Trojaner entdeckt: Sperrmeldung erhalten

Rymer · 21.06.2012, 10:14

Hallo zusammen
Ich habe heute morgen eine Sperrmeldung auf meinen PC bekommen. Ich wurde aufgefordert eine Zahlun (CHF 75.-) an ein Musiklabel zu bezahlen, damit der PC wieder entsperrt wird. Natürlich war mir klar, auch nachdem ich mit einem zweiten PC gegoogelt habe, dass es sich hier um einen Virus handelt.

Ich habe nun mit "Malwarebytes" einen Scan gemacht. Mit Defogger habe ich eine defogger_disable.log erstellt (Anhang) und mit OTL zwei Dateien erstellt (Anhang). Den PC habe ich vom WLAN genommen und arbeite nun mit einem zweiten PC. Momentan scanne ich mein System auch noch mit Avira.
Der Bericht von Malwarebytes ist auch im Anhang ersichtlich.

Ich brauche nun Hilfe damit ich weiss, wie ich weiter vorgehen soll. Besten Dank bereits im Voraus für eure Hilfe.

cosinus · 24.06.2012, 18:20

Zitat:

Momentan scanne ich mein System auch noch mit Avira.

Log dazu? Irgendwelche Funde?

Rymer · 24.06.2012, 18:51

Hallo Cosinus

Hier ist das entsprechende Avira Protokoll im Anhang.

Vielen Dank für deine Hilfe.

Gruss
Rymer

cosinus · 25.06.2012, 08:43

Code:

ATTFilter

C:\Users\*** ***\Downloads\Adobe Acrobat Professional 8.10\PDF_Writer.exe

Du hast ein Acrobat Pro? Aus welcher Quelle?

Rymer · 25.06.2012, 09:16

Ja den hab ich im Downloadbereich. Wir konnten den über unsere Uni downloaden. Ist aber nicht installiert...

Gruss

cosinus · 25.06.2012, 11:16

Führ bitte auch ESET aus, danach sehen wir weiter:

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Haken bei Yes, i accept the Terms of Use.
Drücke den Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.

Drücke bitte die

+ R Taste und kopiere folgenden Text in das Ausführen Fenster.

Code:

ATTFilter

"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"

Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:

ATTFilter

"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"

Poste nun den Inhalt der log.txt.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Rymer · 26.06.2012, 12:36

Code:

ATTFilter

# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=17c3a3ddf28aa046a43fa34c195b9843
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-26 09:35:52
# local_time=2012-06-26 11:35:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 3968512 3968512 0 0
# compatibility_mode=5893 16776574 100 94 3968499 92312627 0 0
# compatibility_mode=8192 67108863 100 0 106 106 0 0
# scanned=292218
# found=5
# cleaned=0
# scan_time=20575
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Raymond Studer\AppData\Local\Temp\8565DAA4-BAB0-7891-BE16-834747C16E16\MyBabylonTB.exe	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\35c7459.msi	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
${Memory}	a variant of Win32/Toolbar.Widgi application	00000000000000000000000000000000	I

cosinus · 26.06.2012, 14:13

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Rymer · 26.06.2012, 14:26

Zitat:

Zitat von cosinus

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

1.) Ja, meines Erachtens läuft der normale Modus von Windows uneingeschränkt. Also zumindest so wie vorher. Habe auch keine Probleme bei der Ausführung von Anwedungen wie Excell, word, ppt, etc.
2.) Nein, da ist alles normal. Vermisse nichts und es sind keine leeren Ordner vorhanden.

Gruss
Rymer

cosinus · 26.06.2012, 18:48

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Rymer · 26.06.2012, 20:28

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 26.06.2012 20:42:00 - Run 2
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\*** ***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,25 Gb Available Physical Memory | 70,87% Memory free
11,98 Gb Paging File | 9,47 Gb Available in Paging File | 79,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,90 Gb Total Space | 319,32 Gb Free Space | 71,13% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
Drive E: | 16,56 Gb Total Space | 2,70 Gb Free Space | 16,33% Space Free | Partition Type: NTFS
Drive G: | 997,77 Mb Total Space | 478,78 Mb Free Space | 47,99% Space Free | Partition Type: FAT
Drive H: | 99,02 Mb Total Space | 94,93 Mb Free Space | 95,87% Space Free | Partition Type: FAT32
Drive J: | 7,59 Gb Total Space | 0,25 Gb Free Space | 3,34% Space Free | Partition Type: FAT32
 
