Hijack.StartPage und startsear.ch / wie entfernen??

hessebub75 · 03.06.2012, 15:12

Hallo!

Ich habe das Problem, dass die Startseite in Firefox und IE geändert werden.

Nach diversen gelesenen Beiträgen hab ich mir wohl die im Betreff genannte combo eingefangen...

Malwarebytes habe ich bereits angewendet (siehe Anlage).

Könnt Ihr mir bitte helfen?
lg

cosinus · 05.06.2012, 15:11

Hat das einen besonderen Grund, dass du reinen Text in eine PDF gießen musst?

Das ist doch ein völlig unnötiger Arbetsschritt und Zeitverschwendung, poste den reinen Text hier einfach in den Beitrag!

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

hessebub75 · 06.06.2012, 00:45

Sry, bin neu hier im Forum und dachte mit der .pdf das hätte ich bei den Regeln gelesen...
Danke schon mal für die Antwort!

Code:

ATTFilter

 
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.05.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Crank :: CRANK-PC [Administrator]

Schutz: Aktiviert

05.06.2012 23:01:58
mbam-log-2012-06-06 (00-17-22).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 402579
Laufzeit: 50 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1&cf=43efe122-75d9-11e1-bdfb-f04da25ee1b3) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a4ad4390c6b5694c8cd09520894f938f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-05 11:43:03
# local_time=2012-06-06 01:43:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 19350111 19350111 0 0
# compatibility_mode=5893 16776574 100 94 29230471 90564908 0 0
# compatibility_mode=8192 67108863 100 0 108 108 0 0
# scanned=191594
# found=0
# cleaned=0
# scan_time=4725

cosinus · 06.06.2012, 11:54

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

hessebub75 · 06.06.2012, 12:22

Ich habe eigentlich soweit keine Probleme mit Windows... Und hab auch nicht gesichert gestartet. Immer ganz normal.

Der böse Torjaner ändert nur immer die Startseite, wenn ich den IE benutze, oder auch Firefox!

Im Startmenü vermisse ich nichts, schaut soweit alles normal aus. Es kommt nur immer eine Meldung, dass versucht wurde die Startseite zu ändern, rechts unten als Pop-Up. Bevor ich den IE gestartet habe.

lg

cosinus · 06.06.2012, 14:36

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

hessebub75 · 07.06.2012, 12:44

Bekomme eine Fehlermeldung:

"List index out of bounds(21)"

?!

cosinus · 07.06.2012, 15:17

Bitte nochmal probieren, notfall im abgesicherten Modus

hessebub75 · 07.06.2012, 16:39

Hat auf dem Desktop doch was abgelegt

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.06.2012 13:51:16 - Run 1
OTL by OldTimer - Version 3.2.46.2     Folder = C:\Users\XXX\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,74 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 49,17% Memory free
7,48 Gb Paging File | 5,25 Gb Available in Paging File | 70,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,07 Gb Total Space | 339,43 Gb Free Space | 75,25% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.07 13:11:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Crank\Desktop\OTL.exe
PRC - [2012.06.02 12:43:51 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.20 22:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.02.15 18:56:52 | 000,147,784 | ---- | M] () -- C:\Program Files (x86)\Browsers Protector\regmon32.exe
PRC - [2012.01.24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012.01.23 16:27:24 | 000,939,872 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012.01.12 00:10:50 | 000,132,608 | ---- | M] (Marx Softwareentwicklung - www.software4u.de) -- C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IPELauncher.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010.09.24 11:21:20 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010.08.25 13:24:20 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.04.27 19:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.01.28 15:53:54 | 000,453,120 | R--- | M] () -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
PRC - [2009.12.29 17:35:50 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2007.04.13 08:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.26 11:14:16 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll
MOD - [2012.05.26 11:05:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.26 11:04:47 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\79b487ba3d893f59ce7e697d06721dd0\System.Windows.Forms.ni.dll
MOD - [2012.05.26 11:04:41 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1dce8ad4aa93ed395af726c0e510846e\System.Drawing.ni.dll
MOD - [2012.05.26 11:04:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.26 11:04:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.26 11:04:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.26 11:04:22 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.26 11:04:14 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.23 03:56:50 | 000,441,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll
MOD - [2012.05.23 03:56:49 | 003,922,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012.05.23 03:55:35 | 000,553,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\libglesv2.dll
MOD - [2012.05.23 03:55:33 | 000,117,784 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\libegl.dll
MOD - [2012.05.23 03:55:24 | 000,134,696 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012.05.23 03:55:23 | 000,250,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
MOD - [2012.05.23 03:55:21 | 002,375,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2012.05.23 03:06:23 | 008,743,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
MOD - [2012.02.15 18:56:52 | 000,147,784 | ---- | M] () -- C:\Program Files (x86)\Browsers Protector\regmon32.exe
MOD - [2012.01.23 16:27:24 | 000,939,872 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012.01.12 00:10:50 | 000,308,224 | ---- | M] () -- C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IDeviceLib.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011.01.13 21:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011.01.13 21:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2011.01.13 21:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2011.01.13 21:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2011.01.13 21:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011.01.13 21:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2011.01.13 21:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.09.24 11:21:20 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010.08.26 02:43:00 | 000,010,856 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV - [2012.06.03 15:44:16 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.04.01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.11.29 11:42:56 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.08.25 13:24:20 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.05 11:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010.03.05 11:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2010.03.05 11:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.01.28 15:53:54 | 000,453,120 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2009.12.29 17:35:50 | 000,083,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2009.11.17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.11.02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007.04.13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.10.07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011.09.13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.08.19 17:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011.08.08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.07.11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011.07.11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.07.11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.07.11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.08.26 02:43:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010.08.24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010.08.20 12:05:18 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010.08.20 12:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010.07.28 15:10:40 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.07.02 02:46:58 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.06.22 04:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.06.21 03:45:54 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.06.18 11:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010.05.31 13:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010.04.27 18:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 18:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.03.26 16:03:20 | 000,160,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.26 17:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.11.02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.08.28 10:33:48 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006.11.01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011.08.19 17:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=43efe122-75d9-11e1-bdfb-f04da25ee1b3&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1&cf=43efe122-75d9-11e1-bdfb-f04da25ee1b3
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D EA CF E0 E9 9A CB 01  [binary data]
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\..\SearchScopes\{41F9AD21-C90D-43BC-8A23-9FEE4FD5CAA7}: "URL" = hxxp://isearch.avg.com/search?cid={8576F1D3-6958-45D7-B43C-B451BE5E5C56}&mid=bd552dcb3f1147d68e902104e4ba0840-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=en&ds=AVG&pr=fr&d=2011-10-26 01:24:32&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\..\SearchScopes\{893E3B0B-F2E3-4AE3-BF77-D2809CE64E95}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=DC196B61-45E2-4F2C-8091-CAD20F1B207A&apn_sauid=43FC34C4-08F2-4455-A247-C4BB683A7AA2
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=43efe122-75d9-11e1-bdfb-f04da25ee1b3&q={searchTerms}
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=1&cf=43efe122-75d9-11e1-bdfb-f04da25ee1b3"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Be9e096c3-a1ef-4651-906e-16dd0e7b503e%7D&mid=bd552dcb3f1147d68e902104e4ba0840-b602d594afd2b0b327e07a06f36ca6a7e42546d0&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-26%2001%3A24%3A32&sap=ku&q="
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.01.31 22:20:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012.01.23 16:27:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.02 12:44:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.02 12:43:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.03 14:08:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.02 12:43:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2011.12.24 09:37:53 | 000,000,000 | ---D | M]
 
[2011.02.07 23:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crank\AppData\Roaming\mozilla\Extensions
[2011.02.07 23:26:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crank\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.03 14:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions
[2012.06.03 14:32:53 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.01.05 00:38:27 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2012.01.09 20:49:03 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.01.23 17:20:04 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.01.05 00:38:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.09 13:02:29 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\engine@conduit.com
[2011.07.29 23:02:18 | 000,002,333 | ---- | M] () -- C:\Users\Crank\AppData\Roaming\Mozilla\Firefox\Profiles\zuxg5vah.default\searchplugins\askcom.xml
[2012.03.24 19:46:35 | 000,000,792 | ---- | M] () -- C:\Users\Crank\AppData\Roaming\Mozilla\Firefox\Profiles\zuxg5vah.default\searchplugins\startsear.xml
[2012.03.24 19:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.03.24 19:46:45 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{5e8788a9-beec-1623-5854-c8887c6bff97}
[2011.03.09 21:03:47 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.01.31 22:20:52 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2012.01.23 16:27:30 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7
[2012.06.02 12:44:17 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012.06.03 14:03:52 | 000,084,697 | ---- | M] () (No name found) -- C:\USERS\CRANK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZUXG5VAH.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2012.01.09 20:49:03 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\CRANK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZUXG5VAH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.06 22:04:02 | 000,044,883 | ---- | M] () (No name found) -- C:\USERS\CRANK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZUXG5VAH.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
[2011.08.29 20:32:26 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\CRANK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZUXG5VAH.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012.02.06 22:04:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.02 12:44:02 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012.02.06 22:03:58 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.23 16:27:24 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.02.06 22:03:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.06 22:03:58 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.06 22:03:58 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.06 22:03:58 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.06 22:03:58 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Crank\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: StartSearch Video plug-in (Enabled) = C:\Users\Crank\AppData\Local\Google\Chrome\User Data\Default\Extensions\bildoibdboopgomcbiplincneeicgipj\1.3_0\chvsharetvplg.dll
CHR - plugin: StartSearch Video plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Crank\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Crank\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.0.0.6907_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Crank\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\Crank\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Extension = C:\Users\Crank\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.0.0.6907_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Programme\WOT\WOT.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Programme\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-48129393-636560758-4197299864-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Programme\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-48129393-636560758-4197299864-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-48129393-636560758-4197299864-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Browsers Protector] C:\Program Files (x86)\Browsers Protector\regmon32.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-48129393-636560758-4197299864-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-48129393-636560758-4197299864-1000..\Run: [iDevice Manager Launcher] C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de)
O4 - HKU\S-1-5-21-48129393-636560758-4197299864-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-48129393-636560758-4197299864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Crank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Crank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{700177AE-DB7B-45B0-94A6-AFCF97A716B0}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Programme\WOT\WOT.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2c3234fa-5926-11e0-99c5-f04da25ee1b3}\Shell - "" = AutoRun
O33 - MountPoints2\{2c3234fa-5926-11e0-99c5-f04da25ee1b3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2c323500-5926-11e0-99c5-f04da25ee1b3}\Shell - "" = AutoRun
O33 - MountPoints2\{2c323500-5926-11e0-99c5-f04da25ee1b3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{49e46911-06d7-11e0-9dd2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{49e46911-06d7-11e0-9dd2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoRcd.exe
O33 - MountPoints2\{d3defa78-7597-11e0-8e5b-f04da25ee1b3}\Shell - "" = AutoRun
O33 - MountPoints2\{d3defa78-7597-11e0-8e5b-f04da25ee1b3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.07 13:11:15 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Crank\Desktop\OTL.exe
[2012.06.06 00:22:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.03 15:32:58 | 000,000,000 | ---D | C] -- C:\Users\Crank\AppData\Roaming\Malwarebytes
[2012.06.03 15:32:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.03 15:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.03 15:32:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.03 15:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.03 14:10:27 | 009,491,560 | ---- | C] (McAfee Inc.) -- C:\Users\Crank\Desktop\stinger(1).exe
[2012.06.02 20:15:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012.06.02 14:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012.06.02 14:42:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2012.06.02 14:42:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2012.06.02 14:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2012.06.02 14:42:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0305030.001
[2012.06.02 14:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.06.02 14:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.06.02 14:42:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012.06.02 12:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012.06.02 12:43:56 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.06.02 12:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012.06.02 12:42:43 | 000,000,000 | ---D | C] -- C:\Users\Crank\AppData\Local\Real
[2012.05.10 23:05:27 | 000,000,000 | ---D | C] -- C:\Users\Crank\AppData\Local\{EA7F49F7-7857-4ADB-8562-A6E5C1766F91}
[2012.05.10 23:05:15 | 000,000,000 | ---D | C] -- C:\Users\Crank\AppData\Local\{52CF112B-B45D-435F-BE51-E88101DA3FB8}
[2012.05.10 22:46:59 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.05.10 22:45:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.05.10 22:44:39 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[12 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.07 13:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.07 13:23:06 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.06.07 13:11:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Crank\Desktop\OTL.exe
[2012.06.07 13:09:16 | 000,020,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.07 13:09:16 | 000,020,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.07 13:07:45 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.07 13:06:02 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.07 13:06:02 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.07 13:06:02 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.07 13:06:02 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.07 13:06:02 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.07 13:05:23 | 099,938,241 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.06.07 13:01:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.07 13:01:07 | 3010,695,168 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.06 00:56:07 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.04 23:32:14 | 000,000,039 | RH-- | M] () -- C:\Users\Crank\Desktop\stinger(1).opt
[2012.06.04 20:08:42 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.06.03 18:33:24 | 000,000,448 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Crank.job
[2012.06.03 16:05:06 | 000,014,772 | ---- | M] () -- C:\Users\Crank\Documents\mbam-log-2012-06-03 (15-33-25).pdf
[2012.06.03 16:04:45 | 000,014,300 | ---- | M] () -- C:\Users\Crank\Documents\mbam-log-2012-06-03 (15-42-04).pdf
[2012.06.03 15:32:50 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.03 14:10:28 | 009,491,560 | ---- | M] (McAfee Inc.) -- C:\Users\Crank\Desktop\stinger(1).exe
[2012.06.03 14:10:16 | 000,000,039 | RH-- | M] () -- C:\Users\Crank\Desktop\stinger.opt
[2012.06.03 14:03:02 | 000,001,245 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2012.06.02 14:42:14 | 000,001,295 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2012.06.02 12:44:26 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.06.02 12:43:56 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.05.28 19:53:59 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.05.26 11:03:28 | 000,289,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.10 22:54:03 | 000,015,537 | ---- | M] () -- C:\Users\Crank\Documents\Barmenia - Zusatz - Zahn - Kostenerstattung 05_2012.odt
[2012.05.10 22:48:48 | 000,015,027 | ---- | M] () -- C:\Users\Crank\Documents\BRIEFVORLAGE.odt
[12 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.04 23:32:14 | 000,000,039 | RH-- | C] () -- C:\Users\Crank\Desktop\stinger(1).opt
[2012.06.03 16:05:09 | 000,014,772 | ---- | C] () -- C:\Users\Crank\Documents\mbam-log-2012-06-03 (15-33-25).pdf
[2012.06.03 16:04:49 | 000,014,300 | ---- | C] () -- C:\Users\Crank\Documents\mbam-log-2012-06-03 (15-42-04).pdf
[2012.06.03 15:32:50 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.03 15:21:41 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.02 14:42:15 | 000,000,448 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Crank.job
[2012.06.02 14:42:14 | 000,001,295 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2012.06.02 14:42:12 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0305030.001\isolate.ini
[2012.06.02 12:44:26 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.05.10 22:49:27 | 000,015,537 | ---- | C] () -- C:\Users\Crank\Documents\Barmenia - Zusatz - Zahn - Kostenerstattung 05_2012.odt
[2012.05.10 22:45:55 | 000,001,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.05.10 22:45:40 | 000,001,334 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.05.10 22:45:26 | 000,001,450 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.05.10 22:45:13 | 000,002,446 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.03.24 19:46:47 | 000,075,045 | ---- | C] () -- C:\Windows\SysWow64\a142f42c.exe
[2011.08.29 20:47:37 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.02.07 23:26:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.01.25 23:40:41 | 000,007,736 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.01.10 22:07:03 | 000,017,408 | ---- | C] () -- C:\Users\Crank\AppData\Local\WebpageIcons.db
[2011.01.10 22:04:42 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.01.10 22:04:42 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2011.01.10 22:04:42 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2011.01.04 23:43:23 | 000,099,548 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.12.14 21:26:03 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.08.25 20:34:30 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.08.25 20:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.08.25 20:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
 
