Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein (https://www.trojaner-board.de/115927-popup-rechts-unten-browser-nervende-werbung-flash-schiebt-unten-rein.html)

mirres 29.05.2012 11:35
Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein
 
Liste der Anhänge anzeigen (Anzahl: 3)
Hallo zusammen,

habe nun Google mehrfach herangezogen und auch bei euch gesucht, allerdings noch mit keinem Mittel ans Ziel gekommen.

Vielleicht erst einmal zu meinem Problem:

Seit ein paar Tagen habe ich im Firefox wie auch IE Werbung die sich unten rechts öffnet. Diese schiebt sich von unten in den Browser. Ich kann auf das x klicken dann verschwindet sie, kommt aber bei jedem neuen Tab oder Fenster wieder. Manchmal ist es auch eine Flashanimation (zum besseren Verstänbdnis habe ich mal 2 Screenshots beigefügt).

Das komische ist, auf vielen Seiten kommt diese Werbung, aber auf einigen eben nicht (in 70% der Fälle ist sie aber da). Abunzu gibt es auch eine falshe Link weiterleitung auf Werbepages wie z.B. Dailydeal.

Ich habe schon einiges versucht. Virenscanner (hat auch mal was gefunden und angeblich behoben), aber immer noch das Problem da.

1. Microsoft Security Essentials - vollständiger Scan - Viern Fund auch mal als Sceenshot beigefügt
2. Antivir - vollständiger Scan
3. Spybot Serach and Detroy - vollständiger Scan
4. Malwarebytes - vollständiger Scan (gerade erst durchgelaufen).
5. OTL
Logs sahen wie folgt aus:

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org
 
Datenbank Version: v2012.05.29.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
rlucas :: BLN-WNB-02 [Administrator]
 
Schutz: Aktiviert
 
29.05.2012 09:42:56
mbam-log-2012-05-29 (11-29-56).txt
 
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 452049
Laufzeit: 58 Minute(n), 49 Sekunde(n)
 
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Keine Aktion durchgeführt.
 
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien: 1
C:\Windows\System32\regedit.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
 
(Ende)
OTL Logfile:
Code:
OTL logfile created on: 29.05.2012 12:25:48 - Run 1
OTL by OldTimer - Version 3.2.44.0    Folder = C:\Users\rlucas\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 5,78 Gb Available Physical Memory | 73,37% Memory free
15,77 Gb Paging File | 13,57 Gb Available in Paging File | 86,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 13,36 Gb Free Space | 13,70% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 22,99 Gb Free Space | 11,47% Space Free | Partition Type: NTFS
 
Computer Name: BLN-WNB-02 | User Name: rlucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2012.05.29 12:23:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\rlucas\Downloads\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\rlucas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.04.18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.02.20 22:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011.12.28 13:40:48 | 006,148,096 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe
PRC - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.12.02 12:53:24 | 000,353,744 | ---- | M] (Plantronics, Inc.) -- C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe
PRC - [2011.12.02 12:45:18 | 000,622,544 | ---- | M] (Plantronics, Inc.) -- C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe
PRC - [2011.08.22 08:36:20 | 000,640,512 | ---- | M] (Socialbit UG) -- C:\Program Files (x86)\WifiAmp\WifiAmp Server.exe
PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.04.19 14:50:38 | 001,710,664 | ---- | M] (Elgato Systems) -- C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
PRC - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011.01.06 12:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
PRC - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.11.11 13:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2010.11.11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.05.21 14:40:24 | 001,406,320 | ---- | M] (Flexera Software, Inc.) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.03.29 16:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.16 09:31:54 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.16 09:31:11 | 000,342,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PlantronicsURE\312e23deb529c2b6fb41935b2afba9b0\PlantronicsURE.ni.exe
MOD - [2012.05.16 09:31:10 | 000,128,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PlantronicsBatteryS#\63fd0f5cc88e2f5aebbe35b5ee43f23f\PlantronicsBatteryStatus.ni.exe
MOD - [2012.05.16 09:31:09 | 000,041,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Webe#\bc979207d3b5b1ea0511636718a90ce7\Plantronics.UC.WebexConnect.ni.dll
MOD - [2012.05.16 09:31:09 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Wind#\ecfa8b400750f83443c404e205299a94\Plantronics.UC.WindowsMediaPlayer.ni.dll
MOD - [2012.05.16 09:31:08 | 000,127,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Skype\2b98bb96300e389e9eaeee35239594a1\Plantronics.UC.Skype.ni.dll
MOD - [2012.05.16 09:31:08 | 000,111,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Sess#\325141408c6dd33c6ffbd7320c7ffce2\Plantronics.UC.SessionService.ni.dll
MOD - [2012.05.16 09:31:08 | 000,018,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Shor#\d1e500c50a270df57c69d96400bc9725\Plantronics.UC.ShoreTel.ni.dll
MOD - [2012.05.16 09:31:07 | 000,154,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Offi#\78f719167e34cf34abb56362df448095\Plantronics.UC.OfficeCommunicator.ni.dll
MOD - [2012.05.16 09:31:07 | 000,037,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.iTun#\de988d029762f7a176f1eea0f81f40ac\Plantronics.UC.iTunes.ni.dll
MOD - [2012.05.16 09:30:51 | 000,731,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSFC#\cf287130b24c4b3346652766b6c87ac4\Plantronics.UC.CSFClient.ni.dll
MOD - [2012.05.16 09:30:51 | 000,135,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSF\2c8dd947326f5d780af15c6c9b2ffa4f\Plantronics.UC.CSF.ni.dll
MOD - [2012.05.16 09:30:50 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.TAPI\172886c0fc7603d8421d1fd5a8f2650d\Plantronics.UC.TAPI.ni.dll
MOD - [2012.05.16 09:30:50 | 000,056,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Cisco\7ce0d8046fad3303e7d7f1f8ac267187\Plantronics.UC.Cisco.ni.dll
MOD - [2012.05.16 09:30:50 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\1a7494fabd697a457622bd3ec27c9c98\Plantronics.UC.AvayaSoftphone.ni.dll
MOD - [2012.05.16 09:30:50 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\f35491b4b89ca404b55906e2b0f82558\Plantronics.UC.AvayaIPAgent.ni.dll
MOD - [2012.05.16 09:30:48 | 000,329,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Comm#\b4d0616056ac4d2663ea5bb2329197f6\Plantronics.UC.Common.ni.dll
MOD - [2012.05.16 09:30:48 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avaya\357fa9a8ed8ac719cea68bee9b586520\Plantronics.UC.Avaya.ni.dll
MOD - [2012.05.16 09:30:47 | 000,111,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\3ef4ac9a717349ebb567d59be738ed2c\Plantronics.License.Manager.ni.dll
MOD - [2012.05.16 09:30:47 | 000,076,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.FlexNet#\e0d3659b05e463b586806734da3ccd7a\Plantronics.FlexNet.Adapter.ni.dll
MOD - [2012.05.16 09:30:47 | 000,056,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\fb8be9a10ba1c8b60e12c81b5dd6d191\Plantronics.License.Common.ni.dll
MOD - [2012.05.16 09:30:46 | 000,488,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Globali#\ce19c3c9209479f0d31e9d4559cc1205\Plantronics.Globalization.ni.dll
MOD - [2012.05.16 09:30:46 | 000,111,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\5817b51860e6daf4e86732185bddba71\Plantronics.Device.Hid.ni.dll
MOD - [2012.05.16 09:30:45 | 000,558,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\d7d385336e1f5c09d0a0936a0a1ee9e7\Plantronics.Device.Common.ni.dll
MOD - [2012.05.16 09:30:44 | 000,521,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Utility\a73af6f1ec8830aa380fd925e31644c9\Plantronics.Utility.ni.dll
MOD - [2012.05.16 09:30:43 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012.05.16 09:30:42 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\0a775a09b5828533e63fd9b7d94167d9\log4net.ni.dll
MOD - [2012.05.16 09:30:42 | 000,035,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Config\cc196aeb7ade0d9d980a93c6221222b1\Plantronics.Config.ni.dll
MOD - [2012.05.16 09:30:40 | 000,414,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.SKYPE4COMLib\b0ce5b6a51de584cb69af311a50ad654\Interop.SKYPE4COMLib.ni.dll
MOD - [2012.05.16 09:30:40 | 000,214,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\10af7f1bdd86222ae7779bf1092a6cda\Interop.FNCClient11Lib.ni.dll
MOD - [2012.05.16 09:30:40 | 000,144,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Communicato#\a4ed99a072e3e58346df9dcff7e672be\Interop.CommunicatorAPI.ni.dll
MOD - [2012.05.16 09:30:39 | 000,056,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.CiscoInterf#\8513c39ee5a5642bde30a92e5e2d5e1a\Interop.CiscoInterface.ni.dll
MOD - [2012.05.16 09:30:38 | 000,050,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Globali#\04893a3420e3d650aa361592f1aac3a2\Plantronics.Globalization.resources.ni.dll
MOD - [2012.05.16 09:30:37 | 000,440,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Atapi\60187c40d85d22ea02ca02d666d3283e\Atapi.ni.dll
MOD - [2012.05.16 09:28:34 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.05.16 09:28:30 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.16 09:28:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.16 09:28:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.16 09:28:15 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.16 09:28:12 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.12.28 14:13:24 | 003,522,048 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll
MOD - [2011.12.28 12:48:54 | 000,230,400 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\iefdm2.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.11 13:31:14 | 000,068,720 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2010.11.11 13:31:00 | 000,970,352 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.02.21 20:14:02 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.03.09 11:41:10 | 000,491,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011.03.09 11:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2011.02.21 20:14:00 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011.02.21 20:13:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2011.01.06 12:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe -- (EMP_UDSA)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010.11.11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.10.26 23:24:36 | 000,403,536 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Programme\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.11.07 14:23:13 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.04.30 13:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.04.30 13:59:10 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011.04.30 13:59:10 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.04.13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011.03.26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.21 20:14:24 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2011.02.21 20:14:12 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011.02.21 20:14:10 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2011.02.21 20:14:08 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.02.21 20:14:08 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011.02.21 20:14:06 | 000,276,008 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)
DRV:64bit: - [2011.02.21 20:14:06 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2011.02.21 20:14:06 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2011.02.21 20:14:04 | 000,472,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV:64bit: - [2011.02.21 20:14:04 | 000,419,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) Dell Wireless  HSPA Mini-Card Device Management Driver (WDM)
DRV:64bit: - [2011.02.21 20:14:04 | 000,411,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) Dell Wireless 5550 HSPA+ Mini-Card Device (WDM)
DRV:64bit: - [2011.02.21 20:14:04 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps)
DRV:64bit: - [2011.02.21 20:14:04 | 000,061,992 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554scard.sys -- (d554scard)
DRV:64bit: - [2011.02.21 20:14:04 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV:64bit: - [2011.02.21 20:14:02 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.02.21 20:14:02 | 000,075,240 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011.02.21 20:14:02 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
DRV:64bit: - [2011.02.21 20:14:02 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2011.02.21 20:13:58 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2011.02.16 16:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2011.01.06 12:37:26 | 000,023,040 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EMP_UDAU.sys -- (eppvad_simple)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.11.11 13:32:32 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010.11.11 13:32:32 | 000,030,832 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2010.11.11 13:32:20 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010.11.11 13:30:34 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010.11.11 13:30:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010.11.11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010.08.20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007.07.12 21:38:10 | 000,042,016 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TTCinergyT2BDA.sys -- (TTCinergyT2) TerraTec Cinergy T² (BDA)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/417
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 C1 47 E6 A4 35 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{3C33D6CF-1064-45BA-AF59-9D8ECCDFD061}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=fcbe7d08-3269-4963-be8a-04ac57386f01&apn_sauid=030B9408-5E39-4D79-862B-998365B74C7A
IE - HKCU\..\SearchScopes\{3E636E19-1CCB-4E5C-A688-310FF3574B77}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=fcbe7d08-3269-4963-be8a-04ac57386f01&apn_ptnrs=%5EABT&apn_sauid=030B9408-5E39-4D79-862B-998365B74C7A&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.23 18:28:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Users\rlucas\AppData\Local\Mozilla Firefox\components [2012.04.26 20:50:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Users\rlucas\AppData\Local\Mozilla Firefox\plugins [2012.05.24 11:31:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Users\rlucas\AppData\Local\Mozilla Firefox\components [2012.04.26 20:50:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Users\rlucas\AppData\Local\Mozilla Firefox\plugins [2012.05.24 11:31:16 | 000,000,000 | ---D | M]
 
[2012.03.28 10:57:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rlucas\AppData\Roaming\mozilla\Extensions
[2012.05.25 15:32:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rlucas\AppData\Roaming\mozilla\Firefox\Profiles\i9vsafrd.default\extensions
[2012.05.25 09:58:45 | 000,002,344 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Mozilla\Firefox\Profiles\i9vsafrd.default\searchplugins\askcom.xml
[2012.05.22 09:39:04 | 000,001,210 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Mozilla\Firefox\Profiles\i9vsafrd.default\searchplugins\search.xml
[2012.03.27 09:50:29 | 000,002,520 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Mozilla\Firefox\Profiles\i9vsafrd.default\searchplugins\SearchResults.xml
[2011.08.16 19:57:07 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\RLUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I9VSAFRD.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
 
O1 HOSTS File: ([2012.05.23 09:44:10 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 69.10.57.36 www.google-analytics.com.
O1 - Hosts: 69.10.57.36 ad-emea.doubleclick.net.
O1 - Hosts: 69.10.57.36 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlantronicsBatteryStatus.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe (Plantronics, Inc.)
O4 - HKLM..\Run: [PlantronicsURE.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe (Plantronics, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4 - HKCU..\Run: [Socialbit_Winamp_Server] C:\Program Files (x86)\WifiAmp\WifiAmp Server.exe (Socialbit UG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\rlucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\rlucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.30.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hansalog.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95E96912-D8FD-4B02-8A1D-32D1ED46DB7F}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6CA5BA3-89CB-48C5-8A5E-9EA0B75F4646}: DhcpNameServer = 192.168.30.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFD0A5B9-2307-454B-B15B-16AD85229DA4}: NameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB2B7E7A-4CBC-48CF-9F4B-DC2C9752F7EC}: DhcpNameServer = 10.2.10.221 10.2.10.222
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\Shell - "" = AutoRun
O33 - MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\Shell\AutoRun\command - "" = F:\EMP_UDSe.exe /autorun
O33 - MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\Shell - "" = AutoRun
O33 - MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\Shell - "" = AutoRun
O33 - MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.29 09:41:30 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\Malwarebytes
[2012.05.29 09:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.29 09:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.29 09:41:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.29 09:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.25 15:42:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.05.25 13:35:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.25 13:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.05.25 13:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.05.25 13:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.05.25 10:04:03 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\Avira
[2012.05.25 09:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.25 09:58:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012.05.25 09:58:07 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.25 09:58:07 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.25 09:58:07 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.05.25 09:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.25 09:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.05.24 15:06:32 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Local\ElevatedDiagnostics
[2012.05.20 12:56:59 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\Simfy
[2012.05.16 22:13:40 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\XnView
[2012.05.16 22:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
[2012.05.16 22:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XnView
[2012.05.16 09:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.16 09:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.03 19:51:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2012.05.03 09:57:39 | 000,000,000 | ---D | C] -- C:\Users\rlucas\Desktop\Emails
[2012.04.30 09:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.04.30 09:10:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.29 12:12:27 | 000,398,310 | ---- | M] () -- C:\Users\rlucas\Desktop\Unbenannt1.jpg
[2012.05.29 12:10:32 | 000,393,723 | ---- | M] () -- C:\Users\rlucas\Desktop\Unbenannt.jpg
[2012.05.29 11:39:08 | 000,017,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 11:39:08 | 000,017,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 11:36:02 | 001,522,268 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.29 11:36:02 | 000,662,760 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.29 11:36:02 | 000,623,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.29 11:36:02 | 000,133,526 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.29 11:36:02 | 000,109,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.29 11:31:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.29 11:31:07 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.29 09:41:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.29 09:18:59 | 000,001,012 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.05.29 09:18:42 | 000,000,982 | ---- | M] () -- C:\Users\rlucas\Desktop\Dropbox.lnk
[2012.05.25 15:43:31 | 000,000,818 | ---- | M] () -- C:\Users\rlucas\webtopcookie.properties
[2012.05.25 13:25:15 | 000,001,262 | ---- | M] () -- C:\Users\rlucas\Desktop\Spybot - Search & Destroy.lnk
[2012.05.25 09:59:10 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.24 11:47:36 | 005,923,951 | ---- | M] () -- C:\Users\rlucas\Desktop\XC60 Robin Lucas.pdf
[2012.05.23 09:44:10 | 000,001,392 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.05.22 09:39:04 | 000,000,288 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\C7449C3C.reg
[2012.05.20 12:57:00 | 000,000,032 | ---- | M] () -- C:\Users\rlucas\.simfy
[2012.05.16 22:14:33 | 000,000,923 | ---- | M] () -- C:\Users\rlucas\Desktop\XnView.lnk
[2012.05.16 09:24:23 | 000,346,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.08 10:19:28 | 000,003,314 | ---- | M] () -- C:\Users\rlucas\Desktop\Konfektion E Kosten Beispiel.csv
[2012.05.03 09:09:34 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.05.03 09:09:26 | 001,544,790 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2012.05.29 12:12:25 | 000,398,310 | ---- | C] () -- C:\Users\rlucas\Desktop\Unbenannt1.jpg
[2012.05.29 12:10:26 | 000,393,723 | ---- | C] () -- C:\Users\rlucas\Desktop\Unbenannt.jpg
[2012.05.29 09:41:18 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.25 13:25:15 | 000,001,262 | ---- | C] () -- C:\Users\rlucas\Desktop\Spybot - Search & Destroy.lnk
[2012.05.25 09:59:10 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.24 11:47:05 | 005,923,951 | ---- | C] () -- C:\Users\rlucas\Desktop\XC60 Robin Lucas.pdf
[2012.05.22 09:39:04 | 000,000,288 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\C7449C3C.reg
[2012.05.20 12:57:00 | 000,000,032 | ---- | C] () -- C:\Users\rlucas\.simfy
[2012.05.16 22:13:25 | 000,000,923 | ---- | C] () -- C:\Users\rlucas\Desktop\XnView.lnk
[2012.05.08 10:19:27 | 000,003,314 | ---- | C] () -- C:\Users\rlucas\Desktop\Konfektion E Kosten Beispiel.csv
[2011.12.19 11:46:24 | 000,000,600 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\winscp.rnd
[2011.11.04 21:41:47 | 000,000,336 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\burnaware.ini
[2011.10.18 09:49:05 | 000,023,388 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.08.27 13:36:23 | 000,007,168 | ---- | C] () -- C:\Users\rlucas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.04 10:01:41 | 000,007,059 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\e182323573.prf
[2011.07.04 10:01:37 | 000,000,417 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\redirect.xml
[2011.06.22 19:34:09 | 000,011,754 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.22 10:07:18 | 001,544,790 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.26 01:16:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.03.26 01:16:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.03.26 01:16:10 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
 