Computer Name: *** | User Name: *** *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.26 20:38:03 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\*** ***\Downloads\OTL.exe
PRC - [2012.06.18 17:16:31 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012.06.13 17:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\*** ***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 00:22:56 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.03.28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010.05.26 01:41:33 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.05.03 10:59:02 | 000,321,328 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2009.12.09 15:25:16 | 000,615,720 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009.07.24 19:24:14 | 000,275,840 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
PRC - [2009.07.24 19:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
PRC - [2009.07.23 21:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009.07.23 12:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009.07.01 19:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.07.01 19:43:54 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
PRC - [2009.07.01 19:43:54 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.16 14:40:14 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.16 14:39:09 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.16 14:38:55 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.16 14:38:49 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.05.11 03:35:19 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.11 03:32:43 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 03:32:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 03:32:29 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.05.11 03:31:54 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.11 03:31:50 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 03:31:47 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 03:31:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 03:31:40 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.03.04 21:14:51 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.12.21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.09.28 15:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010.09.28 15:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010.09.28 15:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009.07.24 19:24:16 | 000,275,848 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll
MOD - [2009.07.24 19:24:16 | 000,124,288 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll
MOD - [2009.07.24 19:24:16 | 000,034,088 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapSvcps.dll
MOD - [2009.07.24 19:24:14 | 000,349,480 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll
MOD - [2009.07.23 12:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009.06.17 12:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009.06.17 12:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009.06.17 12:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009.07.22 03:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.07.12 22:18:24 | 001,924,400 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009.03.02 23:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2012.06.18 17:16:32 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.24 15:15:30 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011.03.28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.09 15:25:16 | 000,615,720 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009.09.20 12:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.07.24 19:24:14 | 000,275,840 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009.07.22 03:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
SRV - [2009.07.12 22:04:26 | 001,656,112 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009.07.01 19:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.01 19:43:54 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost) @C:\Program Files (x86)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.02 23:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007.05.31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.21 04:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012.05.21 04:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.03.21 13:22:06 | 000,452,200 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.02.10 19:46:22 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010.01.13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.12.25 15:37:37 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.12.09 15:10:40 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2009.07.23 19:02:38 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.07.22 03:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.07.21 05:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.07.17 22:58:30 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.07.17 22:58:24 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.07.17 22:58:22 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.17 22:58:18 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.15 01:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.29 20:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009.06.27 01:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.22 08:32:52 | 000,311,424 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerAF15.sys -- (AVerAF15)
DRV:64bit: - [2009.04.29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009.07.23 21:45:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/11/19 01:09:55] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{A683A6C1-360F-435E-9EAC-8F56BE8D082D}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {27a95760-f867-4310-96b2-800a3e14cfcd} - C:\Program Files (x86)\12manage\prxtb12ma.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A683A6C1-360F-435E-9EAC-8F56BE8D082D}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\..\URLSearchHook: {27a95760-f867-4310-96b2-800a3e14cfcd} - C:\Program Files (x86)\12manage\prxtb12ma.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100762&mntrId=367878e500000000000000269e966fa9
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\..\SearchScopes\{256AB24A-E6B0-4C35-9FDF-DD2C3B97B734}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1428593
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\..\SearchScopes\{A683A6C1-360F-435E-9EAC-8F56BE8D082D}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\..\SearchScopes\{F88FE8A0-7DD3-40A7-84E4-58511527F98E}: "URL" = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2009.11.19 02:38:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.03 22:06:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.26 01:42:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2009.11.19 02:38:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.03 22:06:00 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2010.06.11 14:12:27 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (12manage Toolbar) - {27a95760-f867-4310-96b2-800a3e14cfcd} - C:\Program Files (x86)\12manage\prxtb12ma.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (12manage Toolbar) - {27a95760-f867-4310-96b2-800a3e14cfcd} - C:\Program Files (x86)\12manage\prxtb12ma.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\..\Toolbar\WebBrowser: (12manage Toolbar) - {27A95760-F867-4310-96B2-800A3E14CFCD} - C:\Program Files (x86)\12manage\prxtb12ma.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [ApplyEsf-eDocPrintPro] "C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe" File not found
O4:64bit: - HKLM..\Run: [HPToneControl] C:\Programme\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\*** ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*** ***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553395000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.hslu.ch/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89C91F51-99E7-494A-A4F9-BEF040AAF1B3}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.24 14:59:25 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{e4c1b753-f15b-11de-9579-00269e966fa9}\Shell - "" = AutoRun
O33 - MountPoints2\{e4c1b753-f15b-11de-9579-00269e966fa9}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{e4c1b753-f15b-11de-9579-00269e966fa9}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{e4c1b753-f15b-11de-9579-00269e966fa9}\Shell\install\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {216D41FE-0325-4342-DD12-6DEC9F006487} - .NET Framework
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.26 05:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.21 11:26:49 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\*** ***\Desktop\OTL.exe
[2012.06.21 08:53:04 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Roaming\Malwarebytes
[2012.06.21 08:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.21 08:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.21 08:52:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.21 08:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.19 10:48:07 | 000,000,000 | ---D | C] -- C:\Users\Raymond Studer\Desktop\Assignments
[2012.06.19 10:28:47 | 000,000,000 | ---D | C] -- C:\Users\Raymond Studer\Desktop\Data Resources
[2012.06.19 08:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader Toolbar
[2012.06.19 08:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.06.19 08:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.06.18 17:13:49 | 000,000,000 | ---D | C] -- C:\Users\Raymond Studer\AppData\Local\javasharedresources
[2012.06.18 17:07:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry
[2012.06.18 17:07:14 | 000,000,000 | -H-D | C] -- C:\Users\Raymond Studer\InstallAnywhere
[2012.06.18 17:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IBM
[2012.06.18 16:59:05 | 000,000,000 | ---D | C] -- C:\Application Data
[2012.06.18 16:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
[2012.06.18 16:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\IBM
[2012.06.18 16:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\IBM
[2012.06.06 09:39:49 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Roaming\MyPhoneExplorer
[2012.06.06 09:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2012.06.06 09:39:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPhoneExplorer
[2012.06.05 16:38:09 | 000,000,000 | ---D | C] -- C:\Temp
[2012.06.05 16:34:25 | 000,000,000 | ---D | C] -- C:\*** ***\AppData\Local\Samsung
[2012.06.05 16:34:19 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Roaming\Samsung
[2012.06.05 16:34:16 | 000,000,000 | ---D | C] -- C:\Users\*** ***\Documents\samsung
[2012.06.05 16:31:53 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012.06.05 16:31:53 | 000,099,384 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012.06.05 16:29:32 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012.06.05 16:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012.06.05 16:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012.06.05 16:29:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012.06.05 16:10:01 | 000,000,000 | ---D | C] -- C:\Users\*** ***\AppData\Local\Downloaded Installations
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\*** ***\AppData\Roaming\*.tmp files -> C:\Users\*** ***\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.26 20:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.26 20:34:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.26 05:51:06 | 001,506,570 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.26 05:51:06 | 000,657,304 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.26 05:51:06 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.26 05:51:06 | 000,131,084 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.26 05:51:06 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.24 18:06:04 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.24 18:06:04 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.24 17:58:23 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\WinMaximizer64-Raymond Studer-Startup.job
[2012.06.24 17:57:02 | 529,702,911 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.21 19:27:16 | 000,000,319 | ---- | M] () -- C:\Users\*** ***\Desktop\Syntax2.sps
[2012.06.21 11:21:35 | 000,000,188 | ---- | M] () -- C:\Users\*** ***\defogger_reenable
[2012.06.21 11:18:04 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Raymond Studer\Desktop\OTL.exe
[2012.06.21 11:16:18 | 000,050,477 | ---- | M] () -- C:\Users\*** ***\Desktop\Defogger.exe
[2012.06.21 08:52:51 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.18 17:09:49 | 000,538,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.18 17:05:40 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz
[2012.06.18 17:05:40 | 000,000,205 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.dll
[2012.06.18 17:05:40 | 000,000,016 | -H-- | M] () -- C:\Windows\SysWow64\servdat.slm
[2012.06.13 04:48:54 | 005,085,732 | ---- | M] () -- C:\Users\*** ***\Desktop\iwb_gb_2011web.pdf
[2012.06.10 13:35:02 | 001,857,328 | ---- | M] () -- C:\Users\*** ***\Desktop\20120610_132455.jpg
[2012.06.10 13:24:13 | 002,109,579 | ---- | M] () -- C:\Users\*** ***\Desktop\20120610_132413.jpg
[2012.06.10 13:23:39 | 002,012,890 | ---- | M] () -- C:\Users\*** ***\Desktop\20120610_132339.jpg
[2012.06.06 17:20:07 | 002,161,524 | ---- | M] () -- C:\Users\*** ***\Desktop\20120606_172007.jpg
[2012.06.04 20:04:21 | 000,001,067 | ---- | M] () -- C:\Users\*** ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.06.01 09:17:26 | 000,217,581 | ---- | M] () -- C:\Users\*** ***\Desktop\04_Auclair_Optimierung_im_Netzservice_angesichts_der_Effizie.pdf
[2012.05.31 06:21:54 | 636,108,576 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\*** ***\AppData\Roaming\*.tmp files -> C:\Users\*** ***\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.21 19:27:16 | 000,000,319 | ---- | C] () -- C:\Users\*** ***\Desktop\Syntax2.sps
[2012.06.21 11:21:35 | 000,000,188 | ---- | C] () -- C:\Users\*** ***\defogger_reenable
[2012.06.21 11:21:16 | 000,050,477 | ---- | C] () -- C:\Users\*** ***\Desktop\Defogger.exe
[2012.06.21 08:52:51 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.18 17:16:35 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.13 04:48:52 | 005,085,732 | ---- | C] () -- C:\Users\*** ***\Desktop\iwb_gb_2011web.pdf
[2012.06.10 13:24:55 | 001,857,328 | ---- | C] () -- C:\Users\*** ***\Desktop\20120610_132455.jpg
[2012.06.10 13:24:13 | 002,109,579 | ---- | C] () -- C:\Users\*** ***\Desktop\20120610_132413.jpg
[2012.06.10 13:23:39 | 002,012,890 | ---- | C] () -- C:\Users\*** ***\Desktop\20120610_132339.jpg
[2012.06.06 17:20:07 | 002,161,524 | ---- | C] () -- C:\Users\*** ***\Desktop\20120606_172007.jpg
[2012.06.01 09:17:26 | 000,217,581 | ---- | C] () -- C:\Users\*** ***\Desktop\04_Auclair_Optimierung_im_Netzservice_angesichts_der_Effizie.pdf
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.04.12 16:48:25 | 000,007,615 | ---- | C] () -- C:\Users\*** ***\AppData\Local\Resmon.ResmonCfg
[2011.02.21 09:36:38 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011.02.21 09:36:38 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.01.11 09:37:32 | 000,001,854 | ---- | C] () -- C:\Users\*** ***\AppData\Roaming\GhostObjGAFix.xml
[2010.09.28 15:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010.05.13 20:21:21 | 000,003,584 | ---- | C] () -- C:\Users\*** ***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.10 20:24:48 | 000,000,080 | ---- | C] () -- C:\Users\*** ***\CAMPUS.ppf
[2010.05.03 11:17:41 | 000,692,122 | ---- | C] () -- C:\Users\*** ***\AppData\Local\tmpABBILDUNG1_SOLLBERGER_IB_93-14_RAHMEMMENTALER_1993.PDF.2
[2010.05.03 11:17:37 | 000,684,487 | ---- | C] () -- C:\Users\*** ***\AppData\Local\tmpABBILDUNG1_SOLLBERGER_IB_93-14_RAHMEMMENTALER_1993.PDF.1
[2010.05.03 11:17:34 | 000,688,938 | ---- | C] () -- C:\Users\*** ***\AppData\Local\tmpABBILDUNG1_SOLLBERGER_IB_93-14_RAHMEMMENTALER_1993.PDF.JPG
[2010.05.03 11:17:33 | 000,570,469 | ---- | C] () -- C:\Users\*** ***\AppData\Local\tmpABBILDUNG1_SOLLBERGER_IB_93-14_RAHMEMMENTALER_1993.PDF.0
[2010.01.18 01:08:53 | 001,403,614 | ---- | C] () -- C:\Users\*** ***\AppData\Local\tmpSNC00010.0
[2010.01.18 01:08:53 | 000,345,159 | ---- | C] () -- C:\Users\*** ***\AppData\Local\tmpSNC00010.JPG
[2010.01.18 01:08:04 | 000,351,412 | ---- | C] () -- C:\Users\*** ***\AppData\Local\tmpSNC00011.2
[2010.01.18 01:08:03 | 000,355,037 | ---- | C] () -- C:\Users\*** ***\AppData\Local\tmpSNC00011.1
[2010.01.18 01:08:02 | 001,428,781 | ---- | C] () -- C:\Users\*** ***\AppData\Local\tmpSNC00011.0
[2010.01.18 01:08:02 | 000,354,020 | ---- | C] () -- C:\Users\*** ***\AppData\Local\tmpSNC00011.JPG
[2010.01.14 17:48:19 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.12.25 17:16:57 | 000,002,250 | ---- | C] () -- C:\Users\*** ***\_setup.xml
 