========== LOP Check ==========
 
[2011.10.30 21:23:07 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Amazon
[2011.10.26 01:23:42 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\AVG2012
[2011.09.01 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Canneverbe Limited
[2011.01.14 19:35:01 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Canon
[2011.01.10 22:17:50 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\concept design
[2012.02.13 18:12:15 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\digital publishing
[2011.05.10 09:28:44 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\DiskAid
[2012.03.24 20:50:56 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\DVDVideoSoft
[2011.01.05 00:38:05 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.19 16:21:45 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\elsterformular
[2011.03.21 14:02:45 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\IrfanView
[2011.12.21 20:16:25 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Jens Lorek
[2010.12.27 20:31:28 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Leadertech
[2012.01.23 18:14:00 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\My Games
[2010.12.15 21:08:41 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\OpenOffice.org
[2010.12.15 21:29:40 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\PCDr
[2012.01.24 14:47:37 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\PhotoScape
[2012.01.24 18:58:28 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\redsn0w
[2012.05.28 09:56:26 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Software4u
[2011.02.07 23:26:45 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Thunderbird
[2010.12.16 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Windows Live Writer
[2012.05.28 19:53:59 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.01.02 22:47:20 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.07 13:23:06 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.18 15:33:46 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Adobe
[2011.10.30 21:23:07 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Amazon
[2011.12.04 00:10:07 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Apple Computer
[2011.10.26 01:23:42 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\AVG2012
[2011.09.01 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Canneverbe Limited
[2011.01.14 19:35:01 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Canon
[2011.01.10 22:17:50 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\concept design
[2011.05.26 23:47:46 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Dell
[2012.02.13 18:12:15 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\digital publishing
[2011.05.10 09:28:44 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\DiskAid
[2012.03.24 20:50:56 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\DVDVideoSoft
[2011.01.05 00:38:05 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.19 16:21:45 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\elsterformular
[2010.12.13 18:43:52 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Identities
[2010.12.13 18:58:10 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\InstallShield
[2010.12.14 07:42:38 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Intel
[2010.12.13 18:59:46 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Intel Corporation
[2011.03.21 14:02:45 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\IrfanView
[2011.12.21 20:16:25 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Jens Lorek
[2010.12.27 20:31:28 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Leadertech
[2010.12.27 20:30:26 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Logishrd
[2010.12.27 20:31:32 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Logitech
[2010.12.14 08:31:21 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Macromedia
[2012.06.03 15:32:58 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Media Center Programs
[2011.02.07 23:07:29 | 000,000,000 | --SD | M] -- C:\Users\Crank\AppData\Roaming\Microsoft
[2010.12.13 19:31:41 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Mozilla
[2012.01.23 18:14:00 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\My Games
[2010.12.15 21:08:41 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\OpenOffice.org
[2010.12.15 21:29:40 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\PCDr
[2012.01.24 14:47:37 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\PhotoScape
[2012.06.02 12:44:40 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Real
[2012.01.24 18:58:28 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\redsn0w
[2010.12.13 20:14:18 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Roxio Log Files
[2012.02.15 14:47:07 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Skype
[2012.02.15 13:08:08 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\skypePM
[2012.05.28 09:56:26 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Software4u
[2011.02.07 23:26:45 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Thunderbird
[2011.01.10 19:57:44 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\vlc
[2010.12.16 14:14:37 | 000,000,000 | ---D | M] -- C:\Users\Crank\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2011.02.26 12:59:09 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Crank\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.05.26 09:17:38 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Crank\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\rnupgagent.exe
[2012.05.26 12:18:08 | 028,087,744 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Crank\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_data\RealPlayer_de.exe
[2012.05.26 12:17:45 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Crank\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_exe\RealPlayer_de.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.03.03 20:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\dell\drivers\R263958\f6flpy-x86\iaStor.sys
[2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\dell\drivers\R263958\f6flpy-x64\iaStor.sys
[2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

--- --- ---

cosinus · 07.06.2012, 20:47

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=43efe122-75d9-11e1-bdfb-f04da25ee1b3&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=43efe122-75d9-11e1-bdfb-f04da25ee1b3
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D EA CF E0 E9 9A CB 01  [binary data]
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\..\SearchScopes\{41F9AD21-C90D-43BC-8A23-9FEE4FD5CAA7}: "URL" = http://isearch.avg.com/search?cid={8576F1D3-6958-45D7-B43C-B451BE5E5C56}&mid=bd552dcb3f1147d68e902104e4ba0840-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=en&ds=AVG&pr=fr&d=2011-10-26 01:24:32&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\..\SearchScopes\{893E3B0B-F2E3-4AE3-BF77-D2809CE64E95}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=DC196B61-45E2-4F2C-8091-CAD20F1B207A&apn_sauid=43FC34C4-08F2-4455-A247-C4BB683A7AA2
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=43efe122-75d9-11e1-bdfb-f04da25ee1b3&q={searchTerms}
IE - HKU\S-1-5-21-48129393-636560758-4197299864-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
FF - prefs.js..browser.startup.homepage: "http://startsear.ch/?aff=1&cf=43efe122-75d9-11e1-bdfb-f04da25ee1b3"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Be9e096c3-a1ef-4651-906e-16dd0e7b503e%7D&mid=bd552dcb3f1147d68e902104e4ba0840-b602d594afd2b0b327e07a06f36ca6a7e42546d0&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-26%2001%3A24%3A32&sap=ku&q="
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - user.js - File not found
[2012.01.09 20:49:03 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.09 13:02:29 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\engine@conduit.com
[2011.07.29 23:02:18 | 000,002,333 | ---- | M] () -- C:\Users\Crank\AppData\Roaming\Mozilla\Firefox\Profiles\zuxg5vah.default\searchplugins\askcom.xml
[2012.03.24 19:46:35 | 000,000,792 | ---- | M] () -- C:\Users\Crank\AppData\Roaming\Mozilla\Firefox\Profiles\zuxg5vah.default\searchplugins\startsear.xml
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-48129393-636560758-4197299864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2c3234fa-5926-11e0-99c5-f04da25ee1b3}\Shell - "" = AutoRun
O33 - MountPoints2\{2c3234fa-5926-11e0-99c5-f04da25ee1b3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2c323500-5926-11e0-99c5-f04da25ee1b3}\Shell - "" = AutoRun
O33 - MountPoints2\{2c323500-5926-11e0-99c5-f04da25ee1b3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{49e46911-06d7-11e0-9dd2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{49e46911-06d7-11e0-9dd2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoRcd.exe
O33 - MountPoints2\{d3defa78-7597-11e0-8e5b-f04da25ee1b3}\Shell - "" = AutoRun
O33 - MountPoints2\{d3defa78-7597-11e0-8e5b-f04da25ee1b3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
:Files
C:\Windows\SysWow64\a142f42c.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

hessebub75 · 07.06.2012, 21:27

hm.... offensichtlich hat alles gefunzt. Allerdings ging nach dem Neustart wieder dieses Pop-Up rechts unten auf, dass versucht wurde, die Startseite zu ändern... Habe seit Eröffnung dieses Themas den IE nicht wieder gestartet... Arbeite momentan nur mit Chrome.

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files (x86)\DVDVideoSoftTB\tbDVD0.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-48129393-636560758-4197299864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-48129393-636560758-4197299864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-48129393-636560758-4197299864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-48129393-636560758-4197299864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-48129393-636560758-4197299864-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\tbDVD0.dll not found.
HKEY_USERS\S-1-5-21-48129393-636560758-4197299864-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-48129393-636560758-4197299864-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-48129393-636560758-4197299864-1000\Software\Microsoft\Internet Explorer\SearchScopes\{41F9AD21-C90D-43BC-8A23-9FEE4FD5CAA7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41F9AD21-C90D-43BC-8A23-9FEE4FD5CAA7}\ not found.
Registry key HKEY_USERS\S-1-5-21-48129393-636560758-4197299864-1000\Software\Microsoft\Internet Explorer\SearchScopes\{893E3B0B-F2E3-4AE3-BF77-D2809CE64E95}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{893E3B0B-F2E3-4AE3-BF77-D2809CE64E95}\ not found.
Registry key HKEY_USERS\S-1-5-21-48129393-636560758-4197299864-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-48129393-636560758-4197299864-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "hxxp://startsear.ch/?aff=1&cf=43efe122-75d9-11e1-bdfb-f04da25ee1b3" removed from browser.startup.homepage
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "hxxp://isearch.avg.com/search?cid=%7Be9e096c3-a1ef-4651-906e-16dd0e7b503e%7D&mid=bd552dcb3f1147d68e902104e4ba0840-b602d594afd2b0b327e07a06f36ca6a7e42546d0&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2011-10-26%2001%3A24%3A32&sap=ku&q=" removed from keyword.URL
Prefs.js: "Web Search" removed from browser.search.defaultenginename
C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Crank\AppData\Roaming\mozilla\Firefox\Profiles\zuxg5vah.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Crank\AppData\Roaming\Mozilla\Firefox\Profiles\zuxg5vah.default\searchplugins\askcom.xml moved successfully.
C:\Users\Crank\AppData\Roaming\Mozilla\Firefox\Profiles\zuxg5vah.default\searchplugins\startsear.xml moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-48129393-636560758-4197299864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c3234fa-5926-11e0-99c5-f04da25ee1b3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c3234fa-5926-11e0-99c5-f04da25ee1b3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c3234fa-5926-11e0-99c5-f04da25ee1b3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c3234fa-5926-11e0-99c5-f04da25ee1b3}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c323500-5926-11e0-99c5-f04da25ee1b3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c323500-5926-11e0-99c5-f04da25ee1b3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c323500-5926-11e0-99c5-f04da25ee1b3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c323500-5926-11e0-99c5-f04da25ee1b3}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49e46911-06d7-11e0-9dd2-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49e46911-06d7-11e0-9dd2-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49e46911-06d7-11e0-9dd2-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49e46911-06d7-11e0-9dd2-806e6f6e6963}\ not found.
File D:\autoRcd.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3defa78-7597-11e0-8e5b-f04da25ee1b3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3defa78-7597-11e0-8e5b-f04da25ee1b3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3defa78-7597-11e0-8e5b-f04da25ee1b3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3defa78-7597-11e0-8e5b-f04da25ee1b3}\ not found.
File E:\AutoRun.exe not found.
========== FILES ==========
C:\Windows\SysWow64\a142f42c.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Crank
->Temp folder emptied: 187695 bytes
->Temporary Internet Files folder emptied: 12168318 bytes
->Java cache emptied: 4466439 bytes
->FireFox cache emptied: 44974267 bytes
->Google Chrome cache emptied: 404567034 bytes
->Flash cache emptied: 3111 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 7822944 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1010 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 23582 bytes
 
Total Files Cleaned = 452,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: AppData
 
User: Crank
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.46.2 log created on 06072012_221852

Files\Folders moved on Reboot...
C:\Users\Crank\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 07.06.2012, 22:05

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

hessebub75 · 10.06.2012, 15:48

So, weiter gehts:

Code:

ATTFilter

 16:43:18.0404 3824	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
16:43:18.0638 3824	============================================================
16:43:18.0638 3824	Current date / time: 2012/06/10 16:43:18.0638
16:43:18.0638 3824	SystemInfo:
16:43:18.0638 3824	
16:43:18.0638 3824	OS Version: 6.1.7601 ServicePack: 1.0
16:43:18.0638 3824	Product type: Workstation
16:43:18.0638 3824	ComputerName: XXX-PC
16:43:18.0638 3824	UserName: XXX
16:43:18.0638 3824	Windows directory: C:\Windows
16:43:18.0638 3824	System windows directory: C:\Windows
16:43:18.0638 3824	Running under WOW64
16:43:18.0638 3824	Processor architecture: Intel x64
16:43:18.0638 3824	Number of processors: 4
16:43:18.0638 3824	Page size: 0x1000
16:43:18.0638 3824	Boot type: Normal boot
16:43:18.0638 3824	============================================================
16:43:19.0059 3824	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:43:19.0059 3824	============================================================
16:43:19.0059 3824	\Device\Harddisk0\DR0:
16:43:19.0059 3824	MBR partitions:
16:43:19.0059 3824	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
16:43:19.0059 3824	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625800
16:43:19.0059 3824	============================================================
16:43:19.0074 3824	C: <-> \Device\Harddisk0\DR0\Partition1
16:43:19.0074 3824	============================================================
16:43:19.0074 3824	Initialize success
16:43:19.0074 3824	============================================================
16:43:52.0232 4888	============================================================
16:43:52.0232 4888	Scan started
16:43:52.0232 4888	Mode: Manual; SigCheck; TDLFS; 
16:43:52.0232 4888	============================================================
16:43:52.0529 4888	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:43:52.0700 4888	1394ohci - ok
16:43:52.0747 4888	Acceler         (7a505465bbb1eb8b5ad4d76e8749383b) C:\Windows\system32\DRIVERS\Accelern.sys
16:43:52.0794 4888	Acceler - ok
16:43:52.0841 4888	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:43:52.0872 4888	ACPI - ok
16:43:52.0888 4888	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:43:52.0981 4888	AcpiPmi - ok
16:43:53.0137 4888	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:43:53.0137 4888	AdobeARMservice - ok
16:43:53.0246 4888	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:43:53.0262 4888	AdobeFlashPlayerUpdateSvc - ok
16:43:53.0324 4888	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:43:53.0356 4888	adp94xx - ok
16:43:53.0387 4888	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:43:53.0418 4888	adpahci - ok
16:43:53.0434 4888	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:43:53.0449 4888	adpu320 - ok
16:43:53.0480 4888	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:43:53.0605 4888	AeLookupSvc - ok
16:43:53.0668 4888	AERTFilters     (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
16:43:53.0668 4888	AERTFilters - ok
16:43:53.0730 4888	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:43:53.0808 4888	AFD - ok
16:43:53.0855 4888	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:43:53.0870 4888	agp440 - ok
16:43:53.0902 4888	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:43:53.0980 4888	ALG - ok
16:43:54.0011 4888	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:43:54.0026 4888	aliide - ok
16:43:54.0073 4888	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:43:54.0089 4888	amdide - ok
16:43:54.0136 4888	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:43:54.0198 4888	AmdK8 - ok
16:43:54.0229 4888	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:43:54.0245 4888	AmdPPM - ok
16:43:54.0292 4888	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:43:54.0323 4888	amdsata - ok
16:43:54.0370 4888	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:43:54.0401 4888	amdsbs - ok
16:43:54.0432 4888	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:43:54.0448 4888	amdxata - ok
16:43:54.0526 4888	AnyDVD          (2c4a05fcef72ef614dcd11d0872498c9) C:\Windows\system32\Drivers\AnyDVD.sys
16:43:54.0541 4888	AnyDVD - ok
16:43:54.0588 4888	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:43:54.0775 4888	AppID - ok
16:43:54.0806 4888	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:43:54.0900 4888	AppIDSvc - ok
16:43:54.0931 4888	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:43:54.0994 4888	Appinfo - ok
16:43:55.0134 4888	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:43:55.0150 4888	Apple Mobile Device - ok
16:43:55.0196 4888	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:43:55.0196 4888	arc - ok
16:43:55.0212 4888	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:43:55.0228 4888	arcsas - ok
16:43:55.0259 4888	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:43:55.0337 4888	AsyncMac - ok
16:43:55.0384 4888	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:43:55.0399 4888	atapi - ok
16:43:55.0477 4888	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:43:55.0602 4888	AudioEndpointBuilder - ok
16:43:55.0602 4888	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:43:55.0649 4888	AudioSrv - ok
16:43:55.0976 4888	AVGIDSAgent     (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
16:43:56.0039 4888	AVGIDSAgent - ok
16:43:56.0164 4888	AVGIDSDriver    (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
16:43:56.0179 4888	AVGIDSDriver - ok
16:43:56.0210 4888	AVGIDSEH        (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
16:43:56.0226 4888	AVGIDSEH - ok
16:43:56.0242 4888	AVGIDSFilter    (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
16:43:56.0257 4888	AVGIDSFilter - ok
16:43:56.0288 4888	Avgldx64        (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
16:43:56.0320 4888	Avgldx64 - ok
16:43:56.0351 4888	Avgmfx64        (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
16:43:56.0366 4888	Avgmfx64 - ok
16:43:56.0398 4888	Avgrkx64        (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
16:43:56.0413 4888	Avgrkx64 - ok
16:43:56.0460 4888	Avgtdia         (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
16:43:56.0491 4888	Avgtdia - ok
16:43:56.0585 4888	avgwd           (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
16:43:56.0616 4888	avgwd - ok
16:43:56.0678 4888	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:43:56.0803 4888	AxInstSV - ok
16:43:56.0850 4888	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:43:56.0912 4888	b06bdrv - ok
16:43:56.0959 4888	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:43:57.0022 4888	b57nd60a - ok
16:43:57.0131 4888	BBSvc           (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
16:43:57.0162 4888	BBSvc - ok
16:43:57.0209 4888	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:43:57.0271 4888	BDESVC - ok
16:43:57.0302 4888	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:43:57.0380 4888	Beep - ok
16:43:57.0474 4888	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:43:57.0552 4888	BFE - ok
16:43:57.0614 4888	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:43:57.0724 4888	BITS - ok
16:43:57.0786 4888	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:43:57.0817 4888	blbdrive - ok
16:43:57.0926 4888	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:43:57.0958 4888	Bonjour Service - ok
16:43:58.0020 4888	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:43:58.0051 4888	bowser - ok
16:43:58.0082 4888	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:43:58.0145 4888	BrFiltLo - ok
16:43:58.0160 4888	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:43:58.0176 4888	BrFiltUp - ok
16:43:58.0223 4888	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:43:58.0316 4888	Browser - ok
16:43:58.0332 4888	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:43:58.0394 4888	Brserid - ok
16:43:58.0410 4888	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:43:58.0441 4888	BrSerWdm - ok
16:43:58.0457 4888	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:43:58.0472 4888	BrUsbMdm - ok
16:43:58.0488 4888	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:43:58.0504 4888	BrUsbSer - ok
16:43:58.0582 4888	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:43:58.0644 4888	BthEnum - ok
16:43:58.0644 4888	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:43:58.0691 4888	BTHMODEM - ok
16:43:58.0753 4888	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:43:58.0800 4888	BthPan - ok
16:43:58.0894 4888	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:43:58.0956 4888	BTHPORT - ok
16:43:58.0987 4888	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:43:59.0050 4888	bthserv - ok
16:43:59.0081 4888	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:43:59.0112 4888	BTHUSB - ok
16:43:59.0159 4888	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:43:59.0221 4888	cdfs - ok
16:43:59.0284 4888	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:43:59.0315 4888	cdrom - ok
16:43:59.0377 4888	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:43:59.0440 4888	CertPropSvc - ok
16:43:59.0486 4888	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:43:59.0502 4888	circlass - ok
16:43:59.0533 4888	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:43:59.0580 4888	CLFS - ok
16:43:59.0627 4888	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:43:59.0658 4888	clr_optimization_v2.0.50727_32 - ok
16:43:59.0720 4888	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:43:59.0736 4888	clr_optimization_v2.0.50727_64 - ok
16:43:59.0783 4888	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:43:59.0798 4888	clr_optimization_v4.0.30319_32 - ok
16:43:59.0830 4888	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:43:59.0861 4888	clr_optimization_v4.0.30319_64 - ok
16:43:59.0876 4888	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:43:59.0923 4888	CmBatt - ok
16:43:59.0970 4888	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:43:59.0986 4888	cmdide - ok
16:44:00.0032 4888	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:44:00.0064 4888	CNG - ok
16:44:00.0095 4888	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:44:00.0110 4888	Compbatt - ok
16:44:00.0142 4888	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:44:00.0173 4888	CompositeBus - ok
16:44:00.0188 4888	COMSysApp - ok
16:44:00.0188 4888	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:44:00.0204 4888	crcdisk - ok
16:44:00.0266 4888	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:44:00.0344 4888	CryptSvc - ok
16:44:00.0407 4888	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:44:00.0469 4888	DcomLaunch - ok
16:44:00.0516 4888	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:44:00.0594 4888	defragsvc - ok
16:44:00.0625 4888	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:44:00.0703 4888	DfsC - ok
16:44:00.0750 4888	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:44:00.0812 4888	Dhcp - ok
16:44:00.0844 4888	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:44:00.0875 4888	discache - ok
16:44:00.0906 4888	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:44:00.0922 4888	Disk - ok
16:44:00.0968 4888	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:44:01.0031 4888	Dnscache - ok
16:44:01.0078 4888	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:44:01.0187 4888	dot3svc - ok
16:44:01.0234 4888	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:44:01.0312 4888	DPS - ok
16:44:01.0343 4888	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:44:01.0390 4888	drmkaud - ok
16:44:01.0468 4888	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:44:01.0514 4888	DXGKrnl - ok
16:44:01.0561 4888	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:44:01.0639 4888	EapHost - ok
16:44:01.0858 4888	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:44:01.0951 4888	ebdrv - ok
16:44:02.0045 4888	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:44:02.0107 4888	EFS - ok
16:44:02.0201 4888	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:44:02.0294 4888	ehRecvr - ok
16:44:02.0326 4888	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:44:02.0388 4888	ehSched - ok
16:44:02.0450 4888	ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
16:44:02.0466 4888	ElbyCDIO - ok
16:44:02.0528 4888	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:44:02.0575 4888	elxstor - ok
16:44:02.0606 4888	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:44:02.0638 4888	ErrDev - ok
16:44:02.0700 4888	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:44:02.0762 4888	EventSystem - ok
16:44:02.0903 4888	EvtEng          (b56d9602db5fe1c116b1ca5efd8e2e50) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:44:02.0981 4888	EvtEng - ok
16:44:03.0059 4888	ewusbnet - ok
16:44:03.0106 4888	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:44:03.0184 4888	exfat - ok
16:44:03.0215 4888	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:44:03.0277 4888	fastfat - ok
16:44:03.0355 4888	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:44:03.0418 4888	Fax - ok
16:44:03.0433 4888	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:44:03.0464 4888	fdc - ok
16:44:03.0480 4888	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:44:03.0542 4888	fdPHost - ok
16:44:03.0589 4888	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:44:03.0652 4888	FDResPub - ok
16:44:03.0698 4888	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:44:03.0730 4888	FileInfo - ok
16:44:03.0730 4888	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:44:03.0792 4888	Filetrace - ok
16:44:03.0823 4888	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:44:03.0870 4888	flpydisk - ok
16:44:03.0917 4888	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:44:03.0948 4888	FltMgr - ok
16:44:04.0026 4888	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:44:04.0120 4888	FontCache - ok
16:44:04.0182 4888	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:44:04.0198 4888	FontCache3.0.0.0 - ok
16:44:04.0244 4888	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:44:04.0260 4888	FsDepends - ok
16:44:04.0322 4888	fssfltr         (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
16:44:04.0338 4888	fssfltr - ok
16:44:04.0494 4888	fsssvc          (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:44:04.0556 4888	fsssvc - ok
16:44:04.0666 4888	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:44:04.0681 4888	Fs_Rec - ok
16:44:04.0728 4888	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:44:04.0775 4888	fvevol - ok
16:44:04.0790 4888	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:44:04.0806 4888	gagp30kx - ok
16:44:04.0837 4888	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:44:04.0853 4888	GEARAspiWDM - ok
16:44:04.0915 4888	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:44:05.0024 4888	gpsvc - ok
16:44:05.0165 4888	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:44:05.0180 4888	gupdate - ok
16:44:05.0212 4888	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:44:05.0212 4888	gupdatem - ok
16:44:05.0258 4888	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:44:05.0274 4888	gusvc - ok
16:44:05.0321 4888	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:44:05.0383 4888	hcw85cir - ok
16:44:05.0430 4888	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:44:05.0477 4888	HdAudAddService - ok
16:44:05.0539 4888	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:44:05.0602 4888	HDAudBus - ok
16:44:05.0602 4888	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:44:05.0633 4888	HidBatt - ok
16:44:05.0664 4888	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:44:05.0726 4888	HidBth - ok
16:44:05.0742 4888	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:44:05.0773 4888	HidIr - ok
16:44:05.0804 4888	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:44:05.0867 4888	hidserv - ok
16:44:05.0882 4888	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:44:05.0898 4888	HidUsb - ok
16:44:05.0929 4888	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:44:06.0038 4888	hkmsvc - ok
16:44:06.0085 4888	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:44:06.0116 4888	HomeGroupListener - ok
16:44:06.0163 4888	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:44:06.0226 4888	HomeGroupProvider - ok
16:44:06.0288 4888	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:44:06.0304 4888	HpSAMD - ok
16:44:06.0413 4888	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:44:06.0522 4888	HTTP - ok
16:44:06.0569 4888	hwdatacard - ok
16:44:06.0584 4888	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:44:06.0600 4888	hwpolicy - ok