========== LOP Check ==========
 
[2012.01.02 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Bitmart
[2012.03.15 11:09:16 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\calibre
[2011.11.07 14:24:06 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\DAEMON Tools Lite
[2012.05.29 11:33:31 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Dropbox
[2012.05.29 12:27:11 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Free Download Manager
[2012.03.27 10:56:26 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\FreeScreenToVideo
[2011.12.25 23:33:45 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant
[2012.05.02 10:32:01 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Hiyc
[2012.04.10 10:50:56 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\ingentis
[2011.06.29 16:09:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\IrfanView
[2011.07.05 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Leadertech
[2012.05.25 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\loadtbs
[2012.04.21 20:09:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Luvei
[2011.11.26 13:56:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Mp3tag
[2011.09.15 13:18:51 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Notepad++
[2012.01.27 10:54:03 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\pdfforge
[2012.05.20 12:56:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Simfy
[2012.04.10 13:43:01 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\TeamViewer
[2011.07.03 16:13:30 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\TerraTec
[2011.11.07 14:30:04 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Vorlagen für Office 2010
[2012.03.27 10:02:05 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\webex
[2011.11.04 21:31:49 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\XMedia Recode
[2012.05.24 11:50:36 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\XnView
[2011.11.16 15:12:18 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Zoner
[2009.07.14 07:08:49 | 000,026,334 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---
kann jemand von euch was damit anfangen oder mir weiterhelfen...ist super nervig und ich würde ungern neuinstallieren müssen

cosinus 30.05.2012 21:19
Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!


Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

mirres 31.05.2012 10:03
Hallo cosinus,

vielen Dank für deine Antwort. Ich glaube das ich die Funde auch direkt entfernt hatte (sie stehen zumindest nun in der Quarantäne Liste). Soll ich sie dort nochmals löschen?

Ich hatte Maleware vorher nicht auf dem Rechner. Ich hab es im Nachgang noch laufen lassen, dann kamen keine Funde. Bruchst du das Log?

Leider ist die Werbung immer noch da.

cosinus 31.05.2012 10:22
Nien, lass die Quarantäne in Ruhe! Voreilig endgültig entfernen ist immer eine schlechte Idee!

Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


mirres 31.05.2012 18:38
Hallo Arne,

hat lange gedauert aber nun das Log (sind auch 2 Sachen gefunden worden :) )

Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=60294abe6b497d4f9a633fcc16781d37
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-31 11:16:11
# local_time=2012-05-31 01:16:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 526501 526501 0 0
# compatibility_mode=5893 16776574 100 94 26187337 90089037 0 0
# compatibility_mode=8192 67108863 100 0 128 128 0 0
# scanned=218727
# found=2
# cleaned=0
# scan_time=3784
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Users\operating\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H8Y9JEG7\pdfforgeToolbar[1].msi        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I

cosinus 31.05.2012 19:40
Das nur Toolbar-Müll

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

mirres 01.06.2012 09:22
Guten Morgen Arne,

soweit ich das beurteilen kann, läuft Windows ganz normal. Einträge sind auch nicht verschwunden.

Im übrigen nochmals danke das du dir hier die Zeit nmimmst, ist nicht selbstverständlich!

Viele Grüße
Robin

cosinus 01.06.2012 13:54
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

mirres 01.06.2012 14:37
Hallo Arne,

meinst du wirklich alles im Code, oder nur die Logs:

Hier der von OTL:

OTL Logfile:
Code:
OTL logfile created on: 01.06.2012 15:26:01 - Run 2
OTL by OldTimer - Version 3.2.44.0    Folder = C:\Users\rlucas\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 5,55 Gb Available Physical Memory | 70,43% Memory free
15,77 Gb Paging File | 13,40 Gb Available in Paging File | 84,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 13,50 Gb Free Space | 13,84% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 22,91 Gb Free Space | 11,43% Space Free | Partition Type: NTFS
 
Computer Name: BLN-WNB-02 | User Name: rlucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2012.05.29 12:23:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\rlucas\Downloads\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\rlucas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.02.15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011.12.28 13:40:48 | 006,148,096 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe
PRC - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.12.02 12:53:24 | 000,353,744 | ---- | M] (Plantronics, Inc.) -- C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe
PRC - [2011.12.02 12:45:18 | 000,622,544 | ---- | M] (Plantronics, Inc.) -- C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe
PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011.01.06 12:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
PRC - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.11.11 13:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2010.11.11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.05.21 14:40:24 | 001,406,320 | ---- | M] (Flexera Software, Inc.) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.03.29 16:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.16 09:31:11 | 000,342,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PlantronicsURE\312e23deb529c2b6fb41935b2afba9b0\PlantronicsURE.ni.exe
MOD - [2012.05.16 09:31:10 | 000,128,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PlantronicsBatteryS#\63fd0f5cc88e2f5aebbe35b5ee43f23f\PlantronicsBatteryStatus.ni.exe
MOD - [2012.05.16 09:31:09 | 000,041,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Webe#\bc979207d3b5b1ea0511636718a90ce7\Plantronics.UC.WebexConnect.ni.dll
MOD - [2012.05.16 09:31:09 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Wind#\ecfa8b400750f83443c404e205299a94\Plantronics.UC.WindowsMediaPlayer.ni.dll
MOD - [2012.05.16 09:31:08 | 000,127,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Skype\2b98bb96300e389e9eaeee35239594a1\Plantronics.UC.Skype.ni.dll
MOD - [2012.05.16 09:31:08 | 000,111,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Sess#\325141408c6dd33c6ffbd7320c7ffce2\Plantronics.UC.SessionService.ni.dll
MOD - [2012.05.16 09:31:08 | 000,018,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Shor#\d1e500c50a270df57c69d96400bc9725\Plantronics.UC.ShoreTel.ni.dll
MOD - [2012.05.16 09:31:07 | 000,154,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Offi#\78f719167e34cf34abb56362df448095\Plantronics.UC.OfficeCommunicator.ni.dll
MOD - [2012.05.16 09:31:07 | 000,037,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.iTun#\de988d029762f7a176f1eea0f81f40ac\Plantronics.UC.iTunes.ni.dll
MOD - [2012.05.16 09:30:51 | 000,731,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSFC#\cf287130b24c4b3346652766b6c87ac4\Plantronics.UC.CSFClient.ni.dll
MOD - [2012.05.16 09:30:51 | 000,135,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSF\2c8dd947326f5d780af15c6c9b2ffa4f\Plantronics.UC.CSF.ni.dll
MOD - [2012.05.16 09:30:50 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.TAPI\172886c0fc7603d8421d1fd5a8f2650d\Plantronics.UC.TAPI.ni.dll
MOD - [2012.05.16 09:30:50 | 000,056,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Cisco\7ce0d8046fad3303e7d7f1f8ac267187\Plantronics.UC.Cisco.ni.dll
MOD - [2012.05.16 09:30:50 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\1a7494fabd697a457622bd3ec27c9c98\Plantronics.UC.AvayaSoftphone.ni.dll
MOD - [2012.05.16 09:30:50 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\f35491b4b89ca404b55906e2b0f82558\Plantronics.UC.AvayaIPAgent.ni.dll
MOD - [2012.05.16 09:30:48 | 000,329,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Comm#\b4d0616056ac4d2663ea5bb2329197f6\Plantronics.UC.Common.ni.dll
MOD - [2012.05.16 09:30:48 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avaya\357fa9a8ed8ac719cea68bee9b586520\Plantronics.UC.Avaya.ni.dll
MOD - [2012.05.16 09:30:47 | 000,111,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\3ef4ac9a717349ebb567d59be738ed2c\Plantronics.License.Manager.ni.dll
MOD - [2012.05.16 09:30:47 | 000,076,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.FlexNet#\e0d3659b05e463b586806734da3ccd7a\Plantronics.FlexNet.Adapter.ni.dll
MOD - [2012.05.16 09:30:47 | 000,056,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\fb8be9a10ba1c8b60e12c81b5dd6d191\Plantronics.License.Common.ni.dll
MOD - [2012.05.16 09:30:46 | 000,488,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Globali#\ce19c3c9209479f0d31e9d4559cc1205\Plantronics.Globalization.ni.dll
MOD - [2012.05.16 09:30:46 | 000,111,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\5817b51860e6daf4e86732185bddba71\Plantronics.Device.Hid.ni.dll
MOD - [2012.05.16 09:30:45 | 000,558,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\d7d385336e1f5c09d0a0936a0a1ee9e7\Plantronics.Device.Common.ni.dll
MOD - [2012.05.16 09:30:44 | 000,521,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Utility\a73af6f1ec8830aa380fd925e31644c9\Plantronics.Utility.ni.dll
MOD - [2012.05.16 09:30:43 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012.05.16 09:30:42 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\0a775a09b5828533e63fd9b7d94167d9\log4net.ni.dll
MOD - [2012.05.16 09:30:42 | 000,035,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Config\cc196aeb7ade0d9d980a93c6221222b1\Plantronics.Config.ni.dll
MOD - [2012.05.16 09:30:40 | 000,414,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.SKYPE4COMLib\b0ce5b6a51de584cb69af311a50ad654\Interop.SKYPE4COMLib.ni.dll
MOD - [2012.05.16 09:30:40 | 000,214,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\10af7f1bdd86222ae7779bf1092a6cda\Interop.FNCClient11Lib.ni.dll
MOD - [2012.05.16 09:30:40 | 000,176,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.iTunesLib\2d0cc57e36cb38ed534c50240b40b9b3\Interop.iTunesLib.ni.dll
MOD - [2012.05.16 09:30:40 | 000,144,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Communicato#\a4ed99a072e3e58346df9dcff7e672be\Interop.CommunicatorAPI.ni.dll
MOD - [2012.05.16 09:30:39 | 000,056,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.CiscoInterf#\8513c39ee5a5642bde30a92e5e2d5e1a\Interop.CiscoInterface.ni.dll
MOD - [2012.05.16 09:30:38 | 000,050,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Globali#\04893a3420e3d650aa361592f1aac3a2\Plantronics.Globalization.resources.ni.dll
MOD - [2012.05.16 09:30:37 | 000,440,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Atapi\60187c40d85d22ea02ca02d666d3283e\Atapi.ni.dll
MOD - [2012.05.16 09:28:34 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.05.16 09:28:30 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.16 09:28:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.16 09:28:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.16 09:28:15 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.16 09:28:12 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.12.28 14:13:24 | 003,522,048 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll
MOD - [2011.12.28 12:48:54 | 000,230,400 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\iefdm2.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.11 13:31:14 | 000,068,720 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2010.11.11 13:31:00 | 000,970,352 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.02.21 20:14:02 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.03.09 11:41:10 | 000,491,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011.03.09 11:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2011.02.21 20:14:00 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011.02.21 20:13:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2011.01.06 12:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe -- (EMP_UDSA)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010.11.11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.10.26 23:24:36 | 000,403,536 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Programme\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.11.07 14:23:13 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.04.30 13:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.04.30 13:59:10 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011.04.30 13:59:10 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.04.13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011.03.26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.21 20:14:24 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2011.02.21 20:14:12 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011.02.21 20:14:10 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2011.02.21 20:14:08 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.02.21 20:14:08 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011.02.21 20:14:06 | 000,276,008 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)
DRV:64bit: - [2011.02.21 20:14:06 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2011.02.21 20:14:06 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2011.02.21 20:14:04 | 000,472,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV:64bit: - [2011.02.21 20:14:04 | 000,419,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) Dell Wireless  HSPA Mini-Card Device Management Driver (WDM)
DRV:64bit: - [2011.02.21 20:14:04 | 000,411,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) Dell Wireless 5550 HSPA+ Mini-Card Device (WDM)
DRV:64bit: - [2011.02.21 20:14:04 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps)
DRV:64bit: - [2011.02.21 20:14:04 | 000,061,992 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554scard.sys -- (d554scard)
DRV:64bit: - [2011.02.21 20:14:04 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV:64bit: - [2011.02.21 20:14:02 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.02.21 20:14:02 | 000,075,240 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011.02.21 20:14:02 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
DRV:64bit: - [2011.02.21 20:14:02 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2011.02.21 20:13:58 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2011.02.16 16:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2011.01.06 12:37:26 | 000,023,040 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EMP_UDAU.sys -- (eppvad_simple)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.11.11 13:32:32 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010.11.11 13:32:32 | 000,030,832 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2010.11.11 13:32:20 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010.11.11 13:30:34 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010.11.11 13:30:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010.11.11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010.08.20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007.07.12 21:38:10 | 000,042,016 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TTCinergyT2BDA.sys -- (TTCinergyT2) TerraTec Cinergy T² (BDA)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/417
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 C1 47 E6 A4 35 CC 01  [binary data]
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes\{3C33D6CF-1064-45BA-AF59-9D8ECCDFD061}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=fcbe7d08-3269-4963-be8a-04ac57386f01&apn_sauid=030B9408-5E39-4D79-862B-998365B74C7A
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes\{3E636E19-1CCB-4E5C-A688-310FF3574B77}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&appid=0&systemid=417&sr=0&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.23 18:28:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Users\rlucas\AppData\Local\Mozilla Firefox\components [2012.04.26 20:50:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Users\rlucas\AppData\Local\Mozilla Firefox\plugins [2012.05.24 11:31:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Users\rlucas\AppData\Local\Mozilla Firefox\components [2012.04.26 20:50:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Users\rlucas\AppData\Local\Mozilla Firefox\plugins [2012.05.24 11:31:16 | 000,000,000 | ---D | M]
 
[2012.03.28 10:57:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rlucas\AppData\Roaming\mozilla\Extensions
[2012.05.25 15:32:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rlucas\AppData\Roaming\mozilla\Firefox\Profiles\i9vsafrd.default\extensions
[2012.05.25 09:58:45 | 000,002,344 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Mozilla\Firefox\Profiles\i9vsafrd.default\searchplugins\askcom.xml
[2012.05.22 09:39:04 | 000,001,210 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Mozilla\Firefox\Profiles\i9vsafrd.default\searchplugins\search.xml
[2012.03.27 09:50:29 | 000,002,520 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Mozilla\Firefox\Profiles\i9vsafrd.default\searchplugins\SearchResults.xml
[2011.08.16 19:57:07 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\RLUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I9VSAFRD.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
 