========== LOP Check ==========
 
[2011.10.24 15:13:57 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Autodesk
[2011.11.24 20:30:03 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Babylon
[2011.11.24 20:30:13 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\BitZipper
[2009.12.25 15:49:56 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\DAEMON Tools Lite
[2009.12.24 15:20:56 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\DigitalPersona
[2012.06.26 20:48:52 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Dropbox
[2011.11.24 20:30:03 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Fighters
[2010.06.02 13:49:30 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\FinalMediaPlayer
[2011.03.29 15:14:29 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Information Factory
[2011.09.07 09:42:18 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Itsth
[2010.04.21 08:36:54 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Juniper Networks
[2012.06.19 12:55:36 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\MyPhoneExplorer
[2010.01.07 12:14:01 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\MySQL
[2012.06.05 16:34:19 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Samsung
[2011.04.12 19:49:15 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\TIPP10
[2011.03.23 11:11:49 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\TuneUp Software
[2012.06.26 20:44:05 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\uTorrent
[2009.12.26 16:17:02 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\_MDLogs
[2011.10.06 18:51:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.24 17:58:23 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer64-*** ***-Startup.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.13 22:14:42 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Adobe
[2010.05.26 01:28:42 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Apple Computer
[2011.10.24 15:13:57 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Autodesk
[2012.05.11 07:36:33 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Avira
[2010.01.05 15:53:50 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\AVS4YOU
[2011.11.24 20:30:03 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Babylon
[2011.11.24 20:30:13 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\BitZipper
[2009.12.25 15:43:30 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\CyberLink
[2009.12.25 15:49:56 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\DAEMON Tools Lite
[2009.12.24 15:20:56 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\DigitalPersona
[2010.09.08 20:59:59 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\DivX
[2012.06.26 20:48:52 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Dropbox
[2011.11.24 20:30:03 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Fighters
[2010.06.02 13:49:30 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\FinalMediaPlayer
[2010.03.22 16:30:36 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Google
[2011.06.29 08:13:10 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Hewlett-Packard
[2010.09.18 20:39:40 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\HP
[2010.02.22 11:03:03 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\HP Support Assistant
[2009.12.24 15:09:38 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\HP TCS
[2010.12.21 13:25:18 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\hpqlog
[2010.02.22 11:03:03 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\HpUpdate
[2009.12.24 15:20:31 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Identities
[2011.03.29 15:14:29 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Information Factory
[2011.09.07 09:42:18 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Itsth
[2010.04.21 08:36:54 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Juniper Networks
[2009.12.24 15:22:43 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Macromedia
[2009.12.24 15:21:56 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Macrovision
[2012.06.21 08:53:04 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Malwarebytes
[2009.11.19 11:19:52 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Media Center Programs
[2012.01.30 09:18:18 | 000,000,000 | --SD | M] -- C:\Users\*** ***\AppData\Roaming\Microsoft
[2012.06.19 12:55:36 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\MyPhoneExplorer
[2010.01.07 12:14:01 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\MySQL
[2011.03.01 01:09:43 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\NCH Software
[2010.12.09 18:57:58 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Real
[2012.06.05 16:34:19 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Samsung
[2012.06.26 13:39:43 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Skype
[2011.04.12 19:49:15 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\TIPP10
[2011.03.23 11:11:49 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\TuneUp Software
[2012.06.26 20:44:05 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\uTorrent
[2012.01.09 15:15:32 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\ZoomBrowser EX
[2009.12.26 16:17:02 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\_MDLogs
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\*** ***\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\*** ***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\*** ***\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2009.12.09 15:35:12 | 000,300,328 | ---- | M] (Juniper Networks") -- C:\Users\*** ***\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe
[2009.12.09 15:35:12 | 000,234,792 | ---- | M] (Juniper Networks) -- C:\Users\*** ***\AppData\Roaming\Juniper Networks\Host Checker\dsHostCheckerProxy.exe
[2009.12.09 15:35:14 | 000,156,968 | ---- | M] () -- C:\Users\*** ***\AppData\Roaming\Juniper Networks\Host Checker\InstallHelper.exe
[2009.12.09 15:35:20 | 000,056,000 | ---- | M] () -- C:\Users\*** ***\AppData\Roaming\Juniper Networks\Host Checker\uninstall.exe
[2011.03.08 21:57:56 | 000,132,464 | ---- | M] () -- C:\Users\*** ***\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe
[2011.03.08 21:57:04 | 000,329,552 | ---- | M] () -- C:\Users\*** ***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2011.03.08 21:55:28 | 000,217,952 | ---- | M] () -- C:\Users\*** ***\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupXP.exe
[2011.03.08 21:58:02 | 000,050,840 | ---- | M] (Juniper Networks) -- C:\Users\*** ***\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe
[2010.10.06 19:06:30 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\*** ***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.09.28 17:21:03 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\*** ***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
[2011.01.27 17:57:25 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\*** ***\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2011.11.21 14:40:25 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\*** ***\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2012.05.18 00:48:40 | 009,737,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

< End of report >

--- --- ---

Gruss
Rymer

cosinus · 27.06.2012, 12:17

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{A683A6C1-360F-435E-9EAC-8F56BE8D082D}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {27a95760-f867-4310-96b2-800a3e14cfcd} - C:\Program Files (x86)\12manage\prxtb12ma.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{A683A6C1-360F-435E-9EAC-8F56BE8D082D}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_CH&c=94&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\..\URLSearchHook: {27a95760-f867-4310-96b2-800a3e14cfcd} - C:\Program Files (x86)\12manage\prxtb12ma.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100762&mntrId=367878e500000000000000269e966fa9
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\..\SearchScopes\{256AB24A-E6B0-4C35-9FDF-DD2C3B97B734}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1428593
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\..\SearchScopes\{A683A6C1-360F-435E-9EAC-8F56BE8D082D}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\..\SearchScopes\{F88FE8A0-7DD3-40A7-84E4-58511527F98E}: "URL" = http://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
O2 - BHO: (12manage Toolbar) - {27a95760-f867-4310-96b2-800a3e14cfcd} - C:\Program Files (x86)\12manage\prxtb12ma.dll (Conduit Ltd.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (12manage Toolbar) - {27a95760-f867-4310-96b2-800a3e14cfcd} - C:\Program Files (x86)\12manage\prxtb12ma.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\..\Toolbar\WebBrowser: (12manage Toolbar) - {27A95760-F867-4310-96B2-800A3E14CFCD} - C:\Program Files (x86)\12manage\prxtb12ma.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [ApplyEsf-eDocPrintPro] "C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe" File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.24 14:59:25 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{e4c1b753-f15b-11de-9579-00269e966fa9}\Shell - "" = AutoRun
O33 - MountPoints2\{e4c1b753-f15b-11de-9579-00269e966fa9}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{e4c1b753-f15b-11de-9579-00269e966fa9}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{e4c1b753-f15b-11de-9579-00269e966fa9}\Shell\install\command - "" = G:\SETUP.EXE
:Files
C:\Users\Raymond Studer\AppData\Roaming\Babylon
C:\Program Files (x86)\YouTube Downloader Toolbar
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\Application Updater
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Rymer · 27.06.2012, 13:20