16:44:06.0616 4888	hwusbdev - ok
16:44:06.0647 4888	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:44:06.0662 4888	i8042prt - ok
16:44:06.0772 4888	iaStor          (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
16:44:06.0787 4888	iaStor - ok
16:44:06.0881 4888	IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:44:06.0881 4888	IAStorDataMgrSvc - ok
16:44:06.0943 4888	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:44:06.0990 4888	iaStorV - ok
16:44:07.0115 4888	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:44:07.0162 4888	idsvc - ok
16:44:07.0739 4888	igfx            (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:44:08.0020 4888	igfx - ok
16:44:08.0129 4888	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:44:08.0144 4888	iirsp - ok
16:44:08.0254 4888	IJPLMSVC        (51516252dbbfed36f70b341dba263167) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
16:44:08.0285 4888	IJPLMSVC ( UnsignedFile.Multi.Generic ) - warning
16:44:08.0285 4888	IJPLMSVC - detected UnsignedFile.Multi.Generic (1)
16:44:08.0363 4888	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:44:08.0472 4888	IKEEXT - ok
16:44:08.0519 4888	Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
16:44:08.0581 4888	Impcd - ok
16:44:08.0753 4888	IntcAzAudAddService (f61d360072b67f5667765a2534b672d6) C:\Windows\system32\drivers\RTKVHD64.sys
16:44:08.0800 4888	IntcAzAudAddService - ok
16:44:08.0924 4888	IntcDAud        (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
16:44:08.0987 4888	IntcDAud - ok
16:44:09.0018 4888	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:44:09.0049 4888	intelide - ok
16:44:09.0080 4888	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:44:09.0127 4888	intelppm - ok
16:44:09.0158 4888	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:44:09.0221 4888	IPBusEnum - ok
16:44:09.0268 4888	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:44:09.0330 4888	IpFilterDriver - ok
16:44:09.0408 4888	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:44:09.0470 4888	iphlpsvc - ok
16:44:09.0502 4888	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:44:09.0533 4888	IPMIDRV - ok
16:44:09.0564 4888	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:44:09.0626 4888	IPNAT - ok
16:44:09.0767 4888	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
16:44:09.0782 4888	iPod Service - ok
16:44:09.0798 4888	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:44:09.0907 4888	IRENUM - ok
16:44:09.0938 4888	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:44:09.0954 4888	isapnp - ok
16:44:10.0001 4888	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:44:10.0032 4888	iScsiPrt - ok
16:44:10.0094 4888	JMCR            (3926c8c55a2cd2c94888be39b4beb629) C:\Windows\system32\DRIVERS\jmcr.sys
16:44:10.0110 4888	JMCR - ok
16:44:10.0141 4888	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:44:10.0157 4888	kbdclass - ok
16:44:10.0172 4888	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:44:10.0204 4888	kbdhid - ok
16:44:10.0235 4888	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:44:10.0250 4888	KeyIso - ok
16:44:10.0250 4888	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:44:10.0266 4888	KSecDD - ok
16:44:10.0297 4888	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:44:10.0313 4888	KSecPkg - ok
16:44:10.0344 4888	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:44:10.0406 4888	ksthunk - ok
16:44:10.0453 4888	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:44:10.0547 4888	KtmRm - ok
16:44:10.0609 4888	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:44:10.0687 4888	LanmanServer - ok
16:44:10.0734 4888	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:44:10.0781 4888	LanmanWorkstation - ok
16:44:10.0890 4888	LBTServ         (4adc135f525d38a498f83b089228cc2d) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
16:44:10.0921 4888	LBTServ - ok
16:44:10.0968 4888	LHidFilt        (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:44:10.0984 4888	LHidFilt - ok
16:44:11.0015 4888	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:44:11.0062 4888	lltdio - ok
16:44:11.0093 4888	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:44:11.0186 4888	lltdsvc - ok
16:44:11.0218 4888	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:44:11.0264 4888	lmhosts - ok
16:44:11.0280 4888	LMouFilt        (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:44:11.0296 4888	LMouFilt - ok
16:44:11.0327 4888	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:44:11.0342 4888	LSI_FC - ok
16:44:11.0374 4888	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:44:11.0389 4888	LSI_SAS - ok
16:44:11.0389 4888	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:44:11.0405 4888	LSI_SAS2 - ok
16:44:11.0420 4888	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:44:11.0436 4888	LSI_SCSI - ok
16:44:11.0467 4888	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:44:11.0514 4888	luafv - ok
16:44:11.0561 4888	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
16:44:11.0576 4888	MBAMProtector - ok
16:44:11.0701 4888	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:44:11.0732 4888	MBAMService - ok
16:44:11.0779 4888	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:44:11.0826 4888	Mcx2Svc - ok
16:44:11.0842 4888	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:44:11.0857 4888	megasas - ok
16:44:11.0904 4888	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:44:11.0951 4888	MegaSR - ok
16:44:11.0966 4888	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:44:12.0013 4888	MMCSS - ok
16:44:12.0029 4888	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:44:12.0060 4888	Modem - ok
16:44:12.0076 4888	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:44:12.0107 4888	monitor - ok
16:44:12.0154 4888	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:44:12.0185 4888	mouclass - ok
16:44:12.0216 4888	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:44:12.0232 4888	mouhid - ok
16:44:12.0263 4888	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:44:12.0278 4888	mountmgr - ok
16:44:12.0310 4888	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:44:12.0341 4888	mpio - ok
16:44:12.0356 4888	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:44:12.0403 4888	mpsdrv - ok
16:44:12.0481 4888	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:44:12.0575 4888	MpsSvc - ok
16:44:12.0622 4888	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:44:12.0668 4888	MRxDAV - ok
16:44:12.0700 4888	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:44:12.0762 4888	mrxsmb - ok
16:44:12.0793 4888	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:44:12.0840 4888	mrxsmb10 - ok
16:44:12.0887 4888	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:44:12.0902 4888	mrxsmb20 - ok
16:44:12.0934 4888	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:44:12.0934 4888	msahci - ok
16:44:12.0965 4888	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:44:12.0996 4888	msdsm - ok
16:44:13.0012 4888	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:44:13.0074 4888	MSDTC - ok
16:44:13.0105 4888	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:44:13.0152 4888	Msfs - ok
16:44:13.0168 4888	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:44:13.0214 4888	mshidkmdf - ok
16:44:13.0246 4888	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:44:13.0246 4888	msisadrv - ok
16:44:13.0292 4888	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:44:13.0386 4888	MSiSCSI - ok
16:44:13.0386 4888	msiserver - ok
16:44:13.0417 4888	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:44:13.0480 4888	MSKSSRV - ok
16:44:13.0511 4888	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:44:13.0558 4888	MSPCLOCK - ok
16:44:13.0558 4888	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:44:13.0620 4888	MSPQM - ok
16:44:13.0667 4888	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:44:13.0714 4888	MsRPC - ok
16:44:13.0729 4888	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:44:13.0745 4888	mssmbios - ok
16:44:13.0760 4888	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:44:13.0823 4888	MSTEE - ok
16:44:13.0854 4888	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:44:13.0854 4888	MTConfig - ok
16:44:13.0885 4888	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:44:13.0901 4888	Mup - ok
16:44:13.0994 4888	MyWiFiDHCPDNS   (a9bc2302fbdf52c8af4e2fc966288d21) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:44:14.0026 4888	MyWiFiDHCPDNS - ok
16:44:14.0057 4888	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:44:14.0135 4888	napagent - ok
16:44:14.0197 4888	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:44:14.0260 4888	NativeWifiP - ok
16:44:14.0416 4888	NAUpdate        (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
16:44:14.0447 4888	NAUpdate - ok
16:44:14.0540 4888	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:44:14.0587 4888	NDIS - ok
16:44:14.0603 4888	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:44:14.0634 4888	NdisCap - ok
16:44:14.0665 4888	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:44:14.0712 4888	NdisTapi - ok
16:44:14.0759 4888	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:44:14.0837 4888	Ndisuio - ok
16:44:14.0884 4888	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:44:14.0962 4888	NdisWan - ok
16:44:15.0008 4888	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:44:15.0086 4888	NDProxy - ok
16:44:15.0118 4888	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:44:15.0196 4888	NetBIOS - ok
16:44:15.0242 4888	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:44:15.0320 4888	NetBT - ok
16:44:15.0352 4888	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:44:15.0367 4888	Netlogon - ok
16:44:15.0430 4888	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:44:15.0523 4888	Netman - ok
16:44:15.0570 4888	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:44:15.0679 4888	netprofm - ok
16:44:15.0757 4888	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:44:15.0773 4888	NetTcpPortSharing - ok
16:44:16.0194 4888	NETw5s64        (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
16:44:16.0412 4888	NETw5s64 - ok
16:44:16.0522 4888	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:44:16.0553 4888	nfrd960 - ok
16:44:16.0600 4888	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:44:16.0693 4888	NlaSvc - ok
16:44:16.0787 4888	nosGetPlusHelper (431ada51e9d032f533548688ce5a2a24) C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
16:44:16.0802 4888	nosGetPlusHelper - ok
16:44:16.0818 4888	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:44:16.0865 4888	Npfs - ok
16:44:16.0896 4888	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:44:16.0943 4888	nsi - ok
16:44:16.0974 4888	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:44:17.0021 4888	nsiproxy - ok
16:44:17.0146 4888	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:44:17.0224 4888	Ntfs - ok
16:44:17.0302 4888	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:44:17.0364 4888	Null - ok
16:44:17.0395 4888	nusb3hub        (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
16:44:17.0411 4888	nusb3hub - ok
16:44:17.0426 4888	nusb3xhc        (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
16:44:17.0426 4888	nusb3xhc - ok
16:44:17.0473 4888	NVHDA           (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
16:44:17.0504 4888	NVHDA - ok
16:44:18.0144 4888	nvlddmkm        (536d174cb5cd021906e6035f40993493) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:44:18.0440 4888	nvlddmkm - ok
16:44:18.0550 4888	nvpciflt        (1ca55b50dbf7559ecc4f0f036edc29ec) C:\Windows\system32\DRIVERS\nvpciflt.sys
16:44:18.0565 4888	nvpciflt - ok
16:44:18.0596 4888	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:44:18.0628 4888	nvraid - ok
16:44:18.0659 4888	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:44:18.0674 4888	nvstor - ok
16:44:18.0706 4888	nvsvc           (2c800281a92d5ab221b54df2d8b1a27d) C:\Windows\system32\nvvsvc.exe
16:44:18.0737 4888	nvsvc - ok
16:44:18.0784 4888	NvtlService     (2664f84dbb5904fef141b8d914a17c39) C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
16:44:18.0815 4888	NvtlService ( UnsignedFile.Multi.Generic ) - warning
16:44:18.0815 4888	NvtlService - detected UnsignedFile.Multi.Generic (1)
16:44:18.0877 4888	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:44:18.0908 4888	nv_agp - ok
16:44:18.0940 4888	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:44:18.0971 4888	ohci1394 - ok
16:44:19.0002 4888	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:44:19.0080 4888	p2pimsvc - ok
16:44:19.0127 4888	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:44:19.0158 4888	p2psvc - ok
16:44:19.0189 4888	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:44:19.0205 4888	Parport - ok
16:44:19.0236 4888	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:44:19.0252 4888	partmgr - ok
16:44:19.0267 4888	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:44:19.0330 4888	PcaSvc - ok
16:44:19.0361 4888	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:44:19.0392 4888	pci - ok
16:44:19.0408 4888	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:44:19.0423 4888	pciide - ok
16:44:19.0439 4888	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:44:19.0470 4888	pcmcia - ok
16:44:19.0486 4888	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:44:19.0501 4888	pcw - ok
16:44:19.0548 4888	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:44:19.0657 4888	PEAUTH - ok
16:44:19.0751 4888	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:44:19.0798 4888	PerfHost - ok
16:44:19.0907 4888	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:44:20.0000 4888	pla - ok
16:44:20.0047 4888	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:44:20.0094 4888	PlugPlay - ok
16:44:20.0125 4888	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:44:20.0156 4888	PNRPAutoReg - ok
16:44:20.0188 4888	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:44:20.0203 4888	PNRPsvc - ok
16:44:20.0250 4888	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:44:20.0344 4888	PolicyAgent - ok
16:44:20.0375 4888	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:44:20.0437 4888	Power - ok
16:44:20.0515 4888	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:44:20.0593 4888	PptpMiniport - ok
16:44:20.0624 4888	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:44:20.0671 4888	Processor - ok
16:44:20.0718 4888	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:44:20.0796 4888	ProfSvc - ok
16:44:20.0827 4888	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:44:20.0843 4888	ProtectedStorage - ok
16:44:20.0890 4888	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:44:20.0952 4888	Psched - ok
16:44:20.0983 4888	qicflt          (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
16:44:20.0983 4888	qicflt - ok
16:44:21.0077 4888	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:44:21.0139 4888	ql2300 - ok
16:44:21.0233 4888	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:44:21.0248 4888	ql40xx - ok
16:44:21.0295 4888	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:44:21.0358 4888	QWAVE - ok
16:44:21.0389 4888	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:44:21.0420 4888	QWAVEdrv - ok
16:44:21.0436 4888	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:44:21.0498 4888	RasAcd - ok
16:44:21.0529 4888	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:44:21.0560 4888	RasAgileVpn - ok
16:44:21.0592 4888	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:44:21.0654 4888	RasAuto - ok
16:44:21.0685 4888	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:44:21.0763 4888	Rasl2tp - ok
16:44:21.0826 4888	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:44:21.0904 4888	RasMan - ok
16:44:21.0919 4888	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:44:21.0950 4888	RasPppoe - ok
16:44:21.0982 4888	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:44:22.0044 4888	RasSstp - ok
16:44:22.0075 4888	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:44:22.0153 4888	rdbss - ok
16:44:22.0184 4888	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:44:22.0200 4888	rdpbus - ok
16:44:22.0216 4888	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:44:22.0294 4888	RDPCDD - ok
16:44:22.0325 4888	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:44:22.0403 4888	RDPENCDD - ok
16:44:22.0418 4888	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:44:22.0450 4888	RDPREFMP - ok
16:44:22.0481 4888	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:44:22.0528 4888	RDPWD - ok