O1 HOSTS File: ([2012.05.23 09:44:10 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 69.10.57.36 www.google-analytics.com.
O1 - Hosts: 69.10.57.36 ad-emea.doubleclick.net.
O1 - Hosts: 69.10.57.36 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlantronicsBatteryStatus.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe (Plantronics, Inc.)
O4 - HKLM..\Run: [PlantronicsURE.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe (Plantronics, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [Socialbit_Winamp_Server] C:\Program Files (x86)\WifiAmp\WifiAmp Server.exe (Socialbit UG)
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\operating\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Users\rlucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\rlucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.30.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hansalog.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95E96912-D8FD-4B02-8A1D-32D1ED46DB7F}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6CA5BA3-89CB-48C5-8A5E-9EA0B75F4646}: DhcpNameServer = 192.168.30.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFD0A5B9-2307-454B-B15B-16AD85229DA4}: NameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB2B7E7A-4CBC-48CF-9F4B-DC2C9752F7EC}: DhcpNameServer = 10.2.10.221 10.2.10.222
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\Shell - "" = AutoRun
O33 - MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\Shell\AutoRun\command - "" = F:\EMP_UDSe.exe /autorun
O33 - MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\Shell - "" = AutoRun
O33 - MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\Shell - "" = AutoRun
O33 - MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.VMnc - vmnc.dll (VMware, Inc.)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.01 14:16:01 | 000,000,000 | ---D | C] -- C:\Users\rlucas\Desktop\bilder nb 2 1 og
[2012.05.31 12:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.29 09:41:30 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\Malwarebytes
[2012.05.29 09:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.29 09:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.29 09:41:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.29 09:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.25 15:42:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.05.25 13:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.05.25 13:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.05.25 13:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.05.25 10:04:03 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\Avira
[2012.05.25 09:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.25 09:58:07 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.25 09:58:07 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.25 09:58:07 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.05.25 09:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.25 09:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.05.24 15:06:32 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Local\ElevatedDiagnostics
[2012.05.20 12:56:59 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\Simfy
[2012.05.16 22:13:40 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\XnView
[2012.05.16 22:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
[2012.05.16 22:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XnView
[2012.05.16 09:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.16 09:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.03 19:51:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2012.05.03 09:57:39 | 000,000,000 | ---D | C] -- C:\Users\rlucas\Desktop\Emails
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.01 08:26:53 | 001,522,268 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.01 08:26:53 | 000,662,760 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.01 08:26:53 | 000,623,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.01 08:26:53 | 000,133,526 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.01 08:26:53 | 000,109,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.01 08:23:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.30 09:57:39 | 000,000,816 | ---- | M] () -- C:\Users\rlucas\webtopcookie.properties
[2012.05.29 12:37:19 | 000,070,792 | ---- | M] () -- C:\Users\rlucas\Desktop\Unbenannt2.JPG
[2012.05.29 11:39:08 | 000,017,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 11:39:08 | 000,017,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 11:31:07 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.29 09:41:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.29 09:18:59 | 000,001,012 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.05.29 09:18:42 | 000,000,982 | ---- | M] () -- C:\Users\rlucas\Desktop\Dropbox.lnk
[2012.05.25 13:25:15 | 000,001,262 | ---- | M] () -- C:\Users\rlucas\Desktop\Spybot - Search & Destroy.lnk
[2012.05.24 11:47:36 | 005,923,951 | ---- | M] () -- C:\Users\rlucas\Desktop\XC60 Robin Lucas.pdf
[2012.05.23 09:44:10 | 000,001,392 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.05.22 09:39:04 | 000,000,288 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\C7449C3C.reg
[2012.05.20 12:57:00 | 000,000,032 | ---- | M] () -- C:\Users\rlucas\.simfy
[2012.05.16 22:14:33 | 000,000,923 | ---- | M] () -- C:\Users\rlucas\Desktop\XnView.lnk
[2012.05.16 09:24:23 | 000,346,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.08 10:19:28 | 000,003,314 | ---- | M] () -- C:\Users\rlucas\Desktop\Konfektion E Kosten Beispiel.csv
[2012.05.03 09:09:34 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.05.03 09:09:26 | 001,544,790 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== Files Created - No Company Name ==========
 
[2012.05.29 12:37:19 | 000,070,792 | ---- | C] () -- C:\Users\rlucas\Desktop\Unbenannt2.JPG
[2012.05.29 09:41:18 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.25 13:25:15 | 000,001,262 | ---- | C] () -- C:\Users\rlucas\Desktop\Spybot - Search & Destroy.lnk
[2012.05.24 11:47:05 | 005,923,951 | ---- | C] () -- C:\Users\rlucas\Desktop\XC60 Robin Lucas.pdf
[2012.05.22 09:39:04 | 000,000,288 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\C7449C3C.reg
[2012.05.20 12:57:00 | 000,000,032 | ---- | C] () -- C:\Users\rlucas\.simfy
[2012.05.16 22:13:25 | 000,000,923 | ---- | C] () -- C:\Users\rlucas\Desktop\XnView.lnk
[2012.05.08 10:19:27 | 000,003,314 | ---- | C] () -- C:\Users\rlucas\Desktop\Konfektion E Kosten Beispiel.csv
[2011.12.19 11:46:24 | 000,000,600 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\winscp.rnd
[2011.11.04 21:41:47 | 000,000,336 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\burnaware.ini
[2011.10.18 09:49:05 | 000,023,388 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.08.27 13:36:23 | 000,007,168 | ---- | C] () -- C:\Users\rlucas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.04 10:01:41 | 000,007,059 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\e182323573.prf
[2011.07.04 10:01:37 | 000,000,417 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\redirect.xml
[2011.06.22 19:34:09 | 000,011,754 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.22 10:07:18 | 001,544,790 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.26 01:16:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.03.26 01:16:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.03.26 01:16:10 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
 
========== LOP Check ==========
 
[2011.06.23 10:12:58 | 000,000,000 | ---D | M] -- C:\Users\operating\AppData\Roaming\Notepad++
[2011.06.22 10:06:25 | 000,000,000 | ---D | M] -- C:\Users\operating\AppData\Roaming\TeamViewer
[2012.01.02 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Bitmart
[2012.03.15 11:09:16 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\calibre
[2011.11.07 14:24:06 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\DAEMON Tools Lite
[2012.05.31 11:58:17 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Dropbox
[2012.06.01 15:30:09 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Free Download Manager
[2012.03.27 10:56:26 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\FreeScreenToVideo
[2011.12.25 23:33:45 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant
[2012.05.02 10:32:01 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Hiyc
[2012.04.10 10:50:56 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\ingentis
[2011.06.29 16:09:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\IrfanView
[2011.07.05 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Leadertech
[2012.05.25 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\loadtbs
[2012.04.21 20:09:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Luvei
[2011.11.26 13:56:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Mp3tag
[2011.09.15 13:18:51 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Notepad++
[2012.01.27 10:54:03 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\pdfforge
[2012.05.20 12:56:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Simfy
[2012.04.10 13:43:01 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\TeamViewer
[2011.07.03 16:13:30 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\TerraTec
[2011.11.07 14:30:04 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Vorlagen für Office 2010
[2012.03.27 10:02:05 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\webex
[2011.11.04 21:31:49 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\XMedia Recode
[2012.05.24 11:50:36 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\XnView
[2011.11.16 15:12:18 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Zoner
[2009.07.14 07:08:49 | 000,026,334 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.05.20 12:56:32 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Adobe
[2012.03.19 14:17:55 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Apple Computer
[2012.05.25 10:04:03 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Avira
[2012.01.02 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Bitmart
[2012.03.15 11:09:16 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\calibre
[2011.11.07 14:24:06 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\DAEMON Tools Lite
[2011.08.27 13:36:22 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\DivX
[2012.05.31 11:58:17 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Dropbox
[2012.01.08 01:05:16 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\dvdcss
[2012.03.12 12:06:08 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\FLEXnet
[2012.06.01 15:30:09 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Free Download Manager
[2012.03.27 10:56:26 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\FreeScreenToVideo
[2011.12.25 23:33:45 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant
[2012.05.02 10:32:01 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Hiyc
[2011.06.24 16:45:46 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Identities
[2012.04.10 10:50:56 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\ingentis
[2011.10.10 14:08:31 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\InstallShield
[2011.06.29 16:09:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\IrfanView
[2011.07.05 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Leadertech
[2012.05.25 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\loadtbs
[2011.07.05 13:41:12 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Logishrd
[2011.07.05 13:48:50 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Logitech
[2012.04.21 20:09:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Luvei
[2011.06.29 16:24:42 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Macromedia
[2012.01.13 15:07:07 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Macrovision
[2012.05.29 09:41:30 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Malwarebytes
[2009.07.14 13:06:42 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Media Center Programs
[2012.04.21 20:09:13 | 000,000,000 | --SD | M] -- C:\Users\rlucas\AppData\Roaming\Microsoft
[2011.06.29 10:03:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Mozilla
[2011.11.26 13:56:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Mp3tag
[2011.09.15 13:18:51 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Notepad++
[2012.01.27 10:54:03 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\pdfforge
[2012.05.20 12:56:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Simfy
[2012.06.01 15:25:57 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Skype
[2012.04.10 13:43:01 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\TeamViewer
[2011.07.03 16:13:30 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\TerraTec
[2012.02.04 21:44:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\vlc
[2012.05.30 09:54:48 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\VMware
[2011.11.07 14:30:04 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Vorlagen für Office 2010
[2012.03.27 10:02:05 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\webex
[2011.06.30 10:13:28 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Winamp
[2011.07.09 21:04:53 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\WinRAR
[2011.11.04 21:31:49 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\XMedia Recode
[2012.05.24 11:50:36 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\XnView
[2011.11.16 15:12:18 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Zoner
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\rlucas\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.17 02:23:04 | 000,871,664 | ---- | M] (Dropbox, Inc.) -- C:\Users\rlucas\AppData\Roaming\Dropbox\bin\DropboxPhotoUpdate.exe
[2012.03.15 00:02:14 | 000,871,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\rlucas\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\rlucas\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.12.26 00:24:04 | 000,055,296 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant\Library\2FCA7F6D-CE82-47A5-ACFD-E138027994CE\AutoRunCE.exe
[2011.12.26 00:24:04 | 000,083,456 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant\Library\2FCA7F6D-CE82-47A5-ACFD-E138027994CE\1\module.exe
[2011.12.26 00:23:17 | 000,055,296 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant\Library\AD9D1FDD-07C4-44C8-A2D7-BB1ADA5CCEF0\AutoRunCE.exe
[2011.12.26 00:23:57 | 000,083,456 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant\Library\AD9D1FDD-07C4-44C8-A2D7-BB1ADA5CCEF0\1\module.exe
[2011.12.26 00:24:03 | 000,055,296 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant\Library\F61B692E-3F66-4859-AA1B-74791C02F677\AutoRunCE.exe
[2011.12.26 00:24:03 | 000,083,456 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant\Library\F61B692E-3F66-4859-AA1B-74791C02F677\1\module.exe
[2012.03.07 13:45:24 | 001,242,112 | ---- | M] (InfiniAd GmbH) -- C:\Users\rlucas\AppData\Roaming\loadtbs\uninstall.exe
[2012.02.09 12:05:06 | 000,694,784 | ---- | M] (InfiniAd GmbH) -- C:\Users\rlucas\AppData\Roaming\loadtbs\ytdl.exe
[2011.08.02 15:20:57 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\rlucas\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2012.02.28 03:27:13 | 009,705,984 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

< End of report >
--- --- ---

[/CODE]

cosinus 01.06.2012 14:57
Selbstverständlich sollen nur die Logs in CODE-Tags! So stehst doch auch in meinem Beispiel! Wäre etwas sinnfrei auch den normalen Text bzw. das was du mit mitteilen willst in CODE-Tags postest - man will ja die Logs vom Fließtext abgrenzen

mirres 04.06.2012 09:34
Hallo Arne,

hast du denn sonst noch eine Idee? Leider sind die Werbebanner immer noch da.

Viele Grüße
Robin

cosinus 04.06.2012 15:25
Sry hab deinen Strang übersehen

Zitat:
O2 - BHO: (DivX Plus Web Player HTML5 <video>)
Sagmal gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschaut?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!
Gerade solche Streamingseiten sind für die aktuelle Welle der Erpresserschädlinge verantwortlich, die Windows blockieren und 50 oder 100 EUR erpressen wollen!!

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/417
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 C1 47 E6 A4 35 CC 01  [binary data]
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes\{3C33D6CF-1064-45BA-AF59-9D8ECCDFD061}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=fcbe7d08-3269-4963-be8a-04ac57386f01&apn_sauid=030B9408-5E39-4D79-862B-998365B74C7A
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes\{3E636E19-1CCB-4E5C-A688-310FF3574B77}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=0&systemid=417&sr=0&q="
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\Shell - "" = AutoRun
O33 - MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\Shell\AutoRun\command - "" = F:\EMP_UDSe.exe /autorun
O33 - MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\Shell - "" = AutoRun
O33 - MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\Shell - "" = AutoRun
O33 - MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
:Files
C:\Users\rlucas\AppData\Roaming\C7449C3C.reg
:\Users\rlucas\AppData\Roaming\loadtbs
C:\PROGRA~2\WIA6EB~1
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

mirres 05.06.2012 08:54
Hallo Arne,

es scheint wohl geklappt zu haben :-))))

hier noch das Log:

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ not found.
HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3C33D6CF-1064-45BA-AF59-9D8ECCDFD061}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C33D6CF-1064-45BA-AF59-9D8ECCDFD061}\ not found.
Registry key HKEY_USERS\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3E636E19-1CCB-4E5C-A688-310FF3574B77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E636E19-1CCB-4E5C-A688-310FF3574B77}\ not found.
Registry key HKEY_USERS\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "hxxp://www.searchqu.com/web?src=ffb&appid=0&systemid=417&sr=0&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ deleted successfully.
C:\Program Files (x86)\Free Download Manager\iefdm2.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\ not found.
File F:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\ not found.
File F:\EMP_UDSe.exe /autorun not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{704bd97e-436e-11e1-b3e9-90004eee4512}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{704bd97e-436e-11e1-b3e9-90004eee4512}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\ not found.
File F:\unlock.exe autoplay=true not found.
========== FILES ==========
C:\Users\rlucas\AppData\Roaming\C7449C3C.reg moved successfully.
Error: Unable to interpret <:\Users\rlucas\AppData\Roaming\loadtbs> in the current context!
Error: Unable to interpret <C:\PROGRA~2\WIA6EB~1> in the current context!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: administrator
->Temp folder emptied: 386 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: operating
->Temp folder emptied: 52219120 bytes
->Temporary Internet Files folder emptied: 39951431 bytes
 
User: Public
 
User: rlucas
->Temp folder emptied: 13927342 bytes
->Temporary Internet Files folder emptied: 401393551 bytes
->Java cache emptied: 59149222 bytes
->FireFox cache emptied: 271260325 bytes
->Flash cache emptied: 89303 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 258938 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 2302240901 bytes
 
Total Files Cleaned = 2.995,00 mb
 
 
[EMPTYFLASH]
 
User: administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: operating
 
User: Public
 
User: rlucas
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.44.0 log created on 06052012_094612

Files\Folders moved on Reboot...
C:\Users\rlucas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1276.log moved successfully.

Registry entries deleted on Reboot...
Kannst du mir noch kurz sagen, was du eigentlich gemacht hast, bzw. was OTL gemacht hat?

Vielen, vielen lieben Dank für deine tolle Hilfe!
Gruß
Robin

cosinus 05.06.2012 10:26
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

mirres 06.06.2012 15:19
Hallo Arne,

anbei das Log:

Code:
16:14:01.0805 2136        TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
16:14:02.0181 2136        ============================================================
16:14:02.0181 2136        Current date / time: 2012/06/06 16:14:02.0181
16:14:02.0181 2136        SystemInfo:
16:14:02.0181 2136       
16:14:02.0181 2136        OS Version: 6.1.7601 ServicePack: 1.0
16:14:02.0181 2136        Product type: Workstation
16:14:02.0182 2136        ComputerName: BLN-WNB-02
16:14:02.0182 2136        UserName: rlucas
16:14:02.0182 2136        Windows directory: C:\Windows
16:14:02.0182 2136        System windows directory: C:\Windows
16:14:02.0182 2136        Running under WOW64
16:14:02.0182 2136        Processor architecture: Intel x64
16:14:02.0182 2136        Number of processors: 4
16:14:02.0182 2136        Page size: 0x1000
16:14:02.0182 2136        Boot type: Normal boot
16:14:02.0182 2136        ============================================================
16:14:03.0588 2136        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:14:03.0638 2136        ============================================================
16:14:03.0638 2136        \Device\Harddisk0\DR0:
16:14:03.0639 2136        MBR partitions:
16:14:03.0639 2136        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:14:03.0639 2136        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
16:14:03.0639 2136        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x190DD800
16:14:03.0639 2136        ============================================================
16:14:03.0680 2136        C: <-> \Device\Harddisk0\DR0\Partition1
16:14:03.0761 2136        D: <-> \Device\Harddisk0\DR0\Partition2
16:14:03.0762 2136        ============================================================
16:14:03.0762 2136        Initialize success
16:14:03.0762 2136        ============================================================
16:14:07.0427 5276        ============================================================
16:14:07.0427 5276        Scan started
16:14:07.0427 5276        Mode: Manual;
16:14:07.0427 5276        ============================================================
16:14:08.0218 5276        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:14:08.0229 5276        1394ohci - ok
16:14:08.0264 5276        Acceler        (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
16:14:08.0265 5276        Acceler - ok
16:14:08.0293 5276        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:14:08.0298 5276        ACPI - ok
16:14:08.0397 5276        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:14:08.0398 5276        AcpiPmi - ok
16:14:08.0567 5276        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:14:08.0573 5276        AdobeARMservice - ok
16:14:08.0644 5276        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:14:08.0677 5276        adp94xx - ok
16:14:08.0738 5276        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:14:08.0744 5276        adpahci - ok
16:14:08.0771 5276        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:14:08.0775 5276        adpu320 - ok
16:14:08.0805 5276        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:14:08.0806 5276        AeLookupSvc - ok
16:14:08.0890 5276        AESTFilters    (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
16:14:08.0891 5276        AESTFilters - ok
16:14:08.0972 5276        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:14:08.0979 5276        AFD - ok
16:14:09.0027 5276        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:14:09.0028 5276        agp440 - ok
16:14:09.0047 5276        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:14:09.0049 5276        ALG - ok
16:14:09.0074 5276        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:14:09.0075 5276        aliide - ok
16:14:09.0079 5276        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:14:09.0080 5276        amdide - ok
16:14:09.0114 5276        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:14:09.0115 5276        AmdK8 - ok
16:14:09.0126 5276        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:14:09.0128 5276        AmdPPM - ok
16:14:09.0191 5276        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:14:09.0193 5276        amdsata - ok
16:14:09.0233 5276        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:14:09.0238 5276        amdsbs - ok
16:14:09.0273 5276        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:14:09.0274 5276        amdxata - ok
16:14:09.0409 5276        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:14:09.0412 5276        AntiVirSchedulerService - ok
16:14:09.0465 5276        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:14:09.0466 5276        AntiVirService - ok
16:14:09.0523 5276        AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:14:09.0531 5276        AntiVirWebService - ok
16:14:09.0593 5276        ApfiltrService  (ca5f1bd1261bc771d30096bbcfd625a0) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:14:09.0599 5276        ApfiltrService - ok
16:14:09.0646 5276        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:14:09.0647 5276        AppID - ok
16:14:09.0667 5276        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:14:09.0669 5276        AppIDSvc - ok
16:14:09.0706 5276        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:14:09.0708 5276        Appinfo - ok
16:14:09.0842 5276        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:14:09.0843 5276        Apple Mobile Device - ok
16:14:09.0884 5276        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:14:09.0896 5276        AppMgmt - ok
16:14:09.0927 5276        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:14:09.0929 5276        arc - ok
16:14:09.0948 5276        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:14:09.0950 5276        arcsas - ok
16:14:09.0978 5276        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:14:09.0979 5276        AsyncMac - ok
16:14:10.0017 5276        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:14:10.0018 5276        atapi - ok
16:14:10.0113 5276        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:14:10.0121 5276        AudioEndpointBuilder - ok
16:14:10.0126 5276        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:14:10.0129 5276        AudioSrv - ok
16:14:10.0287 5276        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
16:14:10.0303 5276        avgntflt - ok
16:14:10.0349 5276        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
16:14:10.0357 5276        avipbb - ok
16:14:10.0394 5276        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
16:14:10.0396 5276        avkmgr - ok
16:14:10.0449 5276        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:14:10.0452 5276        AxInstSV - ok
16:14:10.0526 5276        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:14:10.0534 5276        b06bdrv - ok
16:14:10.0588 5276        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:14:10.0638 5276        b57nd60a - ok
16:14:10.0674 5276        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:14:10.0677 5276        BDESVC - ok
16:14:10.0705 5276        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:14:10.0706 5276        Beep - ok
16:14:10.0811 5276        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:14:10.0829 5276        BFE - ok
16:14:10.0892 5276        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:14:10.0923 5276        BITS - ok
16:14:10.0954 5276        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:14:10.0955 5276        blbdrive - ok
16:14:11.0079 5276        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:14:11.0087 5276        Bonjour Service - ok
16:14:11.0136 5276        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:14:11.0138 5276        bowser - ok
16:14:11.0173 5276        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:14:11.0174 5276        BrFiltLo - ok
16:14:11.0182 5276        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:14:11.0183 5276        BrFiltUp - ok
16:14:11.0219 5276        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:14:11.0228 5276        Browser - ok
16:14:11.0246 5276        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:14:11.0250 5276        Brserid - ok
16:14:11.0256 5276        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:14:11.0258 5276        BrSerWdm - ok
16:14:11.0260 5276        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:14:11.0261 5276        BrUsbMdm - ok
16:14:11.0264 5276        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:14:11.0265 5276        BrUsbSer - ok
16:14:11.0321 5276        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:14:11.0322 5276        BthEnum - ok
16:14:11.0329 5276        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:14:11.0331 5276        BTHMODEM - ok
16:14:11.0356 5276        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:14:11.0357 5276        BthPan - ok
16:14:11.0425 5276        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:14:11.0438 5276        BTHPORT - ok
16:14:11.0480 5276        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:14:11.0481 5276        bthserv - ok
16:14:11.0491 5276        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:14:11.0492 5276        BTHUSB - ok
16:14:11.0539 5276        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:14:11.0548 5276        cdfs - ok
16:14:11.0611 5276        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:14:11.0618 5276        cdrom - ok
16:14:11.0668 5276        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:14:11.0669 5276        CertPropSvc - ok
16:14:11.0689 5276        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:14:11.0691 5276        circlass - ok
16:14:11.0731 5276        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:14:11.0743 5276        CLFS - ok
16:14:11.0810 5276        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:14:11.0812 5276        clr_optimization_v2.0.50727_32 - ok
16:14:11.0853 5276        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:14:11.0855 5276        clr_optimization_v2.0.50727_64 - ok
16:14:11.0954 5276        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:14:11.0955 5276        clr_optimization_v4.0.30319_32 - ok
16:14:11.0989 5276        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:14:11.0990 5276        clr_optimization_v4.0.30319_64 - ok
16:14:12.0015 5276        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:14:12.0016 5276        CmBatt - ok
16:14:12.0051 5276        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:14:12.0053 5276        cmdide - ok
16:14:12.0111 5276        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:14:12.0120 5276        CNG - ok
16:14:12.0141 5276        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:14:12.0142 5276        Compbatt - ok
16:14:12.0197 5276        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:14:12.0198 5276        CompositeBus - ok
16:14:12.0214 5276        COMSysApp - ok
16:14:12.0231 5276        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:14:12.0233 5276        crcdisk - ok
16:14:12.0294 5276        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:14:12.0299 5276        CryptSvc - ok
16:14:12.0362 5276        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:14:12.0377 5276        CSC - ok
16:14:12.0450 5276        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:14:12.0458 5276        CscService - ok
16:14:12.0500 5276        cvusbdrv        (a84caae89b487931200b969d94018afa) C:\Windows\system32\Drivers\cvusbdrv.sys
16:14:12.0501 5276        cvusbdrv - ok
16:14:12.0532 5276        d554gps        (0fef994d890c92d8f23442bc52d4fea9) C:\Windows\system32\DRIVERS\d554gps64.sys
16:14:12.0534 5276        d554gps - ok
16:14:12.0564 5276        d554scard      (95da07e4859396912d8e5630da5a9324) C:\Windows\system32\DRIVERS\d554scard.sys
16:14:12.0565 5276        d554scard - ok
16:14:12.0617 5276        dc3d            (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
16:14:12.0618 5276        dc3d - ok
16:14:12.0688 5276        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:14:12.0696 5276        DcomLaunch - ok
16:14:12.0753 5276        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:14:12.0796 5276        defragsvc - ok
16:14:12.0841 5276        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:14:12.0844 5276        DfsC - ok
16:14:12.0887 5276        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:14:12.0901 5276        Dhcp - ok
16:14:12.0934 5276        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:14:12.0936 5276        discache - ok
16:14:12.0968 5276        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:14:12.0970 5276        Disk - ok
16:14:13.0015 5276        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:14:13.0028 5276        Dnscache - ok
16:14:13.0086 5276        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:14:13.0095 5276        dot3svc - ok
16:14:13.0136 5276        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:14:13.0143 5276        DPS - ok
16:14:13.0172 5276        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:14:13.0173 5276        drmkaud - ok
16:14:13.0249 5276        dtsoftbus01    (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:14:13.0262 5276        dtsoftbus01 - ok
16:14:13.0351 5276        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:14:13.0366 5276        DXGKrnl - ok
16:14:13.0428 5276        e1cexpress      (60633132a929c09fe78fab16541f9e71) C:\Windows\system32\DRIVERS\e1c62x64.sys
16:14:13.0435 5276        e1cexpress - ok
16:14:13.0468 5276        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:14:13.0476 5276        EapHost - ok
16:14:13.0679 5276        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:14:13.0758 5276        ebdrv - ok
16:14:13.0879 5276        ecnssndis      (f88f2e5806fc405b0fa94b7947a5875e) C:\Windows\system32\Drivers\wwuss64.sys
16:14:13.0880 5276        ecnssndis - ok
16:14:13.0911 5276        ecnssndisfltr  (c8cd88218efc28f7e44a9892b3e97f4d) C:\Windows\system32\Drivers\wwussf64.sys
16:14:13.0911 5276        ecnssndisfltr - ok
16:14:13.0949 5276        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:14:13.0951 5276        EFS - ok
16:14:14.0051 5276        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:14:14.0064 5276        ehRecvr - ok
16:14:14.0096 5276        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:14:14.0098 5276        ehSched - ok
16:14:14.0159 5276        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:14:14.0190 5276        elxstor - ok
16:14:14.0283 5276        EMP_UDSA        (faa735cb77474deb4e4e327340117d3a) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
16:14:14.0366 5276        EMP_UDSA - ok
16:14:14.0393 5276        eppvad_simple  (55d460f601d0b4d528bb16c0e8e18723) C:\Windows\system32\drivers\EMP_UDAU.sys
16:14:14.0394 5276        eppvad_simple - ok
16:14:14.0426 5276        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:14:14.0427 5276        ErrDev - ok
16:14:14.0487 5276        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:14:14.0500 5276        EventSystem - ok
16:14:14.0523 5276        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:14:14.0528 5276        exfat - ok
16:14:14.0559 5276        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:14:14.0563 5276        fastfat - ok
16:14:14.0652 5276        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:14:14.0672 5276        Fax - ok
16:14:14.0680 5276        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:14:14.0682 5276        fdc - ok
16:14:14.0709 5276        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:14:14.0710 5276        fdPHost - ok
16:14:14.0719 5276        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:14:14.0721 5276        FDResPub - ok
16:14:14.0732 5276        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:14:14.0733 5276        FileInfo - ok
16:14:14.0749 5276        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:14:14.0751 5276        Filetrace - ok
16:14:14.0755 5276        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:14:14.0756 5276        flpydisk - ok
16:14:14.0812 5276        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:14:14.0821 5276        FltMgr - ok
16:14:14.0919 5276        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:14:14.0955 5276        FontCache - ok
16:14:15.0045 5276        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:14:15.0048 5276        FontCache3.0.0.0 - ok
16:14:15.0124 5276        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:14:15.0125 5276        FsDepends - ok
16:14:15.0166 5276        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:14:15.0167 5276        Fs_Rec - ok
16:14:15.0225 5276        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:14:15.0253 5276        fvevol - ok
16:14:15.0269 5276        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:14:15.0270 5276        gagp30kx - ok
16:14:15.0349 5276        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:14:15.0353 5276        GEARAspiWDM - ok
16:14:15.0439 5276        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:14:15.0452 5276        gpsvc - ok
16:14:15.0489 5276        hcmon          (ba207b48aa3d9d73fd4856400f852458) C:\Windows\system32\drivers\hcmon.sys
16:14:15.0491 5276        hcmon - ok
16:14:15.0523 5276        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:14:15.0525 5276        hcw85cir - ok
16:14:15.0594 5276        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:14:15.0603 5276        HdAudAddService - ok
16:14:15.0630 5276        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:14:15.0632 5276        HDAudBus - ok
16:14:15.0635 5276        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:14:15.0636 5276        HidBatt - ok
16:14:15.0644 5276        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:14:15.0646 5276        HidBth - ok
16:14:15.0650 5276        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:14:15.0651 5276        HidIr - ok
16:14:15.0680 5276        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:14:15.0681 5276        hidserv - ok
16:14:15.0707 5276        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:14:15.0708 5276        HidUsb - ok
16:14:15.0751 5276        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:14:15.0752 5276        hkmsvc - ok
16:14:15.0807 5276        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:14:15.0823 5276        HomeGroupListener - ok
16:14:15.0873 5276        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:14:15.0886 5276        HomeGroupProvider - ok
16:14:15.0910 5276        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:14:15.0911 5276        HpSAMD - ok
16:14:15.0998 5276        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:14:16.0011 5276        HTTP - ok
16:14:16.0049 5276        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:14:16.0050 5276        hwpolicy - ok
16:14:16.0069 5276        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:14:16.0072 5276        i8042prt - ok
16:14:16.0136 5276        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:14:16.0140 5276        iaStorV - ok
16:14:16.0222 5276        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:14:16.0236 5276        idsvc - ok
16:14:16.0851 5276        igfx            (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:14:17.0050 5276        igfx - ok
16:14:17.0202 5276        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:14:17.0205 5276        iirsp - ok
16:14:17.0302 5276        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:14:17.0318 5276        IKEEXT - ok
16:14:17.0379 5276        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
16:14:17.0387 5276        IntcDAud - ok
16:14:17.0424 5276        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:14:17.0425 5276        intelide - ok
16:14:17.0448 5276        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:14:17.0450 5276        intelppm - ok
16:14:17.0484 5276        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:14:17.0487 5276        IPBusEnum - ok
16:14:17.0521 5276        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:14:17.0523 5276        IpFilterDriver - ok
16:14:17.0594 5276        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:14:17.0602 5276        iphlpsvc - ok
16:14:17.0640 5276        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:14:17.0642 5276        IPMIDRV - ok
16:14:17.0666 5276        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:14:17.0669 5276        IPNAT - ok
16:14:17.0806 5276        iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
16:14:17.0817 5276        iPod Service - ok
16:14:17.0839 5276        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:14:17.0840 5276        IRENUM - ok
16:14:17.0856 5276        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:14:17.0857 5276        isapnp - ok
16:14:17.0901 5276        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:14:17.0910 5276        iScsiPrt - ok
16:14:17.0940 5276        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:14:17.0941 5276        kbdclass - ok
16:14:17.0990 5276        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:14:17.0991 5276        kbdhid - ok
16:14:18.0024 5276        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:18.0025 5276        KeyIso - ok
16:14:18.0041 5276        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:14:18.0043 5276        KSecDD - ok
16:14:18.0062 5276        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:14:18.0068 5276        KSecPkg - ok
16:14:18.0094 5276        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:14:18.0095 5276        ksthunk - ok
16:14:18.0157 5276        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:14:18.0170 5276        KtmRm - ok
16:14:18.0307 5276        L4301_Solar    (caeaa16039485b2d3bb069c1107442a5) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
16:14:18.0312 5276        L4301_Solar - ok
16:14:18.0377 5276        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:14:18.0387 5276        LanmanServer - ok
16:14:18.0426 5276        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:14:18.0435 5276        LanmanWorkstation - ok
16:14:18.0586 5276        LBTServ        (19eff704cd16dd0429e128431f1dd631) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
16:14:18.0604 5276        LBTServ - ok
16:14:18.0690 5276        LEqdUsb        (abfd2b5726f4cce49297ae48806cc594) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
16:14:18.0691 5276        LEqdUsb - ok
16:14:18.0720 5276        LHidEqd        (933f69cf9acd2498693bfcd7ed68e8d4) C:\Windows\system32\DRIVERS\LHidEqd.Sys
16:14:18.0721 5276        LHidEqd - ok
16:14:18.0742 5276        LHidFilt        (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:14:18.0744 5276        LHidFilt - ok
16:14:18.0799 5276        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:14:18.0801 5276        lltdio - ok
16:14:18.0849 5276        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:14:18.0857 5276        lltdsvc - ok
16:14:18.0878 5276        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:14:18.0879 5276        lmhosts - ok
16:14:18.0914 5276        LMouFilt        (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:14:18.0915 5276        LMouFilt - ok
16:14:18.0959 5276        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:14:18.0960 5276        LSI_FC - ok
