System Check Virus - Verknüpfungen weg!

T203004 · 27.03.2012, 12:29

Hallo,

ich hatte vor ein paar Tagen den "System Check Virus" auf meinem PC. Alle Desktopsymbole waren verschwunden. Ich habe es dann mit dem Sicherheitsmodus irgendwie geschafft, den Virus zu entfernen. Auch die Desktopsymbole sind wieder da.
Allerdings sind alle Programme im Bereich Windowstaste-> Alle Programme verschwunden. Es sind nur noch leere Ordner. Gleiches Problem, wenn ich auf C: klicke und die Programme manuell öffnen will. Sie sind nicht da. Wenn ich nun aber z.B. eine PDF öffne oder ein .docx Dokument, funktioniert es. Kann mir vielleicht jemand helfen?

Hier mal das Malwarebytes LOG fon kurz nach der "Bereinigung":

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.23.01

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
jimmythebob :: SONYVAIO [limitiert]

23.03.2012 15:57:54
mbam-log-2012-03-23 (15-57-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 195580
Laufzeit: 2 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\jimmythebob\AppData\Local\Temp\PntT84j6FhGeIJ.exe.tmp (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Vollständiger Suchlauf kurz danach:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.23.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
jimmythebob :: SONYVAIO [Administrator]

Schutz: Aktiviert

23.03.2012 18:47:42
mbam-log-2012-03-23 (18-47-42).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 324856
Laufzeit: 1 Stunde(n), 9 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Vielen Dank!

Habe gerade auch einen ESET Scan gemacht:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dcfba92e6655b24c8e9eafbd16580a98
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-27 05:32:09
# local_time=2012-03-27 07:32:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 12597693 12597693 0 0
# compatibility_mode=5893 16776573 100 94 24518 84490471 0 0
# compatibility_mode=8192 67108863 100 0 142 142 0 0
# scanned=156474
# found=0
# cleaned=0
# scan_time=8907

cosinus · 28.03.2012, 13:56

Durch die Infektion wurde dein Startmenü leergefegt, bei mir bisher bekannten Varianten verschiebt der Schädling alle Verknüpfungen nach %tmp%\smtmp

Eigentlich sollte unhide die Verküpfungen selbst zurück an die richtige Stelle kopieren. Wenn nicht, mach es selbst.

Deine Verknüpfungen sollten jetzt hier sein: (lass dir vorher alle Dateien anzeigen => http://www.trojaner-board.de/59624-a...-sichtbar.html )

C:\Users\[DEIN_NAME]\AppData\Local\Temp\smtmp

Sie müssen passend nach

C:\ProgramData\Microsoft\Windows\Start Menu\Programs

kopiert werden.

T203004 · 28.03.2012, 21:35

Vielen Dank, das hat sehr gut geklappt.

Seit dem Virus habe ich zudem auf einige Dateien keinen Zugriff mehr, obwohl ich an den Sicherheitseinstellungen nichts geändert habe. Ich habe mal Screenshots angehängt: alle Ordner mit einem Schloss und alle Ordner mit einem Verknüpfungssymbol kann ich nicht öffnen. Weißt du, wie man das ändert?

cosinus · 29.03.2012, 12:56

Das ist Absicht so, seit Vista hat man diese Verknüpfungen die nicht betretbar sind!
=> später wenn wir durch sind umgekehrt vorgehen, also geschützte Systemdateien ausblenden aktivieren! => http://www.trojaner-board.de/59624-a...-sichtbar.html

Die Verknüpfungen im Startmenü sind wieder alle soweit da?

T203004 · 29.03.2012, 13:38

Ja, das Startmenü ist wieder so wie vorher. Lediglich der Ordner "Zubehör" ist weg, dafür habe ich jetzt den Ordner "Accessories", in dem die üblichen Programme drin sind (Rechner, Notepad, Snipping Tool, usw). Aber das stört ich nicht.

cosinus · 29.03.2012, 15:03

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

T203004 · 29.03.2012, 21:57

Hier sind alle Logs:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8132

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10.11.2011 18:51:07
mbam-log-2011-11-10 (18-51-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|)
Durchsuchte Objekte: 303907
Laufzeit: 50 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8183

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

17.11.2011 18:21:41
mbam-log-2011-11-17 (18-21-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|)
Durchsuchte Objekte: 314434
Laufzeit: 34 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8368

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

14.12.2011 14:03:27
mbam-log-2011-12-14 (14-03-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 176142
Laufzeit: 3 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\jimmythebob\downloads\refog_setup_kl_641.exe (PUP.Keylogger) -> Quarantined and deleted successfully.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8368

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

14.12.2011 16:16:58
mbam-log-2011-12-14 (16-16-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 297171
Laufzeit: 49 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.23.01

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
jimmythebob :: SONYVAIO [limitiert]

23.03.2012 15:57:54
mbam-log-2012-03-23 (15-57-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 195580
Laufzeit: 2 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\jimmythebob\AppData\Local\Temp\PntT84j6FhGeIJ.exe.tmp (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.23.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
jimmythebob :: SONYVAIO [Administrator]

Schutz: Aktiviert

23.03.2012 18:47:42
mbam-log-2012-03-23 (18-47-42).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 324856
Laufzeit: 1 Stunde(n), 9 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

23:09:44	jimmythebob	MESSAGE	Protection started successfully
23:09:50	jimmythebob	MESSAGE	IP Protection started successfully
23:16:24	jimmythebob	MESSAGE	IP Protection stopped
23:16:25	jimmythebob	MESSAGE	IP Protection started successfully

Code:

ATTFilter

23:24:57	jimmythebob	MESSAGE	Protection started successfully
23:25:01	jimmythebob	MESSAGE	IP Protection started successfully
23:31:27	jimmythebob	MESSAGE	Protection started successfully
23:31:31	jimmythebob	MESSAGE	IP Protection started successfully
23:36:02	jimmythebob	MESSAGE	Protection started successfully
23:36:07	jimmythebob	MESSAGE	IP Protection started successfully
23:41:07	jimmythebob	MESSAGE	Protection started successfully
23:41:11	jimmythebob	MESSAGE	IP Protection started successfully
23:46:06	jimmythebob	MESSAGE	Protection started successfully
23:46:11	jimmythebob	MESSAGE	IP Protection started successfully
23:51:34	jimmythebob	MESSAGE	Protection started successfully
23:51:38	jimmythebob	MESSAGE	IP Protection started successfully

Code:

ATTFilter

00:30:21	jimmythebob	MESSAGE	Protection started successfully
00:30:26	jimmythebob	MESSAGE	IP Protection started successfully
00:31:23	jimmythebob	MESSAGE	Scheduled update executed successfully
00:35:21	jimmythebob	MESSAGE	Protection started successfully
00:35:26	jimmythebob	MESSAGE	IP Protection started successfully
11:41:05	jimmythebob	MESSAGE	Protection started successfully
11:41:10	jimmythebob	MESSAGE	IP Protection started successfully
11:46:12	jimmythebob	MESSAGE	Protection started successfully
11:46:16	jimmythebob	MESSAGE	IP Protection started successfully
12:24:28	jimmythebob	MESSAGE	Protection started successfully
12:24:33	jimmythebob	MESSAGE	IP Protection started successfully
12:29:07	jimmythebob	MESSAGE	Protection started successfully
12:29:11	jimmythebob	MESSAGE	IP Protection started successfully
14:18:17	jimmythebob	MESSAGE	Protection started successfully
14:18:21	jimmythebob	MESSAGE	IP Protection started successfully
22:04:44	jimmythebob	MESSAGE	Protection started successfully
22:04:48	jimmythebob	MESSAGE	IP Protection started successfully

Code:

ATTFilter

22:46:45	jimmythebob	MESSAGE	Protection started successfully
22:46:49	jimmythebob	MESSAGE	IP Protection started successfully
22:48:54	jimmythebob	MESSAGE	IP Protection stopped
22:54:27	jimmythebob	MESSAGE	Protection started successfully
22:54:31	jimmythebob	MESSAGE	IP Protection started successfully
23:13:39	jimmythebob	IP-BLOCK	84.16.234.202 (Type: outgoing, Port: 49844, Process: firefox.exe)
23:13:39	jimmythebob	IP-BLOCK	84.16.234.202 (Type: outgoing, Port: 49845, Process: firefox.exe)
23:14:53	jimmythebob	MESSAGE	IP Protection stopped

Code:

ATTFilter

12:17:38	jimmythebob	MESSAGE	Protection started successfully
12:17:42	jimmythebob	MESSAGE	IP Protection started successfully

Code:

ATTFilter

15:31:05	jimmythebob	IP-BLOCK	84.16.234.202 (Type: outgoing, Port: 50549, Process: firefox.exe)
15:31:14	jimmythebob	IP-BLOCK	84.16.234.202 (Type: outgoing, Port: 50553, Process: firefox.exe)
15:32:26	jimmythebob	MESSAGE	IP Protection stopped
16:56:36	jimmythebob	MESSAGE	Protection started successfully
16:56:40	jimmythebob	MESSAGE	IP Protection started successfully

Code:

ATTFilter

21:38:05	jimmythebob	MESSAGE	IP Protection stopped
22:16:17	jimmythebob	MESSAGE	Protection started successfully
22:16:21	jimmythebob	MESSAGE	IP Protection started successfully

Code:

ATTFilter

17:06:14	jimmythebob	IP-BLOCK	88.208.32.218 (Type: outgoing, Port: 51727, Process: firefox.exe)
17:06:14	jimmythebob	IP-BLOCK	88.208.32.218 (Type: outgoing, Port: 51728, Process: firefox.exe)
17:06:14	jimmythebob	IP-BLOCK	88.208.32.218 (Type: outgoing, Port: 51729, Process: firefox.exe)
17:06:14	jimmythebob	IP-BLOCK	88.208.32.218 (Type: outgoing, Port: 51730, Process: firefox.exe)
17:06:22	jimmythebob	IP-BLOCK	78.140.143.49 (Type: outgoing, Port: 51731, Process: firefox.exe)
17:06:38	jimmythebob	IP-BLOCK	78.140.143.49 (Type: outgoing, Port: 51732, Process: firefox.exe)
17:07:35	jimmythebob	MESSAGE	IP Protection stopped