16:44:22.0559 4888	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:44:22.0590 4888	rdyboost - ok
16:44:22.0730 4888	RegSrvc         (0aa473966357c4a41b5eb19649eb6e5e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:44:22.0777 4888	RegSrvc - ok
16:44:22.0808 4888	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:44:22.0886 4888	RemoteAccess - ok
16:44:22.0902 4888	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:44:22.0980 4888	RemoteRegistry - ok
16:44:23.0042 4888	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:44:23.0105 4888	RFCOMM - ok
16:44:23.0120 4888	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:44:23.0183 4888	RpcEptMapper - ok
16:44:23.0183 4888	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:44:23.0198 4888	RpcLocator - ok
16:44:23.0261 4888	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:44:23.0308 4888	RpcSs - ok
16:44:23.0339 4888	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:44:23.0401 4888	rspndr - ok
16:44:23.0448 4888	RTL8167         (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:44:23.0479 4888	RTL8167 - ok
16:44:23.0510 4888	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:44:23.0510 4888	SamSs - ok
16:44:23.0542 4888	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:44:23.0557 4888	sbp2port - ok
16:44:23.0588 4888	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:44:23.0651 4888	SCardSvr - ok
16:44:23.0682 4888	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:44:23.0744 4888	scfilter - ok
16:44:23.0838 4888	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:44:23.0916 4888	Schedule - ok
16:44:23.0947 4888	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:44:23.0978 4888	SCPolicySvc - ok
16:44:24.0025 4888	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:44:24.0088 4888	SDRSVC - ok
16:44:24.0212 4888	SeaPort         (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
16:44:24.0244 4888	SeaPort - ok
16:44:24.0290 4888	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:44:24.0368 4888	secdrv - ok
16:44:24.0384 4888	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:44:24.0431 4888	seclogon - ok
16:44:24.0446 4888	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:44:24.0493 4888	SENS - ok
16:44:24.0509 4888	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:44:24.0540 4888	SensrSvc - ok
16:44:24.0556 4888	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:44:24.0571 4888	Serenum - ok
16:44:24.0587 4888	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:44:24.0618 4888	Serial - ok
16:44:24.0634 4888	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:44:24.0649 4888	sermouse - ok
16:44:24.0696 4888	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:44:24.0774 4888	SessionEnv - ok
16:44:24.0805 4888	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:44:24.0868 4888	sffdisk - ok
16:44:24.0883 4888	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:44:24.0914 4888	sffp_mmc - ok
16:44:24.0946 4888	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:44:24.0992 4888	sffp_sd - ok
16:44:25.0008 4888	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:44:25.0024 4888	sfloppy - ok
16:44:25.0070 4888	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:44:25.0148 4888	SharedAccess - ok
16:44:25.0211 4888	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:44:25.0304 4888	ShellHWDetection - ok
16:44:25.0336 4888	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:44:25.0336 4888	SiSRaid2 - ok
16:44:25.0351 4888	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:44:25.0367 4888	SiSRaid4 - ok
16:44:25.0398 4888	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:44:25.0445 4888	Smb - ok
16:44:25.0476 4888	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:44:25.0507 4888	SNMPTRAP - ok
16:44:25.0523 4888	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:44:25.0538 4888	spldr - ok
16:44:25.0585 4888	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:44:25.0648 4888	Spooler - ok
16:44:25.0850 4888	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:44:25.0976 4888	sppsvc - ok
16:44:26.0054 4888	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:44:26.0132 4888	sppuinotify - ok
16:44:26.0210 4888	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:44:26.0273 4888	srv - ok
16:44:26.0351 4888	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:44:26.0397 4888	srv2 - ok
16:44:26.0429 4888	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:44:26.0460 4888	srvnet - ok
16:44:26.0507 4888	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:44:26.0600 4888	SSDPSRV - ok
16:44:26.0616 4888	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:44:26.0663 4888	SstpSvc - ok
16:44:26.0678 4888	stdcfltn        (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
16:44:26.0694 4888	stdcfltn - ok
16:44:26.0787 4888	Stereo Service  (66f60d8a26b665ec9d8d2f07addef22d) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:44:26.0819 4888	Stereo Service - ok
16:44:26.0850 4888	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:44:26.0850 4888	stexstor - ok
16:44:26.0897 4888	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
16:44:26.0928 4888	StillCam - ok
16:44:26.0990 4888	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:44:27.0053 4888	stisvc - ok
16:44:27.0068 4888	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:44:27.0084 4888	swenum - ok
16:44:27.0115 4888	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:44:27.0209 4888	swprv - ok
16:44:27.0271 4888	SynTP           (8f63178d1db81bb79270ae55ecdd8321) C:\Windows\system32\DRIVERS\SynTP.sys
16:44:27.0287 4888	SynTP - ok
16:44:27.0411 4888	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:44:27.0505 4888	SysMain - ok
16:44:27.0630 4888	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:44:27.0661 4888	TabletInputService - ok
16:44:27.0708 4888	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:44:27.0801 4888	TapiSrv - ok
16:44:27.0833 4888	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:44:27.0911 4888	TBS - ok
16:44:28.0067 4888	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:44:28.0145 4888	Tcpip - ok
16:44:28.0347 4888	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:44:28.0379 4888	TCPIP6 - ok
16:44:28.0503 4888	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:44:28.0550 4888	tcpipreg - ok
16:44:28.0566 4888	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:44:28.0581 4888	TDPIPE - ok
16:44:28.0613 4888	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:44:28.0659 4888	TDTCP - ok
16:44:28.0706 4888	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:44:28.0784 4888	tdx - ok
16:44:28.0831 4888	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:44:28.0847 4888	TermDD - ok
16:44:28.0893 4888	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:44:28.0971 4888	TermService - ok
16:44:28.0987 4888	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:44:29.0003 4888	Themes - ok
16:44:29.0018 4888	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:44:29.0049 4888	THREADORDER - ok
16:44:29.0081 4888	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:44:29.0112 4888	TrkWks - ok
16:44:29.0159 4888	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:44:29.0237 4888	TrustedInstaller - ok
16:44:29.0268 4888	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:44:29.0299 4888	tssecsrv - ok
16:44:29.0346 4888	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:44:29.0377 4888	TsUsbFlt - ok
16:44:29.0439 4888	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:44:29.0517 4888	tunnel - ok
16:44:29.0564 4888	TurboB          (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
16:44:29.0580 4888	TurboB - ok
16:44:29.0627 4888	TurboBoost      (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
16:44:29.0642 4888	TurboBoost - ok
16:44:29.0658 4888	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:44:29.0673 4888	uagp35 - ok
16:44:29.0720 4888	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:44:29.0814 4888	udfs - ok
16:44:29.0845 4888	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:44:29.0861 4888	UI0Detect - ok
16:44:29.0892 4888	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:44:29.0907 4888	uliagpkx - ok
16:44:29.0939 4888	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:44:29.0954 4888	umbus - ok
16:44:29.0970 4888	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:44:30.0001 4888	UmPass - ok
16:44:30.0032 4888	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:44:30.0126 4888	upnphost - ok
16:44:30.0173 4888	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:44:30.0235 4888	USBAAPL64 - ok
16:44:30.0266 4888	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:44:30.0329 4888	usbccgp - ok
16:44:30.0375 4888	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:44:30.0407 4888	usbcir - ok
16:44:30.0438 4888	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:44:30.0469 4888	usbehci - ok
16:44:30.0531 4888	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:44:30.0563 4888	usbhub - ok
16:44:30.0594 4888	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:44:30.0625 4888	usbohci - ok
16:44:30.0672 4888	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:44:30.0703 4888	usbprint - ok
16:44:30.0750 4888	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:44:30.0765 4888	usbscan - ok
16:44:30.0797 4888	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:44:30.0859 4888	USBSTOR - ok
16:44:30.0890 4888	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:44:30.0937 4888	usbuhci - ok
16:44:30.0984 4888	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:44:31.0031 4888	usbvideo - ok
16:44:31.0046 4888	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:44:31.0109 4888	UxSms - ok
16:44:31.0140 4888	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:44:31.0171 4888	VaultSvc - ok
16:44:31.0202 4888	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:44:31.0218 4888	vdrvroot - ok
16:44:31.0280 4888	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:44:31.0374 4888	vds - ok
16:44:31.0405 4888	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:44:31.0421 4888	vga - ok
16:44:31.0436 4888	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:44:31.0483 4888	VgaSave - ok
16:44:31.0514 4888	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:44:31.0545 4888	vhdmp - ok
16:44:31.0577 4888	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:44:31.0608 4888	viaide - ok
16:44:31.0639 4888	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:44:31.0655 4888	volmgr - ok
16:44:31.0701 4888	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:44:31.0733 4888	volmgrx - ok
16:44:31.0779 4888	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:44:31.0811 4888	volsnap - ok
16:44:31.0842 4888	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:44:31.0873 4888	vsmraid - ok
16:44:31.0983 4888	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:44:32.0092 4888	VSS - ok
16:44:32.0202 4888	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:44:32.0217 4888	vwifibus - ok
16:44:32.0233 4888	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:44:32.0248 4888	vwififlt - ok
16:44:32.0264 4888	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:44:32.0295 4888	vwifimp - ok
16:44:32.0326 4888	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:44:32.0389 4888	W32Time - ok
16:44:32.0404 4888	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:44:32.0436 4888	WacomPen - ok
16:44:32.0498 4888	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:44:32.0560 4888	WANARP - ok
16:44:32.0560 4888	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:44:32.0607 4888	Wanarpv6 - ok
16:44:32.0716 4888	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:44:32.0794 4888	wbengine - ok
16:44:32.0888 4888	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:44:32.0935 4888	WbioSrvc - ok
16:44:32.0997 4888	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:44:33.0060 4888	wcncsvc - ok
16:44:33.0091 4888	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:44:33.0122 4888	WcsPlugInService - ok
16:44:33.0153 4888	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:44:33.0169 4888	Wd - ok
16:44:33.0216 4888	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:44:33.0278 4888	Wdf01000 - ok
16:44:33.0294 4888	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:44:33.0372 4888	WdiServiceHost - ok
16:44:33.0372 4888	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:44:33.0403 4888	WdiSystemHost - ok
16:44:33.0434 4888	wdkmd           (fe31110e39a0b11abae1ba43a2dc94f9) C:\Windows\system32\DRIVERS\WDKMD.sys
16:44:33.0434 4888	wdkmd - ok
16:44:33.0481 4888	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:44:33.0543 4888	WebClient - ok
16:44:33.0574 4888	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:44:33.0637 4888	Wecsvc - ok
16:44:33.0652 4888	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:44:33.0715 4888	wercplsupport - ok
16:44:33.0730 4888	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:44:33.0793 4888	WerSvc - ok
16:44:33.0840 4888	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:44:33.0871 4888	WfpLwf - ok
16:44:33.0918 4888	WimFltr         (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
16:44:33.0933 4888	WimFltr - ok
16:44:33.0964 4888	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:44:33.0980 4888	WIMMount - ok
16:44:34.0011 4888	WinDefend - ok
16:44:34.0011 4888	WinHttpAutoProxySvc - ok
16:44:34.0074 4888	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:44:34.0136 4888	Winmgmt - ok
16:44:34.0261 4888	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:44:34.0370 4888	WinRM - ok
16:44:34.0464 4888	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:44:34.0510 4888	WinUsb - ok
16:44:34.0588 4888	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:44:34.0635 4888	Wlansvc - ok
16:44:34.0744 4888	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:44:34.0760 4888	wlcrasvc - ok
16:44:34.0932 4888	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:44:34.0994 4888	wlidsvc - ok
16:44:35.0056 4888	WMCoreService - ok
16:44:35.0166 4888	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:44:35.0212 4888	WmiAcpi - ok
16:44:35.0275 4888	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:44:35.0322 4888	wmiApSrv - ok
16:44:35.0353 4888	WMPNetworkSvc - ok
16:44:35.0384 4888	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:44:35.0415 4888	WPCSvc - ok
16:44:35.0462 4888	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:44:35.0493 4888	WPDBusEnum - ok
16:44:35.0509 4888	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:44:35.0571 4888	ws2ifsl - ok
16:44:35.0602 4888	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:44:35.0649 4888	wscsvc - ok
16:44:35.0649 4888	WSearch - ok
16:44:35.0805 4888	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:44:35.0930 4888	wuauserv - ok
16:44:36.0039 4888	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:44:36.0102 4888	WudfPf - ok
16:44:36.0133 4888	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:44:36.0195 4888	WUDFRd - ok
16:44:36.0242 4888	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:44:36.0289 4888	wudfsvc - ok
16:44:36.0320 4888	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:44:36.0382 4888	WwanSvc - ok
16:44:36.0445 4888	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:44:36.0726 4888	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:44:36.0726 4888	\Device\Harddisk0\DR0 - detected TDSS File System (1)
16:44:36.0741 4888	Boot (0x1200)   (c27b706087c4eea52deea50c6cd520ab) \Device\Harddisk0\DR0\Partition0
16:44:36.0741 4888	\Device\Harddisk0\DR0\Partition0 - ok
16:44:36.0772 4888	Boot (0x1200)   (08445ab26373f39b7227cc49dfb0e625) \Device\Harddisk0\DR0\Partition1
16:44:36.0772 4888	\Device\Harddisk0\DR0\Partition1 - ok
16:44:36.0772 4888	============================================================
16:44:36.0772 4888	Scan finished
16:44:36.0772 4888	============================================================
16:44:36.0788 1840	Detected object count: 3
16:44:36.0788 1840	Actual detected object count: 3
16:45:03.0059 1840	IJPLMSVC ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:03.0059 1840	IJPLMSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:45:03.0074 1840	NvtlService ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:03.0074 1840	NvtlService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:45:03.0074 1840	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:45:03.0074 1840	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