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A683A6C1-360F-435E-9EAC-8F56BE8D082D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A683A6C1-360F-435E-9EAC-8F56BE8D082D}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{27a95760-f867-4310-96b2-800a3e14cfcd} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27a95760-f867-4310-96b2-800a3e14cfcd}\ deleted successfully.
C:\Program Files (x86)\12manage\prxtb12ma.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A683A6C1-360F-435E-9EAC-8F56BE8D082D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A683A6C1-360F-435E-9EAC-8F56BE8D082D}\ not found.
HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4140878571-4093875369-3215875128-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{27a95760-f867-4310-96b2-800a3e14cfcd} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27a95760-f867-4310-96b2-800a3e14cfcd}\ not found.
File C:\Program Files (x86)\12manage\prxtb12ma.dll not found.
HKEY_USERS\S-1-5-21-4140878571-4093875369-3215875128-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4140878571-4093875369-3215875128-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-4140878571-4093875369-3215875128-1001\Software\Microsoft\Internet Explorer\SearchScopes\{256AB24A-E6B0-4C35-9FDF-DD2C3B97B734}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{256AB24A-E6B0-4C35-9FDF-DD2C3B97B734}\ not found.
Registry key HKEY_USERS\S-1-5-21-4140878571-4093875369-3215875128-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A683A6C1-360F-435E-9EAC-8F56BE8D082D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A683A6C1-360F-435E-9EAC-8F56BE8D082D}\ not found.
Registry key HKEY_USERS\S-1-5-21-4140878571-4093875369-3215875128-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F88FE8A0-7DD3-40A7-84E4-58511527F98E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F88FE8A0-7DD3-40A7-84E4-58511527F98E}\ not found.
HKU\S-1-5-21-4140878571-4093875369-3215875128-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27a95760-f867-4310-96b2-800a3e14cfcd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27a95760-f867-4310-96b2-800a3e14cfcd}\ not found.
File C:\Program Files (x86)\12manage\prxtb12ma.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully.
C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{27a95760-f867-4310-96b2-800a3e14cfcd} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27a95760-f867-4310-96b2-800a3e14cfcd}\ not found.
File C:\Program Files (x86)\12manage\prxtb12ma.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
File C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-4140878571-4093875369-3215875128-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{27A95760-F867-4310-96B2-800A3E14CFCD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27A95760-F867-4310-96B2-800A3E14CFCD}\ not found.
File C:\Program Files (x86)\12manage\prxtb12ma.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApplyEsf-eDocPrintPro deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\WallpaperStyle deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\WallpaperStyle not found.
Registry value HKEY_USERS\S-1-5-21-4140878571-4093875369-3215875128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\WallpaperStyle deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4140878571-4093875369-3215875128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4140878571-4093875369-3215875128-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An vorhandene PDF-Datei anfügen\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4c1b753-f15b-11de-9579-00269e966fa9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4c1b753-f15b-11de-9579-00269e966fa9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4c1b753-f15b-11de-9579-00269e966fa9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4c1b753-f15b-11de-9579-00269e966fa9}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4c1b753-f15b-11de-9579-00269e966fa9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4c1b753-f15b-11de-9579-00269e966fa9}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4c1b753-f15b-11de-9579-00269e966fa9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4c1b753-f15b-11de-9579-00269e966fa9}\ not found.
File G:\SETUP.EXE not found.
========== FILES ==========
C:\Users\*** ***\AppData\Roaming\Babylon folder moved successfully.
C:\Program Files (x86)\YouTube Downloader Toolbar\Res\Lang folder moved successfully.
C:\Program Files (x86)\YouTube Downloader Toolbar\Res folder moved successfully.
C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.9 folder moved successfully.
C:\Program Files (x86)\YouTube Downloader Toolbar\IE folder moved successfully.
C:\Program Files (x86)\YouTube Downloader Toolbar folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Program Files (x86)\Application Updater folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: *** ***
->Temp folder emptied: 3538872105 bytes
->Temporary Internet Files folder emptied: 1383851034 bytes
->Java cache emptied: 52480236 bytes
->Google Chrome cache emptied: 6184522 bytes
->Flash cache emptied: 258456 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 336021766 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 11373621 bytes
 
Total Files Cleaned = 5.082,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: *** ***
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.0 log created on 06272012_140530

Files\Folders moved on Reboot...
File\Folder C:\Users\*** ***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VY5IMAL9\-W2NiZUucgTNFgplm4,siV3iXNPXcGJ6wgLAj0WaNYCUe8LRGCYaOl3iWt_1LISsgqS2B9EORw1GQoun6VV0RzA_YQERBvShX51fKyOtAv9BHISsEjo6kzqx4yzBtjf0Fn3cg&callback=google.LU[1].loadFeaturemap0 not found!
File\Folder C:\Users\*** ***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\QR9MDN9B\fficefurniture;sz=300x250;tile=1;dcopt=ist;plat=pc;klg=de;kt=K;kga=-1;kr=F;kw=salomon+freedom+chair;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;ord=3231356025376038[1].htm not found!
File\Folder C:\Users\*** ***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\AXKTXQSC\fficefurniture;sz=300x250;tile=1;dcopt=ist;plat=pc;klg=de;kt=K;kga=-1;kr=F;kw=salomon+freedom+chair;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;ord=4759700355426267[1].htm not found!
C:\Users\*** ***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\*** ***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\VY5IMAL9\-W2NiZUucgTNFgplm4,siV3iXNPXcGJ6wgLAj0WaNYCUe8LRGCYaOl3iWt_1LISsgqS2B9EORw1GQoun6VV0RzA_YQERBvShX51fKyOtAv9BHISsEjo6kzqx4yzBtjf0Fn3cg&callback=google.LU[1].loadFeaturemap0 not found!
File C:\Users\*** ***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\QR9MDN9B\fficefurniture;sz=300x250;tile=1;dcopt=ist;plat=pc;klg=de;kt=K;kga=-1;kr=F;kw=salomon+freedom+chair;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;ord=3231356025376038[1].htm not found!
File C:\Users\*** ***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\AXKTXQSC\fficefurniture;sz=300x250;tile=1;dcopt=ist;plat=pc;klg=de;kt=K;kga=-1;kr=F;kw=salomon+freedom+chair;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;ord=4759700355426267[1].htm not found!
File C:\Users\*** ***\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Gruss
Rymer

cosinus · 28.06.2012, 09:20

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Rymer · 28.06.2012, 09:52

Code:

ATTFilter

10:42:59.0103 6128	TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
10:42:59.0165 6128	============================================================
10:42:59.0165 6128	Current date / time: 2012/06/28 10:42:59.0165
10:42:59.0165 6128	SystemInfo:
10:42:59.0165 6128	
10:42:59.0165 6128	OS Version: 6.1.7601 ServicePack: 1.0
10:42:59.0165 6128	Product type: Workstation
10:42:59.0165 6128	ComputerName: ***
10:42:59.0165 6128	UserName: *** ***
10:42:59.0165 6128	Windows directory: C:\Windows
10:42:59.0165 6128	System windows directory: C:\Windows
10:42:59.0165 6128	Running under WOW64
10:42:59.0165 6128	Processor architecture: Intel x64
10:42:59.0165 6128	Number of processors: 8
10:42:59.0165 6128	Page size: 0x1000
10:42:59.0165 6128	Boot type: Normal boot
10:42:59.0165 6128	============================================================
10:42:59.0649 6128	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:42:59.0649 6128	Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:42:59.0649 6128	Drive \Device\Harddisk2\DR2 - Size: 0x3E680000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:42:59.0649 6128	Drive \Device\Harddisk3\DR3 - Size: 0x1E7000000 (7.61 Gb), SectorSize: 0x200, Cylinders: 0xF47, SectorsPerTrack: 0x10, TracksPerCylinder: 0xFF, Type 'W'
10:42:59.0665 6128	============================================================
10:42:59.0665 6128	\Device\Harddisk0\DR0:
10:42:59.0665 6128	MBR partitions:
10:42:59.0665 6128	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:42:59.0665 6128	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x381CE800
10:42:59.0665 6128	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38232800, BlocksNum 0x211F800
10:42:59.0665 6128	\Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
10:42:59.0665 6128	\Device\Harddisk1\DR1:
10:42:59.0665 6128	MBR partitions:
10:42:59.0665 6128	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
10:42:59.0665 6128	\Device\Harddisk2\DR2:
10:42:59.0665 6128	MBR partitions:
10:42:59.0665 6128	\Device\Harddisk3\DR3:
10:42:59.0665 6128	MBR partitions:
10:42:59.0665 6128	\Device\Harddisk3\DR3\Partition0: MBR, Type 0xB, StartLBA 0x650, BlocksNum 0xF379B0
10:42:59.0665 6128	============================================================
10:42:59.0680 6128	C: <-> \Device\Harddisk0\DR0\Partition1
10:42:59.0680 6128	D: <-> \Device\Harddisk1\DR1\Partition0
10:42:59.0680 6128	E: <-> \Device\Harddisk0\DR0\Partition2
10:42:59.0711 6128	H: <-> \Device\Harddisk0\DR0\Partition3
10:42:59.0711 6128	J: <-> \Device\Harddisk3\DR3\Partition0
10:42:59.0711 6128	============================================================
10:42:59.0711 6128	Initialize success
10:42:59.0711 6128	============================================================
10:43:32.0113 3692	============================================================
10:43:32.0113 3692	Scan started
10:43:32.0113 3692	Mode: Manual; SigCheck; TDLFS; 
10:43:32.0113 3692	============================================================
10:43:32.0456 3692	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:43:32.0550 3692	1394ohci - ok
10:43:32.0581 3692	Accelerometer   (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
10:43:32.0596 3692	Accelerometer - ok
10:43:32.0628 3692	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:43:32.0643 3692	ACPI - ok
10:43:32.0659 3692	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:43:32.0737 3692	AcpiPmi - ok
10:43:32.0893 3692	AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:43:32.0924 3692	AdobeFlashPlayerUpdateSvc - ok
10:43:32.0986 3692	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:43:33.0002 3692	adp94xx - ok
10:43:33.0033 3692	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:43:33.0049 3692	adpahci - ok
10:43:33.0080 3692	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:43:33.0096 3692	adpu320 - ok
10:43:33.0127 3692	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:43:33.0174 3692	AeLookupSvc - ok
10:43:33.0267 3692	AESTFilters     (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
10:43:33.0314 3692	AESTFilters - ok
10:43:33.0392 3692	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:43:33.0439 3692	AFD - ok
10:43:33.0470 3692	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:43:33.0501 3692	agp440 - ok
10:43:33.0532 3692	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:43:33.0579 3692	ALG - ok
10:43:33.0595 3692	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:43:33.0610 3692	aliide - ok
10:43:33.0626 3692	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:43:33.0626 3692	amdide - ok
10:43:33.0657 3692	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:43:33.0704 3692	AmdK8 - ok
10:43:33.0735 3692	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:43:33.0766 3692	AmdPPM - ok
10:43:33.0813 3692	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:43:33.0829 3692	amdsata - ok
10:43:33.0860 3692	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:43:33.0891 3692	amdsbs - ok
10:43:33.0907 3692	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:43:33.0922 3692	amdxata - ok
10:43:34.0032 3692	AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:43:34.0047 3692	AntiVirSchedulerService - ok
10:43:34.0078 3692	AntiVirService  (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:43:34.0094 3692	AntiVirService - ok
10:43:34.0141 3692	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:43:34.0281 3692	AppID - ok
10:43:34.0312 3692	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:43:34.0375 3692	AppIDSvc - ok
10:43:34.0422 3692	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:43:34.0453 3692	Appinfo - ok
10:43:34.0468 3692	Application Updater - ok
10:43:34.0500 3692	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:43:34.0515 3692	arc - ok
10:43:34.0531 3692	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:43:34.0546 3692	arcsas - ok
10:43:34.0562 3692	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:43:34.0624 3692	AsyncMac - ok
10:43:34.0640 3692	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:43:34.0656 3692	atapi - ok
10:43:34.0734 3692	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:43:34.0812 3692	AudioEndpointBuilder - ok
10:43:34.0812 3692	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:43:34.0858 3692	AudioSrv - ok
10:43:34.0905 3692	AVerAF15        (7a122973b51661f189f157002ffaa5aa) C:\Windows\system32\Drivers\AVerAF15.sys
10:43:34.0921 3692	AVerAF15 ( UnsignedFile.Multi.Generic ) - warning
10:43:34.0921 3692	AVerAF15 - detected UnsignedFile.Multi.Generic (1)
10:43:34.0999 3692	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
10:43:35.0014 3692	avgntflt - ok
10:43:35.0046 3692	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
10:43:35.0077 3692	avipbb - ok
10:43:35.0092 3692	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
10:43:35.0108 3692	avkmgr - ok
10:43:35.0139 3692	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:43:35.0217 3692	AxInstSV - ok
10:43:35.0264 3692	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:43:35.0326 3692	b06bdrv - ok
10:43:35.0358 3692	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:43:35.0404 3692	b57nd60a - ok
10:43:35.0436 3692	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:43:35.0467 3692	BDESVC - ok
10:43:35.0482 3692	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:43:35.0545 3692	Beep - ok
10:43:35.0623 3692	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:43:35.0654 3692	BFE - ok
10:43:35.0748 3692	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:43:35.0810 3692	BITS - ok
10:43:35.0857 3692	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:43:35.0888 3692	blbdrive - ok
10:43:35.0919 3692	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:43:35.0966 3692	bowser - ok
10:43:35.0982 3692	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:43:36.0044 3692	BrFiltLo - ok
10:43:36.0060 3692	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:43:36.0075 3692	BrFiltUp - ok
10:43:36.0122 3692	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:43:36.0184 3692	Browser - ok
10:43:36.0231 3692	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:43:36.0278 3692	Brserid - ok
10:43:36.0294 3692	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:43:36.0340 3692	BrSerWdm - ok
10:43:36.0356 3692	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:43:36.0387 3692	BrUsbMdm - ok
10:43:36.0387 3692	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:43:36.0403 3692	BrUsbSer - ok
10:43:36.0450 3692	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
10:43:36.0481 3692	BthEnum - ok
10:43:36.0512 3692	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:43:36.0543 3692	BTHMODEM - ok
10:43:36.0559 3692	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
10:43:36.0606 3692	BthPan - ok
10:43:36.0668 3692	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
10:43:36.0699 3692	BTHPORT - ok
10:43:36.0730 3692	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:43:36.0762 3692	bthserv - ok
10:43:36.0777 3692	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
10:43:36.0808 3692	BTHUSB - ok
10:43:36.0840 3692	btwaudio        (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
10:43:36.0855 3692	btwaudio - ok
10:43:36.0871 3692	btwavdt         (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
10:43:36.0886 3692	btwavdt - ok
10:43:36.0980 3692	btwdins         (d65aa164acd0f6706dbcfbbcc9731584) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:43:37.0011 3692	btwdins - ok
10:43:37.0027 3692	btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
10:43:37.0027 3692	btwl2cap - ok
10:43:37.0042 3692	btwrchid        (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
10:43:37.0058 3692	btwrchid - ok
10:43:37.0074 3692	BVRPMPR5a64     (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
