ok
17:15:39.0413 0196  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:15:39.0460 0196  lltdsvc - ok
17:15:39.0491 0196  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:15:39.0507 0196  lmhosts - ok
17:15:39.0600 0196  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:15:39.0631 0196  LSI_FC - ok
17:15:39.0709 0196  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:15:39.0725 0196  LSI_SAS - ok
17:15:39.0756 0196  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:15:39.0787 0196  LSI_SAS2 - ok
17:15:39.0865 0196  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:15:39.0881 0196  LSI_SCSI - ok
17:15:39.0897 0196  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
17:15:39.0912 0196  luafv - ok
17:15:39.0990 0196  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:15:40.0021 0196  MBAMProtector - ok
17:15:40.0162 0196  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:15:40.0162 0196  MBAMScheduler - ok
17:15:40.0255 0196  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:15:40.0255 0196  MBAMService - ok
17:15:40.0287 0196  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:15:40.0287 0196  Mcx2Svc - ok
17:15:40.0302 0196  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:15:40.0302 0196  megasas - ok
17:15:40.0349 0196  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:15:40.0380 0196  MegaSR - ok
17:15:40.0411 0196  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
17:15:40.0427 0196  MMCSS - ok
17:15:40.0443 0196  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
17:15:40.0443 0196  Modem - ok
17:15:40.0458 0196  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:15:40.0458 0196  monitor - ok
17:15:40.0489 0196  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:15:40.0521 0196  mouclass - ok
17:15:40.0536 0196  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:15:40.0536 0196  mouhid - ok
17:15:40.0599 0196  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:15:40.0614 0196  mountmgr - ok
17:15:40.0645 0196  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:15:40.0645 0196  mpio - ok
17:15:40.0661 0196  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:15:40.0661 0196  mpsdrv - ok
17:15:40.0739 0196  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:15:40.0755 0196  MpsSvc - ok
17:15:40.0770 0196  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:15:40.0770 0196  MRxDAV - ok
17:15:40.0817 0196  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:15:40.0817 0196  mrxsmb - ok
17:15:40.0864 0196  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:15:40.0879 0196  mrxsmb10 - ok
17:15:40.0895 0196  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:15:40.0911 0196  mrxsmb20 - ok
17:15:40.0942 0196  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
17:15:40.0973 0196  msahci - ok
17:15:41.0051 0196  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:15:41.0067 0196  msdsm - ok
17:15:41.0113 0196  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
17:15:41.0129 0196  MSDTC - ok
17:15:41.0176 0196  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:15:41.0191 0196  Msfs - ok
17:15:41.0207 0196  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:15:41.0207 0196  mshidkmdf - ok
17:15:41.0223 0196  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:15:41.0223 0196  msisadrv - ok
17:15:41.0269 0196  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:15:41.0269 0196  MSiSCSI - ok
17:15:41.0269 0196  msiserver - ok
17:15:41.0285 0196  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:15:41.0285 0196  MSKSSRV - ok
17:15:41.0316 0196  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:15:41.0332 0196  MSPCLOCK - ok
17:15:41.0332 0196  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:15:41.0347 0196  MSPQM - ok
17:15:41.0410 0196  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:15:41.0410 0196  MsRPC - ok
17:15:41.0441 0196  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:15:41.0457 0196  mssmbios - ok
17:15:41.0472 0196  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:15:41.0488 0196  MSTEE - ok
17:15:41.0535 0196  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:15:41.0550 0196  MTConfig - ok
17:15:41.0566 0196  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:15:41.0597 0196  Mup - ok
17:15:41.0644 0196  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
17:15:41.0659 0196  napagent - ok
17:15:41.0675 0196  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:15:41.0691 0196  NativeWifiP - ok
17:15:41.0769 0196  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:15:41.0769 0196  NDIS - ok
17:15:41.0784 0196  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:15:41.0784 0196  NdisCap - ok
17:15:41.0831 0196  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:15:41.0831 0196  NdisTapi - ok
17:15:41.0862 0196  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:15:41.0893 0196  Ndisuio - ok
17:15:41.0909 0196  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:15:41.0909 0196  NdisWan - ok
17:15:41.0925 0196  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:15:41.0925 0196  NDProxy - ok
17:15:42.0049 0196  [ 78073F606AE3B24F6C1F555759AA8511 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
17:15:42.0096 0196  Nero BackItUp Scheduler 3 - ok
17:15:42.0143 0196  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:15:42.0159 0196  NetBIOS - ok
17:15:42.0174 0196  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:15:42.0174 0196  NetBT - ok
17:15:42.0190 0196  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
17:15:42.0190 0196  Netlogon - ok
17:15:42.0221 0196  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
17:15:42.0221 0196  Netman - ok
17:15:42.0237 0196  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