cosinus · 10.06.2012, 16:47

Zitat:

\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Das TDSS File System bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

hessebub75 · 10.06.2012, 18:59

Code:

ATTFilter

 19:55:48.0742 5588	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
19:55:49.0522 5588	============================================================
19:55:49.0522 5588	Current date / time: 2012/06/10 19:55:49.0522
19:55:49.0522 5588	SystemInfo:
19:55:49.0522 5588	
19:55:49.0522 5588	OS Version: 6.1.7601 ServicePack: 1.0
19:55:49.0522 5588	Product type: Workstation
19:55:49.0538 5588	ComputerName: XXX-PC
19:55:49.0538 5588	UserName: XXX
19:55:49.0538 5588	Windows directory: C:\Windows
19:55:49.0538 5588	System windows directory: C:\Windows
19:55:49.0538 5588	Running under WOW64
19:55:49.0538 5588	Processor architecture: Intel x64
19:55:49.0538 5588	Number of processors: 4
19:55:49.0538 5588	Page size: 0x1000
19:55:49.0538 5588	Boot type: Normal boot
19:55:49.0538 5588	============================================================
19:55:51.0254 5588	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:55:51.0269 5588	============================================================
19:55:51.0269 5588	\Device\Harddisk0\DR0:
19:55:51.0269 5588	MBR partitions:
19:55:51.0269 5588	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
19:55:51.0269 5588	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625800
19:55:51.0269 5588	============================================================
19:55:51.0285 5588	C: <-> \Device\Harddisk0\DR0\Partition1
19:55:51.0285 5588	============================================================
19:55:51.0285 5588	Initialize success
19:55:51.0285 5588	============================================================
19:56:00.0863 3532	============================================================
19:56:00.0863 3532	Scan started
19:56:00.0863 3532	Mode: Manual; SigCheck; TDLFS; 
19:56:00.0863 3532	============================================================
19:56:01.0441 3532	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:56:01.0565 3532	1394ohci - ok
19:56:01.0597 3532	Acceler         (7a505465bbb1eb8b5ad4d76e8749383b) C:\Windows\system32\DRIVERS\Accelern.sys
19:56:01.0643 3532	Acceler - ok
19:56:01.0675 3532	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:56:01.0706 3532	ACPI - ok
19:56:01.0737 3532	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:56:01.0831 3532	AcpiPmi - ok
19:56:02.0018 3532	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:56:02.0033 3532	AdobeARMservice - ok
19:56:02.0158 3532	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:56:02.0189 3532	AdobeFlashPlayerUpdateSvc - ok
19:56:02.0236 3532	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:56:02.0283 3532	adp94xx - ok
19:56:02.0330 3532	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:56:02.0361 3532	adpahci - ok
19:56:02.0408 3532	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:56:02.0439 3532	adpu320 - ok
19:56:02.0470 3532	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:56:02.0626 3532	AeLookupSvc - ok
19:56:02.0689 3532	AERTFilters     (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
19:56:02.0704 3532	AERTFilters - ok
19:56:02.0782 3532	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:56:02.0876 3532	AFD - ok
19:56:02.0907 3532	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:56:02.0923 3532	agp440 - ok
19:56:02.0954 3532	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:56:03.0032 3532	ALG - ok
19:56:03.0063 3532	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:56:03.0079 3532	aliide - ok
19:56:03.0094 3532	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:56:03.0110 3532	amdide - ok
19:56:03.0141 3532	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:56:03.0219 3532	AmdK8 - ok
19:56:03.0219 3532	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:56:03.0281 3532	AmdPPM - ok
19:56:03.0328 3532	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:56:03.0344 3532	amdsata - ok
19:56:03.0391 3532	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:56:03.0422 3532	amdsbs - ok
19:56:03.0422 3532	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:56:03.0437 3532	amdxata - ok
19:56:03.0515 3532	AnyDVD          (2c4a05fcef72ef614dcd11d0872498c9) C:\Windows\system32\Drivers\AnyDVD.sys
19:56:03.0531 3532	AnyDVD - ok
19:56:03.0578 3532	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:56:03.0781 3532	AppID - ok
19:56:03.0812 3532	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:56:03.0890 3532	AppIDSvc - ok
19:56:03.0921 3532	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:56:03.0999 3532	Appinfo - ok
19:56:04.0108 3532	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:56:04.0124 3532	Apple Mobile Device - ok
19:56:04.0155 3532	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:56:04.0171 3532	arc - ok
19:56:04.0202 3532	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:56:04.0202 3532	arcsas - ok
19:56:04.0233 3532	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:56:04.0311 3532	AsyncMac - ok
19:56:04.0358 3532	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:56:04.0373 3532	atapi - ok
19:56:04.0451 3532	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:56:04.0561 3532	AudioEndpointBuilder - ok
19:56:04.0561 3532	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:56:04.0607 3532	AudioSrv - ok
19:56:04.0919 3532	AVGIDSAgent     (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
19:56:05.0060 3532	AVGIDSAgent - ok
19:56:05.0200 3532	AVGIDSDriver    (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
19:56:05.0216 3532	AVGIDSDriver - ok
19:56:05.0247 3532	AVGIDSEH        (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
19:56:05.0263 3532	AVGIDSEH - ok
19:56:05.0278 3532	AVGIDSFilter    (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
19:56:05.0294 3532	AVGIDSFilter - ok
19:56:05.0341 3532	Avgldx64        (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
19:56:05.0356 3532	Avgldx64 - ok
19:56:05.0387 3532	Avgmfx64        (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
19:56:05.0403 3532	Avgmfx64 - ok
19:56:05.0434 3532	Avgrkx64        (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
19:56:05.0434 3532	Avgrkx64 - ok
19:56:05.0481 3532	Avgtdia         (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
19:56:05.0512 3532	Avgtdia - ok
19:56:05.0621 3532	avgwd           (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
19:56:05.0653 3532	avgwd - ok
19:56:05.0699 3532	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:56:05.0809 3532	AxInstSV - ok
19:56:05.0855 3532	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:56:05.0933 3532	b06bdrv - ok
19:56:05.0980 3532	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:56:06.0058 3532	b57nd60a - ok
19:56:06.0152 3532	BBSvc           (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:56:06.0199 3532	BBSvc - ok
19:56:06.0245 3532	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:56:06.0308 3532	BDESVC - ok
19:56:06.0323 3532	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:56:06.0401 3532	Beep - ok
19:56:06.0495 3532	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:56:06.0573 3532	BFE - ok
19:56:06.0635 3532	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:56:06.0760 3532	BITS - ok
19:56:06.0807 3532	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:56:06.0854 3532	blbdrive - ok
19:56:06.0963 3532	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:56:06.0994 3532	Bonjour Service - ok
19:56:07.0057 3532	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:56:07.0088 3532	bowser - ok
19:56:07.0103 3532	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:56:07.0166 3532	BrFiltLo - ok
19:56:07.0197 3532	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:56:07.0213 3532	BrFiltUp - ok
19:56:07.0244 3532	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:56:07.0322 3532	Browser - ok
19:56:07.0369 3532	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:56:07.0447 3532	Brserid - ok
19:56:07.0462 3532	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:56:07.0509 3532	BrSerWdm - ok
19:56:07.0509 3532	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:56:07.0556 3532	BrUsbMdm - ok
19:56:07.0556 3532	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:56:07.0571 3532	BrUsbSer - ok
19:56:07.0634 3532	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
19:56:07.0712 3532	BthEnum - ok
19:56:07.0727 3532	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:56:07.0774 3532	BTHMODEM - ok
19:56:07.0821 3532	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:56:07.0868 3532	BthPan - ok
19:56:07.0946 3532	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
19:56:08.0008 3532	BTHPORT - ok
19:56:08.0055 3532	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:56:08.0102 3532	bthserv - ok
19:56:08.0117 3532	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
19:56:08.0164 3532	BTHUSB - ok
19:56:08.0211 3532	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:56:08.0289 3532	cdfs - ok
19:56:08.0336 3532	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:56:08.0367 3532	cdrom - ok
19:56:08.0398 3532	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:56:08.0476 3532	CertPropSvc - ok
19:56:08.0523 3532	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:56:08.0539 3532	circlass - ok
19:56:08.0585 3532	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:56:08.0617 3532	CLFS - ok
19:56:08.0695 3532	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:56:08.0710 3532	clr_optimization_v2.0.50727_32 - ok
19:56:08.0757 3532	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:56:08.0788 3532	clr_optimization_v2.0.50727_64 - ok
19:56:08.0866 3532	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:56:08.0929 3532	clr_optimization_v4.0.30319_32 - ok
19:56:08.0960 3532	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:56:08.0991 3532	clr_optimization_v4.0.30319_64 - ok
19:56:09.0007 3532	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:56:09.0053 3532	CmBatt - ok
19:56:09.0100 3532	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:56:09.0100 3532	cmdide - ok
19:56:09.0209 3532	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:56:09.0241 3532	CNG - ok
19:56:09.0319 3532	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:56:09.0334 3532	Compbatt - ok
19:56:09.0397 3532	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:56:09.0459 3532	CompositeBus - ok
19:56:09.0475 3532	COMSysApp - ok
19:56:09.0506 3532	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:56:09.0537 3532	crcdisk - ok
19:56:09.0709 3532	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:56:09.0802 3532	CryptSvc - ok
19:56:10.0083 3532	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:56:10.0161 3532	DcomLaunch - ok
19:56:10.0239 3532	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:56:10.0333 3532	defragsvc - ok
19:56:10.0379 3532	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:56:10.0473 3532	DfsC - ok
19:56:10.0535 3532	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:56:10.0613 3532	Dhcp - ok
19:56:10.0645 3532	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:56:10.0691 3532	discache - ok
19:56:10.0723 3532	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:56:10.0723 3532	Disk - ok
19:56:10.0769 3532	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:56:10.0832 3532	Dnscache - ok
19:56:10.0879 3532	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:56:10.0957 3532	dot3svc - ok
19:56:11.0019 3532	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:56:11.0081 3532	DPS - ok
19:56:11.0113 3532	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:56:11.0159 3532	drmkaud - ok
19:56:11.0253 3532	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:56:11.0284 3532	DXGKrnl - ok
19:56:11.0315 3532	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:56:11.0362 3532	EapHost - ok
19:56:11.0627 3532	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:56:11.0705 3532	ebdrv - ok
19:56:11.0815 3532	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:56:11.0893 3532	EFS - ok
19:56:12.0501 3532	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:56:12.0563 3532	ehRecvr - ok
19:56:12.0626 3532	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:56:12.0719 3532	ehSched - ok
19:56:12.0875 3532	ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
19:56:12.0891 3532	ElbyCDIO - ok
19:56:13.0031 3532	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:56:13.0078 3532	elxstor - ok
19:56:13.0109 3532	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:56:13.0156 3532	ErrDev - ok
19:56:13.0297 3532	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:56:13.0359 3532	EventSystem - ok
19:56:13.0655 3532	EvtEng          (b56d9602db5fe1c116b1ca5efd8e2e50) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:56:13.0687 3532	EvtEng - ok
19:56:13.0999 3532	ewusbnet - ok
19:56:14.0045 3532	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:56:14.0092 3532	exfat - ok
19:56:14.0186 3532	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:56:14.0248 3532	fastfat - ok
19:56:14.0342 3532	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:56:14.0389 3532	Fax - ok
19:56:14.0420 3532	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:56:14.0451 3532	fdc - ok
19:56:14.0482 3532	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:56:14.0529 3532	fdPHost - ok
19:56:14.0607 3532	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:56:14.0669 3532	FDResPub - ok
19:56:14.0701 3532	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:56:14.0716 3532	FileInfo - ok
19:56:14.0732 3532	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:56:14.0794 3532	Filetrace - ok
19:56:14.0825 3532	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:56:14.0857 3532	flpydisk - ok
19:56:14.0903 3532	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:56:14.0935 3532	FltMgr - ok
19:56:14.0997 3532	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:56:15.0075 3532	FontCache - ok
19:56:15.0153 3532	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:56:15.0153 3532	FontCache3.0.0.0 - ok
19:56:15.0200 3532	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:56:15.0215 3532	FsDepends - ok
19:56:15.0278 3532	fssfltr         (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
19:56:15.0278 3532	fssfltr - ok
19:56:15.0559 3532	fsssvc          (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:56:15.0715 3532	fsssvc - ok
19:56:15.0917 3532	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:56:15.0933 3532	Fs_Rec - ok
19:56:16.0011 3532	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:56:16.0042 3532	fvevol - ok
19:56:16.0089 3532	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:56:16.0105 3532	gagp30kx - ok
19:56:16.0136 3532	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:56:16.0151 3532	GEARAspiWDM - ok
19:56:16.0245 3532	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:56:16.0339 3532	gpsvc - ok
19:56:16.0448 3532	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:56:16.0479 3532	gupdate - ok
19:56:16.0495 3532	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:56:16.0510 3532	gupdatem - ok
19:56:16.0557 3532	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:56:16.0588 3532	gusvc - ok
19:56:16.0619 3532	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:56:16.0682 3532	hcw85cir - ok
19:56:16.0729 3532	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:56:16.0791 3532	HdAudAddService - ok
19:56:16.0807 3532	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:56:16.0853 3532	HDAudBus - ok
19:56:16.0853 3532	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:56:16.0916 3532	HidBatt - ok
19:56:17.0025 3532	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:56:17.0072 3532	HidBth - ok
19:56:17.0119 3532	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:56:17.0165 3532	HidIr - ok
19:56:17.0197 3532	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:56:17.0243 3532	hidserv - ok
19:56:17.0275 3532	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:56:17.0290 3532	HidUsb - ok
19:56:17.0337 3532	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:56:17.0431 3532	hkmsvc - ok
19:56:17.0727 3532	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:56:17.0789 3532	HomeGroupListener - ok
19:56:17.0821 3532	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:56:17.0883 3532	HomeGroupProvider - ok
19:56:17.0961 3532	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:56:17.0992 3532	HpSAMD - ok
19:56:18.0304 3532	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:56:18.0413 3532	HTTP - ok
19:56:18.0476 3532	hwdatacard - ok