Code:

ATTFilter

17:46:24	jimmythebob	MESSAGE	Database updated successfully

Code:

ATTFilter

18:19:17	jimmythebob	MESSAGE	Protection started successfully
18:19:21	jimmythebob	MESSAGE	IP Protection started successfully
18:31:33	jimmythebob	IP-BLOCK	83.133.125.36 (Type: outgoing, Port: 50038, Process: firefox.exe)
19:11:45	jimmythebob	IP-BLOCK	84.16.234.202 (Type: outgoing, Port: 50895, Process: firefox.exe)
19:12:54	jimmythebob	MESSAGE	IP Protection stopped

Code:

ATTFilter

03:27:44	jimmythebob	MESSAGE	Protection started successfully
03:27:48	jimmythebob	MESSAGE	IP Protection started successfully
03:28:36	jimmythebob	MESSAGE	IP Protection stopped

Code:

ATTFilter

2012/03/23 16:02:55 +0100	SONYVAIO	jimmythebob	MESSAGE	Starting protection
2012/03/23 16:02:58 +0100	SONYVAIO	jimmythebob	MESSAGE	Protection started successfully
2012/03/23 16:03:01 +0100	SONYVAIO	jimmythebob	MESSAGE	Starting IP protection
2012/03/23 16:03:03 +0100	SONYVAIO	jimmythebob	MESSAGE	IP Protection started successfully
2012/03/23 18:21:42 +0100	SONYVAIO	jimmythebob	IP-BLOCK	84.16.234.202 (Type: outgoing, Port: 49704, Process: firefox.exe)
2012/03/23 18:22:07 +0100	SONYVAIO	jimmythebob	IP-BLOCK	84.16.234.202 (Type: outgoing, Port: 49723, Process: firefox.exe)
2012/03/23 18:22:15 +0100	SONYVAIO	jimmythebob	IP-BLOCK	84.16.234.202 (Type: outgoing, Port: 49725, Process: firefox.exe)
2012/03/23 18:23:49 +0100	SONYVAIO	jimmythebob	MESSAGE	Stopping IP protection
2012/03/23 18:25:22 +0100	SONYVAIO	jimmythebob	MESSAGE	IP Protection stopped
2012/03/23 18:44:31 +0100	SONYVAIO	jimmythebob	MESSAGE	Starting protection
2012/03/23 18:44:33 +0100	SONYVAIO	jimmythebob	MESSAGE	Protection started successfully
2012/03/23 18:44:36 +0100	SONYVAIO	jimmythebob	MESSAGE	Starting IP protection
2012/03/23 18:44:38 +0100	SONYVAIO	jimmythebob	MESSAGE	IP Protection started successfully
2012/03/23 19:30:25 +0100	SONYVAIO	jimmythebob	IP-BLOCK	84.16.234.202 (Type: outgoing, Port: 50637, Process: firefox.exe)
2012/03/23 19:30:39 +0100	SONYVAIO	jimmythebob	MESSAGE	Stopping IP protection
2012/03/23 19:32:18 +0100	SONYVAIO	jimmythebob	MESSAGE	IP Protection stopped
2012/03/23 19:32:18 +0100	SONYVAIO	jimmythebob	MESSAGE	Starting IP protection
2012/03/23 19:32:19 +0100	SONYVAIO	jimmythebob	MESSAGE	IP Protection started successfully
2012/03/23 19:32:19 +0100	SONYVAIO	jimmythebob	MESSAGE	Stopping IP protection
2012/03/23 19:34:07 +0100	SONYVAIO	jimmythebob	MESSAGE	IP Protection stopped
2012/03/23 21:06:09 +0100	SONYVAIO	jimmythebob	MESSAGE	Starting protection
2012/03/23 21:06:11 +0100	SONYVAIO	jimmythebob	MESSAGE	Protection started successfully
2012/03/23 21:06:14 +0100	SONYVAIO	jimmythebob	MESSAGE	Starting IP protection
2012/03/23 21:06:16 +0100	SONYVAIO	jimmythebob	MESSAGE	IP Protection started successfully
2012/03/23 21:12:08 +0100	SONYVAIO	jimmythebob	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 49406, Process: firefox.exe)
2012/03/23 21:12:21 +0100	SONYVAIO	jimmythebob	MESSAGE	Stopping IP protection
2012/03/23 21:13:54 +0100	SONYVAIO	jimmythebob	MESSAGE	IP Protection stopped

Code:

ATTFilter

2012/03/27 15:49:40 +0200	SONYVAIO	jimmythebob	MESSAGE	Starting protection
2012/03/27 15:49:43 +0200	SONYVAIO	jimmythebob	MESSAGE	Protection started successfully
2012/03/27 15:49:46 +0200	SONYVAIO	jimmythebob	MESSAGE	Starting IP protection
2012/03/27 15:49:47 +0200	SONYVAIO	jimmythebob	MESSAGE	IP Protection started successfully

Code:

ATTFilter

2012/03/28 12:56:06 +0200	SONYVAIO	jimmythebob	IP-BLOCK	68.71.51.58 (Type: outgoing, Port: 61383, Process: firefox.exe)
2012/03/28 23:05:39 +0200	SONYVAIO	jimmythebob	IP-BLOCK	203.81.50.154 (Type: outgoing, Port: 64668, Process: firefox.exe)

cosinus · 30.03.2012, 08:42

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

T203004 · 30.03.2012, 09:48

Sehr gerne:

Code:

ATTFilter

OTL logfile created on: 30.03.2012 10:30:25 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\jimmythebob\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 73,44% Memory free
7,84 Gb Paging File | 5,89 Gb Available in Paging File | 75,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 161,29 Gb Total Space | 106,94 Gb Free Space | 66,30% Space Free | Partition Type: NTFS
Drive G: | 126,89 Gb Total Space | 84,31 Gb Free Space | 66,44% Space Free | Partition Type: NTFS
 
Computer Name: SONYVAIO | User Name: jimmythebob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.30 10:28:10 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\jimmythebob\Downloads\OTL(2).exe
PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.10.11 15:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 15:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 15:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011.01.29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010.10.23 21:25:09 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe
PRC - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
PRC - [2010.05.06 03:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.01.21 20:31:32 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
PRC - [2009.11.30 19:20:00 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
PRC - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe
PRC - [2009.08.26 19:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
PRC - [2009.06.24 10:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2009.05.14 12:12:40 | 000,209,216 | ---- | M] () -- C:\Program Files (x86)\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.05.14 12:12:40 | 000,209,216 | ---- | M] () -- C:\Program Files (x86)\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
MOD - [2008.12.12 16:48:50 | 000,507,904 | ---- | M] () -- C:\Program Files (x86)\Common Files\BCL Technologies\NitroPDF6\bepprint.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.02.08 00:52:50 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2011.09.23 15:37:08 | 001,429,608 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011.05.19 20:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011.02.18 23:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2011.01.20 13:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010.10.25 18:55:26 | 000,387,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2010.08.11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2010.04.07 15:04:24 | 000,127,800 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2009.11.30 19:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009.09.04 23:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.10.11 15:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 15:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.20 13:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010.10.12 16:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010.09.27 16:13:26 | 000,074,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2010.09.10 09:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010.09.10 09:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.05.06 03:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.08.31 01:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.08.31 01:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.24 10:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.15 17:50:27 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.11.01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.11.01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.11.01 11:07:24 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011.11.01 11:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.11.01 11:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.11.01 11:07:24 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011.10.11 16:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 16:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.06.22 04:51:14 | 000,035,840 | ---- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010.05.06 03:46:36 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2010.03.06 01:41:05 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.18 22:07:14 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.11.18 22:07:13 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.11.18 22:07:13 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.11.18 22:07:12 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.18 22:06:44 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.11.12 22:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.11.12 22:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.11.12 22:05:01 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.11.11 22:05:13 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.11.06 22:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009.10.27 22:06:59 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.15 22:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009.08.19 22:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.08.05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.05.20 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\..\SearchScopes,DefaultScope = {1661D042-EE5F-4896-863D-6056F542E24F}
IE - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\..\SearchScopes\{03C86783-9293-4E7A-8AC3-AEF83F45BD7D}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\..\SearchScopes\{1661D042-EE5F-4896-863D-6056F542E24F}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
IE - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\..\SearchScopes\{6029794D-EE94-4045-A89C-1A7071EE8645}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\..\SearchScopes\{E9FD1855-39B6-4E54-AA2E-6F34B97BAB09}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {899DF1F8-2F43-4394-8315-37F6744E6319}:1.0.8
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.01.20 13:26:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.20 14:51:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.24 16:24:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.01.20 13:26:55 | 000,000,000 | ---D | M]
 