17:15:42.0252 0196  netprofm - ok
17:15:42.0283 0196  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:15:42.0283 0196  NetTcpPortSharing - ok
17:15:42.0299 0196  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:15:42.0299 0196  nfrd960 - ok
17:15:42.0330 0196  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:15:42.0330 0196  NlaSvc - ok
17:15:42.0502 0196  [ 62F68443D244024845B875B44D76A92F ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
17:15:42.0517 0196  NMIndexingService - ok
17:15:42.0533 0196  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:15:42.0564 0196  Npfs - ok
17:15:42.0627 0196  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
17:15:42.0627 0196  nsi - ok
17:15:42.0642 0196  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:15:42.0642 0196  nsiproxy - ok
17:15:42.0689 0196  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:15:42.0720 0196  Ntfs - ok
17:15:42.0736 0196  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
17:15:42.0736 0196  Null - ok
17:15:42.0767 0196  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:15:42.0783 0196  nvraid - ok
17:15:42.0845 0196  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:15:42.0845 0196  nvstor - ok
17:15:42.0907 0196  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:15:42.0923 0196  nv_agp - ok
17:15:42.0939 0196  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:15:42.0939 0196  ohci1394 - ok
17:15:43.0001 0196  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:15:43.0017 0196  ose - ok
17:15:43.0812 0196  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:15:43.0875 0196  osppsvc - ok
17:15:43.0953 0196  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:15:43.0968 0196  p2pimsvc - ok
17:15:44.0077 0196  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:15:44.0109 0196  p2psvc - ok
17:15:44.0140 0196  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:15:44.0140 0196  Parport - ok
17:15:44.0155 0196  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:15:44.0171 0196  partmgr - ok
17:15:44.0171 0196  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
17:15:44.0171 0196  Parvdm - ok
17:15:44.0202 0196  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:15:44.0218 0196  PcaSvc - ok
17:15:44.0233 0196  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
17:15:44.0233 0196  pci - ok
17:15:44.0249 0196  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
17:15:44.0249 0196  pciide - ok
17:15:44.0311 0196  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:15:44.0327 0196  pcmcia - ok
17:15:44.0374 0196  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
17:15:44.0374 0196  pcw - ok
17:15:44.0483 0196  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:15:44.0499 0196  PEAUTH - ok
17:15:44.0686 0196  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
17:15:44.0717 0196  pla - ok
17:15:44.0764 0196  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
17:15:44.0764 0196  PLFlash DeviceIoControl Service - ok
17:15:44.0795 0196  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:15:44.0795 0196  PlugPlay - ok
17:15:44.0826 0196  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:15:44.0842 0196  PNRPAutoReg - ok
17:15:44.0857 0196  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:15:44.0857 0196  PNRPsvc - ok
17:15:44.0904 0196  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:15:44.0920 0196  PolicyAgent - ok
17:15:44.0967 0196  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
17:15:44.0982 0196  Power - ok
17:15:45.0013 0196  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:15:45.0029 0196  PptpMiniport - ok
17:15:45.0045 0196  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:15:45.0060 0196  Processor - ok
17:15:45.0123 0196  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
17:15:45.0138 0196  ProfSvc - ok
17:15:45.0169 0196  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:15:45.0169 0196  ProtectedStorage - ok
17:15:45.0216 0196  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:15:45.0232 0196  Psched - ok
17:15:45.0357 0196  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:15:45.0388 0196  ql2300 - ok
17:15:45.0419 0196  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:15:45.0419 0196  ql40xx - ok
17:15:45.0497 0196  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
17:15:45.0497 0196  QWAVE - ok
17:15:45.0528 0196  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:15:45.0528 0196  QWAVEdrv - ok
17:15:45.0559 0196  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:15:45.0559 0196  RasAcd - ok
17:15:45.0591 0196  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:15:45.0591 0196  RasAgileVpn - ok
17:15:45.0606 0196  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
17:15:45.0606 0196  RasAuto - ok
17:15:45.0606 0196  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:15:45.0606 0196  Rasl2tp - ok
17:15:45.0653 0196  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
17:15:45.0669 0196  RasMan - ok
17:15:45.0684 0196  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:15:45.0684 0196  RasPppoe - ok
17:15:45.0731 0196  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:15:45.0731 0196  RasSstp - ok
17:15:45.0793 0196  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:15:45.0809 0196  rdbss - ok
17:15:45.0825 0196  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:15:45.0840 0196  rdpbus - ok
17:15:45.0856 0196  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:15:45.0856 0196  RDPCDD - ok
17:15:45.0887 0196  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:15:45.0887 0196  RDPENCDD - ok
17:15:45.0918 0196  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:15:45.0918 0196  RDPREFMP - ok