10:43:37.0074 3692	BVRPMPR5a64 - ok
10:43:37.0105 3692	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:43:37.0167 3692	cdfs - ok
10:43:37.0214 3692	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:43:37.0230 3692	cdrom - ok
10:43:37.0276 3692	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:43:37.0323 3692	CertPropSvc - ok
10:43:37.0339 3692	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:43:37.0370 3692	circlass - ok
10:43:37.0417 3692	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:43:37.0417 3692	CLFS - ok
10:43:37.0495 3692	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:43:37.0526 3692	clr_optimization_v2.0.50727_32 - ok
10:43:37.0557 3692	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:43:37.0588 3692	clr_optimization_v2.0.50727_64 - ok
10:43:37.0666 3692	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:43:37.0698 3692	clr_optimization_v4.0.30319_32 - ok
10:43:37.0729 3692	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:43:37.0744 3692	clr_optimization_v4.0.30319_64 - ok
10:43:37.0760 3692	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:43:37.0791 3692	CmBatt - ok
10:43:37.0822 3692	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:43:37.0838 3692	cmdide - ok
10:43:37.0900 3692	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:43:37.0932 3692	CNG - ok
10:43:37.0947 3692	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:43:37.0963 3692	Compbatt - ok
10:43:37.0978 3692	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:43:38.0010 3692	CompositeBus - ok
10:43:38.0025 3692	COMSysApp - ok
10:43:38.0041 3692	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:43:38.0056 3692	crcdisk - ok
10:43:38.0103 3692	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
10:43:38.0166 3692	CryptSvc - ok
10:43:38.0228 3692	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:43:38.0306 3692	DcomLaunch - ok
10:43:38.0337 3692	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:43:38.0384 3692	defragsvc - ok
10:43:38.0431 3692	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:43:38.0493 3692	DfsC - ok
10:43:38.0540 3692	dg_ssudbus      (6060106ce00f32f63f1a73160e46e9d2) C:\Windows\system32\DRIVERS\ssudbus.sys
10:43:38.0571 3692	dg_ssudbus - ok
10:43:38.0634 3692	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:43:38.0696 3692	Dhcp - ok
10:43:38.0712 3692	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:43:38.0758 3692	discache - ok
10:43:38.0790 3692	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:43:38.0805 3692	Disk - ok
10:43:38.0836 3692	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:43:38.0868 3692	Dnscache - ok
10:43:38.0930 3692	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:43:38.0992 3692	dot3svc - ok
10:43:39.0024 3692	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
10:43:39.0055 3692	Dot4 - ok
10:43:39.0086 3692	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
10:43:39.0117 3692	Dot4Print - ok
10:43:39.0133 3692	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
10:43:39.0148 3692	dot4usb - ok
10:43:39.0258 3692	DpHost          (ae403e7585303cb7e413ebf956bcb76e) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
10:43:39.0304 3692	DpHost ( UnsignedFile.Multi.Generic ) - warning
10:43:39.0304 3692	DpHost - detected UnsignedFile.Multi.Generic (1)
10:43:39.0351 3692	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:43:39.0398 3692	DPS - ok
10:43:39.0429 3692	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:43:39.0460 3692	drmkaud - ok
10:43:39.0476 3692	dsNcAdpt        (3eef0b3489edbf725564e17c77cabafd) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
10:43:39.0523 3692	dsNcAdpt - ok
10:43:39.0601 3692	dsNcService     (42c22c0d63da380807da2781c6c6d38a) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
10:43:39.0632 3692	dsNcService - ok
10:43:39.0710 3692	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:43:39.0757 3692	DXGKrnl - ok
10:43:39.0772 3692	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:43:39.0819 3692	EapHost - ok
10:43:40.0038 3692	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:43:40.0084 3692	ebdrv - ok
10:43:40.0178 3692	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:43:40.0256 3692	EFS - ok
10:43:40.0365 3692	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:43:40.0443 3692	ehRecvr - ok
10:43:40.0490 3692	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:43:40.0568 3692	ehSched - ok
10:43:40.0615 3692	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:43:40.0646 3692	elxstor - ok
10:43:40.0677 3692	enecir          (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
10:43:40.0708 3692	enecir - ok
10:43:40.0724 3692	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:43:40.0755 3692	ErrDev - ok
10:43:40.0818 3692	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:43:40.0880 3692	EventSystem - ok
10:43:40.0911 3692	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:43:40.0958 3692	exfat - ok
10:43:40.0958 3692	ezSharedSvc - ok
10:43:40.0989 3692	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:43:41.0036 3692	fastfat - ok
10:43:41.0114 3692	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:43:41.0161 3692	Fax - ok
10:43:41.0176 3692	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:43:41.0208 3692	fdc - ok
10:43:41.0208 3692	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:43:41.0254 3692	fdPHost - ok
10:43:41.0286 3692	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:43:41.0332 3692	FDResPub - ok
10:43:41.0348 3692	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:43:41.0364 3692	FileInfo - ok
10:43:41.0379 3692	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:43:41.0410 3692	Filetrace - ok
10:43:41.0566 3692	FLEXnet Licensing Service 64 (a4297244d4f817278a6ae45b1899ca9c) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
10:43:41.0613 3692	FLEXnet Licensing Service 64 - ok
10:43:41.0707 3692	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:43:41.0769 3692	flpydisk - ok
10:43:41.0816 3692	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:43:41.0847 3692	FltMgr - ok
10:43:41.0910 3692	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:43:41.0972 3692	FontCache - ok
10:43:42.0050 3692	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:43:42.0081 3692	FontCache3.0.0.0 - ok
10:43:42.0097 3692	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:43:42.0112 3692	FsDepends - ok
10:43:42.0144 3692	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:43:42.0159 3692	Fs_Rec - ok
10:43:42.0190 3692	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:43:42.0237 3692	fvevol - ok
10:43:42.0253 3692	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:43:42.0268 3692	gagp30kx - ok
10:43:42.0362 3692	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:43:42.0424 3692	gpsvc - ok
10:43:42.0502 3692	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:43:42.0534 3692	gupdate - ok
10:43:42.0565 3692	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:43:42.0565 3692	gupdatem - ok
10:43:42.0580 3692	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:43:42.0627 3692	hcw85cir - ok
10:43:42.0658 3692	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:43:42.0690 3692	HdAudAddService - ok
10:43:42.0721 3692	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:43:42.0752 3692	HDAudBus - ok
10:43:42.0768 3692	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:43:42.0783 3692	HidBatt - ok
10:43:42.0814 3692	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:43:42.0846 3692	HidBth - ok
10:43:42.0861 3692	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:43:42.0892 3692	HidIr - ok
10:43:42.0908 3692	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:43:42.0955 3692	hidserv - ok
10:43:42.0970 3692	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:43:42.0986 3692	HidUsb - ok
10:43:43.0017 3692	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:43:43.0064 3692	hkmsvc - ok
10:43:43.0111 3692	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:43:43.0158 3692	HomeGroupListener - ok
10:43:43.0189 3692	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:43:43.0204 3692	HomeGroupProvider - ok
10:43:43.0314 3692	HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
10:43:43.0345 3692	HP Support Assistant Service - ok
10:43:43.0376 3692	HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:43:43.0392 3692	HPDrvMntSvc.exe - ok
10:43:43.0407 3692	hpdskflt        (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
10:43:43.0423 3692	hpdskflt - ok
10:43:43.0516 3692	hpqcxs08        (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:43:43.0548 3692	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
10:43:43.0548 3692	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
10:43:43.0563 3692	hpqddsvc        (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:43:43.0594 3692	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
10:43:43.0594 3692	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
10:43:43.0610 3692	HpqKbFiltr      (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
10:43:43.0641 3692	HpqKbFiltr - ok
10:43:43.0719 3692	hpqwmiex        (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
10:43:43.0766 3692	hpqwmiex - ok
10:43:43.0797 3692	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:43:43.0813 3692	HpSAMD - ok
10:43:43.0875 3692	HPSLPSVC        (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
10:43:43.0891 3692	HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
10:43:43.0891 3692	HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
10:43:43.0922 3692	hpsrv           (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
10:43:43.0938 3692	hpsrv - ok
10:43:44.0000 3692	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:43:44.0062 3692	HTTP - ok