[2010.10.23 23:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jimmythebob\AppData\Roaming\Mozilla\Extensions
[2012.03.03 12:45:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jimmythebob\AppData\Roaming\Mozilla\Firefox\Profiles\54qofvpe.default\extensions
[2012.03.02 13:15:52 | 000,000,000 | ---D | M] (WÃ¶rterbuch Deutsch (de-DE), Hunspell-unterstÃ¼tzt) -- C:\Users\jimmythebob\AppData\Roaming\Mozilla\Firefox\Profiles\54qofvpe.default\extensions\de_DE@dicts.j3e.de
[2010.11.18 09:52:42 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\jimmythebob\AppData\Roaming\Mozilla\Firefox\Profiles\54qofvpe.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.10.25 23:36:41 | 000,002,036 | ---- | M] () -- C:\Users\jimmythebob\AppData\Roaming\Mozilla\Firefox\Profiles\54qofvpe.default\searchplugins\alle-preise---guenstigerde.xml
[2012.03.28 21:14:49 | 000,002,400 | ---- | M] () -- C:\Users\jimmythebob\AppData\Roaming\Mozilla\Firefox\Profiles\54qofvpe.default\searchplugins\google-deutschland.xml
[2011.10.18 17:47:57 | 000,001,330 | ---- | M] () -- C:\Users\jimmythebob\AppData\Roaming\Mozilla\Firefox\Profiles\54qofvpe.default\searchplugins\wikipedia-en.xml
[2012.02.01 01:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\JIMMYTHEBOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\54QOFVPE.DEFAULT\EXTENSIONS\{899DF1F8-2F43-4394-8315-37F6744E6319}.XPI
[2012.03.20 14:51:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.21 15:00:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.20 14:51:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.20 14:51:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.20 14:51:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.20 14:51:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.20 14:51:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.20 14:51:12 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.14 22:44:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files (x86)\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-21-4072554069-706762954-2387328221-1001..\Run: []  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4072554069-706762954-2387328221-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CA2638F-A594-4D24-80BE-A37A7C278809}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F080DE39-A95A-4ECD-9EF4-659C412F3AD6}: DhcpNameServer = 80.69.100.174 80.69.100.206
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX:64bit: >{DB562198-3A06-4B5D-86EF-D9ED5AD005BC} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.27 17:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.23 16:55:01 | 002,066,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\jimmythebob\Desktop\TDSSKiller.exe
[2012.03.23 16:39:28 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.03.23 16:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.03.23 16:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.03.23 16:20:58 | 000,000,000 | ---D | C] -- C:\Users\jimmythebob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.30 10:27:14 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.30 10:26:58 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.30 10:26:46 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012.03.27 15:54:48 | 000,014,144 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.27 15:54:48 | 000,014,144 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.27 15:53:00 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.27 15:53:00 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.27 15:53:00 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.27 15:53:00 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.27 15:53:00 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.27 15:46:56 | 3156,807,680 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.23 19:37:34 | 000,064,922 | ---- | M] () -- C:\test.xml
[2012.03.23 16:22:04 | 000,000,456 | ---- | M] () -- C:\ProgramData\6rOqamw6cglY3f
[2012.03.23 16:20:59 | 000,000,264 | ---- | M] () -- C:\ProgramData\~6rOqamw6cglY3f
[2012.03.23 16:20:58 | 000,000,176 | ---- | M] () -- C:\ProgramData\~6rOqamw6cglY3fr
[2012.03.21 18:42:08 | 002,066,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\jimmythebob\Desktop\TDSSKiller.exe
[2012.03.15 04:27:23 | 000,452,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.10 01:39:36 | 000,120,620 | ---- | M] () -- C:\Users\jimmythebob\Desktop\bookmarks-2012-03-10.json
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.28 21:48:53 | 000,002,751 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Professional .lnk
[2012.03.28 21:48:53 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk
[2012.03.28 21:48:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.03.28 21:48:53 | 000,002,254 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk
[2012.03.28 21:48:53 | 000,002,153 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO-Support für Übertragungen.lnk
[2012.03.28 21:48:53 | 000,002,072 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gate.lnk
[2012.03.28 21:48:53 | 000,002,028 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Media plus.lnk
[2012.03.28 21:48:53 | 000,002,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Gallery.lnk
[2012.03.28 21:48:53 | 000,002,017 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
[2012.03.28 21:48:53 | 000,001,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Documentation.lnk
[2012.03.28 21:48:53 | 000,001,759 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2012.03.28 21:48:53 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.03.28 21:48:53 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012.03.28 21:48:53 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.03.28 21:48:53 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012.03.28 21:48:53 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.03.28 21:48:53 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012.03.28 21:48:53 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012.03.28 21:48:53 | 000,001,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2012.03.28 21:48:53 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.28 21:48:53 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO-Wiederherstellungscenter.lnk
[2012.03.28 21:48:53 | 000,001,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Premium Partners.lnk
[2012.03.28 21:48:53 | 000,001,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk
[2012.03.28 21:48:53 | 000,000,988 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Data Restore Tool.lnk
[2012.03.28 21:48:53 | 000,000,923 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicStation.lnk
[2012.03.28 21:47:18 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012.03.23 16:20:58 | 000,000,264 | ---- | C] () -- C:\ProgramData\~6rOqamw6cglY3f
[2012.03.23 16:20:58 | 000,000,176 | ---- | C] () -- C:\ProgramData\~6rOqamw6cglY3fr
[2012.03.23 16:20:56 | 000,000,456 | ---- | C] () -- C:\ProgramData\6rOqamw6cglY3f
[2012.03.10 01:39:35 | 000,120,620 | ---- | C] () -- C:\Users\jimmythebob\Desktop\bookmarks-2012-03-10.json
[2012.02.20 13:21:37 | 000,024,772 | ---- | C] () -- C:\ProgramData\P1100DEF.css
[2012.02.20 13:21:37 | 000,004,271 | ---- | C] () -- C:\ProgramData\P1100OS.HTM
[2012.02.20 13:21:37 | 000,002,944 | ---- | C] () -- C:\ProgramData\P1100SIG.GIF
[2011.01.02 17:28:46 | 000,029,184 | ---- | C] () -- C:\Users\jimmythebob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.23 21:11:57 | 000,001,607 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat
 
========== LOP Check ==========
 
[2010.10.25 02:04:38 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Alle meine Passworte
[2012.02.08 18:05:03 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Downloaded Installations
[2011.11.15 17:38:51 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\elsterformular
[2012.02.07 01:49:42 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Netgear Live Parental Controls
[2012.02.08 18:06:42 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Nitro PDF
[2012.01.20 13:27:45 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Nokia
[2011.06.11 00:33:15 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Nokia Ovi Suite
[2011.11.22 18:08:41 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Nokia Suite
[2011.11.17 13:00:46 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\PC Suite
[2011.03.04 18:47:01 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\S.A.D
[2011.09.25 15:14:11 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\TuneUp Software
[2011.07.19 16:41:49 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.10.24 00:34:57 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Adobe
[2010.10.25 02:04:38 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Alle meine Passworte
[2011.12.31 14:25:51 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Apple Computer
[2010.12.02 23:57:41 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\ArcSoft
[2011.11.02 22:42:40 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Avira
[2012.02.08 18:05:03 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Downloaded Installations
[2011.11.15 17:38:51 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\elsterformular
[2010.10.23 22:51:25 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Google
[2011.09.18 02:46:49 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\HP
[2010.10.23 22:39:25 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Identities
[2010.10.23 23:05:11 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\InstallShield
[2011.01.02 17:08:09 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Intel Corporation
[2010.10.23 22:59:31 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Macromedia
[2011.11.09 00:09:24 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Malwarebytes
[2009.11.20 02:27:16 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Media Center Programs
[2012.03.23 16:52:07 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Microsoft
[2010.10.23 23:14:51 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Mozilla
[2012.02.07 01:49:42 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Netgear Live Parental Controls
[2012.02.08 18:06:42 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Nitro PDF
[2012.01.20 13:27:45 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Nokia
[2011.06.11 00:33:15 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Nokia Ovi Suite
[2011.11.22 18:08:41 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Nokia Suite
[2011.11.17 13:00:46 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\PC Suite
[2011.03.13 13:43:06 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Roxio
[2011.03.04 18:47:01 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\S.A.D
[2010.10.24 21:14:58 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\Sony Corporation
[2011.09.25 15:14:11 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\TuneUp Software
[2010.10.24 00:57:19 | 000,000,000 | ---D | M] -- C:\Users\jimmythebob\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.03.12 18:14:06 | 008,547,008 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\jimmythebob\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_09_7094_8479.exe
[2012.03.12 18:14:49 | 007,468,376 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\jimmythebob\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_10_7094_8479.exe
[2012.03.12 18:13:17 | 012,362,088 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\jimmythebob\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_7094_8479.exe
[2011.11.14 22:49:31 | 006,489,448 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\jimmythebob\AppData\Roaming\elsterformular\update\ElsterFormular_update-12_3_2_6814p.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
[2009.10.13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

cosinus · 30.03.2012, 14:28

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
[2012.03.23 16:22:04 | 000,000,456 | ---- | M] () -- C:\ProgramData\6rOqamw6cglY3f
[2012.03.23 16:20:59 | 000,000,264 | ---- | M] () -- C:\ProgramData\~6rOqamw6cglY3f
[2012.03.23 16:20:58 | 000,000,176 | ---- | M] () -- C:\ProgramData\~6rOqamw6cglY3fr
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

T203004 · 30.03.2012, 15:02

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\ProgramData\6rOqamw6cglY3f moved successfully.
C:\ProgramData\~6rOqamw6cglY3f moved successfully.
C:\ProgramData\~6rOqamw6cglY3fr moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: jimmythebob
->Temp folder emptied: 490320475 bytes
->Temporary Internet Files folder emptied: 167962677 bytes
->Java cache emptied: 2778063 bytes
->FireFox cache emptied: 738542834 bytes
->Flash cache emptied: 70294 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1524233 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37179725 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 133412 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 507056521 bytes
 
Total Files Cleaned = 1.855,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: jimmythebob
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03302012_155412

Files\Folders moved on Reboot...
C:\Users\jimmythebob\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 30.03.2012, 15:44

Zitat:

(Kaspersky Lab ZAO) -- C:\Users\jimmythebob\Desktop\TDSSKiller.exe

Was hast du da schon mit dem TDSS-Killer gemacht?! Wo ist das Log dazu?