17:15:45.0965 0196  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:15:45.0981 0196  RDPWD - ok
17:15:46.0012 0196  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:15:46.0012 0196  rdyboost - ok
17:15:46.0090 0196  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:15:46.0090 0196  RemoteAccess - ok
17:15:46.0121 0196  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:15:46.0121 0196  RemoteRegistry - ok
17:15:46.0137 0196  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:15:46.0152 0196  RpcEptMapper - ok
17:15:46.0183 0196  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
17:15:46.0199 0196  RpcLocator - ok
17:15:46.0215 0196  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
17:15:46.0215 0196  RpcSs - ok
17:15:46.0246 0196  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:15:46.0261 0196  rspndr - ok
17:15:46.0308 0196  [ 05C2613F661584190C752F6184D1C8EF ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
17:15:46.0324 0196  RTL8167 - ok
17:15:46.0339 0196  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
17:15:46.0339 0196  SamSs - ok
17:15:46.0371 0196  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:15:46.0371 0196  sbp2port - ok
17:15:46.0402 0196  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:15:46.0402 0196  SCardSvr - ok
17:15:46.0433 0196  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:15:46.0449 0196  scfilter - ok
17:15:46.0573 0196  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
17:15:46.0605 0196  Schedule - ok
17:15:46.0620 0196  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:15:46.0620 0196  SCPolicySvc - ok
17:15:46.0667 0196  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:15:46.0683 0196  SDRSVC - ok
17:15:46.0714 0196  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:15:46.0714 0196  secdrv - ok
17:15:46.0729 0196  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
17:15:46.0729 0196  seclogon - ok
17:15:46.0761 0196  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
17:15:46.0776 0196  SENS - ok
17:15:46.0792 0196  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:15:46.0807 0196  SensrSvc - ok
17:15:46.0823 0196  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:15:46.0823 0196  Serenum - ok
17:15:46.0854 0196  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:15:46.0854 0196  Serial - ok
17:15:46.0917 0196  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:15:46.0917 0196  sermouse - ok
17:15:46.0963 0196  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:15:46.0979 0196  SessionEnv - ok
17:15:47.0026 0196  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:15:47.0026 0196  sffdisk - ok
17:15:47.0073 0196  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:15:47.0073 0196  sffp_mmc - ok
17:15:47.0119 0196  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:15:47.0151 0196  sffp_sd - ok
17:15:47.0182 0196  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:15:47.0197 0196  sfloppy - ok
17:15:47.0260 0196  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:15:47.0275 0196  SharedAccess - ok
17:15:47.0400 0196  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:15:47.0416 0196  ShellHWDetection - ok
17:15:47.0447 0196  [ 1644C3814E0DAE66CD68E39FFB97D869 ] SipIMNDI        C:\Windows\system32\DRIVERS\SipIMNDI.sys
17:15:47.0478 0196  SipIMNDI - ok
17:15:47.0509 0196  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:15:47.0525 0196  sisagp - ok
17:15:47.0603 0196  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:15:47.0619 0196  SiSRaid2 - ok
17:15:47.0650 0196  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:15:47.0665 0196  SiSRaid4 - ok
17:15:47.0697 0196  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:15:47.0697 0196  Smb - ok
17:15:47.0790 0196  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:15:47.0806 0196  SNMPTRAP - ok
17:15:47.0884 0196  [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
17:15:47.0884 0196  Sony PC Companion - ok
17:15:47.0899 0196  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:15:47.0931 0196  spldr - ok
17:15:47.0962 0196  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
17:15:47.0977 0196  Spooler - ok
17:15:48.0102 0196  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
17:15:48.0165 0196  sppsvc - ok
17:15:48.0211 0196  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:15:48.0227 0196  sppuinotify - ok
17:15:48.0258 0196  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:15:48.0258 0196  srv - ok
17:15:48.0258 0196  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:15:48.0274 0196  srv2 - ok
17:15:48.0274 0196  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:15:48.0289 0196  srvnet - ok
17:15:48.0321 0196  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:15:48.0321 0196  SSDPSRV - ok
17:15:48.0336 0196  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:15:48.0352 0196  SstpSvc - ok
17:15:48.0383 0196  [ 3F0164FBC0BD1ADBD02DF9759181451A ] ss_bbus         C:\Windows\system32\DRIVERS\ss_bbus.sys
17:15:48.0399 0196  ss_bbus - ok
17:15:48.0430 0196  [ B89D62206034E5FE573C80A24DD55675 ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
17:15:48.0445 0196  ss_bmdfl - ok
17:15:48.0461 0196  [ 1ED0FCEA586FE2A416EE15196E5631DD ] ss_bmdm         C:\Windows\system32\DRIVERS\ss_bmdm.sys
17:15:48.0477 0196  ss_bmdm - ok
17:15:48.0492 0196  [ 994D2E5378CC337EC7DD73C1E04FCAA4 ] ss_bserd        C:\Windows\system32\DRIVERS\ss_bserd.sys
17:15:48.0492 0196  ss_bserd - ok
17:15:48.0523 0196  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:15:48.0523 0196  stexstor - ok
17:15:48.0586 0196  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
17:15:48.0586 0196  StiSvc - ok