16:14:18.0977 5276        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:14:18.0979 5276        LSI_SAS - ok
16:14:18.0998 5276        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:14:18.0999 5276        LSI_SAS2 - ok
16:14:19.0022 5276        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:14:19.0024 5276        LSI_SCSI - ok
16:14:19.0053 5276        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:14:19.0055 5276        luafv - ok
16:14:19.0093 5276        LUsbFilt        (11ddb1d900078fbe3691df7b878aec28) C:\Windows\system32\Drivers\LUsbFilt.Sys
16:14:19.0094 5276        LUsbFilt - ok
16:14:19.0156 5276        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
16:14:19.0157 5276        MBAMProtector - ok
16:14:19.0275 5276        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:14:19.0283 5276        MBAMService - ok
16:14:19.0346 5276        Mbm3CBus        (0845da0bff1af5c57de4dd97acaf2fcd) C:\Windows\system32\DRIVERS\Mbm3CBus.sys
16:14:19.0349 5276        Mbm3CBus - ok
16:14:19.0406 5276        Mbm3DevMt      (db6fa599aa79324e287c4eaf6020da37) C:\Windows\system32\DRIVERS\Mbm3DevMt.sys
16:14:19.0409 5276        Mbm3DevMt - ok
16:14:19.0434 5276        Mbm3mdfl        (2f71edb697752d409b9983f0e1d88f70) C:\Windows\system32\DRIVERS\Mbm3mdfl.sys
16:14:19.0435 5276        Mbm3mdfl - ok
16:14:19.0478 5276        Mbm3Mdm        (21b412a36de3ccfe4e13383b88cfc90c) C:\Windows\system32\DRIVERS\Mbm3Mdm.sys
16:14:19.0481 5276        Mbm3Mdm - ok
16:14:19.0519 5276        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:14:19.0522 5276        Mcx2Svc - ok
16:14:19.0548 5276        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:14:19.0549 5276        megasas - ok
16:14:19.0579 5276        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:14:19.0589 5276        MegaSR - ok
16:14:19.0602 5276        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
16:14:19.0604 5276        MEIx64 - ok
16:14:19.0631 5276        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:14:19.0633 5276        MMCSS - ok
16:14:19.0648 5276        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:14:19.0649 5276        Modem - ok
16:14:19.0680 5276        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:14:19.0680 5276        monitor - ok
16:14:19.0724 5276        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:14:19.0726 5276        mouclass - ok
16:14:19.0748 5276        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:14:19.0750 5276        mouhid - ok
16:14:19.0795 5276        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:14:19.0797 5276        mountmgr - ok
16:14:19.0866 5276        MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
16:14:19.0874 5276        MpFilter - ok
16:14:19.0921 5276        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:14:19.0929 5276        mpio - ok
16:14:19.0946 5276        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:14:19.0948 5276        mpsdrv - ok
16:14:20.0031 5276        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:14:20.0046 5276        MpsSvc - ok
16:14:20.0090 5276        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:14:20.0104 5276        MRxDAV - ok
16:14:20.0149 5276        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:14:20.0155 5276        mrxsmb - ok
16:14:20.0208 5276        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:14:20.0218 5276        mrxsmb10 - ok
16:14:20.0259 5276        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:14:20.0267 5276        mrxsmb20 - ok
16:14:20.0301 5276        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:14:20.0303 5276        msahci - ok
16:14:20.0349 5276        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:14:20.0356 5276        msdsm - ok
16:14:20.0391 5276        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:14:20.0399 5276        MSDTC - ok
16:14:20.0438 5276        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:14:20.0439 5276        Msfs - ok
16:14:20.0468 5276        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:14:20.0469 5276        mshidkmdf - ok
16:14:20.0482 5276        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:14:20.0483 5276        msisadrv - ok
16:14:20.0519 5276        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:14:20.0526 5276        MSiSCSI - ok
16:14:20.0532 5276        msiserver - ok
16:14:20.0649 5276        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:14:20.0669 5276        MSKSSRV - ok
16:14:20.0803 5276        MsMpSvc        (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:14:20.0803 5276        MsMpSvc - ok
16:14:20.0836 5276        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:14:20.0838 5276        MSPCLOCK - ok
16:14:20.0847 5276        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:14:20.0848 5276        MSPQM - ok
16:14:20.0917 5276        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:14:20.0927 5276        MsRPC - ok
16:14:20.0966 5276        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:14:20.0967 5276        mssmbios - ok
16:14:20.0996 5276        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:14:20.0997 5276        MSTEE - ok
16:14:21.0008 5276        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:14:21.0010 5276        MTConfig - ok
16:14:21.0040 5276        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:14:21.0042 5276        Mup - ok
16:14:21.0101 5276        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:14:21.0117 5276        napagent - ok
16:14:21.0166 5276        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:14:21.0173 5276        NativeWifiP - ok
16:14:21.0248 5276        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:14:21.0260 5276        NDIS - ok
16:14:21.0277 5276        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:14:21.0278 5276        NdisCap - ok
16:14:21.0293 5276        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:14:21.0295 5276        NdisTapi - ok
16:14:21.0339 5276        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:14:21.0342 5276        Ndisuio - ok
16:14:21.0396 5276        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:14:21.0402 5276        NdisWan - ok
16:14:21.0441 5276        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:14:21.0442 5276        NDProxy - ok
16:14:21.0471 5276        Netaapl        (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
16:14:21.0473 5276        Netaapl - ok
16:14:21.0492 5276        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:14:21.0493 5276        NetBIOS - ok
16:14:21.0545 5276        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:14:21.0557 5276        NetBT - ok
16:14:21.0591 5276        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:21.0593 5276        Netlogon - ok
16:14:21.0661 5276        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:14:21.0674 5276        Netman - ok
16:14:21.0705 5276        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:14:21.0710 5276        netprofm - ok
16:14:21.0782 5276        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:14:21.0790 5276        NetTcpPortSharing - ok
16:14:22.0236 5276        NETwNs64        (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
16:14:22.0381 5276        NETwNs64 - ok
16:14:22.0523 5276        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:14:22.0525 5276        nfrd960 - ok
16:14:22.0595 5276        NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:14:22.0603 5276        NisDrv - ok
16:14:22.0736 5276        NisSrv          (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
16:14:22.0769 5276        NisSrv - ok
16:14:22.0836 5276        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:14:22.0844 5276        NlaSvc - ok
16:14:22.0876 5276        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:14:22.0877 5276        Npfs - ok
16:14:22.0904 5276        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:14:22.0906 5276        nsi - ok
16:14:22.0915 5276        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:14:22.0917 5276        nsiproxy - ok
16:14:23.0076 5276        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:14:23.0107 5276        Ntfs - ok
16:14:23.0268 5276        NuidFltr        (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
16:14:23.0270 5276        NuidFltr - ok
16:14:23.0301 5276        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:14:23.0303 5276        Null - ok
16:14:23.0343 5276        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:14:23.0349 5276        nvraid - ok
16:14:23.0390 5276        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:14:23.0393 5276        nvstor - ok
16:14:23.0443 5276        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:14:23.0445 5276        nv_agp - ok
16:14:23.0487 5276        O2FLASH        (4e37455db16aec75862b1d0bc35b589e) C:\Windows\system32\DRIVERS\o2flash.exe
16:14:23.0489 5276        O2FLASH - ok
16:14:23.0507 5276        O2MDFRDR        (6172db160fc566cf24307941c0e94d8e) C:\Windows\system32\DRIVERS\O2MDFw7x64.sys
16:14:23.0509 5276        O2MDFRDR - ok
16:14:23.0563 5276        O2SDJRDR        (61b2aca7f48738afc883c05fa136a468) C:\Windows\system32\DRIVERS\o2sdjw7x64.sys
16:14:23.0565 5276        O2SDJRDR - ok
16:14:23.0675 5276        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:14:23.0687 5276        odserv - ok
16:14:23.0721 5276        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:14:23.0723 5276        ohci1394 - ok
16:14:23.0778 5276        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:14:23.0786 5276        ose - ok
16:14:23.0857 5276        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:14:23.0866 5276        p2pimsvc - ok
16:14:23.0904 5276        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:14:23.0913 5276        p2psvc - ok
16:14:23.0953 5276        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:14:23.0963 5276        Parport - ok
16:14:24.0001 5276        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:14:24.0004 5276        partmgr - ok
16:14:24.0030 5276        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:14:24.0042 5276        PcaSvc - ok
16:14:24.0079 5276        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:14:24.0085 5276        pci - ok
16:14:24.0123 5276        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:14:24.0124 5276        pciide - ok
16:14:24.0155 5276        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:14:24.0160 5276        pcmcia - ok
16:14:24.0178 5276        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:14:24.0179 5276        pcw - ok
16:14:24.0240 5276        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:14:24.0253 5276        PEAUTH - ok
16:14:24.0349 5276        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:14:24.0379 5276        PeerDistSvc - ok
16:14:24.0456 5276        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:14:24.0458 5276        PerfHost - ok
16:14:24.0666 5276        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:14:24.0699 5276        pla - ok
16:14:24.0763 5276        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:14:24.0772 5276        PlugPlay - ok
16:14:24.0795 5276        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:14:24.0797 5276        PNRPAutoReg - ok
16:14:24.0826 5276        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:14:24.0828 5276        PNRPsvc - ok
16:14:24.0895 5276        Point64        (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
16:14:24.0897 5276        Point64 - ok
16:14:24.0952 5276        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:14:24.0966 5276        PolicyAgent - ok
16:14:24.0994 5276        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:14:24.0997 5276        Power - ok
16:14:25.0057 5276        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:14:25.0060 5276        PptpMiniport - ok
16:14:25.0088 5276        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:14:25.0090 5276        Processor - ok
16:14:25.0125 5276        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:14:25.0138 5276        ProfSvc - ok
16:14:25.0174 5276        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:25.0175 5276        ProtectedStorage - ok
16:14:25.0230 5276        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:14:25.0239 5276        Psched - ok
16:14:25.0349 5276        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:14:25.0385 5276        ql2300 - ok
16:14:25.0518 5276        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:14:25.0521 5276        ql40xx - ok
16:14:25.0558 5276        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:14:25.0569 5276        QWAVE - ok
16:14:25.0583 5276        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:14:25.0584 5276        QWAVEdrv - ok
16:14:25.0669 5276        RapiMgr        (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
16:14:25.0671 5276        RapiMgr - ok
16:14:25.0687 5276        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:14:25.0688 5276        RasAcd - ok
16:14:25.0728 5276        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:14:25.0729 5276        RasAgileVpn - ok
16:14:25.0760 5276        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:14:25.0773 5276        RasAuto - ok
16:14:25.0814 5276        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:14:25.0823 5276        Rasl2tp - ok
16:14:25.0878 5276        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:14:25.0892 5276        RasMan - ok
16:14:25.0911 5276        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:14:25.0913 5276        RasPppoe - ok
16:14:25.0927 5276        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:14:25.0929 5276        RasSstp - ok
16:14:25.0978 5276        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:14:25.0986 5276        rdbss - ok
16:14:25.0995 5276        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:14:25.0996 5276        rdpbus - ok
16:14:26.0002 5276        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:14:26.0003 5276        RDPCDD - ok
16:14:26.0043 5276        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:14:26.0049 5276        RDPDR - ok
16:14:26.0070 5276        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:14:26.0071 5276        RDPENCDD - ok
16:14:26.0078 5276        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:14:26.0079 5276        RDPREFMP - ok
16:14:26.0128 5276        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:14:26.0129 5276        RdpVideoMiniport - ok
16:14:26.0173 5276        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:14:26.0186 5276        RDPWD - ok
16:14:26.0248 5276        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:14:26.0261 5276        rdyboost - ok
16:14:26.0296 5276        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:14:26.0298 5276        RemoteAccess - ok
16:14:26.0318 5276        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:14:26.0324 5276        RemoteRegistry - ok
16:14:26.0367 5276        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:14:26.0374 5276        RFCOMM - ok
16:14:26.0401 5276        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:14:26.0403 5276        RpcEptMapper - ok
16:14:26.0423 5276        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:14:26.0424 5276        RpcLocator - ok
16:14:26.0481 5276        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:14:26.0485 5276        RpcSs - ok
16:14:26.0523 5276        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:14:26.0525 5276        rspndr - ok
16:14:26.0560 5276        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:14:26.0561 5276        s3cap - ok
16:14:26.0599 5276        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:26.0600 5276        SamSs - ok
16:14:26.0640 5276        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:14:26.0642 5276        sbp2port - ok
16:14:26.0830 5276        SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:14:26.0862 5276        SBSDWSCService - ok
16:14:26.0898 5276        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:14:26.0904 5276        SCardSvr - ok
16:14:26.0960 5276        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:14:26.0962 5276        scfilter - ok
16:14:27.0062 5276        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:14:27.0081 5276        Schedule - ok
16:14:27.0127 5276        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:14:27.0128 5276        SCPolicySvc - ok
16:14:27.0168 5276        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
16:14:27.0169 5276        sdbus - ok
16:14:27.0211 5276        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:14:27.0220 5276        SDRSVC - ok
16:14:27.0261 5276        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:14:27.0262 5276        secdrv - ok
16:14:27.0302 5276        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:14:27.0304 5276        seclogon - ok
16:14:27.0346 5276        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:14:27.0347 5276        SENS - ok
16:14:27.0360 5276        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:14:27.0362 5276        SensrSvc - ok
16:14:27.0386 5276        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:14:27.0387 5276        Serenum - ok
16:14:27.0406 5276        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:14:27.0407 5276        Serial - ok
16:14:27.0436 5276        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:14:27.0437 5276        sermouse - ok
16:14:27.0490 5276        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:14:27.0492 5276        SessionEnv - ok
16:14:27.0527 5276        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:14:27.0528 5276        sffdisk - ok
16:14:27.0538 5276        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:14:27.0539 5276        sffp_mmc - ok
16:14:27.0560 5276        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:14:27.0561 5276        sffp_sd - ok
16:14:27.0576 5276        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:14:27.0577 5276        sfloppy - ok
16:14:27.0621 5276        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:14:27.0635 5276        SharedAccess - ok
16:14:27.0685 5276        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:14:27.0699 5276        ShellHWDetection - ok
16:14:27.0721 5276        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:14:27.0723 5276        SiSRaid2 - ok
16:14:27.0745 5276        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:14:27.0747 5276        SiSRaid4 - ok
16:14:27.0763 5276        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:14:27.0765 5276        Smb - ok
16:14:27.0801 5276        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:14:27.0803 5276        SNMPTRAP - ok
16:14:27.0819 5276        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:14:27.0820 5276        spldr - ok
16:14:27.0864 5276        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:14:27.0876 5276        Spooler - ok
16:14:28.0085 5276        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:14:28.0151 5276        sppsvc - ok
16:14:28.0254 5276        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:14:28.0256 5276        sppuinotify - ok
16:14:28.0336 5276        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:14:28.0346 5276        srv - ok
16:14:28.0380 5276        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:14:28.0389 5276        srv2 - ok
16:14:28.0431 5276        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:14:28.0437 5276        srvnet - ok
16:14:28.0477 5276        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:14:28.0483 5276        SSDPSRV - ok
16:14:28.0501 5276        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:14:28.0503 5276        SstpSvc - ok
16:14:28.0598 5276        STacSV          (c8f44e5e99ff6cf2e0627139cfec0742) C:\Program Files\IDT\WDM\STacSV64.exe
16:14:28.0601 5276        STacSV - ok
16:14:28.0651 5276        stdcfltn        (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
16:14:28.0653 5276        stdcfltn - ok
16:14:28.0680 5276        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:14:28.0681 5276        stexstor - ok
16:14:28.0755 5276        STHDA          (7a69c8af123f4c6a1d63daa7f5e2638d) C:\Windows\system32\DRIVERS\stwrt64.sys
16:14:28.0768 5276        STHDA - ok
16:14:28.0855 5276        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:14:28.0865 5276        stisvc - ok
16:14:28.0897 5276        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:14:28.0898 5276        storflt - ok
16:14:28.0932 5276        StorSvc        (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
16:14:28.0933 5276        StorSvc - ok
16:14:28.0950 5276        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:14:28.0951 5276        storvsc - ok
16:14:28.0968 5276        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:14:28.0970 5276        swenum - ok
16:14:29.0026 5276        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:14:29.0041 5276        swprv - ok
16:14:29.0052 5276        Synth3dVsc - ok
16:14:29.0193 5276        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:14:29.0227 5276        SysMain - ok
16:14:29.0343 5276        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:14:29.0346 5276        TabletInputService - ok
16:14:29.0401 5276        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:14:29.0409 5276        TapiSrv - ok
16:14:29.0431 5276        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:14:29.0433 5276        TBS - ok
16:14:29.0586 5276        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:14:29.0618 5276        Tcpip - ok
16:14:29.0847 5276        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:14:29.0861 5276        TCPIP6 - ok
16:14:29.0952 5276        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:14:29.0953 5276        tcpipreg - ok
16:14:29.0982 5276        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:14:29.0983 5276        TDPIPE - ok
16:14:30.0013 5276        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:14:30.0014 5276        TDTCP - ok
16:14:30.0065 5276        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:14:30.0067 5276        tdx - ok
16:14:30.0341 5276        TeamViewer7    (33966a658ff37e0c65d46e59f37e2380) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
16:14:30.0383 5276        TeamViewer7 - ok
16:14:30.0531 5276        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:14:30.0533 5276        TermDD - ok
16:14:30.0614 5276        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:14:30.0632 5276        TermService - ok
16:14:30.0664 5276        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:14:30.0667 5276        Themes - ok
16:14:30.0690 5276        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:14:30.0692 5276        THREADORDER - ok
16:14:30.0731 5276        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:14:30.0739 5276        TrkWks - ok
16:14:30.0965 5276        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:14:30.0967 5276        TrustedInstaller - ok
16:14:31.0025 5276        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:14:31.0026 5276        tssecsrv - ok
16:14:31.0109 5276        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:14:31.0114 5276        TsUsbFlt - ok
16:14:31.0122 5276        tsusbhub - ok
16:14:31.0164 5276        TTCinergyT2    (a52c83517f54e1e33000d86389ae78cf) C:\Windows\system32\DRIVERS\TTCinergyT2BDA.sys