T203004 · 30.03.2012, 16:00

Den habe ich mir nach dem Befall runtergeladen und gescannt. Hier ist das Log:

Code:

ATTFilter

16:58:21.0781 1320	TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
16:58:23.0248 1320	============================================================
16:58:23.0248 1320	Current date / time: 2012/03/30 16:58:23.0248
16:58:23.0248 1320	SystemInfo:
16:58:23.0248 1320	
16:58:23.0248 1320	OS Version: 6.1.7601 ServicePack: 1.0
16:58:23.0248 1320	Product type: Workstation
16:58:23.0248 1320	ComputerName: SONYVAIO
16:58:23.0248 1320	UserName: jimmythebob
16:58:23.0248 1320	Windows directory: C:\Windows
16:58:23.0248 1320	System windows directory: C:\Windows
16:58:23.0248 1320	Running under WOW64
16:58:23.0248 1320	Processor architecture: Intel x64
16:58:23.0248 1320	Number of processors: 4
16:58:23.0248 1320	Page size: 0x1000
16:58:23.0248 1320	Boot type: Normal boot
16:58:23.0248 1320	============================================================
16:58:24.0074 1320	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:58:24.0090 1320	\Device\Harddisk0\DR0:
16:58:24.0090 1320	MBR used
16:58:24.0090 1320	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139F000, BlocksNum 0x32000
16:58:24.0090 1320	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13D1000, BlocksNum 0x142942B0
16:58:24.0106 1320	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15666000, BlocksNum 0xFDC8000
16:58:24.0246 1320	Initialize success
16:58:24.0246 1320	============================================================
16:58:31.0126 5392	============================================================
16:58:31.0126 5392	Scan started
16:58:31.0126 5392	Mode: Manual; 
16:58:31.0126 5392	============================================================
16:58:32.0545 5392	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:58:32.0545 5392	1394ohci - ok
16:58:32.0639 5392	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:58:32.0686 5392	ACDaemon - ok
16:58:32.0826 5392	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:58:32.0826 5392	ACPI - ok
16:58:32.0888 5392	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:58:32.0904 5392	AcpiPmi - ok
16:58:33.0107 5392	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:58:33.0154 5392	adp94xx - ok
16:58:33.0263 5392	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:58:33.0278 5392	adpahci - ok
16:58:33.0294 5392	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:58:33.0294 5392	adpu320 - ok
16:58:33.0341 5392	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:58:33.0341 5392	AeLookupSvc - ok
16:58:33.0700 5392	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:58:33.0731 5392	AFD - ok
16:58:33.0902 5392	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:58:33.0918 5392	agp440 - ok
16:58:34.0012 5392	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:58:34.0027 5392	ALG - ok
16:58:34.0105 5392	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:58:34.0121 5392	aliide - ok
16:58:34.0183 5392	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:58:34.0183 5392	amdide - ok
16:58:34.0246 5392	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:58:34.0292 5392	AmdK8 - ok
16:58:34.0370 5392	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
16:58:34.0386 5392	AmdPPM - ok
16:58:34.0464 5392	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:58:34.0495 5392	amdsata - ok
16:58:34.0573 5392	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:58:34.0589 5392	amdsbs - ok
16:58:34.0667 5392	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:58:34.0667 5392	amdxata - ok
16:58:34.0807 5392	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:58:34.0807 5392	AntiVirSchedulerService - ok
16:58:34.0838 5392	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:58:34.0838 5392	AntiVirService - ok
16:58:34.0979 5392	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:58:34.0994 5392	AppID - ok
16:58:35.0088 5392	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:58:35.0088 5392	AppIDSvc - ok
16:58:35.0166 5392	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:58:35.0166 5392	Appinfo - ok
16:58:35.0275 5392	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:58:35.0291 5392	arc - ok
16:58:35.0306 5392	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:58:35.0306 5392	arcsas - ok
16:58:35.0353 5392	ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
16:58:35.0369 5392	ArcSoftKsUFilter - ok
16:58:35.0478 5392	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:58:35.0494 5392	AsyncMac - ok
16:58:35.0618 5392	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:58:35.0634 5392	atapi - ok
16:58:35.0790 5392	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
16:58:35.0837 5392	athr - ok
16:58:36.0055 5392	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:58:36.0071 5392	AudioEndpointBuilder - ok
16:58:36.0086 5392	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:58:36.0102 5392	AudioSrv - ok
16:58:36.0242 5392	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
16:58:36.0242 5392	avgntflt - ok
16:58:36.0336 5392	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
16:58:36.0352 5392	avipbb - ok
16:58:36.0367 5392	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
16:58:36.0367 5392	avkmgr - ok
16:58:36.0461 5392	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:58:36.0492 5392	AxInstSV - ok
16:58:36.0586 5392	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:58:36.0617 5392	b06bdrv - ok
16:58:36.0710 5392	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:58:36.0726 5392	b57nd60a - ok
16:58:36.0773 5392	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:58:36.0788 5392	BDESVC - ok
16:58:36.0866 5392	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:58:36.0866 5392	Beep - ok
16:58:37.0007 5392	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:58:37.0038 5392	BFE - ok
16:58:37.0225 5392	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:58:37.0256 5392	BITS - ok
16:58:37.0381 5392	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
16:58:37.0397 5392	blbdrive - ok
16:58:37.0506 5392	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:58:37.0522 5392	bowser - ok
16:58:37.0709 5392	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:58:37.0724 5392	BrFiltLo - ok
16:58:37.0802 5392	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:58:37.0834 5392	BrFiltUp - ok
16:58:37.0896 5392	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:58:37.0896 5392	Browser - ok

edit: Hmm, das Log stimmt wohl nicht. Wo finde ich den die alten Logs? Ob ich den nun vor oder nach dem Befall runtergeladen habe...

cosinus · 30.03.2012, 17:06

Die liegen normalerweise direkt auf C:

T203004 · 31.03.2012, 10:56

Danke, hab sie gefunden:

Code:

ATTFilter

15:55:09.0089 2588	TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
15:55:09.0152 2588	============================================================
15:55:09.0152 2588	Current date / time: 2012/03/23 15:55:09.0152
15:55:09.0152 2588	SystemInfo:
15:55:09.0152 2588	
15:55:09.0152 2588	OS Version: 6.1.7601 ServicePack: 1.0
15:55:09.0152 2588	Product type: Workstation
15:55:09.0152 2588	ComputerName: SONYVAIO
15:55:09.0152 2588	UserName: jimmythebob
15:55:09.0152 2588	Windows directory: C:\Windows
15:55:09.0152 2588	System windows directory: C:\Windows
15:55:09.0152 2588	Running under WOW64
15:55:09.0152 2588	Processor architecture: Intel x64
15:55:09.0152 2588	Number of processors: 4
15:55:09.0152 2588	Page size: 0x1000
15:55:09.0152 2588	Boot type: Safe boot with network
15:55:09.0152 2588	============================================================
15:55:09.0745 2588	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:55:09.0745 2588	\Device\Harddisk0\DR0:
15:55:09.0745 2588	MBR used
15:55:09.0745 2588	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139F000, BlocksNum 0x32000
15:55:09.0745 2588	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13D1000, BlocksNum 0x142942B0
15:55:09.0776 2588	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15666000, BlocksNum 0xFDC8000
15:55:09.0869 2588	Initialize success
15:55:09.0869 2588	============================================================
15:55:11.0461 2624	============================================================
15:55:11.0461 2624	Scan started
15:55:11.0461 2624	Mode: Manual; 
15:55:11.0461 2624	============================================================
15:55:12.0943 2624	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:55:12.0974 2624	1394ohci - ok
15:55:13.0099 2624	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:55:13.0099 2624	ACDaemon - ok
15:55:13.0239 2624	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:55:13.0239 2624	ACPI - ok
15:55:13.0348 2624	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:55:13.0348 2624	AcpiPmi - ok
15:55:13.0442 2624	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:55:13.0457 2624	adp94xx - ok
15:55:13.0551 2624	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:55:13.0551 2624	adpahci - ok
15:55:13.0567 2624	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:55:13.0582 2624	adpu320 - ok
15:55:13.0613 2624	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:55:13.0613 2624	AeLookupSvc - ok
15:55:13.0738 2624	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:55:13.0754 2624	AFD - ok
15:55:13.0879 2624	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:55:13.0879 2624	agp440 - ok
15:55:13.0925 2624	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:55:13.0941 2624	ALG - ok
15:55:14.0050 2624	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:55:14.0050 2624	aliide - ok
15:55:14.0081 2624	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:55:14.0081 2624	amdide - ok
15:55:14.0191 2624	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:55:14.0191 2624	AmdK8 - ok
15:55:14.0191 2624	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:55:14.0191 2624	AmdPPM - ok
15:55:14.0253 2624	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:55:14.0253 2624	amdsata - ok
15:55:14.0269 2624	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:55:14.0269 2624	amdsbs - ok
15:55:14.0300 2624	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:55:14.0300 2624	amdxata - ok
15:55:14.0393 2624	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:55:14.0393 2624	AntiVirSchedulerService - ok
15:55:14.0425 2624	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:55:14.0440 2624	AntiVirService - ok
15:55:14.0549 2624	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:55:14.0549 2624	AppID - ok
15:55:14.0581 2624	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:55:14.0581 2624	AppIDSvc - ok
15:55:14.0705 2624	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:55:14.0705 2624	Appinfo - ok
15:55:14.0783 2624	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:55:14.0783 2624	arc - ok
15:55:14.0861 2624	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:55:14.0861 2624	arcsas - ok
15:55:14.0893 2624	ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
15:55:14.0893 2624	ArcSoftKsUFilter - ok
15:55:14.0939 2624	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:55:14.0939 2624	AsyncMac - ok
15:55:15.0064 2624	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:55:15.0080 2624	atapi - ok
15:55:15.0314 2624	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
15:55:15.0361 2624	athr - ok
15:55:15.0579 2624	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:55:15.0595 2624	AudioEndpointBuilder - ok
15:55:15.0626 2624	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:55:15.0626 2624	AudioSrv - ok
15:55:15.0766 2624	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
15:55:15.0766 2624	avgntflt - ok
15:55:15.0782 2624	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
15:55:15.0782 2624	avipbb - ok
15:55:15.0907 2624	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
15:55:15.0907 2624	avkmgr - ok
15:55:16.0063 2624	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:55:16.0063 2624	AxInstSV - ok
15:55:16.0203 2624	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:55:16.0219 2624	b06bdrv - ok
15:55:16.0406 2624	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:55:16.0406 2624	b57nd60a - ok
15:55:16.0515 2624	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:55:16.0515 2624	BDESVC - ok
15:55:16.0593 2624	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:55:16.0609 2624	Beep - ok
15:55:16.0843 2624	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:55:16.0858 2624	BFE - ok
15:55:17.0030 2624	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:55:17.0045 2624	BITS - ok
15:55:17.0155 2624	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
15:55:17.0155 2624	blbdrive - ok
15:55:17.0264 2624	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:55:17.0279 2624	bowser - ok
15:55:17.0357 2624	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:55:17.0373 2624	BrFiltLo - ok
15:55:17.0498 2624	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:55:17.0498 2624	BrFiltUp - ok
15:55:17.0545 2624	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:55:17.0545 2624	Browser - ok
15:55:17.0654 2624	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:55:17.0669 2624	Brserid - ok
15:55:17.0685 2624	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:55:17.0685 2624	BrSerWdm - ok
15:55:17.0763 2624	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:55:17.0763 2624	BrUsbMdm - ok
15:55:17.0779 2624	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:55:17.0779 2624	BrUsbSer - ok
15:55:17.0872 2624	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:55:17.0888 2624	BthEnum - ok
15:55:17.0981 2624	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:55:17.0997 2624	BTHMODEM - ok
15:55:18.0028 2624	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:55:18.0028 2624	BthPan - ok
15:55:18.0184 2624	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:55:18.0200 2624	BTHPORT - ok
15:55:18.0293 2624	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:55:18.0293 2624	bthserv - ok
15:55:18.0434 2624	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:55:18.0449 2624	BTHUSB - ok
15:55:18.0512 2624	btusbflt        (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
15:55:18.0512 2624	btusbflt - ok
15:55:18.0605 2624	btwaudio        (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys
15:55:18.0605 2624	btwaudio - ok
15:55:18.0683 2624	btwavdt         (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
15:55:18.0683 2624	btwavdt - ok
15:55:18.0871 2624	btwdins         (31da517946ffe416442e864592548f8a) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:55:18.0886 2624	btwdins - ok
15:55:18.0964 2624	btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
15:55:18.0964 2624	btwl2cap - ok
15:55:18.0995 2624	btwrchid        (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
15:55:18.0995 2624	btwrchid - ok
15:55:19.0120 2624	BVRPMPR5a64     (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
15:55:19.0120 2624	BVRPMPR5a64 - ok
15:55:19.0183 2624	catchme - ok
15:55:19.0323 2624	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:55:19.0323 2624	cdfs - ok
15:55:19.0401 2624	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:55:19.0401 2624	cdrom - ok
15:55:19.0495 2624	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:55:19.0495 2624	CertPropSvc - ok
15:55:19.0573 2624	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:55:19.0573 2624	circlass - ok
15:55:19.0604 2624	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:55:19.0619 2624	CLFS - ok
15:55:19.0697 2624	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:55:19.0697 2624	clr_optimization_v2.0.50727_32 - ok
15:55:19.0744 2624	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:55:19.0744 2624	clr_optimization_v2.0.50727_64 - ok
15:55:19.0900 2624	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:55:19.0963 2624	clr_optimization_v4.0.30319_32 - ok
15:55:20.0056 2624	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:55:20.0056 2624	clr_optimization_v4.0.30319_64 - ok
15:55:20.0228 2624	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:55:20.0243 2624	CmBatt - ok
15:55:20.0415 2624	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:55:20.0431 2624	cmdide - ok
15:55:20.0540 2624	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:55:20.0540 2624	CNG - ok
15:55:20.0649 2624	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:55:20.0649 2624	Compbatt - ok
15:55:20.0711 2624	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:55:20.0711 2624	CompositeBus - ok
15:55:20.0789 2624	COMSysApp - ok
15:55:20.0821 2624	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:55:20.0821 2624	crcdisk - ok
15:55:20.0945 2624	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:55:20.0961 2624	CryptSvc - ok
15:55:21.0023 2624	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:55:21.0039 2624	DcomLaunch - ok
15:55:21.0101 2624	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:55:21.0117 2624	defragsvc - ok
15:55:21.0211 2624	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:55:21.0211 2624	DfsC - ok
15:55:21.0320 2624	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:55:21.0320 2624	Dhcp - ok
15:55:21.0398 2624	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:55:21.0398 2624	discache - ok
15:55:21.0476 2624	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:55:21.0476 2624	Disk - ok
15:55:21.0554 2624	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:55:21.0554 2624	Dnscache - ok
15:55:21.0632 2624	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:55:21.0632 2624	dot3svc - ok
15:55:21.0710 2624	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:55:21.0710 2624	DPS - ok
15:55:21.0788 2624	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:55:21.0788 2624	drmkaud - ok
15:55:21.0881 2624	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:55:21.0897 2624	DXGKrnl - ok
15:55:21.0975 2624	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:55:21.0975 2624	EapHost - ok
15:55:22.0115 2624	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:55:22.0193 2624	ebdrv - ok
15:55:22.0303 2624	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:55:22.0303 2624	EFS - ok
15:55:22.0381 2624	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:55:22.0396 2624	ehRecvr - ok
15:55:22.0474 2624	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:55:22.0474 2624	ehSched - ok
15:55:22.0552 2624	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:55:22.0552 2624	elxstor - ok
15:55:22.0646 2624	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:55:22.0646 2624	ErrDev - ok
15:55:22.0708 2624	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:55:22.0724 2624	EventSystem - ok
15:55:22.0817 2624	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:55:22.0817 2624	exfat - ok
15:55:22.0833 2624	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:55:22.0833 2624	fastfat - ok
15:55:22.0958 2624	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:55:22.0958 2624	Fax - ok
15:55:23.0051 2624	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:55:23.0051 2624	fdc - ok
15:55:23.0083 2624	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:55:23.0083 2624	fdPHost - ok
15:55:23.0161 2624	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:55:23.0176 2624	FDResPub - ok
15:55:23.0223 2624	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:55:23.0223 2624	FileInfo - ok
15:55:23.0285 2624	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:55:23.0285 2624	Filetrace - ok