17:15:48.0617 0196  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:15:48.0617 0196  swenum - ok
17:15:48.0633 0196  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
17:15:48.0633 0196  swprv - ok
17:15:48.0679 0196  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
17:15:48.0695 0196  SysMain - ok
17:15:48.0726 0196  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:15:48.0726 0196  TabletInputService - ok
17:15:48.0773 0196  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:15:48.0789 0196  TapiSrv - ok
17:15:48.0804 0196  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
17:15:48.0804 0196  TBS - ok
17:15:48.0851 0196  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:15:48.0867 0196  Tcpip - ok
17:15:48.0898 0196  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:15:48.0898 0196  TCPIP6 - ok
17:15:48.0945 0196  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:15:48.0945 0196  tcpipreg - ok
17:15:48.0976 0196  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:15:48.0976 0196  TDPIPE - ok
17:15:49.0007 0196  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:15:49.0007 0196  TDTCP - ok
17:15:49.0023 0196  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:15:49.0023 0196  tdx - ok
17:15:49.0054 0196  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:15:49.0054 0196  TermDD - ok
17:15:49.0069 0196  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
17:15:49.0085 0196  TermService - ok
17:15:49.0101 0196  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
17:15:49.0101 0196  Themes - ok
17:15:49.0163 0196  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
17:15:49.0163 0196  THREADORDER - ok
17:15:49.0194 0196  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
17:15:49.0210 0196  TrkWks - ok
17:15:49.0225 0196  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:15:49.0225 0196  TrustedInstaller - ok
17:15:49.0257 0196  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:15:49.0257 0196  tssecsrv - ok
17:15:49.0303 0196  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:15:49.0303 0196  TsUsbFlt - ok
17:15:49.0397 0196  [ FC740E4FF236B72CA59B8F762D30C7F3 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
17:15:49.0428 0196  TuneUp.UtilitiesSvc - ok
17:15:49.0444 0196  [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys
17:15:49.0459 0196  TuneUpUtilitiesDrv - ok
17:15:49.0475 0196  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:15:49.0475 0196  tunnel - ok
17:15:49.0491 0196  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:15:49.0491 0196  uagp35 - ok
17:15:49.0506 0196  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:15:49.0506 0196  udfs - ok
17:15:49.0537 0196  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:15:49.0537 0196  UI0Detect - ok
17:15:49.0553 0196  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:15:49.0553 0196  uliagpkx - ok
17:15:49.0584 0196  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
17:15:49.0584 0196  umbus - ok
17:15:49.0615 0196  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:15:49.0615 0196  UmPass - ok
17:15:49.0647 0196  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
17:15:49.0647 0196  upnphost - ok
17:15:49.0662 0196  [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:15:49.0662 0196  usbccgp - ok
17:15:49.0693 0196  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:15:49.0693 0196  usbcir - ok
17:15:49.0725 0196  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:15:49.0725 0196  usbehci - ok
17:15:49.0771 0196  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:15:49.0771 0196  usbhub - ok
17:15:49.0803 0196  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
17:15:49.0803 0196  usbohci - ok
17:15:49.0818 0196  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:15:49.0818 0196  usbprint - ok
17:15:49.0849 0196  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:15:49.0849 0196  usbscan - ok
17:15:49.0881 0196  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:15:49.0881 0196  USBSTOR - ok
17:15:49.0896 0196  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:15:49.0896 0196  usbuhci - ok
17:15:49.0912 0196  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:15:49.0912 0196  usbvideo - ok
17:15:49.0927 0196  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
17:15:49.0943 0196  UxSms - ok
17:15:49.0959 0196  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
17:15:49.0959 0196  VaultSvc - ok
17:15:49.0974 0196  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:15:49.0974 0196  vdrvroot - ok
17:15:50.0005 0196  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
17:15:50.0021 0196  vds - ok
17:15:50.0052 0196  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:15:50.0052 0196  vga - ok
17:15:50.0083 0196  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:15:50.0083 0196  VgaSave - ok
17:15:50.0115 0196  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:15:50.0115 0196  vhdmp - ok
17:15:50.0130 0196  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:15:50.0130 0196  viaagp - ok
17:15:50.0130 0196  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
17:15:50.0130 0196  ViaC7 - ok
17:15:50.0161 0196  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
17:15:50.0161 0196  viaide - ok
17:15:50.0208 0196  [ 266474DB9CCCE39FFEF029714AE16FDD ] VMUVC           C:\Windows\system32\Drivers\VMUVC.sys
17:15:50.0208 0196  VMUVC - ok
17:15:50.0224 0196  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:15:50.0224 0196  volmgr - ok
17:15:50.0239 0196  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:15:50.0239 0196  volmgrx - ok
17:15:50.0271 0196  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:15:50.0271 0196  volsnap - ok