16:14:31.0180 5276        TTCinergyT2 - ok
16:14:31.0236 5276        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:14:31.0238 5276        tunnel - ok
16:14:31.0375 5276        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:14:31.0376 5276        uagp35 - ok
16:14:31.0429 5276        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:14:31.0440 5276        udfs - ok
16:14:31.0521 5276        ufad-ws60      (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
16:14:31.0535 5276        ufad-ws60 - ok
16:14:31.0566 5276        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:14:31.0569 5276        UI0Detect - ok
16:14:31.0619 5276        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:14:31.0621 5276        uliagpkx - ok
16:14:31.0671 5276        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:14:31.0673 5276        umbus - ok
16:14:31.0677 5276        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:14:31.0678 5276        UmPass - ok
16:14:31.0725 5276        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:14:31.0736 5276        UmRdpService - ok
16:14:31.0777 5276        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:14:31.0790 5276        upnphost - ok
16:14:31.0832 5276        USBAAPL64      (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:14:31.0834 5276        USBAAPL64 - ok
16:14:31.0894 5276        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:14:31.0899 5276        usbaudio - ok
16:14:31.0943 5276        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:14:31.0945 5276        usbccgp - ok
16:14:31.0994 5276        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:14:31.0996 5276        usbcir - ok
16:14:32.0019 5276        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:14:32.0021 5276        usbehci - ok
16:14:32.0070 5276        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:14:32.0077 5276        usbhub - ok
16:14:32.0114 5276        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:14:32.0116 5276        usbohci - ok
16:14:32.0154 5276        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:14:32.0155 5276        usbprint - ok
16:14:32.0188 5276        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:14:32.0191 5276        USBSTOR - ok
16:14:32.0200 5276        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:14:32.0201 5276        usbuhci - ok
16:14:32.0268 5276        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:14:32.0274 5276        usbvideo - ok
16:14:32.0298 5276        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:14:32.0300 5276        UxSms - ok
16:14:32.0340 5276        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:32.0342 5276        VaultSvc - ok
16:14:32.0391 5276        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:14:32.0393 5276        vdrvroot - ok
16:14:32.0477 5276        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:14:32.0495 5276        vds - ok
16:14:32.0532 5276        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:14:32.0533 5276        vga - ok
16:14:32.0537 5276        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:14:32.0538 5276        VgaSave - ok
16:14:32.0541 5276        VGPU - ok
16:14:32.0580 5276        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:14:32.0586 5276        vhdmp - ok
16:14:32.0599 5276        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:14:32.0600 5276        viaide - ok
16:14:32.0696 5276        VMAuthdService  (42f0ecaf36636841a4a006850695507f) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
16:14:32.0705 5276        VMAuthdService - ok
16:14:32.0809 5276        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:14:32.0815 5276        vmbus - ok
16:14:32.0850 5276        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:14:32.0866 5276        VMBusHID - ok
16:14:32.0913 5276        vmci            (3d810a11c3e7fd4682a8824f54c1a04f) C:\Windows\system32\drivers\vmci.sys
16:14:32.0915 5276        vmci - ok
16:14:32.0949 5276        vmkbd          (1af6462718e5ab0ed55014a6ef3790ef) C:\Windows\system32\drivers\VMkbd.sys
16:14:32.0950 5276        vmkbd - ok
16:14:32.0983 5276        VMnetAdapter    (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
16:14:32.0984 5276        VMnetAdapter - ok
16:14:33.0021 5276        VMnetBridge    (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
16:14:33.0024 5276        VMnetBridge - ok
16:14:33.0044 5276        VMnetDHCP - ok
16:14:33.0064 5276        VMnetuserif    (daf5e04eb56cd0ed945fb2fdd94812db) C:\Windows\system32\drivers\vmnetuserif.sys
16:14:33.0067 5276        VMnetuserif - ok
16:14:33.0081 5276        VMparport      (a459ee9a95fde6b7140336e2f5e6a4cb) C:\Windows\system32\drivers\VMparport.sys
16:14:33.0083 5276        VMparport - ok
16:14:33.0132 5276        vmusb          (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
16:14:33.0133 5276        vmusb - ok
16:14:33.0235 5276        VMUSBArbService (f22098dbdd13c1221c274496b3e18da7) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
16:14:33.0243 5276        VMUSBArbService - ok
16:14:33.0252 5276        VMware NAT Service - ok
16:14:33.0266 5276        vmx86          (ae7f667db83e108e83c86a56b821e9a6) C:\Windows\system32\drivers\vmx86.sys
16:14:33.0268 5276        vmx86 - ok
16:14:33.0310 5276        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:14:33.0312 5276        volmgr - ok
16:14:33.0361 5276        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:14:33.0367 5276        volmgrx - ok
16:14:33.0419 5276        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:14:33.0427 5276        volsnap - ok
16:14:33.0530 5276        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:14:33.0536 5276        vsmraid - ok
16:14:33.0652 5276        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:14:33.0675 5276        VSS - ok
16:14:33.0745 5276        vstor2-ws60    (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
16:14:33.0746 5276        vstor2-ws60 - ok
16:14:33.0870 5276        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:14:33.0871 5276        vwifibus - ok
16:14:33.0882 5276        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:14:33.0884 5276        vwififlt - ok
16:14:33.0912 5276        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:14:33.0913 5276        vwifimp - ok
16:14:33.0961 5276        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:14:33.0972 5276        W32Time - ok
16:14:33.0985 5276        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:14:33.0987 5276        WacomPen - ok
16:14:34.0039 5276        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:14:34.0041 5276        WANARP - ok
16:14:34.0043 5276        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:14:34.0044 5276        Wanarpv6 - ok
16:14:34.0161 5276        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:14:34.0191 5276        wbengine - ok
16:14:34.0317 5276        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:14:34.0333 5276        WbioSrvc - ok
16:14:34.0420 5276        WcesComm        (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
16:14:34.0423 5276        WcesComm - ok
16:14:34.0482 5276        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:14:34.0495 5276        wcncsvc - ok
16:14:34.0510 5276        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:14:34.0512 5276        WcsPlugInService - ok
16:14:34.0562 5276        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:14:34.0564 5276        Wd - ok
16:14:34.0609 5276        WDC_SAM        (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
16:14:34.0610 5276        WDC_SAM - ok
16:14:34.0696 5276        WDDMService    (e6050fe6b60fa91188b8abdb5b1e339f) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
16:14:34.0700 5276        WDDMService - ok
16:14:34.0781 5276        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:14:34.0797 5276        Wdf01000 - ok
16:14:34.0920 5276        WDFME          (b83d5071b32a70bebdb3330bfa7acb80) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
16:14:34.0931 5276        WDFME - ok
16:14:35.0058 5276        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:14:35.0061 5276        WdiServiceHost - ok
16:14:35.0065 5276        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:14:35.0067 5276        WdiSystemHost - ok
16:14:35.0109 5276        WDSC            (517de2c5568cba6b2a24a557ac60c30b) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
16:14:35.0112 5276        WDSC - ok
16:14:35.0161 5276        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:14:35.0168 5276        WebClient - ok
16:14:35.0190 5276        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:14:35.0202 5276        Wecsvc - ok
16:14:35.0219 5276        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:14:35.0221 5276        wercplsupport - ok
16:14:35.0247 5276        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:14:35.0249 5276        WerSvc - ok
16:14:35.0305 5276        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:14:35.0306 5276        WfpLwf - ok
16:14:35.0319 5276        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:14:35.0320 5276        WIMMount - ok
16:14:35.0332 5276        WinDefend - ok
16:14:35.0337 5276        WinHttpAutoProxySvc - ok
16:14:35.0409 5276        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:14:35.0417 5276        Winmgmt - ok
16:14:35.0563 5276        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:14:35.0602 5276        WinRM - ok
16:14:35.0793 5276        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:14:35.0794 5276        WinUsb - ok
16:14:35.0869 5276        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:14:35.0886 5276        Wlansvc - ok
16:14:36.0163 5276        wlidsvc        (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:14:36.0202 5276        wlidsvc - ok
16:14:36.0354 5276        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:14:36.0355 5276        WmiAcpi - ok
16:14:36.0410 5276        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:14:36.0423 5276        wmiApSrv - ok
16:14:36.0441 5276        WMPNetworkSvc - ok
16:14:36.0482 5276        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:14:36.0485 5276        WPCSvc - ok
16:14:36.0535 5276        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:14:36.0545 5276        WPDBusEnum - ok
16:14:36.0568 5276        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:14:36.0570 5276        ws2ifsl - ok
16:14:36.0588 5276        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:14:36.0591 5276        wscsvc - ok
16:14:36.0595 5276        WSearch - ok
16:14:36.0780 5276        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:14:36.0829 5276        wuauserv - ok
16:14:36.0980 5276        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:14:36.0989 5276        WudfPf - ok
16:14:37.0019 5276        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:14:37.0030 5276        WUDFRd - ok
16:14:37.0066 5276        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:14:37.0068 5276        wudfsvc - ok
16:14:37.0106 5276        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:14:37.0118 5276        WwanSvc - ok
16:14:37.0157 5276        WwanUsbServ    (a100bd898b40de890dbe53eae4896d20) C:\Windows\system32\DRIVERS\WwanUsbMp64.sys
16:14:37.0159 5276        WwanUsbServ - ok
16:14:37.0213 5276        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:14:37.0484 5276        \Device\Harddisk0\DR0 - ok
16:14:37.0486 5276        Boot (0x1200)  (f978931a0526a4a206a6a3c700e00f6e) \Device\Harddisk0\DR0\Partition0
16:14:37.0487 5276        \Device\Harddisk0\DR0\Partition0 - ok
16:14:37.0498 5276        Boot (0x1200)  (bc398a7b6ccd4bd3d6e56941670283e3) \Device\Harddisk0\DR0\Partition1
16:14:37.0499 5276        \Device\Harddisk0\DR0\Partition1 - ok
16:14:37.0517 5276        Boot (0x1200)  (4429aa7c6889c6c6b4f98e32749f73ea) \Device\Harddisk0\DR0\Partition2
16:14:37.0518 5276        \Device\Harddisk0\DR0\Partition2 - ok
16:14:37.0519 5276        ============================================================
16:14:37.0519 5276        Scan finished
16:14:37.0519 5276        ============================================================
16:14:37.0530 9172        Detected object count: 0
16:14:37.0530 9172        Actual detected object count: 0
16:15:09.0283 5632        ============================================================
16:15:09.0283 5632        Scan started
16:15:09.0283 5632        Mode: Manual; SigCheck; TDLFS;
16:15:09.0283 5632        ============================================================
16:15:09.0637 5632        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:15:09.0769 5632        1394ohci - ok
16:15:09.0799 5632        Acceler        (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
16:15:09.0820 5632        Acceler - ok
16:15:09.0851 5632        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:15:09.0864 5632        ACPI - ok
16:15:09.0881 5632        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:15:09.0939 5632        AcpiPmi - ok
16:15:10.0051 5632        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:15:10.0058 5632        AdobeARMservice - ok
16:15:10.0109 5632        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:15:10.0125 5632        adp94xx - ok
16:15:10.0156 5632        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:15:10.0169 5632        adpahci - ok
16:15:10.0196 5632        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:15:10.0207 5632        adpu320 - ok
16:15:10.0239 5632        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:15:10.0345 5632        AeLookupSvc - ok
16:15:10.0405 5632        AESTFilters    (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
16:15:10.0449 5632        AESTFilters - ok
16:15:10.0516 5632        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:15:10.0587 5632        AFD - ok
16:15:10.0628 5632        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:15:10.0640 5632        agp440 - ok
16:15:10.0663 5632        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:15:10.0685 5632        ALG - ok
16:15:10.0699 5632        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:15:10.0706 5632        aliide - ok
16:15:10.0709 5632        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:15:10.0716 5632        amdide - ok
16:15:10.0748 5632        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:15:10.0807 5632        AmdK8 - ok
16:15:10.0814 5632        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:15:10.0842 5632        AmdPPM - ok
16:15:10.0875 5632        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:15:10.0884 5632        amdsata - ok
16:15:10.0909 5632        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:15:10.0917 5632        amdsbs - ok
16:15:10.0932 5632        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:15:10.0939 5632        amdxata - ok
16:15:11.0032 5632        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:15:11.0050 5632        AntiVirSchedulerService - ok
16:15:11.0088 5632        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:15:11.0095 5632        AntiVirService - ok
16:15:11.0165 5632        AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:15:11.0181 5632        AntiVirWebService - ok
16:15:11.0226 5632        ApfiltrService  (ca5f1bd1261bc771d30096bbcfd625a0) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:15:11.0237 5632        ApfiltrService - ok
16:15:11.0271 5632        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:15:11.0391 5632        AppID - ok
16:15:11.0418 5632        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:15:11.0454 5632        AppIDSvc - ok
16:15:11.0491 5632        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:15:11.0532 5632        Appinfo - ok
16:15:11.0650 5632        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:15:11.0658 5632        Apple Mobile Device - ok
16:15:11.0681 5632        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:15:11.0720 5632        AppMgmt - ok
16:15:11.0753 5632        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:15:11.0761 5632        arc - ok
16:15:11.0772 5632        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:15:11.0779 5632        arcsas - ok
16:15:11.0795 5632        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:15:11.0875 5632        AsyncMac - ok
16:15:11.0901 5632        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:15:11.0908 5632        atapi - ok
16:15:11.0979 5632        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:15:12.0021 5632        AudioEndpointBuilder - ok
16:15:12.0026 5632        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:15:12.0055 5632        AudioSrv - ok
16:15:12.0092 5632        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
16:15:12.0099 5632        avgntflt - ok
16:15:12.0141 5632        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
16:15:12.0149 5632        avipbb - ok
16:15:12.0178 5632        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
16:15:12.0184 5632        avkmgr - ok
16:15:12.0224 5632        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:15:12.0273 5632        AxInstSV - ok
16:15:12.0330 5632        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:15:12.0352 5632        b06bdrv - ok
16:15:12.0385 5632        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:15:12.0425 5632        b57nd60a - ok
16:15:12.0462 5632        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:15:12.0495 5632        BDESVC - ok
16:15:12.0506 5632        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:15:12.0552 5632        Beep - ok
16:15:12.0630 5632        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:15:12.0665 5632        BFE - ok
16:15:12.0748 5632        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:15:12.0796 5632        BITS - ok
16:15:12.0829 5632        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:15:12.0850 5632        blbdrive - ok
16:15:12.0937 5632        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:15:12.0955 5632        Bonjour Service - ok
16:15:12.0995 5632        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:15:13.0016 5632        bowser - ok
16:15:13.0032 5632        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:15:13.0082 5632        BrFiltLo - ok
16:15:13.0085 5632        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:15:13.0096 5632        BrFiltUp - ok
16:15:13.0137 5632        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:15:13.0192 5632        Browser - ok
16:15:13.0219 5632        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:15:13.0248 5632        Brserid - ok
16:15:13.0253 5632        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:15:13.0270 5632        BrSerWdm - ok
16:15:13.0273 5632        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:15:13.0286 5632        BrUsbMdm - ok
16:15:13.0290 5632        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:15:13.0305 5632        BrUsbSer - ok
16:15:13.0339 5632        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:15:13.0400 5632        BthEnum - ok
16:15:13.0417 5632        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:15:13.0443 5632        BTHMODEM - ok
16:15:13.0472 5632        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:15:13.0491 5632        BthPan - ok
16:15:13.0548 5632        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:15:13.0585 5632        BTHPORT - ok
16:15:13.0614 5632        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:15:13.0654 5632        bthserv - ok
16:15:13.0675 5632        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:15:13.0690 5632        BTHUSB - ok
16:15:13.0719 5632        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:15:13.0758 5632        cdfs - ok
16:15:13.0794 5632        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:15:13.0813 5632        cdrom - ok
16:15:13.0860 5632        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:15:13.0915 5632        CertPropSvc - ok
16:15:13.0938 5632        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:15:13.0951 5632        circlass - ok
16:15:13.0987 5632        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:15:13.0998 5632        CLFS - ok
16:15:14.0052 5632        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:15:14.0076 5632        clr_optimization_v2.0.50727_32 - ok
16:15:14.0112 5632        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:15:14.0122 5632        clr_optimization_v2.0.50727_64 - ok
16:15:14.0207 5632        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:15:14.0230 5632        clr_optimization_v4.0.30319_32 - ok
16:15:14.0267 5632        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:15:14.0287 5632        clr_optimization_v4.0.30319_64 - ok
16:15:14.0315 5632        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:15:14.0341 5632        CmBatt - ok
16:15:14.0391 5632        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:15:14.0413 5632        cmdide - ok
16:15:14.0550 5632        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:15:14.0580 5632        CNG - ok
16:15:14.0591 5632        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:15:14.0598 5632        Compbatt - ok
16:15:14.0631 5632        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:15:14.0649 5632        CompositeBus - ok
16:15:14.0652 5632        COMSysApp - ok
16:15:14.0665 5632        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:15:14.0672 5632        crcdisk - ok
16:15:14.0719 5632        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:15:14.0768 5632        CryptSvc - ok
16:15:14.0841 5632        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:15:14.0891 5632        CSC - ok
16:15:14.0959 5632        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:15:14.0990 5632        CscService - ok
16:15:15.0007 5632        cvusbdrv        (a84caae89b487931200b969d94018afa) C:\Windows\system32\Drivers\cvusbdrv.sys
16:15:15.0017 5632        cvusbdrv - ok
16:15:15.0047 5632        d554gps        (0fef994d890c92d8f23442bc52d4fea9) C:\Windows\system32\DRIVERS\d554gps64.sys
16:15:15.0057 5632        d554gps - ok
16:15:15.0082 5632        d554scard      (95da07e4859396912d8e5630da5a9324) C:\Windows\system32\DRIVERS\d554scard.sys
16:15:15.0090 5632        d554scard - ok
16:15:15.0126 5632        dc3d            (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
16:15:15.0167 5632        dc3d - ok
16:15:15.0237 5632        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:15:15.0289 5632        DcomLaunch - ok
16:15:15.0334 5632        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:15:15.0375 5632        defragsvc - ok
16:15:15.0406 5632        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:15:15.0455 5632        DfsC - ok
16:15:15.0508 5632        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:15:15.0555 5632        Dhcp - ok
16:15:15.0575 5632        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:15:15.0609 5632        discache - ok
16:15:15.0641 5632        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:15:15.0648 5632        Disk - ok
16:15:15.0690 5632        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:15:15.0717 5632        Dnscache - ok
16:15:15.0763 5632        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:15:15.0826 5632        dot3svc - ok
16:15:15.0869 5632        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:15:15.0918 5632        DPS - ok