15:55:23.0348 2624	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:55:23.0363 2624	flpydisk - ok
15:55:23.0457 2624	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:55:23.0473 2624	FltMgr - ok
15:55:23.0551 2624	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:55:23.0566 2624	FontCache - ok
15:55:23.0660 2624	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:55:23.0660 2624	FontCache3.0.0.0 - ok
15:55:23.0722 2624	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:55:23.0722 2624	FsDepends - ok
15:55:23.0800 2624	fssfltr         (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
15:55:23.0800 2624	fssfltr - ok
15:55:23.0878 2624	fsssvc          (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:55:23.0878 2624	fsssvc - ok
15:55:23.0972 2624	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:55:23.0972 2624	Fs_Rec - ok
15:55:24.0034 2624	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:55:24.0034 2624	fvevol - ok
15:55:24.0128 2624	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:55:24.0143 2624	gagp30kx - ok
15:55:24.0221 2624	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:55:24.0221 2624	gpsvc - ok
15:55:24.0409 2624	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:55:24.0409 2624	gupdate - ok
15:55:24.0440 2624	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:55:24.0440 2624	gupdatem - ok
15:55:24.0518 2624	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:55:24.0518 2624	hcw85cir - ok
15:55:24.0643 2624	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:55:24.0643 2624	HdAudAddService - ok
15:55:24.0689 2624	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:55:24.0689 2624	HDAudBus - ok
15:55:24.0783 2624	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:55:24.0783 2624	HidBatt - ok
15:55:24.0814 2624	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:55:24.0814 2624	HidBth - ok
15:55:24.0845 2624	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:55:24.0845 2624	HidIr - ok
15:55:24.0923 2624	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:55:24.0923 2624	hidserv - ok
15:55:24.0986 2624	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:55:24.0986 2624	HidUsb - ok
15:55:25.0064 2624	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:55:25.0064 2624	hkmsvc - ok
15:55:25.0126 2624	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:55:25.0126 2624	HomeGroupListener - ok
15:55:25.0204 2624	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:55:25.0204 2624	HomeGroupProvider - ok
15:55:25.0282 2624	HP LaserJet Service (53dca61931847e35c950504bfb7559c6) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
15:55:25.0298 2624	HP LaserJet Service - ok
15:55:25.0391 2624	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:55:25.0391 2624	HpSAMD - ok
15:55:25.0485 2624	HPSIService     (5a539a3cbd6ec1609d5333b486d5f74c) C:\Windows\system32\HPSIsvc.exe
15:55:25.0501 2624	HPSIService - ok
15:55:25.0610 2624	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:55:25.0625 2624	HTTP - ok
15:55:25.0719 2624	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:55:25.0719 2624	hwpolicy - ok
15:55:25.0781 2624	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:55:25.0781 2624	i8042prt - ok
15:55:25.0859 2624	iaStor          (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
15:55:25.0875 2624	iaStor - ok
15:55:25.0953 2624	IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:55:25.0953 2624	IAStorDataMgrSvc - ok
15:55:26.0078 2624	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:55:26.0078 2624	iaStorV - ok
15:55:26.0187 2624	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:55:26.0203 2624	idsvc - ok
15:55:26.0296 2624	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:55:26.0296 2624	iirsp - ok
15:55:26.0374 2624	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:55:26.0390 2624	IKEEXT - ok
15:55:26.0515 2624	Impcd           (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\drivers\Impcd.sys
15:55:26.0515 2624	Impcd - ok
15:55:26.0655 2624	IntcAzAudAddService (5f35fe198ee7818221414776f8413ab0) C:\Windows\system32\drivers\RTKVHD64.sys
15:55:26.0733 2624	IntcAzAudAddService - ok
15:55:26.0842 2624	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:55:26.0842 2624	intelide - ok
15:55:26.0889 2624	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:55:26.0889 2624	intelppm - ok
15:55:26.0967 2624	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:55:26.0983 2624	IPBusEnum - ok
15:55:27.0170 2624	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:55:27.0170 2624	IpFilterDriver - ok
15:55:27.0263 2624	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:55:27.0279 2624	iphlpsvc - ok
15:55:27.0373 2624	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:55:27.0373 2624	IPMIDRV - ok
15:55:27.0404 2624	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:55:27.0404 2624	IPNAT - ok
15:55:27.0435 2624	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:55:27.0451 2624	IRENUM - ok
15:55:27.0544 2624	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:55:27.0544 2624	isapnp - ok
15:55:27.0591 2624	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:55:27.0607 2624	iScsiPrt - ok
15:55:27.0700 2624	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:55:27.0700 2624	kbdclass - ok
15:55:27.0778 2624	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:55:27.0778 2624	kbdhid - ok
15:55:27.0872 2624	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:55:27.0872 2624	KeyIso - ok
15:55:27.0950 2624	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:55:27.0950 2624	KSecDD - ok
15:55:28.0153 2624	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:55:28.0153 2624	KSecPkg - ok
15:55:28.0246 2624	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:55:28.0246 2624	ksthunk - ok
15:55:28.0277 2624	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:55:28.0293 2624	KtmRm - ok
15:55:28.0371 2624	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:55:28.0371 2624	LanmanServer - ok
15:55:28.0449 2624	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:55:28.0449 2624	LanmanWorkstation - ok
15:55:28.0543 2624	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:55:28.0558 2624	lltdio - ok
15:55:28.0605 2624	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:55:28.0621 2624	lltdsvc - ok
15:55:28.0652 2624	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:55:28.0652 2624	lmhosts - ok
15:55:28.0714 2624	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:55:28.0714 2624	LSI_FC - ok
15:55:28.0792 2624	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:55:28.0792 2624	LSI_SAS - ok
15:55:28.0823 2624	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:55:28.0839 2624	LSI_SAS2 - ok
15:55:28.0839 2624	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:55:28.0839 2624	LSI_SCSI - ok
15:55:28.0886 2624	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:55:28.0886 2624	luafv - ok
15:55:28.0979 2624	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:55:28.0979 2624	Mcx2Svc - ok
15:55:29.0042 2624	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:55:29.0042 2624	megasas - ok
15:55:29.0104 2624	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:55:29.0104 2624	MegaSR - ok
15:55:29.0167 2624	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:55:29.0167 2624	MMCSS - ok
15:55:29.0229 2624	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:55:29.0229 2624	Modem - ok
15:55:29.0276 2624	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:55:29.0276 2624	monitor - ok
15:55:29.0369 2624	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:55:29.0369 2624	mouclass - ok
15:55:29.0432 2624	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
15:55:29.0432 2624	mouhid - ok
15:55:29.0510 2624	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:55:29.0510 2624	mountmgr - ok
15:55:29.0588 2624	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:55:29.0588 2624	mpio - ok
15:55:29.0650 2624	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:55:29.0650 2624	mpsdrv - ok
15:55:29.0744 2624	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:55:29.0759 2624	MpsSvc - ok
15:55:29.0869 2624	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:55:29.0869 2624	MRxDAV - ok
15:55:29.0915 2624	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:55:29.0915 2624	mrxsmb - ok
15:55:29.0978 2624	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:55:29.0978 2624	mrxsmb10 - ok
15:55:30.0071 2624	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:55:30.0071 2624	mrxsmb20 - ok
15:55:30.0134 2624	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:55:30.0134 2624	msahci - ok
15:55:30.0181 2624	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:55:30.0181 2624	msdsm - ok
15:55:30.0227 2624	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:55:30.0243 2624	MSDTC - ok
15:55:30.0274 2624	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:55:30.0274 2624	Msfs - ok
15:55:30.0290 2624	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:55:30.0290 2624	mshidkmdf - ok
15:55:30.0352 2624	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:55:30.0352 2624	msisadrv - ok
15:55:30.0415 2624	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:55:30.0415 2624	MSiSCSI - ok
15:55:30.0430 2624	msiserver - ok
15:55:30.0493 2624	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:55:30.0493 2624	MSKSSRV - ok
15:55:30.0524 2624	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:55:30.0524 2624	MSPCLOCK - ok
15:55:30.0555 2624	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:55:30.0555 2624	MSPQM - ok
15:55:30.0602 2624	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:55:30.0602 2624	MsRPC - ok
15:55:30.0695 2624	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:55:30.0695 2624	mssmbios - ok
15:55:30.0742 2624	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:55:30.0742 2624	MSTEE - ok
15:55:30.0773 2624	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:55:30.0773 2624	MTConfig - ok
15:55:30.0851 2624	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:55:30.0851 2624	Mup - ok
15:55:30.0929 2624	mvusbews        (8fa52b6049596fe2fdbc8a5e8b14ebfc) C:\Windows\system32\Drivers\mvusbews.sys
15:55:30.0929 2624	mvusbews - ok
15:55:31.0007 2624	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:55:31.0007 2624	napagent - ok
15:55:31.0101 2624	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:55:31.0101 2624	NativeWifiP - ok
15:55:31.0163 2624	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:55:31.0179 2624	NDIS - ok
15:55:31.0257 2624	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:55:31.0257 2624	NdisCap - ok
15:55:31.0288 2624	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:55:31.0288 2624	NdisTapi - ok
15:55:31.0366 2624	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:55:31.0366 2624	Ndisuio - ok
15:55:31.0444 2624	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:55:31.0460 2624	NdisWan - ok
15:55:31.0522 2624	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:55:31.0522 2624	NDProxy - ok
15:55:31.0585 2624	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:55:31.0585 2624	NetBIOS - ok
15:55:31.0647 2624	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:55:31.0647 2624	NetBT - ok
15:55:31.0694 2624	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:55:31.0694 2624	Netlogon - ok
15:55:31.0772 2624	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:55:31.0772 2624	Netman - ok
15:55:31.0819 2624	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:55:31.0819 2624	netprofm - ok
15:55:31.0897 2624	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:55:31.0897 2624	NetTcpPortSharing - ok
15:55:31.0959 2624	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:55:31.0975 2624	nfrd960 - ok
15:55:32.0099 2624	NitroReaderDriverReadSpool2 (f8aa2483aa9134b4a75efa9e9b240802) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
15:55:32.0115 2624	NitroReaderDriverReadSpool2 - ok
15:55:32.0224 2624	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:55:32.0224 2624	NlaSvc - ok
15:55:32.0318 2624	nmwcd           (5fe6f8c05f0769bbb74afac11453b182) C:\Windows\system32\drivers\ccdcmbx64.sys
15:55:32.0318 2624	nmwcd - ok
15:55:32.0411 2624	nmwcdc          (73c929945c0850b8d1fe2fea05fdf05d) C:\Windows\system32\drivers\ccdcmbox64.sys
15:55:32.0427 2624	nmwcdc - ok
15:55:32.0489 2624	nmwcdnsucx64    (697ca586209e022d15dd0c838b235d6a) C:\Windows\system32\drivers\nmwcdnsucx64.sys
15:55:32.0489 2624	nmwcdnsucx64 - ok
15:55:32.0614 2624	nmwcdnsux64     (292ddf13f91f2cb2482b57aacd6aeb9b) C:\Windows\system32\drivers\nmwcdnsux64.sys
15:55:32.0614 2624	nmwcdnsux64 - ok
15:55:32.0645 2624	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:55:32.0661 2624	Npfs - ok