17:15:50.0286 0196  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:15:50.0286 0196  vsmraid - ok
17:15:50.0349 0196  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
17:15:50.0349 0196  VSS - ok
17:15:50.0380 0196  [ 77D037C0DF3C5F0FE33E3D8DB32ACC1E ] vvftUVC         C:\Windows\system32\drivers\vvftUVC.sys
17:15:50.0380 0196  vvftUVC - ok
17:15:50.0395 0196  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:15:50.0395 0196  vwifibus - ok
17:15:50.0427 0196  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
17:15:50.0427 0196  W32Time - ok
17:15:50.0458 0196  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:15:50.0458 0196  WacomPen - ok
17:15:50.0473 0196  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:15:50.0473 0196  WANARP - ok
17:15:50.0473 0196  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:15:50.0473 0196  Wanarpv6 - ok
17:15:50.0520 0196  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
17:15:50.0536 0196  wbengine - ok
17:15:50.0567 0196  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:15:50.0583 0196  WbioSrvc - ok
17:15:50.0629 0196  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:15:50.0629 0196  wcncsvc - ok
17:15:50.0629 0196  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:15:50.0629 0196  WcsPlugInService - ok
17:15:50.0661 0196  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:15:50.0661 0196  Wd - ok
17:15:50.0692 0196  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:15:50.0707 0196  Wdf01000 - ok
17:15:50.0723 0196  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:15:50.0723 0196  WdiServiceHost - ok
17:15:50.0723 0196  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:15:50.0723 0196  WdiSystemHost - ok
17:15:50.0785 0196  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
17:15:50.0785 0196  WebClient - ok
17:15:50.0801 0196  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:15:50.0801 0196  Wecsvc - ok
17:15:50.0817 0196  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:15:50.0817 0196  wercplsupport - ok
17:15:50.0832 0196  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:15:50.0832 0196  WerSvc - ok
17:15:50.0848 0196  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:15:50.0848 0196  WfpLwf - ok
17:15:50.0863 0196  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:15:50.0863 0196  WIMMount - ok
17:15:50.0910 0196  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:15:50.0926 0196  WinDefend - ok
17:15:50.0973 0196  [ 284C5F8C47F30EF7799D359BA7F8B0D4 ] Windows-CCHook-Service C:\Windows\system32\cchservice.exe
17:15:50.0988 0196  Windows-CCHook-Service - ok
17:15:51.0004 0196  WinHttpAutoProxySvc - ok
17:15:51.0004 0196  Winmgmt - ok
17:15:51.0051 0196  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
17:15:51.0066 0196  WinRM - ok
17:15:51.0113 0196  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:15:51.0129 0196  WinUsb - ok
17:15:51.0160 0196  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:15:51.0175 0196  Wlansvc - ok
17:15:51.0222 0196  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:15:51.0253 0196  wlidsvc - ok
17:15:51.0285 0196  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:15:51.0285 0196  WmiAcpi - ok
17:15:51.0347 0196  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:15:51.0363 0196  wmiApSrv - ok
17:15:51.0409 0196  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:15:51.0409 0196  WMPNetworkSvc - ok
17:15:51.0425 0196  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:15:51.0441 0196  WPCSvc - ok
17:15:51.0441 0196  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:15:51.0441 0196  WPDBusEnum - ok
17:15:51.0472 0196  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:15:51.0487 0196  ws2ifsl - ok
17:15:51.0487 0196  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
17:15:51.0503 0196  wscsvc - ok
17:15:51.0503 0196  WSearch - ok
17:15:51.0565 0196  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
17:15:51.0597 0196  wuauserv - ok
17:15:51.0659 0196  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:15:51.0659 0196  WudfPf - ok
17:15:51.0675 0196  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:15:51.0675 0196  WUDFRd - ok
17:15:51.0721 0196  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:15:51.0721 0196  wudfsvc - ok
17:15:51.0753 0196  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:15:51.0799 0196  WwanSvc - ok
17:15:51.0831 0196  [ 276842A27953BE204A2507096F09B1F3 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
17:15:51.0831 0196  xusb21 - ok
17:15:51.0831 0196  ================ Scan global ===============================
17:15:51.0877 0196  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:15:51.0909 0196  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:15:51.0909 0196  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:15:51.0924 0196  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:15:51.0940 0196  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:15:51.0940 0196  [Global] - ok
17:15:51.0940 0196  ================ Scan MBR ==================================
17:15:51.0940 0196  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:15:52.0735 0196  \Device\Harddisk0\DR0 - ok
17:15:52.0735 0196  ================ Scan VBR ==================================
17:15:52.0735 0196  [ 5EB7AD102C81606A7BC013AFE36C0815 ] \Device\Harddisk0\DR0\Partition1
17:15:52.0735 0196  \Device\Harddisk0\DR0\Partition1 - ok
17:15:52.0735 0196  ============================================================
17:15:52.0735 0196  Scan finished
17:15:52.0735 0196  ============================================================
17:15:52.0751 2216  Detected object count: 0
17:15:52.0751 2216  Actual detected object count: 0
17:16:07.0243 3876  Deinitialize success
         