19:56:18.0569 3532	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:56:18.0569 3532	hwpolicy - ok
19:56:18.0601 3532	hwusbdev - ok
19:56:18.0725 3532	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:56:18.0741 3532	i8042prt - ok
19:56:18.0788 3532	iaStor          (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
19:56:18.0819 3532	iaStor - ok
19:56:18.0881 3532	IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:56:18.0897 3532	IAStorDataMgrSvc - ok
19:56:18.0944 3532	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:56:18.0975 3532	iaStorV - ok
19:56:19.0318 3532	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:56:19.0349 3532	idsvc - ok
19:56:20.0535 3532	igfx            (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:56:20.0878 3532	igfx - ok
19:56:21.0081 3532	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:56:21.0112 3532	iirsp - ok
19:56:21.0237 3532	IJPLMSVC        (51516252dbbfed36f70b341dba263167) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
19:56:21.0268 3532	IJPLMSVC ( UnsignedFile.Multi.Generic ) - warning
19:56:21.0268 3532	IJPLMSVC - detected UnsignedFile.Multi.Generic (1)
19:56:21.0409 3532	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:56:21.0518 3532	IKEEXT - ok
19:56:21.0580 3532	Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
19:56:21.0658 3532	Impcd - ok
19:56:21.0986 3532	IntcAzAudAddService (f61d360072b67f5667765a2534b672d6) C:\Windows\system32\drivers\RTKVHD64.sys
19:56:22.0033 3532	IntcAzAudAddService - ok
19:56:22.0235 3532	IntcDAud        (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:56:22.0313 3532	IntcDAud - ok
19:56:22.0329 3532	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:56:22.0345 3532	intelide - ok
19:56:22.0376 3532	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:56:22.0423 3532	intelppm - ok
19:56:22.0469 3532	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:56:22.0532 3532	IPBusEnum - ok
19:56:22.0563 3532	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:56:22.0625 3532	IpFilterDriver - ok
19:56:22.0719 3532	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:56:22.0797 3532	iphlpsvc - ok
19:56:22.0813 3532	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:56:22.0828 3532	IPMIDRV - ok
19:56:22.0844 3532	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:56:22.0922 3532	IPNAT - ok
19:56:23.0047 3532	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
19:56:23.0093 3532	iPod Service - ok
19:56:23.0125 3532	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:56:23.0203 3532	IRENUM - ok
19:56:23.0234 3532	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:56:23.0249 3532	isapnp - ok
19:56:23.0296 3532	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:56:23.0327 3532	iScsiPrt - ok
19:56:23.0374 3532	JMCR            (3926c8c55a2cd2c94888be39b4beb629) C:\Windows\system32\DRIVERS\jmcr.sys
19:56:23.0390 3532	JMCR - ok
19:56:23.0421 3532	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:56:23.0437 3532	kbdclass - ok
19:56:23.0468 3532	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:56:23.0483 3532	kbdhid - ok
19:56:23.0515 3532	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:56:23.0530 3532	KeyIso - ok
19:56:23.0546 3532	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:56:23.0561 3532	KSecDD - ok
19:56:23.0577 3532	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:56:23.0608 3532	KSecPkg - ok
19:56:23.0624 3532	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:56:23.0686 3532	ksthunk - ok
19:56:23.0764 3532	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:56:23.0873 3532	KtmRm - ok
19:56:23.0967 3532	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:56:24.0061 3532	LanmanServer - ok
19:56:24.0107 3532	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:56:24.0185 3532	LanmanWorkstation - ok
19:56:24.0295 3532	LBTServ         (4adc135f525d38a498f83b089228cc2d) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:56:24.0326 3532	LBTServ - ok
19:56:24.0357 3532	LHidFilt        (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:56:24.0373 3532	LHidFilt - ok
19:56:24.0388 3532	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:56:24.0435 3532	lltdio - ok
19:56:24.0466 3532	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:56:24.0560 3532	lltdsvc - ok
19:56:24.0607 3532	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:56:24.0653 3532	lmhosts - ok
19:56:24.0669 3532	LMouFilt        (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:56:24.0685 3532	LMouFilt - ok
19:56:24.0716 3532	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:56:24.0731 3532	LSI_FC - ok
19:56:24.0747 3532	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:56:24.0747 3532	LSI_SAS - ok
19:56:24.0763 3532	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:56:24.0778 3532	LSI_SAS2 - ok
19:56:24.0794 3532	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:56:24.0809 3532	LSI_SCSI - ok
19:56:24.0841 3532	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:56:24.0887 3532	luafv - ok
19:56:24.0934 3532	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
19:56:24.0950 3532	MBAMProtector - ok
19:56:25.0075 3532	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:56:25.0121 3532	MBAMService - ok
19:56:25.0153 3532	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:56:25.0199 3532	Mcx2Svc - ok
19:56:25.0215 3532	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:56:25.0231 3532	megasas - ok
19:56:25.0277 3532	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:56:25.0309 3532	MegaSR - ok
19:56:25.0340 3532	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:56:25.0371 3532	MMCSS - ok
19:56:25.0387 3532	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:56:25.0418 3532	Modem - ok
19:56:25.0433 3532	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:56:25.0465 3532	monitor - ok
19:56:25.0511 3532	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:56:25.0527 3532	mouclass - ok
19:56:25.0558 3532	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:56:25.0574 3532	mouhid - ok
19:56:25.0605 3532	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:56:25.0621 3532	mountmgr - ok
19:56:25.0652 3532	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:56:25.0683 3532	mpio - ok
19:56:25.0699 3532	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:56:25.0745 3532	mpsdrv - ok
19:56:25.0886 3532	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:56:25.0948 3532	MpsSvc - ok
19:56:25.0995 3532	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:56:26.0042 3532	MRxDAV - ok
19:56:26.0135 3532	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:56:26.0198 3532	mrxsmb - ok
19:56:26.0385 3532	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:56:26.0447 3532	mrxsmb10 - ok
19:56:26.0588 3532	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:56:26.0619 3532	mrxsmb20 - ok
19:56:26.0666 3532	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:56:26.0666 3532	msahci - ok
19:56:26.0697 3532	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:56:26.0728 3532	msdsm - ok
19:56:26.0744 3532	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:56:26.0806 3532	MSDTC - ok
19:56:26.0837 3532	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:56:26.0900 3532	Msfs - ok
19:56:26.0915 3532	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:56:26.0993 3532	mshidkmdf - ok
19:56:27.0025 3532	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:56:27.0040 3532	msisadrv - ok
19:56:27.0071 3532	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:56:27.0134 3532	MSiSCSI - ok
19:56:27.0134 3532	msiserver - ok
19:56:27.0165 3532	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:56:27.0227 3532	MSKSSRV - ok
19:56:27.0243 3532	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:56:27.0290 3532	MSPCLOCK - ok
19:56:27.0305 3532	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:56:27.0352 3532	MSPQM - ok
19:56:27.0415 3532	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:56:27.0446 3532	MsRPC - ok
19:56:27.0477 3532	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:56:27.0477 3532	mssmbios - ok
19:56:27.0493 3532	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:56:27.0539 3532	MSTEE - ok
19:56:27.0602 3532	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:56:27.0617 3532	MTConfig - ok
19:56:27.0633 3532	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:56:27.0633 3532	Mup - ok
19:56:27.0727 3532	MyWiFiDHCPDNS   (a9bc2302fbdf52c8af4e2fc966288d21) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:56:27.0758 3532	MyWiFiDHCPDNS - ok
19:56:27.0820 3532	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:56:27.0914 3532	napagent - ok
19:56:27.0961 3532	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:56:28.0023 3532	NativeWifiP - ok
19:56:28.0179 3532	NAUpdate        (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
19:56:28.0210 3532	NAUpdate - ok
19:56:28.0273 3532	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:56:28.0335 3532	NDIS - ok
19:56:28.0351 3532	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:56:28.0382 3532	NdisCap - ok
19:56:28.0397 3532	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:56:28.0460 3532	NdisTapi - ok
19:56:28.0507 3532	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:56:28.0569 3532	Ndisuio - ok
19:56:28.0616 3532	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:56:28.0694 3532	NdisWan - ok
19:56:28.0741 3532	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:56:28.0803 3532	NDProxy - ok
19:56:28.0819 3532	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:56:28.0865 3532	NetBIOS - ok
19:56:28.0912 3532	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:56:28.0990 3532	NetBT - ok
19:56:29.0037 3532	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:56:29.0037 3532	Netlogon - ok
19:56:29.0099 3532	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:56:29.0193 3532	Netman - ok
19:56:29.0240 3532	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:56:29.0302 3532	netprofm - ok
19:56:29.0365 3532	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:56:29.0380 3532	NetTcpPortSharing - ok
19:56:29.0833 3532	NETw5s64        (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
19:56:30.0082 3532	NETw5s64 - ok
19:56:30.0191 3532	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:56:30.0223 3532	nfrd960 - ok
19:56:30.0269 3532	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:56:30.0363 3532	NlaSvc - ok
19:56:30.0441 3532	nosGetPlusHelper (431ada51e9d032f533548688ce5a2a24) C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
19:56:30.0457 3532	nosGetPlusHelper - ok
19:56:30.0472 3532	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:56:30.0519 3532	Npfs - ok
19:56:30.0535 3532	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:56:30.0597 3532	nsi - ok
19:56:30.0644 3532	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:56:30.0737 3532	nsiproxy - ok
19:56:30.0862 3532	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:56:30.0940 3532	Ntfs - ok
19:56:31.0018 3532	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:56:31.0065 3532	Null - ok
19:56:31.0112 3532	nusb3hub        (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
19:56:31.0112 3532	nusb3hub - ok
19:56:31.0143 3532	nusb3xhc        (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:56:31.0159 3532	nusb3xhc - ok
19:56:31.0190 3532	NVHDA           (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
19:56:31.0221 3532	NVHDA - ok
19:56:31.0939 3532	nvlddmkm        (536d174cb5cd021906e6035f40993493) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:56:32.0126 3532	nvlddmkm - ok
19:56:32.0204 3532	nvpciflt        (1ca55b50dbf7559ecc4f0f036edc29ec) C:\Windows\system32\DRIVERS\nvpciflt.sys
19:56:32.0204 3532	nvpciflt - ok
19:56:32.0251 3532	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:56:32.0266 3532	nvraid - ok
19:56:32.0297 3532	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:56:32.0329 3532	nvstor - ok
19:56:32.0360 3532	nvsvc           (2c800281a92d5ab221b54df2d8b1a27d) C:\Windows\system32\nvvsvc.exe
19:56:32.0391 3532	nvsvc - ok
19:56:32.0438 3532	NvtlService     (2664f84dbb5904fef141b8d914a17c39) C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
19:56:32.0469 3532	NvtlService ( UnsignedFile.Multi.Generic ) - warning
19:56:32.0469 3532	NvtlService - detected UnsignedFile.Multi.Generic (1)
19:56:32.0516 3532	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:56:32.0531 3532	nv_agp - ok
19:56:32.0625 3532	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:56:32.0672 3532	ohci1394 - ok
19:56:32.0703 3532	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:56:32.0765 3532	p2pimsvc - ok
19:56:32.0812 3532	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:56:32.0843 3532	p2psvc - ok
19:56:32.0875 3532	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:56:32.0890 3532	Parport - ok
19:56:32.0921 3532	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:56:32.0937 3532	partmgr - ok
19:56:32.0953 3532	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:56:32.0999 3532	PcaSvc - ok
19:56:33.0046 3532	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:56:33.0077 3532	pci - ok
19:56:33.0109 3532	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:56:33.0109 3532	pciide - ok
19:56:33.0140 3532	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:56:33.0171 3532	pcmcia - ok
19:56:33.0187 3532	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:56:33.0202 3532	pcw - ok
19:56:33.0249 3532	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:56:33.0343 3532	PEAUTH - ok
19:56:33.0452 3532	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:56:33.0483 3532	PerfHost - ok
19:56:33.0608 3532	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:56:33.0779 3532	pla - ok
19:56:33.0842 3532	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:56:33.0889 3532	PlugPlay - ok
19:56:33.0920 3532	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:56:33.0951 3532	PNRPAutoReg - ok
19:56:33.0982 3532	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:56:34.0013 3532	PNRPsvc - ok
19:56:34.0045 3532	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:56:34.0138 3532	PolicyAgent - ok
19:56:34.0169 3532	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:56:34.0247 3532	Power - ok
19:56:34.0325 3532	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:56:34.0388 3532	PptpMiniport - ok
19:56:34.0435 3532	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:56:34.0466 3532	Processor - ok
19:56:34.0544 3532	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:56:34.0622 3532	ProfSvc - ok
19:56:34.0669 3532	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:56:34.0700 3532	ProtectedStorage - ok
19:56:34.0747 3532	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:56:34.0809 3532	Psched - ok
19:56:34.0840 3532	qicflt          (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
19:56:34.0856 3532	qicflt - ok
19:56:34.0965 3532	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:56:35.0043 3532	ql2300 - ok
19:56:35.0152 3532	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:56:35.0183 3532	ql40xx - ok
19:56:35.0230 3532	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:56:35.0293 3532	QWAVE - ok
19:56:35.0308 3532	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:56:35.0355 3532	QWAVEdrv - ok
19:56:35.0371 3532	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:56:35.0433 3532	RasAcd - ok
19:56:35.0464 3532	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:56:35.0495 3532	RasAgileVpn - ok
19:56:35.0511 3532	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:56:35.0589 3532	RasAuto - ok
19:56:35.0651 3532	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:56:35.0714 3532	Rasl2tp - ok
19:56:35.0792 3532	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:56:35.0870 3532	RasMan - ok
19:56:35.0885 3532	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:56:35.0963 3532	RasPppoe - ok
19:56:35.0995 3532	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:56:36.0057 3532	RasSstp - ok
19:56:36.0104 3532	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:56:36.0182 3532	rdbss - ok
19:56:36.0213 3532	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:56:36.0244 3532	rdpbus - ok
19:56:36.0244 3532	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:56:36.0322 3532	RDPCDD - ok
19:56:36.0353 3532	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:56:36.0416 3532	RDPENCDD - ok
19:56:36.0447 3532	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:56:36.0478 3532	RDPREFMP - ok
19:56:36.0541 3532	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:56:36.0587 3532	RDPWD - ok
19:56:36.0650 3532	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:56:36.0681 3532	rdyboost - ok