16:15:15.0939 5632        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:15:15.0952 5632        drmkaud - ok
16:15:16.0002 5632        dtsoftbus01    (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:15:16.0013 5632        dtsoftbus01 - ok
16:15:16.0098 5632        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:15:16.0119 5632        DXGKrnl - ok
16:15:16.0160 5632        e1cexpress      (60633132a929c09fe78fab16541f9e71) C:\Windows\system32\DRIVERS\e1c62x64.sys
16:15:16.0169 5632        e1cexpress - ok
16:15:16.0199 5632        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:15:16.0235 5632        EapHost - ok
16:15:16.0429 5632        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:15:16.0491 5632        ebdrv - ok
16:15:16.0605 5632        ecnssndis      (f88f2e5806fc405b0fa94b7947a5875e) C:\Windows\system32\Drivers\wwuss64.sys
16:15:16.0616 5632        ecnssndis - ok
16:15:16.0628 5632        ecnssndisfltr  (c8cd88218efc28f7e44a9892b3e97f4d) C:\Windows\system32\Drivers\wwussf64.sys
16:15:16.0640 5632        ecnssndisfltr - ok
16:15:16.0675 5632        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:15:16.0712 5632        EFS - ok
16:15:16.0811 5632        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:15:16.0847 5632        ehRecvr - ok
16:15:16.0879 5632        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:15:16.0916 5632        ehSched - ok
16:15:16.0968 5632        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:15:16.0983 5632        elxstor - ok
16:15:17.0059 5632        EMP_UDSA        (faa735cb77474deb4e4e327340117d3a) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
16:15:17.0066 5632        EMP_UDSA ( UnsignedFile.Multi.Generic ) - warning
16:15:17.0067 5632        EMP_UDSA - detected UnsignedFile.Multi.Generic (1)
16:15:17.0086 5632        eppvad_simple  (55d460f601d0b4d528bb16c0e8e18723) C:\Windows\system32\drivers\EMP_UDAU.sys
16:15:17.0120 5632        eppvad_simple - ok
16:15:17.0152 5632        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:15:17.0172 5632        ErrDev - ok
16:15:17.0213 5632        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:15:17.0257 5632        EventSystem - ok
16:15:17.0283 5632        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:15:17.0308 5632        exfat - ok
16:15:17.0334 5632        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:15:17.0373 5632        fastfat - ok
16:15:17.0444 5632        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:15:17.0493 5632        Fax - ok
16:15:17.0498 5632        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:15:17.0511 5632        fdc - ok
16:15:17.0534 5632        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:15:17.0584 5632        fdPHost - ok
16:15:17.0603 5632        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:15:17.0634 5632        FDResPub - ok
16:15:17.0658 5632        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:15:17.0665 5632        FileInfo - ok
16:15:17.0675 5632        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:15:17.0699 5632        Filetrace - ok
16:15:17.0702 5632        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:15:17.0716 5632        flpydisk - ok
16:15:17.0762 5632        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:15:17.0771 5632        FltMgr - ok
16:15:17.0870 5632        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:15:17.0913 5632        FontCache - ok
16:15:17.0985 5632        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:15:17.0990 5632        FontCache3.0.0.0 - ok
16:15:18.0033 5632        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:15:18.0040 5632        FsDepends - ok
16:15:18.0075 5632        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:15:18.0082 5632        Fs_Rec - ok
16:15:18.0126 5632        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:15:18.0137 5632        fvevol - ok
16:15:18.0153 5632        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:15:18.0160 5632        gagp30kx - ok
16:15:18.0199 5632        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:15:18.0205 5632        GEARAspiWDM - ok
16:15:18.0294 5632        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:15:18.0347 5632        gpsvc - ok
16:15:18.0379 5632        hcmon          (ba207b48aa3d9d73fd4856400f852458) C:\Windows\system32\drivers\hcmon.sys
16:15:18.0386 5632        hcmon - ok
16:15:18.0399 5632        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:15:18.0447 5632        hcw85cir - ok
16:15:18.0507 5632        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:15:18.0519 5632        HdAudAddService - ok
16:15:18.0547 5632        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:15:18.0562 5632        HDAudBus - ok
16:15:18.0566 5632        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:15:18.0583 5632        HidBatt - ok
16:15:18.0591 5632        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:15:18.0601 5632        HidBth - ok
16:15:18.0615 5632        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:15:18.0635 5632        HidIr - ok
16:15:18.0664 5632        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:15:18.0697 5632        hidserv - ok
16:15:18.0716 5632        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:15:18.0724 5632        HidUsb - ok
16:15:18.0759 5632        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:15:18.0797 5632        hkmsvc - ok
16:15:18.0845 5632        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:15:18.0879 5632        HomeGroupListener - ok
16:15:18.0924 5632        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:15:18.0945 5632        HomeGroupProvider - ok
16:15:18.0962 5632        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:15:18.0969 5632        HpSAMD - ok
16:15:19.0053 5632        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:15:19.0112 5632        HTTP - ok
16:15:19.0150 5632        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:15:19.0164 5632        hwpolicy - ok
16:15:19.0180 5632        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:15:19.0191 5632        i8042prt - ok
16:15:19.0252 5632        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:15:19.0264 5632        iaStorV - ok
16:15:19.0371 5632        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:15:19.0397 5632        idsvc - ok
16:15:20.0078 5632        igfx            (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:15:20.0214 5632        igfx - ok
16:15:20.0327 5632        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:15:20.0339 5632        iirsp - ok
16:15:20.0417 5632        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:15:20.0457 5632        IKEEXT - ok
16:15:20.0499 5632        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
16:15:20.0535 5632        IntcDAud - ok
16:15:20.0567 5632        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:15:20.0577 5632        intelide - ok
16:15:20.0590 5632        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:15:20.0611 5632        intelppm - ok
16:15:20.0645 5632        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:15:20.0685 5632        IPBusEnum - ok
16:15:20.0723 5632        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:15:20.0759 5632        IpFilterDriver - ok
16:15:20.0858 5632        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:15:20.0900 5632        iphlpsvc - ok
16:15:20.0935 5632        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:15:20.0961 5632        IPMIDRV - ok
16:15:20.0983 5632        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:15:21.0031 5632        IPNAT - ok
16:15:21.0137 5632        iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
16:15:21.0162 5632        iPod Service - ok
16:15:21.0174 5632        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:15:21.0227 5632        IRENUM - ok
16:15:21.0241 5632        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:15:21.0248 5632        isapnp - ok
16:15:21.0293 5632        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:15:21.0304 5632        iScsiPrt - ok
16:15:21.0324 5632        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:15:21.0331 5632        kbdclass - ok
16:15:21.0366 5632        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:15:21.0374 5632        kbdhid - ok
16:15:21.0409 5632        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:15:21.0416 5632        KeyIso - ok
16:15:21.0435 5632        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:15:21.0444 5632        KSecDD - ok
16:15:21.0462 5632        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:15:21.0470 5632        KSecPkg - ok
16:15:21.0487 5632        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:15:21.0525 5632        ksthunk - ok
16:15:21.0572 5632        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:15:21.0608 5632        KtmRm - ok
16:15:21.0716 5632        L4301_Solar    (caeaa16039485b2d3bb069c1107442a5) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
16:15:21.0728 5632        L4301_Solar - ok
16:15:21.0776 5632        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:15:21.0812 5632        LanmanServer - ok
16:15:21.0852 5632        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:15:21.0891 5632        LanmanWorkstation - ok
16:15:22.0012 5632        LBTServ        (19eff704cd16dd0429e128431f1dd631) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
16:15:22.0024 5632        LBTServ - ok
16:15:22.0081 5632        LEqdUsb        (abfd2b5726f4cce49297ae48806cc594) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
16:15:22.0091 5632        LEqdUsb - ok
16:15:22.0121 5632        LHidEqd        (933f69cf9acd2498693bfcd7ed68e8d4) C:\Windows\system32\DRIVERS\LHidEqd.Sys
16:15:22.0129 5632        LHidEqd - ok
16:15:22.0142 5632        LHidFilt        (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:15:22.0150 5632        LHidFilt - ok
16:15:22.0172 5632        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:15:22.0216 5632        lltdio - ok
16:15:22.0254 5632        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:15:22.0291 5632        lltdsvc - ok
16:15:22.0327 5632        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:15:22.0352 5632        lmhosts - ok
16:15:22.0381 5632        LMouFilt        (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:15:22.0388 5632        LMouFilt - ok
16:15:22.0409 5632        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:15:22.0417 5632        LSI_FC - ok
16:15:22.0436 5632        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:15:22.0448 5632        LSI_SAS - ok
16:15:22.0464 5632        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:15:22.0471 5632        LSI_SAS2 - ok
16:15:22.0486 5632        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:15:22.0497 5632        LSI_SCSI - ok
16:15:22.0519 5632        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:15:22.0544 5632        luafv - ok
16:15:22.0576 5632        LUsbFilt        (11ddb1d900078fbe3691df7b878aec28) C:\Windows\system32\Drivers\LUsbFilt.Sys
16:15:22.0584 5632        LUsbFilt - ok
16:15:22.0613 5632        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
16:15:22.0620 5632        MBAMProtector - ok
16:15:22.0726 5632        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:15:22.0745 5632        MBAMService - ok
16:15:22.0795 5632        Mbm3CBus        (0845da0bff1af5c57de4dd97acaf2fcd) C:\Windows\system32\DRIVERS\Mbm3CBus.sys
16:15:22.0805 5632        Mbm3CBus - ok
16:15:22.0854 5632        Mbm3DevMt      (db6fa599aa79324e287c4eaf6020da37) C:\Windows\system32\DRIVERS\Mbm3DevMt.sys
16:15:22.0864 5632        Mbm3DevMt - ok
16:15:22.0885 5632        Mbm3mdfl        (2f71edb697752d409b9983f0e1d88f70) C:\Windows\system32\DRIVERS\Mbm3mdfl.sys
16:15:22.0891 5632        Mbm3mdfl - ok
16:15:22.0933 5632        Mbm3Mdm        (21b412a36de3ccfe4e13383b88cfc90c) C:\Windows\system32\DRIVERS\Mbm3Mdm.sys
16:15:22.0952 5632        Mbm3Mdm - ok
16:15:22.0995 5632        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:15:23.0028 5632        Mcx2Svc - ok
16:15:23.0048 5632        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:15:23.0057 5632        megasas - ok
16:15:23.0090 5632        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:15:23.0099 5632        MegaSR - ok
16:15:23.0120 5632        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
16:15:23.0126 5632        MEIx64 - ok
16:15:23.0140 5632        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:15:23.0178 5632        MMCSS - ok
16:15:23.0198 5632        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:15:23.0231 5632        Modem - ok
16:15:23.0247 5632        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:15:23.0262 5632        monitor - ok
16:15:23.0300 5632        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:15:23.0307 5632        mouclass - ok
16:15:23.0323 5632        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:15:23.0340 5632        mouhid - ok
16:15:23.0378 5632        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:15:23.0386 5632        mountmgr - ok
16:15:23.0427 5632        MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
16:15:23.0441 5632        MpFilter - ok
16:15:23.0489 5632        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:15:23.0497 5632        mpio - ok
16:15:23.0521 5632        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:15:23.0547 5632        mpsdrv - ok
16:15:23.0632 5632        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:15:23.0669 5632        MpsSvc - ok
16:15:23.0710 5632        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:15:23.0729 5632        MRxDAV - ok
16:15:23.0765 5632        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:15:23.0791 5632        mrxsmb - ok
16:15:23.0851 5632        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:15:23.0861 5632        mrxsmb10 - ok
16:15:23.0901 5632        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:15:23.0912 5632        mrxsmb20 - ok
16:15:23.0951 5632        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:15:23.0958 5632        msahci - ok
16:15:23.0998 5632        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:15:24.0006 5632        msdsm - ok
16:15:24.0043 5632        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:15:24.0072 5632        MSDTC - ok
16:15:24.0096 5632        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:15:24.0126 5632        Msfs - ok
16:15:24.0135 5632        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:15:24.0171 5632        mshidkmdf - ok
16:15:24.0182 5632        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:15:24.0190 5632        msisadrv - ok
16:15:24.0219 5632        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:15:24.0253 5632        MSiSCSI - ok
16:15:24.0256 5632        msiserver - ok
16:15:24.0264 5632        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:15:24.0296 5632        MSKSSRV - ok
16:15:24.0353 5632        MsMpSvc        (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:15:24.0360 5632        MsMpSvc - ok
16:15:24.0370 5632        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:15:24.0406 5632        MSPCLOCK - ok
16:15:24.0423 5632        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:15:24.0460 5632        MSPQM - ok
16:15:24.0515 5632        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:15:24.0526 5632        MsRPC - ok
16:15:24.0583 5632        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:15:24.0592 5632        mssmbios - ok
16:15:24.0604 5632        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:15:24.0641 5632        MSTEE - ok
16:15:24.0650 5632        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:15:24.0658 5632        MTConfig - ok
16:15:24.0673 5632        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:15:24.0680 5632        Mup - ok
16:15:24.0741 5632        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:15:24.0785 5632        napagent - ok
16:15:24.0819 5632        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:15:24.0842 5632        NativeWifiP - ok
16:15:24.0914 5632        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:15:24.0941 5632        NDIS - ok
16:15:24.0952 5632        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:15:24.0976 5632        NdisCap - ok
16:15:24.0986 5632        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:15:25.0023 5632        NdisTapi - ok
16:15:25.0055 5632        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:15:25.0088 5632        Ndisuio - ok
16:15:25.0146 5632        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:15:25.0189 5632        NdisWan - ok
16:15:25.0224 5632        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:15:25.0284 5632        NDProxy - ok
16:15:25.0313 5632        Netaapl        (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
16:15:25.0347 5632        Netaapl - ok
16:15:25.0358 5632        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:15:25.0403 5632        NetBIOS - ok
16:15:25.0455 5632        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:15:25.0498 5632        NetBT - ok
16:15:25.0533 5632        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:15:25.0549 5632        Netlogon - ok
16:15:25.0592 5632        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:15:25.0635 5632        Netman - ok
16:15:25.0664 5632        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:15:25.0700 5632        netprofm - ok
16:15:25.0755 5632        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:15:25.0761 5632        NetTcpPortSharing - ok
16:15:26.0209 5632        NETwNs64        (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
16:15:26.0304 5632        NETwNs64 - ok
16:15:26.0406 5632        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:15:26.0416 5632        nfrd960 - ok
16:15:26.0450 5632        NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:15:26.0458 5632        NisDrv - ok
16:15:26.0561 5632        NisSrv          (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
16:15:26.0579 5632        NisSrv - ok
16:15:26.0644 5632        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:15:26.0680 5632        NlaSvc - ok
16:15:26.0693 5632        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:15:26.0716 5632        Npfs - ok
16:15:26.0737 5632        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:15:26.0777 5632        nsi - ok
16:15:26.0791 5632        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:15:26.0830 5632        nsiproxy - ok
16:15:26.0964 5632        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:15:26.0995 5632        Ntfs - ok
16:15:27.0127 5632        NuidFltr        (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
16:15:27.0144 5632        NuidFltr - ok
16:15:27.0168 5632        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:15:27.0212 5632        Null - ok
16:15:27.0252 5632        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:15:27.0283 5632        nvraid - ok
16:15:27.0314 5632        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:15:27.0325 5632        nvstor - ok
16:15:27.0360 5632        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:15:27.0370 5632        nv_agp - ok
16:15:27.0404 5632        O2FLASH        (4e37455db16aec75862b1d0bc35b589e) C:\Windows\system32\DRIVERS\o2flash.exe
16:15:27.0411 5632        O2FLASH - ok
16:15:27.0441 5632        O2MDFRDR        (6172db160fc566cf24307941c0e94d8e) C:\Windows\system32\DRIVERS\O2MDFw7x64.sys
16:15:27.0449 5632        O2MDFRDR - ok
16:15:27.0481 5632        O2SDJRDR        (61b2aca7f48738afc883c05fa136a468) C:\Windows\system32\DRIVERS\o2sdjw7x64.sys
16:15:27.0488 5632        O2SDJRDR - ok
16:15:27.0608 5632        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:15:27.0618 5632        odserv - ok
16:15:27.0648 5632        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:15:27.0663 5632        ohci1394 - ok
16:15:27.0703 5632        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:15:27.0711 5632        ose - ok
16:15:27.0751 5632        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:15:27.0779 5632        p2pimsvc - ok
16:15:27.0828 5632        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:15:27.0839 5632        p2psvc - ok
16:15:27.0869 5632        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:15:27.0877 5632        Parport - ok
16:15:27.0909 5632        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:15:27.0918 5632        partmgr - ok
16:15:27.0945 5632        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:15:27.0965 5632        PcaSvc - ok
16:15:28.0008 5632        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:15:28.0033 5632        pci - ok
16:15:28.0065 5632        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:15:28.0077 5632        pciide - ok
16:15:28.0107 5632        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:15:28.0115 5632        pcmcia - ok
16:15:28.0128 5632        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:15:28.0136 5632        pcw - ok
16:15:28.0189 5632        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:15:28.0230 5632        PEAUTH - ok
16:15:28.0326 5632        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:15:28.0378 5632        PeerDistSvc - ok
16:15:28.0456 5632        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:15:28.0484 5632        PerfHost - ok
16:15:28.0657 5632        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:15:28.0726 5632        pla - ok
16:15:28.0776 5632        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:15:28.0792 5632        PlugPlay - ok
16:15:28.0821 5632        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:15:28.0839 5632        PNRPAutoReg - ok
16:15:28.0877 5632        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:15:28.0887 5632        PNRPsvc - ok
16:15:28.0946 5632        Point64        (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
16:15:28.0965 5632        Point64 - ok
16:15:29.0038 5632        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:15:29.0084 5632        PolicyAgent - ok
16:15:29.0111 5632        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:15:29.0152 5632        Power - ok
16:15:29.0184 5632        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:15:29.0213 5632        PptpMiniport - ok
16:15:29.0234 5632        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:15:29.0246 5632        Processor - ok
16:15:29.0301 5632        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:15:29.0336 5632        ProfSvc - ok
16:15:29.0376 5632        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:15:29.0393 5632        ProtectedStorage - ok
16:15:29.0441 5632        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:15:29.0482 5632        Psched - ok
16:15:29.0719 5632        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:15:29.0753 5632        ql2300 - ok
16:15:29.0870 5632        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:15:29.0879 5632        ql40xx - ok
16:15:29.0916 5632        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:15:29.0937 5632        QWAVE - ok
16:15:29.0950 5632        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:15:29.0970 5632        QWAVEdrv - ok
16:15:30.0038 5632        RapiMgr        (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