Fehler in der Ereignisanzeige :
Code:
ATTFilter
Protokollname: Application
Quelle:        Application Error
Datum:         29.04.2013 16:16:27
Ereignis-ID:   1000
Aufgabenkategorie:(100)
Ebene:         Fehler
Schlüsselwörter:Klassisch
Benutzer:      Nicht zutreffend
Computer:      Manuela-PC
Beschreibung:
Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, Zeitstempel: 0x5147644e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052d24
ID des fehlerhaften Prozesses: 0x2b0
Startzeit der fehlerhaften Anwendung: 0x01ce44e3367904c3
Pfad der fehlerhaften Anwendung: C:\Users\Manuela\Desktop\aswMBR.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung: 612e1639-b0d7-11e2-96ea-9767af5ab8ee
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-04-29T14:16:27.000000000Z" />
    <EventRecordID>68420</EventRecordID>
    <Channel>Application</Channel>
    <Computer>Manuela-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>aswMBR.exe</Data>
    <Data>0.9.9.1771</Data>
    <Data>5147644e</Data>
    <Data>ntdll.dll</Data>
    <Data>6.1.7601.17725</Data>
    <Data>4ec49b60</Data>
    <Data>c0000005</Data>
    <Data>00052d24</Data>
    <Data>2b0</Data>
    <Data>01ce44e3367904c3</Data>
    <Data>C:\Users\Manuela\Desktop\aswMBR.exe</Data>
    <Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
    <Data>612e1639-b0d7-11e2-96ea-9767af5ab8ee</Data>
  </EventData>
</Event>
         