15:55:32.0708 2624	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:55:32.0708 2624	nsi - ok
15:55:32.0786 2624	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:55:32.0786 2624	nsiproxy - ok
15:55:32.0879 2624	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:55:32.0895 2624	Ntfs - ok
15:55:32.0973 2624	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:55:32.0973 2624	Null - ok
15:55:33.0020 2624	NVHDA           (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
15:55:33.0020 2624	NVHDA - ok
15:55:33.0363 2624	nvlddmkm        (ca8447574e9dae22250c723819d3ef96) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:55:33.0566 2624	nvlddmkm - ok
15:55:33.0675 2624	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:55:33.0675 2624	nvraid - ok
15:55:33.0691 2624	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:55:33.0691 2624	nvstor - ok
15:55:33.0784 2624	nvsvc           (ad1e49bceb5d446a271c43bfa8fd71d2) C:\Windows\system32\nvvsvc.exe
15:55:33.0784 2624	nvsvc - ok
15:55:33.0847 2624	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:55:33.0847 2624	nv_agp - ok
15:55:33.0893 2624	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:55:33.0909 2624	ohci1394 - ok
15:55:33.0987 2624	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:55:33.0987 2624	ose - ok
15:55:34.0159 2624	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:55:34.0283 2624	osppsvc - ok
15:55:34.0377 2624	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:55:34.0393 2624	p2pimsvc - ok
15:55:34.0424 2624	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:55:34.0424 2624	p2psvc - ok
15:55:34.0517 2624	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:55:34.0533 2624	Parport - ok
15:55:34.0564 2624	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:55:34.0564 2624	partmgr - ok
15:55:34.0611 2624	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:55:34.0611 2624	PcaSvc - ok
15:55:34.0720 2624	pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
15:55:34.0720 2624	pccsmcfd - ok
15:55:34.0783 2624	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:55:34.0783 2624	pci - ok
15:55:34.0814 2624	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:55:34.0814 2624	pciide - ok
15:55:34.0892 2624	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:55:34.0892 2624	pcmcia - ok
15:55:34.0923 2624	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:55:34.0939 2624	pcw - ok
15:55:34.0985 2624	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:55:34.0985 2624	PEAUTH - ok
15:55:35.0032 2624	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:55:35.0048 2624	PerfHost - ok
15:55:35.0173 2624	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:55:35.0188 2624	pla - ok
15:55:35.0297 2624	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:55:35.0297 2624	PlugPlay - ok
15:55:35.0422 2624	PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
15:55:35.0422 2624	PMBDeviceInfoProvider - ok
15:55:35.0516 2624	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:55:35.0516 2624	PNRPAutoReg - ok
15:55:35.0563 2624	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:55:35.0563 2624	PNRPsvc - ok
15:55:35.0625 2624	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:55:35.0625 2624	PolicyAgent - ok
15:55:35.0703 2624	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:55:35.0703 2624	Power - ok
15:55:35.0797 2624	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:55:35.0797 2624	PptpMiniport - ok
15:55:35.0859 2624	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:55:35.0859 2624	Processor - ok
15:55:35.0937 2624	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:55:35.0937 2624	ProfSvc - ok
15:55:36.0031 2624	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:55:36.0031 2624	ProtectedStorage - ok
15:55:36.0109 2624	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:55:36.0109 2624	Psched - ok
15:55:36.0187 2624	PxHlpa64        (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
15:55:36.0187 2624	PxHlpa64 - ok
15:55:36.0249 2624	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:55:36.0280 2624	ql2300 - ok
15:55:36.0343 2624	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:55:36.0343 2624	ql40xx - ok
15:55:36.0389 2624	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:55:36.0405 2624	QWAVE - ok
15:55:36.0452 2624	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:55:36.0452 2624	QWAVEdrv - ok
15:55:36.0483 2624	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:55:36.0483 2624	RasAcd - ok
15:55:36.0545 2624	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:55:36.0545 2624	RasAgileVpn - ok
15:55:36.0592 2624	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:55:36.0592 2624	RasAuto - ok
15:55:36.0686 2624	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:55:36.0686 2624	Rasl2tp - ok
15:55:36.0764 2624	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:55:36.0779 2624	RasMan - ok
15:55:36.0826 2624	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:55:36.0842 2624	RasPppoe - ok
15:55:36.0889 2624	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:55:36.0889 2624	RasSstp - ok
15:55:36.0967 2624	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:55:36.0967 2624	rdbss - ok
15:55:36.0998 2624	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:55:36.0998 2624	rdpbus - ok
15:55:37.0076 2624	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:55:37.0076 2624	RDPCDD - ok
15:55:37.0107 2624	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:55:37.0107 2624	RDPENCDD - ok
15:55:37.0154 2624	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:55:37.0154 2624	RDPREFMP - ok
15:55:37.0247 2624	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:55:37.0247 2624	RDPWD - ok
15:55:37.0310 2624	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:55:37.0310 2624	rdyboost - ok
15:55:37.0388 2624	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:55:37.0388 2624	RemoteAccess - ok
15:55:37.0403 2624	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:55:37.0419 2624	RemoteRegistry - ok
15:55:37.0497 2624	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:55:37.0497 2624	RFCOMM - ok
15:55:37.0809 2624	rimspci         (5ca4abd888b602551b59baa26941c167) C:\Windows\system32\drivers\rimssne64.sys
15:55:37.0809 2624	rimspci - ok
15:55:37.0918 2624	risdsnpe        (bb6e138aeb351728959da5e2731d8140) C:\Windows\system32\drivers\risdsne64.sys
15:55:37.0918 2624	risdsnpe - ok
15:55:37.0965 2624	Roxio UPnP Renderer 10 (d151224bc11078895a60fa970728ff59) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
15:55:37.0965 2624	Roxio UPnP Renderer 10 - ok
15:55:37.0981 2624	Roxio Upnp Server 10 (5022a927944878bd750960bd21e751af) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
15:55:37.0981 2624	Roxio Upnp Server 10 - ok
15:55:38.0074 2624	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:55:38.0074 2624	RpcEptMapper - ok
15:55:38.0121 2624	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:55:38.0121 2624	RpcLocator - ok
15:55:38.0199 2624	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:55:38.0199 2624	RpcSs - ok
15:55:38.0277 2624	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:55:38.0293 2624	rspndr - ok
15:55:38.0371 2624	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:55:38.0371 2624	SamSs - ok
15:55:38.0480 2624	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:55:38.0480 2624	sbp2port - ok
15:55:38.0511 2624	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:55:38.0511 2624	SCardSvr - ok
15:55:38.0620 2624	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:55:38.0620 2624	scfilter - ok
15:55:38.0698 2624	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:55:38.0714 2624	Schedule - ok
15:55:38.0807 2624	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:55:38.0807 2624	SCPolicySvc - ok
15:55:38.0885 2624	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:55:38.0885 2624	sdbus - ok
15:55:38.0979 2624	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:55:38.0995 2624	SDRSVC - ok
15:55:39.0041 2624	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:55:39.0041 2624	secdrv - ok
15:55:39.0088 2624	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:55:39.0088 2624	seclogon - ok
15:55:39.0151 2624	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:55:39.0166 2624	SENS - ok
15:55:39.0229 2624	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:55:39.0229 2624	SensrSvc - ok
15:55:39.0338 2624	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:55:39.0338 2624	Serenum - ok
15:55:39.0385 2624	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:55:39.0385 2624	Serial - ok
15:55:39.0431 2624	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:55:39.0431 2624	sermouse - ok
15:55:39.0525 2624	ServiceLayer    (f31e9531af225ca25350d5e87e999b31) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
15:55:39.0525 2624	ServiceLayer - ok
15:55:39.0634 2624	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:55:39.0634 2624	SessionEnv - ok
15:55:39.0681 2624	SFEP            (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\drivers\SFEP.sys
15:55:39.0681 2624	SFEP - ok
15:55:39.0728 2624	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:55:39.0728 2624	sffdisk - ok
15:55:39.0837 2624	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:55:39.0837 2624	sffp_mmc - ok
15:55:39.0884 2624	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:55:39.0884 2624	sffp_sd - ok
15:55:39.0899 2624	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:55:39.0899 2624	sfloppy - ok
15:55:40.0024 2624	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:55:40.0024 2624	SharedAccess - ok
15:55:40.0102 2624	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:55:40.0102 2624	ShellHWDetection - ok
15:55:40.0165 2624	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:55:40.0165 2624	SiSRaid2 - ok
15:55:40.0196 2624	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:55:40.0196 2624	SiSRaid4 - ok
15:55:40.0227 2624	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:55:40.0243 2624	Smb - ok
15:55:40.0305 2624	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:55:40.0305 2624	SNMPTRAP - ok
15:55:40.0399 2624	SOHCImp         (c3e69db0a4e59564230e053232f39ac7) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
15:55:40.0414 2624	SOHCImp - ok
15:55:40.0461 2624	SOHDms          (65cc4779a29c3e82b987bd4961790dff) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
15:55:40.0461 2624	SOHDms - ok
15:55:40.0539 2624	SOHDs           (f47d75cee1844eef4a9ea6ee768828fb) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
15:55:40.0555 2624	SOHDs - ok
15:55:40.0648 2624	SpfService      (65e5659e9c2a0762d05657c0e22a7ca2) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
15:55:40.0664 2624	SpfService - ok
15:55:40.0726 2624	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:55:40.0726 2624	spldr - ok
15:55:40.0789 2624	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:55:40.0804 2624	Spooler - ok
15:55:40.0945 2624	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:55:41.0038 2624	sppsvc - ok
15:55:41.0101 2624	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:55:41.0116 2624	sppuinotify - ok
15:55:41.0210 2624	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:55:41.0210 2624	srv - ok
15:55:41.0319 2624	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:55:41.0335 2624	srv2 - ok
15:55:41.0381 2624	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:55:41.0381 2624	srvnet - ok
15:55:41.0459 2624	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:55:41.0459 2624	SSDPSRV - ok
15:55:41.0491 2624	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:55:41.0491 2624	SstpSvc - ok
15:55:41.0537 2624	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:55:41.0537 2624	stexstor - ok
15:55:41.0647 2624	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:55:41.0647 2624	stisvc - ok
15:55:41.0756 2624	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:55:41.0756 2624	swenum - ok
15:55:41.0803 2624	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:55:41.0803 2624	swprv - ok
15:55:41.0912 2624	SynTP           (8f63178d1db81bb79270ae55ecdd8321) C:\Windows\system32\DRIVERS\SynTP.sys
15:55:41.0912 2624	SynTP - ok
15:55:42.0005 2624	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:55:42.0037 2624	SysMain - ok
15:55:42.0130 2624	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:55:42.0130 2624	TabletInputService - ok
15:55:42.0161 2624	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:55:42.0161 2624	TapiSrv - ok
15:55:42.0193 2624	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:55:42.0193 2624	TBS - ok
15:55:42.0317 2624	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:55:42.0333 2624	Tcpip - ok