19:56:36.0806 3532	RegSrvc         (0aa473966357c4a41b5eb19649eb6e5e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:56:36.0931 3532	RegSrvc - ok
19:56:36.0977 3532	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:56:37.0055 3532	RemoteAccess - ok
19:56:37.0087 3532	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:56:37.0149 3532	RemoteRegistry - ok
19:56:37.0227 3532	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:56:37.0274 3532	RFCOMM - ok
19:56:37.0305 3532	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:56:37.0383 3532	RpcEptMapper - ok
19:56:37.0383 3532	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:56:37.0414 3532	RpcLocator - ok
19:56:37.0461 3532	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:56:37.0508 3532	RpcSs - ok
19:56:37.0539 3532	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:56:37.0586 3532	rspndr - ok
19:56:37.0679 3532	RTL8167         (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:56:37.0695 3532	RTL8167 - ok
19:56:37.0742 3532	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:56:37.0757 3532	SamSs - ok
19:56:37.0773 3532	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:56:37.0789 3532	sbp2port - ok
19:56:37.0835 3532	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:56:37.0913 3532	SCardSvr - ok
19:56:37.0945 3532	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:56:38.0007 3532	scfilter - ok
19:56:38.0101 3532	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:56:38.0179 3532	Schedule - ok
19:56:38.0210 3532	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:56:38.0241 3532	SCPolicySvc - ok
19:56:38.0288 3532	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:56:38.0350 3532	SDRSVC - ok
19:56:38.0475 3532	SeaPort         (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:56:38.0506 3532	SeaPort - ok
19:56:38.0553 3532	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:56:38.0615 3532	secdrv - ok
19:56:38.0662 3532	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:56:38.0725 3532	seclogon - ok
19:56:38.0756 3532	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:56:38.0834 3532	SENS - ok
19:56:38.0865 3532	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:56:38.0896 3532	SensrSvc - ok
19:56:38.0912 3532	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:56:38.0927 3532	Serenum - ok
19:56:38.0943 3532	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:56:38.0959 3532	Serial - ok
19:56:38.0990 3532	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:56:39.0021 3532	sermouse - ok
19:56:39.0083 3532	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:56:39.0146 3532	SessionEnv - ok
19:56:39.0177 3532	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:56:39.0224 3532	sffdisk - ok
19:56:39.0239 3532	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:56:39.0271 3532	sffp_mmc - ok
19:56:39.0302 3532	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:56:39.0349 3532	sffp_sd - ok
19:56:39.0380 3532	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:56:39.0395 3532	sfloppy - ok
19:56:39.0442 3532	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:56:39.0536 3532	SharedAccess - ok
19:56:39.0583 3532	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:56:39.0676 3532	ShellHWDetection - ok
19:56:39.0723 3532	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:56:39.0739 3532	SiSRaid2 - ok
19:56:39.0754 3532	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:56:39.0770 3532	SiSRaid4 - ok
19:56:39.0801 3532	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:56:39.0848 3532	Smb - ok
19:56:39.0879 3532	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:56:39.0910 3532	SNMPTRAP - ok
19:56:39.0926 3532	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:56:39.0941 3532	spldr - ok
19:56:39.0988 3532	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:56:40.0051 3532	Spooler - ok
19:56:40.0253 3532	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:56:40.0378 3532	sppsvc - ok
19:56:40.0472 3532	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:56:40.0534 3532	sppuinotify - ok
19:56:40.0659 3532	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:56:40.0737 3532	srv - ok
19:56:40.0799 3532	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:56:40.0831 3532	srv2 - ok
19:56:40.0862 3532	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:56:40.0893 3532	srvnet - ok
19:56:40.0940 3532	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:56:41.0018 3532	SSDPSRV - ok
19:56:41.0033 3532	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:56:41.0080 3532	SstpSvc - ok
19:56:41.0096 3532	stdcfltn        (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
19:56:41.0189 3532	stdcfltn - ok
19:56:41.0283 3532	Stereo Service  (66f60d8a26b665ec9d8d2f07addef22d) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:56:41.0314 3532	Stereo Service - ok
19:56:41.0345 3532	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:56:41.0361 3532	stexstor - ok
19:56:41.0392 3532	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
19:56:41.0439 3532	StillCam - ok
19:56:41.0501 3532	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:56:41.0564 3532	stisvc - ok
19:56:41.0657 3532	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:56:41.0673 3532	swenum - ok
19:56:41.0720 3532	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:56:41.0813 3532	swprv - ok
19:56:41.0860 3532	SynTP           (8f63178d1db81bb79270ae55ecdd8321) C:\Windows\system32\DRIVERS\SynTP.sys
19:56:41.0891 3532	SynTP - ok
19:56:42.0016 3532	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:56:42.0125 3532	SysMain - ok
19:56:42.0250 3532	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:56:42.0281 3532	TabletInputService - ok
19:56:42.0328 3532	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:56:42.0406 3532	TapiSrv - ok
19:56:42.0437 3532	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:56:42.0484 3532	TBS - ok
19:56:42.0687 3532	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:56:42.0827 3532	Tcpip - ok
19:56:43.0015 3532	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:56:43.0061 3532	TCPIP6 - ok
19:56:43.0155 3532	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:56:43.0217 3532	tcpipreg - ok
19:56:43.0249 3532	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:56:43.0264 3532	TDPIPE - ok
19:56:43.0295 3532	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:56:43.0327 3532	TDTCP - ok
19:56:43.0373 3532	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:56:43.0451 3532	tdx - ok
19:56:43.0483 3532	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:56:43.0498 3532	TermDD - ok
19:56:43.0561 3532	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:56:43.0717 3532	TermService - ok
19:56:43.0732 3532	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:56:43.0748 3532	Themes - ok
19:56:43.0763 3532	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:56:43.0795 3532	THREADORDER - ok
19:56:43.0826 3532	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:56:43.0873 3532	TrkWks - ok
19:56:43.0919 3532	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:56:43.0997 3532	TrustedInstaller - ok
19:56:44.0044 3532	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:56:44.0075 3532	tssecsrv - ok
19:56:44.0107 3532	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:56:44.0138 3532	TsUsbFlt - ok
19:56:44.0200 3532	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:56:44.0278 3532	tunnel - ok
19:56:44.0325 3532	TurboB          (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
19:56:44.0341 3532	TurboB - ok
19:56:44.0403 3532	TurboBoost      (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:56:44.0419 3532	TurboBoost - ok
19:56:44.0450 3532	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:56:44.0465 3532	uagp35 - ok
19:56:44.0512 3532	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:56:44.0606 3532	udfs - ok
19:56:44.0637 3532	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:56:44.0653 3532	UI0Detect - ok
19:56:44.0699 3532	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:56:44.0699 3532	uliagpkx - ok
19:56:44.0746 3532	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:56:44.0777 3532	umbus - ok
19:56:44.0809 3532	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:56:44.0840 3532	UmPass - ok
19:56:44.0887 3532	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:56:44.0980 3532	upnphost - ok
19:56:45.0027 3532	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
19:56:45.0074 3532	USBAAPL64 - ok
19:56:45.0121 3532	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:56:45.0183 3532	usbccgp - ok
19:56:45.0230 3532	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:56:45.0245 3532	usbcir - ok
19:56:45.0292 3532	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:56:45.0323 3532	usbehci - ok
19:56:45.0370 3532	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:56:45.0417 3532	usbhub - ok
19:56:45.0448 3532	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:56:45.0479 3532	usbohci - ok
19:56:45.0526 3532	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:56:45.0573 3532	usbprint - ok
19:56:45.0651 3532	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:56:45.0682 3532	usbscan - ok
19:56:45.0698 3532	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:56:45.0760 3532	USBSTOR - ok
19:56:45.0807 3532	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:56:45.0838 3532	usbuhci - ok
19:56:45.0885 3532	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
19:56:45.0916 3532	usbvideo - ok
19:56:45.0947 3532	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:56:46.0025 3532	UxSms - ok
19:56:46.0057 3532	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:56:46.0072 3532	VaultSvc - ok
19:56:46.0103 3532	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:56:46.0119 3532	vdrvroot - ok
19:56:46.0166 3532	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:56:46.0275 3532	vds - ok
19:56:46.0322 3532	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:56:46.0337 3532	vga - ok
19:56:46.0353 3532	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:56:46.0415 3532	VgaSave - ok
19:56:46.0462 3532	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:56:46.0493 3532	vhdmp - ok
19:56:46.0525 3532	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:56:46.0556 3532	viaide - ok
19:56:46.0587 3532	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:56:46.0603 3532	volmgr - ok
19:56:46.0712 3532	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:56:46.0759 3532	volmgrx - ok
19:56:46.0790 3532	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:56:46.0821 3532	volsnap - ok
19:56:46.0852 3532	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:56:46.0883 3532	vsmraid - ok
19:56:47.0008 3532	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:56:47.0133 3532	VSS - ok
19:56:47.0258 3532	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:56:47.0273 3532	vwifibus - ok
19:56:47.0320 3532	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:56:47.0351 3532	vwififlt - ok
19:56:47.0367 3532	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:56:47.0383 3532	vwifimp - ok
19:56:47.0429 3532	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:56:47.0492 3532	W32Time - ok
19:56:47.0507 3532	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:56:47.0539 3532	WacomPen - ok
19:56:47.0648 3532	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:56:47.0726 3532	WANARP - ok
19:56:47.0741 3532	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:56:47.0773 3532	Wanarpv6 - ok
19:56:47.0882 3532	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:56:47.0975 3532	wbengine - ok
19:56:48.0069 3532	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:56:48.0116 3532	WbioSrvc - ok
19:56:48.0163 3532	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:56:48.0225 3532	wcncsvc - ok
19:56:48.0256 3532	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:56:48.0272 3532	WcsPlugInService - ok
19:56:48.0319 3532	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:56:48.0334 3532	Wd - ok
19:56:48.0381 3532	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:56:48.0428 3532	Wdf01000 - ok
19:56:48.0459 3532	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:56:48.0553 3532	WdiServiceHost - ok
19:56:48.0553 3532	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:56:48.0584 3532	WdiSystemHost - ok
19:56:48.0662 3532	wdkmd           (fe31110e39a0b11abae1ba43a2dc94f9) C:\Windows\system32\DRIVERS\WDKMD.sys
19:56:48.0677 3532	wdkmd - ok
19:56:48.0724 3532	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:56:48.0787 3532	WebClient - ok
19:56:48.0818 3532	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:56:48.0896 3532	Wecsvc - ok
19:56:48.0911 3532	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:56:48.0974 3532	wercplsupport - ok
19:56:48.0989 3532	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:56:49.0052 3532	WerSvc - ok
19:56:49.0099 3532	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:56:49.0145 3532	WfpLwf - ok
19:56:49.0192 3532	WimFltr         (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
19:56:49.0223 3532	WimFltr - ok
19:56:49.0239 3532	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:56:49.0255 3532	WIMMount - ok
19:56:49.0286 3532	WinDefend - ok
19:56:49.0286 3532	WinHttpAutoProxySvc - ok
19:56:49.0348 3532	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:56:49.0411 3532	Winmgmt - ok
19:56:49.0567 3532	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:56:49.0738 3532	WinRM - ok
19:56:49.0847 3532	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:56:49.0894 3532	WinUsb - ok
19:56:49.0972 3532	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:56:50.0019 3532	Wlansvc - ok
19:56:50.0113 3532	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:56:50.0128 3532	wlcrasvc - ok
19:56:50.0300 3532	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:56:50.0409 3532	wlidsvc - ok
19:56:50.0456 3532	WMCoreService - ok
19:56:50.0565 3532	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:56:50.0612 3532	WmiAcpi - ok
19:56:50.0674 3532	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:56:50.0737 3532	wmiApSrv - ok
19:56:50.0799 3532	WMPNetworkSvc - ok
19:56:50.0830 3532	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:56:50.0861 3532	WPCSvc - ok
19:56:50.0893 3532	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:56:50.0924 3532	WPDBusEnum - ok
19:56:50.0955 3532	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:56:51.0033 3532	ws2ifsl - ok
19:56:51.0049 3532	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:56:51.0095 3532	wscsvc - ok
19:56:51.0095 3532	WSearch - ok
19:56:51.0251 3532	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:56:51.0376 3532	wuauserv - ok
19:56:51.0485 3532	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:56:51.0532 3532	WudfPf - ok
19:56:51.0641 3532	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:56:51.0719 3532	WUDFRd - ok
19:56:51.0766 3532	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:56:51.0813 3532	wudfsvc - ok
19:56:51.0844 3532	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:56:51.0907 3532	WwanSvc - ok
19:56:51.0953 3532	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:56:52.0359 3532	\Device\Harddisk0\DR0 - ok
19:56:52.0375 3532	Boot (0x1200)   (c27b706087c4eea52deea50c6cd520ab) \Device\Harddisk0\DR0\Partition0
19:56:52.0375 3532	\Device\Harddisk0\DR0\Partition0 - ok
19:56:52.0406 3532	Boot (0x1200)   (08445ab26373f39b7227cc49dfb0e625) \Device\Harddisk0\DR0\Partition1
19:56:52.0406 3532	\Device\Harddisk0\DR0\Partition1 - ok
19:56:52.0406 3532	============================================================
19:56:52.0406 3532	Scan finished
19:56:52.0406 3532	============================================================
19:56:52.0421 3524	Detected object count: 2
19:56:52.0421 3524	Actual detected object count: 2
19:58:26.0811 3524	IJPLMSVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:26.0811 3524	IJPLMSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:58:26.0811 3524	NvtlService ( UnsignedFile.Multi.Generic ) - skipped by user
19:58:26.0811 3524	NvtlService ( UnsignedFile.Multi.Generic ) - User select action: Skip

06.06.2012, 11:54	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Hijack.StartPage und startsear.ch / wie entfernen?? Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

07.06.2012, 15:17	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Hijack.StartPage und startsear.ch / wie entfernen?? Bitte nochmal probieren, notfall im abgesicherten Modus __________________ Logfiles bitte immer in CODE-Tags posten

Hijack.StartPage und startsear.ch / wie entfernen??

Log-Analyse und Auswertung: Hijack.StartPage und startsear.ch / wie entfernen??