Fehler Windows-Verwaltungsinstrumentation :
Code:
ATTFilter
Protokollname: System
Quelle:        Service Control Manager
Datum:         29.04.2013 17:20:24
Ereignis-ID:   7023
Aufgabenkategorie:Keine
Ebene:         Fehler
Schlüsselwörter:Klassisch
Benutzer:      Nicht zutreffend
Computer:      Manuela-PC
Beschreibung:
Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
Das angegebene Modul wurde nicht gefunden.
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7023</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2013-04-29T15:20:24.052528200Z" />
    <EventRecordID>374847</EventRecordID>
    <Correlation />
    <Execution ProcessID="756" ThreadID="860" />
    <Channel>System</Channel>
    <Computer>Manuela-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">Windows-Verwaltungsinstrumentation</Data>
    <Data Name="param2">%%126</Data>
  </EventData>
</Event>
         
Und noch eine Fehlermeldung vielleicht hilft die weiter
Code:
ATTFilter
Protokollname: System
Quelle:        Microsoft-Windows-DistributedCOM
Datum:         29.04.2013 17:20:54
Ereignis-ID:   10010
Aufgabenkategorie:Keine
Ebene:         Fehler
Schlüsselwörter:Klassisch
Benutzer:      Nicht zutreffend
Computer:      Manuela-PC
Beschreibung:
Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="49152">10010</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-04-29T15:20:54.000000000Z" />
    <EventRecordID>374848</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>Manuela-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">{8BC3F05E-D86B-11D0-A075-00C04FB68820}</Data>
  </EventData>
</Event>
         