10:43:44.0094 3692	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:43:44.0109 3692	hwpolicy - ok
10:43:44.0140 3692	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:43:44.0156 3692	i8042prt - ok
10:43:44.0203 3692	iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
10:43:44.0250 3692	iaStor - ok
10:43:44.0281 3692	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:43:44.0296 3692	iaStorV - ok
10:43:44.0421 3692	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:43:44.0452 3692	idsvc - ok
10:43:44.0842 3692	igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:43:44.0920 3692	igfx - ok
10:43:45.0014 3692	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:43:45.0045 3692	iirsp - ok
10:43:45.0139 3692	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:43:45.0201 3692	IKEEXT - ok
10:43:45.0217 3692	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:43:45.0232 3692	intelide - ok
10:43:45.0264 3692	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:43:45.0279 3692	intelppm - ok
10:43:45.0310 3692	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:43:45.0342 3692	IPBusEnum - ok
10:43:45.0373 3692	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:43:45.0420 3692	IpFilterDriver - ok
10:43:45.0482 3692	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:43:45.0544 3692	iphlpsvc - ok
10:43:45.0576 3692	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:43:45.0591 3692	IPMIDRV - ok
10:43:45.0622 3692	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:43:45.0654 3692	IPNAT - ok
10:43:45.0669 3692	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:43:45.0747 3692	IRENUM - ok
10:43:45.0778 3692	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:43:45.0794 3692	isapnp - ok
10:43:45.0825 3692	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:43:45.0872 3692	iScsiPrt - ok
10:43:45.0888 3692	JMCR            (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys
10:43:45.0919 3692	JMCR - ok
10:43:45.0919 3692	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:43:45.0950 3692	kbdclass - ok
10:43:45.0966 3692	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:43:45.0997 3692	kbdhid - ok
10:43:46.0028 3692	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:43:46.0059 3692	KeyIso - ok
10:43:46.0075 3692	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:43:46.0106 3692	KSecDD - ok
10:43:46.0122 3692	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:43:46.0153 3692	KSecPkg - ok
10:43:46.0184 3692	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:43:46.0231 3692	ksthunk - ok
10:43:46.0262 3692	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:43:46.0324 3692	KtmRm - ok
10:43:46.0371 3692	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:43:46.0434 3692	LanmanServer - ok
10:43:46.0449 3692	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:43:46.0496 3692	LanmanWorkstation - ok
10:43:46.0574 3692	LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:43:46.0590 3692	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:43:46.0590 3692	LightScribeService - detected UnsignedFile.Multi.Generic (1)
10:43:46.0621 3692	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:43:46.0683 3692	lltdio - ok
10:43:46.0714 3692	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:43:46.0777 3692	lltdsvc - ok
10:43:46.0792 3692	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:43:46.0839 3692	lmhosts - ok
10:43:46.0870 3692	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:43:46.0902 3692	LSI_FC - ok
10:43:46.0902 3692	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:43:46.0933 3692	LSI_SAS - ok
10:43:46.0948 3692	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:43:46.0964 3692	LSI_SAS2 - ok
10:43:46.0980 3692	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:43:47.0011 3692	LSI_SCSI - ok
10:43:47.0042 3692	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:43:47.0104 3692	luafv - ok
10:43:47.0136 3692	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:43:47.0167 3692	Mcx2Svc - ok
10:43:47.0198 3692	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:43:47.0214 3692	megasas - ok
10:43:47.0245 3692	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:43:47.0276 3692	MegaSR - ok
10:43:47.0307 3692	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:43:47.0370 3692	MMCSS - ok
10:43:47.0385 3692	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:43:47.0432 3692	Modem - ok
10:43:47.0448 3692	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:43:47.0479 3692	monitor - ok
10:43:47.0510 3692	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:43:47.0526 3692	mouclass - ok
10:43:47.0541 3692	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:43:47.0572 3692	mouhid - ok
10:43:47.0619 3692	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:43:47.0635 3692	mountmgr - ok
10:43:47.0666 3692	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:43:47.0697 3692	mpio - ok
10:43:47.0713 3692	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:43:47.0760 3692	mpsdrv - ok
10:43:47.0838 3692	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:43:47.0900 3692	MpsSvc - ok
10:43:47.0947 3692	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:43:47.0978 3692	MRxDAV - ok
10:43:48.0009 3692	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:43:48.0056 3692	mrxsmb - ok
10:43:48.0087 3692	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:43:48.0134 3692	mrxsmb10 - ok
10:43:48.0150 3692	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:43:48.0181 3692	mrxsmb20 - ok
10:43:48.0196 3692	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:43:48.0228 3692	msahci - ok
10:43:48.0259 3692	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:43:48.0290 3692	msdsm - ok
10:43:48.0321 3692	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:43:48.0352 3692	MSDTC - ok
10:43:48.0399 3692	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:43:48.0446 3692	Msfs - ok
10:43:48.0446 3692	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:43:48.0508 3692	mshidkmdf - ok
10:43:48.0508 3692	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:43:48.0524 3692	msisadrv - ok
10:43:48.0555 3692	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:43:48.0618 3692	MSiSCSI - ok
10:43:48.0618 3692	msiserver - ok
10:43:48.0633 3692	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:43:48.0696 3692	MSKSSRV - ok
10:43:48.0711 3692	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:43:48.0774 3692	MSPCLOCK - ok
10:43:48.0789 3692	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:43:48.0852 3692	MSPQM - ok
10:43:48.0898 3692	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:43:48.0930 3692	MsRPC - ok
10:43:48.0961 3692	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:43:48.0976 3692	mssmbios - ok
10:43:49.0008 3692	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:43:49.0070 3692	MSTEE - ok
10:43:49.0086 3692	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:43:49.0101 3692	MTConfig - ok
10:43:49.0117 3692	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:43:49.0148 3692	Mup - ok
10:43:49.0195 3692	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:43:49.0257 3692	napagent - ok
10:43:49.0288 3692	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:43:49.0335 3692	NativeWifiP - ok
10:43:49.0429 3692	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:43:49.0476 3692	NDIS - ok
10:43:49.0476 3692	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:43:49.0538 3692	NdisCap - ok
10:43:49.0554 3692	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:43:49.0600 3692	NdisTapi - ok
10:43:49.0632 3692	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:43:49.0694 3692	Ndisuio - ok
10:43:49.0741 3692	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:43:49.0803 3692	NdisWan - ok
10:43:49.0819 3692	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:43:49.0881 3692	NDProxy - ok
10:43:49.0912 3692	Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
10:43:49.0928 3692	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:43:49.0928 3692	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:43:49.0959 3692	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:43:50.0037 3692	NetBIOS - ok
10:43:50.0084 3692	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:43:50.0131 3692	NetBT - ok
10:43:50.0146 3692	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:43:50.0178 3692	Netlogon - ok
10:43:50.0224 3692	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:43:50.0287 3692	Netman - ok
10:43:50.0318 3692	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:43:50.0396 3692	netprofm - ok
10:43:50.0474 3692	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:43:50.0505 3692	NetTcpPortSharing - ok
10:43:50.0989 3692	NETw5s64        (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
10:43:51.0129 3692	NETw5s64 - ok
10:43:51.0566 3692	netw5v64        (d68de412a3243f8d57ddb814aa509813) C:\Windows\system32\DRIVERS\netw5v64.sys
10:43:51.0753 3692	netw5v64 - ok
10:43:51.0831 3692	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:43:51.0862 3692	nfrd960 - ok
10:43:51.0909 3692	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:43:51.0972 3692	NlaSvc - ok
10:43:51.0987 3692	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:43:52.0034 3692	Npfs - ok
10:43:52.0065 3692	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:43:52.0128 3692	nsi - ok
10:43:52.0143 3692	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:43:52.0190 3692	nsiproxy - ok
10:43:52.0299 3692	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:43:52.0346 3692	Ntfs - ok
10:43:52.0440 3692	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:43:52.0486 3692	Null - ok
10:43:52.0518 3692	NVHDA           (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
10:43:52.0549 3692	NVHDA - ok