15:55:42.0458 2624	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:55:42.0473 2624	TCPIP6 - ok
15:55:42.0567 2624	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:55:42.0567 2624	tcpipreg - ok
15:55:42.0614 2624	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:55:42.0614 2624	TDPIPE - ok
15:55:42.0707 2624	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:55:42.0707 2624	TDTCP - ok
15:55:42.0785 2624	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:55:42.0785 2624	tdx - ok
15:55:42.0895 2624	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:55:42.0895 2624	TermDD - ok
15:55:42.0957 2624	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:55:42.0973 2624	TermService - ok
15:55:43.0035 2624	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:55:43.0035 2624	Themes - ok
15:55:43.0097 2624	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:55:43.0097 2624	THREADORDER - ok
15:55:43.0191 2624	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:55:43.0191 2624	TrkWks - ok
15:55:43.0253 2624	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:55:43.0253 2624	TrustedInstaller - ok
15:55:43.0378 2624	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:55:43.0394 2624	tssecsrv - ok
15:55:43.0456 2624	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:55:43.0456 2624	TsUsbFlt - ok
15:55:43.0581 2624	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:55:43.0581 2624	tunnel - ok
15:55:43.0628 2624	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:55:43.0628 2624	uagp35 - ok
15:55:43.0690 2624	uCamMonitor     (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
15:55:43.0690 2624	uCamMonitor - ok
15:55:43.0815 2624	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:55:43.0831 2624	udfs - ok
15:55:43.0862 2624	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:55:43.0862 2624	UI0Detect - ok
15:55:43.0971 2624	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:55:43.0971 2624	uliagpkx - ok
15:55:44.0049 2624	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:55:44.0049 2624	umbus - ok
15:55:44.0127 2624	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:55:44.0127 2624	UmPass - ok
15:55:44.0174 2624	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:55:44.0174 2624	upnphost - ok
15:55:44.0299 2624	upperdev        (34afb83c7bba370e404e52cc2290350c) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
15:55:44.0299 2624	upperdev - ok
15:55:44.0361 2624	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:55:44.0361 2624	USBAAPL64 - ok
15:55:44.0470 2624	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:55:44.0470 2624	usbccgp - ok
15:55:44.0533 2624	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:55:44.0533 2624	usbcir - ok
15:55:44.0626 2624	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:55:44.0626 2624	usbehci - ok
15:55:44.0689 2624	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:55:44.0689 2624	usbhub - ok
15:55:44.0782 2624	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:55:44.0782 2624	usbohci - ok
15:55:44.0829 2624	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:55:44.0829 2624	usbprint - ok
15:55:44.0923 2624	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:55:44.0923 2624	usbscan - ok
15:55:44.0969 2624	usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
15:55:44.0969 2624	usbser - ok
15:55:45.0063 2624	UsbserFilt      (aa75e1efbee7186b4cbaaacf1f15e6ca) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
15:55:45.0063 2624	UsbserFilt - ok
15:55:45.0110 2624	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:55:45.0110 2624	USBSTOR - ok
15:55:45.0157 2624	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:55:45.0157 2624	usbuhci - ok
15:55:45.0281 2624	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:55:45.0281 2624	usbvideo - ok
15:55:45.0344 2624	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:55:45.0344 2624	UxSms - ok
15:55:45.0422 2624	VAIO Entertainment TV Device Arbitration Service (8e68e4aa2d7abbf7c9159d9d2a38ae0f) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
15:55:45.0422 2624	VAIO Entertainment TV Device Arbitration Service - ok
15:55:45.0515 2624	VAIO Event Service (6b31c9cb94927dbeeb62e15275f4cc54) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
15:55:45.0515 2624	VAIO Event Service - ok
15:55:45.0609 2624	VAIO Power Management (b8c9a7010afd5cbbe194cb9ef7c4fd14) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
15:55:45.0609 2624	VAIO Power Management - ok
15:55:45.0718 2624	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:55:45.0718 2624	VaultSvc - ok
15:55:45.0843 2624	VCFw            (d00058c1fff3f3de990444a5734e9639) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
15:55:45.0843 2624	VCFw - ok
15:55:45.0968 2624	VcmIAlzMgr      (f19275655b42086c884abcdae2c659ae) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
15:55:45.0983 2624	VcmIAlzMgr - ok
15:55:46.0030 2624	VcmINSMgr       (cbb9f0d1017e0bed4cb5bbc0ebf26dc1) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
15:55:46.0046 2624	VcmINSMgr - ok
15:55:46.0139 2624	VcmXmlIfHelper  (32a3735f6874b7783c6209ed5ca36d9d) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
15:55:46.0139 2624	VcmXmlIfHelper - ok
15:55:46.0249 2624	VCService       (d347d3abe070aa09c22fc37121555d52) C:\Program Files\Sony\VAIO Care\VCService.exe
15:55:46.0249 2624	VCService - ok
15:55:46.0373 2624	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:55:46.0373 2624	vdrvroot - ok
15:55:46.0436 2624	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:55:46.0451 2624	vds - ok
15:55:46.0514 2624	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:55:46.0514 2624	vga - ok
15:55:46.0545 2624	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:55:46.0545 2624	VgaSave - ok
15:55:46.0592 2624	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:55:46.0592 2624	vhdmp - ok
15:55:46.0685 2624	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:55:46.0685 2624	viaide - ok
15:55:46.0701 2624	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:55:46.0717 2624	volmgr - ok
15:55:46.0763 2624	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:55:46.0763 2624	volmgrx - ok
15:55:46.0857 2624	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:55:46.0857 2624	volsnap - ok
15:55:46.0919 2624	vpnagent        (caafa2333b428a12bfa97ecd389f59c5) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
15:55:46.0935 2624	vpnagent - ok
15:55:47.0029 2624	vpnva           (e526a69d932538ae8bc96b3f4a5a90b1) C:\Windows\system32\DRIVERS\vpnva64.sys
15:55:47.0029 2624	vpnva - ok
15:55:47.0060 2624	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:55:47.0060 2624	vsmraid - ok
15:55:47.0169 2624	VSNService      (047f22bdfdae6df6f1e47e747a1237a2) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
15:55:47.0185 2624	VSNService - ok
15:55:47.0309 2624	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:55:47.0341 2624	VSS - ok
15:55:47.0512 2624	VUAgent         (d62d16e057be87f5b84a54d1b83822c4) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
15:55:47.0528 2624	VUAgent - ok
15:55:47.0606 2624	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:55:47.0606 2624	vwifibus - ok
15:55:47.0653 2624	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:55:47.0653 2624	vwififlt - ok
15:55:47.0746 2624	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:55:47.0746 2624	vwifimp - ok
15:55:47.0793 2624	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:55:47.0793 2624	W32Time - ok
15:55:47.0887 2624	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:55:47.0887 2624	WacomPen - ok
15:55:47.0965 2624	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:55:47.0965 2624	WANARP - ok
15:55:47.0965 2624	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:55:47.0965 2624	Wanarpv6 - ok
15:55:48.0105 2624	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:55:48.0121 2624	WatAdminSvc - ok
15:55:48.0261 2624	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:55:48.0292 2624	wbengine - ok
15:55:48.0370 2624	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:55:48.0370 2624	WbioSrvc - ok
15:55:48.0448 2624	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:55:48.0448 2624	wcncsvc - ok
15:55:48.0511 2624	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:55:48.0526 2624	WcsPlugInService - ok
15:55:48.0573 2624	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:55:48.0573 2624	Wd - ok
15:55:48.0651 2624	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:55:48.0651 2624	Wdf01000 - ok
15:55:48.0729 2624	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:55:48.0745 2624	WdiServiceHost - ok
15:55:48.0760 2624	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:55:48.0760 2624	WdiSystemHost - ok
15:55:48.0807 2624	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:55:48.0823 2624	WebClient - ok
15:55:48.0885 2624	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:55:48.0885 2624	Wecsvc - ok
15:55:48.0916 2624	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:55:48.0932 2624	wercplsupport - ok
15:55:49.0025 2624	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:55:49.0025 2624	WerSvc - ok
15:55:49.0103 2624	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:55:49.0103 2624	WfpLwf - ok
15:55:49.0150 2624	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:55:49.0150 2624	WIMMount - ok
15:55:49.0166 2624	WinDefend - ok
15:55:49.0166 2624	WinHttpAutoProxySvc - ok
15:55:49.0244 2624	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:55:49.0244 2624	Winmgmt - ok
15:55:49.0369 2624	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:55:49.0400 2624	WinRM - ok
15:55:49.0493 2624	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:55:49.0493 2624	WinUsb - ok
15:55:49.0540 2624	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:55:49.0556 2624	Wlansvc - ok
15:55:49.0665 2624	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:55:49.0665 2624	WmiAcpi - ok
15:55:49.0727 2624	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:55:49.0727 2624	wmiApSrv - ok
15:55:49.0759 2624	WMPNetworkSvc - ok
15:55:49.0821 2624	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:55:49.0821 2624	WPCSvc - ok
15:55:49.0868 2624	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:55:49.0868 2624	WPDBusEnum - ok
15:55:49.0993 2624	wpsnwkcs        (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\wpsnwkcs.sys
15:55:49.0993 2624	wpsnwkcs - ok
15:55:50.0024 2624	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:55:50.0024 2624	ws2ifsl - ok
15:55:50.0102 2624	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:55:50.0102 2624	wscsvc - ok
15:55:50.0102 2624	WSearch - ok
15:55:50.0211 2624	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:55:50.0242 2624	wuauserv - ok
15:55:50.0351 2624	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:55:50.0351 2624	WudfPf - ok
15:55:50.0383 2624	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:55:50.0383 2624	WUDFRd - ok
15:55:50.0476 2624	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:55:50.0476 2624	wudfsvc - ok
15:55:50.0507 2624	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:55:50.0523 2624	WwanSvc - ok
15:55:50.0601 2624	yukonw7         (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
15:55:50.0601 2624	yukonw7 - ok
15:55:50.0679 2624	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:55:50.0851 2624	\Device\Harddisk0\DR0 - ok
15:55:50.0851 2624	Boot (0x1200)   (63a9f81904866df5d46ca81628bf281f) \Device\Harddisk0\DR0\Partition0
15:55:50.0851 2624	\Device\Harddisk0\DR0\Partition0 - ok
15:55:50.0882 2624	Boot (0x1200)   (52e966cea2b7678b7caffd7475f9c64d) \Device\Harddisk0\DR0\Partition1
15:55:50.0882 2624	\Device\Harddisk0\DR0\Partition1 - ok
15:55:50.0913 2624	Boot (0x1200)   (a4525b2cb799c0c568d50d420b9df666) \Device\Harddisk0\DR0\Partition2
15:55:50.0913 2624	\Device\Harddisk0\DR0\Partition2 - ok
15:55:50.0913 2624	============================================================
15:55:50.0913 2624	Scan finished
15:55:50.0913 2624	============================================================
15:55:50.0913 2616	Detected object count: 0
15:55:50.0913 2616	Actual detected object count: 0
15:56:02.0395 2584	Deinitialize success

29.03.2012, 15:03	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	System Check Virus - Verknüpfungen weg! Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ --> System Check Virus - Verknüpfungen weg!

30.03.2012, 17:06	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	System Check Virus - Verknüpfungen weg! Die liegen normalerweise direkt auf C: __________________ Logfiles bitte immer in CODE-Tags posten

System Check Virus - Verknüpfungen weg!

Plagegeister aller Art und deren Bekämpfung: System Check Virus - Verknüpfungen weg!