16:15:30.0054 5632        RapiMgr - ok
16:15:30.0072 5632        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:15:30.0107 5632        RasAcd - ok
16:15:30.0129 5632        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:15:30.0154 5632        RasAgileVpn - ok
16:15:30.0173 5632        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:15:30.0215 5632        RasAuto - ok
16:15:30.0249 5632        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:15:30.0298 5632        Rasl2tp - ok
16:15:30.0354 5632        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:15:30.0384 5632        RasMan - ok
16:15:30.0403 5632        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:15:30.0428 5632        RasPppoe - ok
16:15:30.0445 5632        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:15:30.0481 5632        RasSstp - ok
16:15:30.0529 5632        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:15:30.0568 5632        rdbss - ok
16:15:30.0579 5632        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:15:30.0589 5632        rdpbus - ok
16:15:30.0595 5632        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:15:30.0631 5632        RDPCDD - ok
16:15:30.0679 5632        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:15:30.0708 5632        RDPDR - ok
16:15:30.0721 5632        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:15:30.0756 5632        RDPENCDD - ok
16:15:30.0771 5632        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:15:30.0797 5632        RDPREFMP - ok
16:15:30.0829 5632        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:15:30.0861 5632        RdpVideoMiniport - ok
16:15:30.0909 5632        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:15:30.0936 5632        RDPWD - ok
16:15:30.0983 5632        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:15:30.0994 5632        rdyboost - ok
16:15:31.0022 5632        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:15:31.0065 5632        RemoteAccess - ok
16:15:31.0091 5632        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:15:31.0128 5632        RemoteRegistry - ok
16:15:31.0161 5632        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:15:31.0186 5632        RFCOMM - ok
16:15:31.0203 5632        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:15:31.0245 5632        RpcEptMapper - ok
16:15:31.0266 5632        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:15:31.0293 5632        RpcLocator - ok
16:15:31.0352 5632        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:15:31.0380 5632        RpcSs - ok
16:15:31.0409 5632        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:15:31.0433 5632        rspndr - ok
16:15:31.0461 5632        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:15:31.0480 5632        s3cap - ok
16:15:31.0516 5632        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:15:31.0524 5632        SamSs - ok
16:15:31.0558 5632        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:15:31.0566 5632        sbp2port - ok
16:15:31.0731 5632        SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:15:31.0757 5632        SBSDWSCService - ok
16:15:31.0791 5632        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:15:31.0835 5632        SCardSvr - ok
16:15:31.0895 5632        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:15:31.0918 5632        scfilter - ok
16:15:32.0011 5632        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:15:32.0081 5632        Schedule - ok
16:15:32.0119 5632        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:15:32.0142 5632        SCPolicySvc - ok
16:15:32.0188 5632        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
16:15:32.0211 5632        sdbus - ok
16:15:32.0248 5632        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:15:32.0262 5632        SDRSVC - ok
16:15:32.0279 5632        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:15:32.0313 5632        secdrv - ok
16:15:32.0346 5632        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:15:32.0412 5632        seclogon - ok
16:15:32.0446 5632        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:15:32.0472 5632        SENS - ok
16:15:32.0486 5632        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:15:32.0513 5632        SensrSvc - ok
16:15:32.0530 5632        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:15:32.0537 5632        Serenum - ok
16:15:32.0550 5632        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:15:32.0571 5632        Serial - ok
16:15:32.0604 5632        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:15:32.0647 5632        sermouse - ok
16:15:32.0708 5632        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:15:32.0745 5632        SessionEnv - ok
16:15:32.0787 5632        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:15:32.0809 5632        sffdisk - ok
16:15:32.0822 5632        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:15:32.0841 5632        sffp_mmc - ok
16:15:32.0853 5632        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:15:32.0871 5632        sffp_sd - ok
16:15:32.0886 5632        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:15:32.0894 5632        sfloppy - ok
16:15:32.0939 5632        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:15:32.0980 5632        SharedAccess - ok
16:15:33.0028 5632        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:15:33.0066 5632        ShellHWDetection - ok
16:15:33.0081 5632        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:15:33.0088 5632        SiSRaid2 - ok
16:15:33.0104 5632        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:15:33.0112 5632        SiSRaid4 - ok
16:15:33.0119 5632        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:15:33.0151 5632        Smb - ok
16:15:33.0178 5632        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:15:33.0186 5632        SNMPTRAP - ok
16:15:33.0195 5632        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:15:33.0201 5632        spldr - ok
16:15:33.0264 5632        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:15:33.0292 5632        Spooler - ok
16:15:33.0521 5632        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:15:33.0585 5632        sppsvc - ok
16:15:33.0673 5632        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:15:33.0713 5632        sppuinotify - ok
16:15:33.0788 5632        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:15:33.0819 5632        srv - ok
16:15:33.0863 5632        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:15:33.0886 5632        srv2 - ok
16:15:33.0924 5632        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:15:33.0940 5632        srvnet - ok
16:15:33.0980 5632        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:15:34.0014 5632        SSDPSRV - ok
16:15:34.0035 5632        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:15:34.0061 5632        SstpSvc - ok
16:15:34.0133 5632        STacSV          (c8f44e5e99ff6cf2e0627139cfec0742) C:\Program Files\IDT\WDM\STacSV64.exe
16:15:34.0154 5632        STacSV - ok
16:15:34.0178 5632        stdcfltn        (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
16:15:34.0185 5632        stdcfltn - ok
16:15:34.0206 5632        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:15:34.0214 5632        stexstor - ok
16:15:34.0270 5632        STHDA          (7a69c8af123f4c6a1d63daa7f5e2638d) C:\Windows\system32\DRIVERS\stwrt64.sys
16:15:34.0282 5632        STHDA - ok
16:15:34.0352 5632        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:15:34.0369 5632        stisvc - ok
16:15:34.0407 5632        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:15:34.0414 5632        storflt - ok
16:15:34.0440 5632        StorSvc        (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
16:15:34.0458 5632        StorSvc - ok
16:15:34.0475 5632        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:15:34.0482 5632        storvsc - ok
16:15:34.0493 5632        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:15:34.0501 5632        swenum - ok
16:15:34.0545 5632        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:15:34.0592 5632        swprv - ok
16:15:34.0594 5632        Synth3dVsc - ok
16:15:34.0742 5632        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:15:34.0778 5632        SysMain - ok
16:15:34.0901 5632        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:15:34.0920 5632        TabletInputService - ok
16:15:34.0978 5632        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:15:35.0023 5632        TapiSrv - ok
16:15:35.0047 5632        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:15:35.0081 5632        TBS - ok
16:15:35.0249 5632        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:15:35.0284 5632        Tcpip - ok
16:15:35.0493 5632        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:15:35.0523 5632        TCPIP6 - ok
16:15:35.0602 5632        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:15:35.0669 5632        tcpipreg - ok
16:15:35.0699 5632        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:15:35.0717 5632        TDPIPE - ok
16:15:35.0747 5632        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:15:35.0761 5632        TDTCP - ok
16:15:35.0808 5632        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:15:35.0861 5632        tdx - ok
16:15:36.0114 5632        TeamViewer7    (33966a658ff37e0c65d46e59f37e2380) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
16:15:36.0159 5632        TeamViewer7 - ok
16:15:36.0281 5632        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:15:36.0290 5632        TermDD - ok
16:15:36.0378 5632        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:15:36.0445 5632        TermService - ok
16:15:36.0472 5632        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:15:36.0492 5632        Themes - ok
16:15:36.0522 5632        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:15:36.0552 5632        THREADORDER - ok
16:15:36.0572 5632        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:15:36.0603 5632        TrkWks - ok
16:15:36.0687 5632        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:15:36.0739 5632        TrustedInstaller - ok
16:15:36.0773 5632        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:15:36.0796 5632        tssecsrv - ok
16:15:36.0824 5632        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:15:36.0866 5632        TsUsbFlt - ok
16:15:36.0877 5632        tsusbhub - ok
16:15:36.0915 5632        TTCinergyT2    (a52c83517f54e1e33000d86389ae78cf) C:\Windows\system32\DRIVERS\TTCinergyT2BDA.sys
16:15:36.0923 5632        TTCinergyT2 - ok
16:15:36.0963 5632        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:15:37.0015 5632        tunnel - ok
16:15:37.0041 5632        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:15:37.0048 5632        uagp35 - ok
16:15:37.0101 5632        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:15:37.0141 5632        udfs - ok
16:15:37.0236 5632        ufad-ws60      (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
16:15:37.0251 5632        ufad-ws60 - ok
16:15:37.0283 5632        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:15:37.0299 5632        UI0Detect - ok
16:15:37.0335 5632        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:15:37.0343 5632        uliagpkx - ok
16:15:37.0379 5632        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:15:37.0400 5632        umbus - ok
16:15:37.0419 5632        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:15:37.0436 5632        UmPass - ok
16:15:37.0485 5632        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:15:37.0531 5632        UmRdpService - ok
16:15:37.0567 5632        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:15:37.0606 5632        upnphost - ok
16:15:37.0641 5632        USBAAPL64      (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:15:37.0656 5632        USBAAPL64 - ok
16:15:37.0697 5632        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:15:37.0707 5632        usbaudio - ok
16:15:37.0742 5632        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:15:37.0769 5632        usbccgp - ok
16:15:37.0809 5632        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:15:37.0819 5632        usbcir - ok
16:15:37.0837 5632        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:15:37.0855 5632        usbehci - ok
16:15:37.0885 5632        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:15:37.0904 5632        usbhub - ok
16:15:37.0930 5632        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:15:37.0947 5632        usbohci - ok
16:15:37.0963 5632        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:15:37.0982 5632        usbprint - ok
16:15:38.0022 5632        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:15:38.0055 5632        USBSTOR - ok
16:15:38.0083 5632        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:15:38.0102 5632        usbuhci - ok
16:15:38.0152 5632        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:15:38.0163 5632        usbvideo - ok
16:15:38.0189 5632        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:15:38.0220 5632        UxSms - ok
16:15:38.0258 5632        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:15:38.0266 5632        VaultSvc - ok
16:15:38.0282 5632        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:15:38.0289 5632        vdrvroot - ok
16:15:38.0345 5632        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:15:38.0390 5632        vds - ok
16:15:38.0416 5632        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:15:38.0426 5632        vga - ok
16:15:38.0439 5632        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:15:38.0471 5632        VgaSave - ok
16:15:38.0473 5632        VGPU - ok
16:15:38.0515 5632        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:15:38.0525 5632        vhdmp - ok
16:15:38.0541 5632        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:15:38.0548 5632        viaide - ok
16:15:38.0618 5632        VMAuthdService  (42f0ecaf36636841a4a006850695507f) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
16:15:38.0625 5632        VMAuthdService - ok
16:15:38.0644 5632        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:15:38.0653 5632        vmbus - ok
16:15:38.0668 5632        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:15:38.0690 5632        VMBusHID - ok
16:15:38.0730 5632        vmci            (3d810a11c3e7fd4682a8824f54c1a04f) C:\Windows\system32\drivers\vmci.sys
16:15:38.0736 5632        vmci - ok
16:15:38.0749 5632        vmkbd          (1af6462718e5ab0ed55014a6ef3790ef) C:\Windows\system32\drivers\VMkbd.sys
16:15:38.0755 5632        vmkbd - ok
16:15:38.0792 5632        VMnetAdapter    (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
16:15:38.0798 5632        VMnetAdapter - ok
16:15:38.0839 5632        VMnetBridge    (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
16:15:38.0845 5632        VMnetBridge - ok
16:15:38.0847 5632        VMnetDHCP - ok
16:15:38.0857 5632        VMnetuserif    (daf5e04eb56cd0ed945fb2fdd94812db) C:\Windows\system32\drivers\vmnetuserif.sys
16:15:38.0862 5632        VMnetuserif - ok
16:15:38.0874 5632        VMparport      (a459ee9a95fde6b7140336e2f5e6a4cb) C:\Windows\system32\drivers\VMparport.sys
16:15:38.0880 5632        VMparport - ok
16:15:38.0916 5632        vmusb          (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
16:15:38.0922 5632        vmusb - ok
16:15:39.0004 5632        VMUSBArbService (f22098dbdd13c1221c274496b3e18da7) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
16:15:39.0015 5632        VMUSBArbService - ok
16:15:39.0020 5632        VMware NAT Service - ok
16:15:39.0033 5632        vmx86          (ae7f667db83e108e83c86a56b821e9a6) C:\Windows\system32\drivers\vmx86.sys
16:15:39.0040 5632        vmx86 - ok
16:15:39.0077 5632        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:15:39.0085 5632        volmgr - ok
16:15:39.0139 5632        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:15:39.0149 5632        volmgrx - ok
16:15:39.0195 5632        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:15:39.0204 5632        volsnap - ok
16:15:39.0239 5632        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:15:39.0248 5632        vsmraid - ok
16:15:39.0380 5632        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:15:39.0433 5632        VSS - ok
16:15:39.0500 5632        vstor2-ws60    (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
16:15:39.0515 5632        vstor2-ws60 - ok
16:15:39.0638 5632        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:15:39.0664 5632        vwifibus - ok
16:15:39.0683 5632        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:15:39.0701 5632        vwififlt - ok
16:15:39.0713 5632        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:15:39.0730 5632        vwifimp - ok
16:15:39.0780 5632        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:15:39.0830 5632        W32Time - ok
16:15:39.0853 5632        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:15:39.0876 5632        WacomPen - ok
16:15:39.0927 5632        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:15:39.0989 5632        WANARP - ok
16:15:39.0993 5632        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:15:40.0019 5632        Wanarpv6 - ok
16:15:40.0128 5632        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:15:40.0162 5632        wbengine - ok
16:15:40.0289 5632        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:15:40.0303 5632        WbioSrvc - ok
16:15:40.0388 5632        WcesComm        (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
16:15:40.0404 5632        WcesComm - ok
16:15:40.0459 5632        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:15:40.0476 5632        wcncsvc - ok
16:15:40.0495 5632        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:15:40.0530 5632        WcsPlugInService - ok
16:15:40.0564 5632        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:15:40.0571 5632        Wd - ok
16:15:40.0602 5632        WDC_SAM        (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
16:15:40.0615 5632        WDC_SAM - ok
16:15:40.0694 5632        WDDMService    (e6050fe6b60fa91188b8abdb5b1e339f) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
16:15:40.0719 5632        WDDMService ( UnsignedFile.Multi.Generic ) - warning
16:15:40.0719 5632        WDDMService - detected UnsignedFile.Multi.Generic (1)
16:15:40.0775 5632        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:15:40.0800 5632        Wdf01000 - ok
16:15:40.0879 5632        WDFME          (b83d5071b32a70bebdb3330bfa7acb80) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
16:15:40.0903 5632        WDFME - ok
16:15:41.0000 5632        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:15:41.0086 5632        WdiServiceHost - ok
16:15:41.0090 5632        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:15:41.0111 5632        WdiSystemHost - ok
16:15:41.0152 5632        WDSC            (517de2c5568cba6b2a24a557ac60c30b) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
16:15:41.0162 5632        WDSC - ok
16:15:41.0210 5632        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:15:41.0231 5632        WebClient - ok
16:15:41.0261 5632        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:15:41.0320 5632        Wecsvc - ok
16:15:41.0345 5632        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:15:41.0370 5632        wercplsupport - ok
16:15:41.0383 5632        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:15:41.0414 5632        WerSvc - ok
16:15:41.0448 5632        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:15:41.0472 5632        WfpLwf - ok
16:15:41.0486 5632        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:15:41.0493 5632        WIMMount - ok
16:15:41.0500 5632        WinDefend - ok
16:15:41.0504 5632        WinHttpAutoProxySvc - ok
16:15:41.0555 5632        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:15:41.0580 5632        Winmgmt - ok
16:15:41.0730 5632        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:15:41.0773 5632        WinRM - ok
16:15:41.0902 5632        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:15:41.0914 5632        WinUsb - ok
16:15:41.0981 5632        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:15:42.0014 5632        Wlansvc - ok
16:15:42.0195 5632        wlidsvc        (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:15:42.0229 5632        wlidsvc - ok
16:15:42.0363 5632        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:15:42.0386 5632        WmiAcpi - ok
16:15:42.0436 5632        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:15:42.0452 5632        wmiApSrv - ok
16:15:42.0467 5632        WMPNetworkSvc - ok
16:15:42.0492 5632        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:15:42.0510 5632        WPCSvc - ok
16:15:42.0545 5632        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:15:42.0574 5632        WPDBusEnum - ok
16:15:42.0595 5632        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:15:42.0623 5632        ws2ifsl - ok
16:15:42.0654 5632        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:15:42.0680 5632        wscsvc - ok
16:15:42.0682 5632        WSearch - ok
16:15:42.0867 5632        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:15:42.0925 5632        wuauserv - ok
16:15:43.0065 5632        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:15:43.0120 5632        WudfPf - ok
16:15:43.0151 5632        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:15:43.0176 5632        WUDFRd - ok
16:15:43.0209 5632        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:15:43.0233 5632        wudfsvc - ok
16:15:43.0266 5632        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:15:43.0284 5632        WwanSvc - ok
16:15:43.0325 5632        WwanUsbServ    (a100bd898b40de890dbe53eae4896d20) C:\Windows\system32\DRIVERS\WwanUsbMp64.sys
16:15:43.0334 5632        WwanUsbServ - ok
16:15:43.0356 5632        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:15:43.0683 5632        \Device\Harddisk0\DR0 - ok
16:15:43.0688 5632        Boot (0x1200)  (f978931a0526a4a206a6a3c700e00f6e) \Device\Harddisk0\DR0\Partition0
16:15:43.0691 5632        \Device\Harddisk0\DR0\Partition0 - ok
16:15:43.0724 5632        Boot (0x1200)  (bc398a7b6ccd4bd3d6e56941670283e3) \Device\Harddisk0\DR0\Partition1
16:15:43.0726 5632        \Device\Harddisk0\DR0\Partition1 - ok
16:15:43.0743 5632        Boot (0x1200)  (4429aa7c6889c6c6b4f98e32749f73ea) \Device\Harddisk0\DR0\Partition2
16:15:43.0745 5632        \Device\Harddisk0\DR0\Partition2 - ok
16:15:43.0745 5632        ============================================================
16:15:43.0745 5632        Scan finished
16:15:43.0745 5632        ============================================================
16:15:43.0752 5836        Detected object count: 2
16:15:43.0752 5836        Actual detected object count: 2
16:16:00.0199 5836        EMP_UDSA ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:00.0199 5836        EMP_UDSA ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:16:00.0200 5836        WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:00.0200 5836        WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 06.06.2012 15:34
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:26 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19