Geändert von Speedbones (29.04.2013 um 17:48 Uhr) Grund: Hinzugefügt

Alt 30.04.2013, 07:37   #7
Psychotic
/// Malwareteam
 
Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten - Standard

Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten



Ich rate dir dringend, ein Backup anzulegen und eine Neuinstallation vorzunehmen - hier eine Bereinigung zu versuchen hat wenig Aussicht auf Erfolg.

Neu aufsetzen wäre in jedem Falle sicherer und deutlich schneller.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 08.05.2013, 07:14   #8
Psychotic
/// Malwareteam
 
Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten - Standard

Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten



Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Antwort

Themen zu Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten
anti-malware, arten, avg, dateien, dienst, fertig, gefunde, gelöscht, gescannt, hallo zusammen, infizierte, java, konnte, laufen, malwarebytes, nachbarin, nichts, reagiert, sicherheitscenter, starte, starten, system, temp, thread, zusammen



Ähnliche Themen: Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten


  1. Google-Redirect und Sicherheitscenter-Dienst deaktiviert
    Log-Analyse und Auswertung - 25.11.2017 (12)
  2. Windows 7: Updateproblem (0x80070005), Sicherheitscenter, Windows-Verwaltungsinstrumentation weg
    Plagegeister aller Art und deren Bekämpfung - 06.10.2015 (12)
  3. Windows 7: Nach BKA Trojaner Fehlermeldung beim Starten, Windows Sicherheitscenter kann nicht gestartet werden
    Log-Analyse und Auswertung - 18.11.2014 (9)
  4. Windows 7: "Windows-Verwaltungsinstrumentation"-Dienst startet nicht nach Trojanerbefall
    Log-Analyse und Auswertung - 16.06.2014 (15)
  5. Windows-Sicherheitscenter war deaktiviert - nun kann ich Windows-Defender nicht mehr starten
    Log-Analyse und Auswertung - 20.12.2013 (13)
  6. [Meldung im Wartecenter] 'Dienst "Windows-Sicherheitscenter" aktivieren (Wichtig)'
    Plagegeister aller Art und deren Bekämpfung - 10.11.2013 (1)
  7. Windows Vista - Sicherheitscenter und Avira nach jedem Starten deaktiviert
    Log-Analyse und Auswertung - 16.09.2013 (11)
  8. Sicherheitscenter dienst nach Infektion weg. Bin am Ende mit meinem Latein
    Plagegeister aller Art und deren Bekämpfung - 28.07.2013 (11)
  9. Windows Sicherheitscenter lässt sich nicht starten / GVU-Trojaner (unter anderem (?) )
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (23)
  10. Cannot load hotkey.sys UND Windows sicherheitscenter nicht zu starten
    Plagegeister aller Art und deren Bekämpfung - 18.02.2013 (3)
  11. Sicherheitscenter bei Windows Vista lässt sich nicht starten
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (25)
  12. Windows Sicherheitscenter Dienst und merkwürdige Redirects
    Log-Analyse und Auswertung - 18.12.2012 (9)
  13. Google-Redirect und Sicherheitscenter-Dienst deaktiviert
    Log-Analyse und Auswertung - 01.03.2012 (21)
  14. Sicherheitscenter nach Win7 security 2012 wieder starten
    Plagegeister aller Art und deren Bekämpfung - 02.08.2011 (13)
  15. Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 21.06.2011 (21)
  16. Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?
    Log-Analyse und Auswertung - 10.02.2011 (25)
  17. Sicherheitscenter /Dienst unter Windows XP nicht verfügbar!
    Antiviren-, Firewall- und andere Schutzprogramme - 24.10.2006 (30)

Zum Thema Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten - Hallo zusammen habe von meiner Nachbarin einen PC bekommen soweit ich konnte hab ich den PC wieder zum laufen bekommen leider bekomme ich es nicht fertig den Sicherheitsdienst bzw. den - Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten...
Archiv
Du betrachtest: Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.