10:43:53.0266 3692	nvlddmkm        (e63279a205da5c225369770e400904a8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:43:53.0469 3692	nvlddmkm - ok
10:43:53.0610 3692	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:43:53.0656 3692	nvraid - ok
10:43:53.0688 3692	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:43:53.0719 3692	nvstor - ok
10:43:53.0750 3692	nvsvc           (9544962d1192469ddce055873f4904c0) C:\Windows\system32\nvvsvc.exe
10:43:53.0781 3692	nvsvc - ok
10:43:53.0797 3692	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:43:53.0828 3692	nv_agp - ok
10:43:53.0953 3692	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:43:54.0000 3692	odserv - ok
10:43:54.0015 3692	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:43:54.0062 3692	ohci1394 - ok
10:43:54.0078 3692	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:43:54.0109 3692	ose - ok
10:43:54.0468 3692	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:43:54.0639 3692	osppsvc - ok
10:43:54.0764 3692	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:43:54.0826 3692	p2pimsvc - ok
10:43:54.0873 3692	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:43:54.0904 3692	p2psvc - ok
10:43:54.0951 3692	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:43:54.0998 3692	Parport - ok
10:43:55.0029 3692	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:43:55.0060 3692	partmgr - ok
10:43:55.0076 3692	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:43:55.0138 3692	PcaSvc - ok
10:43:55.0170 3692	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:43:55.0201 3692	pci - ok
10:43:55.0216 3692	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:43:55.0248 3692	pciide - ok
10:43:55.0279 3692	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:43:55.0326 3692	pcmcia - ok
10:43:55.0341 3692	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:43:55.0372 3692	pcw - ok
10:43:55.0404 3692	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:43:55.0482 3692	PEAUTH - ok
10:43:55.0560 3692	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:43:55.0591 3692	PerfHost - ok
10:43:55.0716 3692	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:43:55.0809 3692	pla - ok
10:43:55.0856 3692	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:43:55.0918 3692	PlugPlay - ok
10:43:55.0950 3692	Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
10:43:55.0965 3692	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:43:55.0965 3692	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:43:55.0996 3692	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:43:56.0028 3692	PNRPAutoReg - ok
10:43:56.0059 3692	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:43:56.0090 3692	PNRPsvc - ok
10:43:56.0137 3692	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:43:56.0215 3692	PolicyAgent - ok
10:43:56.0246 3692	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:43:56.0308 3692	Power - ok
10:43:56.0355 3692	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:43:56.0418 3692	PptpMiniport - ok
10:43:56.0449 3692	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:43:56.0480 3692	Processor - ok
10:43:56.0527 3692	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
10:43:56.0589 3692	ProfSvc - ok
10:43:56.0605 3692	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:43:56.0636 3692	ProtectedStorage - ok
10:43:56.0667 3692	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:43:56.0745 3692	Psched - ok
10:43:56.0854 3692	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:43:56.0932 3692	ql2300 - ok
10:43:57.0010 3692	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:43:57.0042 3692	ql40xx - ok
10:43:57.0088 3692	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:43:57.0135 3692	QWAVE - ok
10:43:57.0151 3692	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:43:57.0213 3692	QWAVEdrv - ok
10:43:57.0260 3692	RapiMgr         (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
10:43:57.0276 3692	RapiMgr - ok
10:43:57.0291 3692	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:43:57.0354 3692	RasAcd - ok
10:43:57.0369 3692	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:43:57.0432 3692	RasAgileVpn - ok
10:43:57.0447 3692	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:43:57.0510 3692	RasAuto - ok
10:43:57.0541 3692	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:43:57.0603 3692	Rasl2tp - ok
10:43:57.0650 3692	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:43:57.0712 3692	RasMan - ok
10:43:57.0728 3692	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:43:57.0775 3692	RasPppoe - ok
10:43:57.0790 3692	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:43:57.0868 3692	RasSstp - ok
10:43:57.0915 3692	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:43:57.0978 3692	rdbss - ok
10:43:57.0993 3692	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:43:58.0024 3692	rdpbus - ok
10:43:58.0040 3692	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:43:58.0102 3692	RDPCDD - ok
10:43:58.0118 3692	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:43:58.0180 3692	RDPENCDD - ok
10:43:58.0180 3692	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:43:58.0243 3692	RDPREFMP - ok
10:43:58.0290 3692	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:43:58.0336 3692	RDPWD - ok
10:43:58.0383 3692	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:43:58.0430 3692	rdyboost - ok
10:43:58.0461 3692	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:43:58.0539 3692	RemoteAccess - ok
10:43:58.0555 3692	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:43:58.0617 3692	RemoteRegistry - ok
10:43:58.0648 3692	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
10:43:58.0695 3692	RFCOMM - ok
10:43:59.0007 3692	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:43:59.0085 3692	RpcEptMapper - ok
10:43:59.0116 3692	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:43:59.0148 3692	RpcLocator - ok
10:43:59.0210 3692	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:43:59.0257 3692	RpcSs - ok
10:43:59.0288 3692	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:43:59.0350 3692	rspndr - ok
10:43:59.0382 3692	RTL8167         (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:43:59.0413 3692	RTL8167 - ok
10:43:59.0444 3692	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:43:59.0475 3692	SamSs - ok
10:43:59.0506 3692	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:43:59.0522 3692	sbp2port - ok
10:43:59.0553 3692	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:43:59.0616 3692	SCardSvr - ok
10:43:59.0647 3692	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:43:59.0709 3692	scfilter - ok
10:43:59.0787 3692	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:43:59.0865 3692	Schedule - ok
10:43:59.0912 3692	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:43:59.0959 3692	SCPolicySvc - ok
10:43:59.0974 3692	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
10:44:00.0021 3692	sdbus - ok
10:44:00.0037 3692	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:44:00.0084 3692	SDRSVC - ok
10:44:00.0115 3692	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:44:00.0162 3692	secdrv - ok
10:44:00.0193 3692	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:44:00.0255 3692	seclogon - ok
10:44:00.0271 3692	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:44:00.0349 3692	SENS - ok
10:44:00.0349 3692	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:44:00.0396 3692	SensrSvc - ok
10:44:00.0427 3692	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:44:00.0458 3692	Serenum - ok
10:44:00.0474 3692	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:44:00.0505 3692	Serial - ok
10:44:00.0520 3692	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:44:00.0567 3692	sermouse - ok
10:44:00.0614 3692	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:44:00.0676 3692	SessionEnv - ok
10:44:00.0692 3692	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:44:00.0723 3692	sffdisk - ok
10:44:00.0739 3692	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:44:00.0754 3692	sffp_mmc - ok
10:44:00.0770 3692	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:44:00.0817 3692	sffp_sd - ok
10:44:00.0832 3692	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:44:00.0879 3692	sfloppy - ok
10:44:00.0926 3692	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:44:01.0020 3692	SharedAccess - ok
10:44:01.0066 3692	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:44:01.0129 3692	ShellHWDetection - ok
10:44:01.0144 3692	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:44:01.0160 3692	SiSRaid2 - ok
10:44:01.0176 3692	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:44:01.0207 3692	SiSRaid4 - ok
10:44:01.0285 3692	SkypeUpdate     (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
10:44:01.0300 3692	SkypeUpdate - ok
10:44:01.0332 3692	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:44:01.0378 3692	Smb - ok
10:44:01.0410 3692	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:44:01.0456 3692	SNMPTRAP - ok
10:44:01.0472 3692	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:44:01.0488 3692	spldr - ok
10:44:01.0534 3692	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:44:01.0581 3692	Spooler - ok
10:44:01.0815 3692	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:44:01.0971 3692	sppsvc - ok
10:44:02.0065 3692	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:44:02.0143 3692	sppuinotify - ok
10:44:02.0236 3692	sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
10:44:02.0283 3692	sptd - ok
10:44:02.0330 3692	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:44:02.0361 3692	srv - ok
10:44:02.0408 3692	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:44:02.0455 3692	srv2 - ok
10:44:02.0517 3692	SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:44:02.0548 3692	SrvHsfHDA - ok
10:44:02.0658 3692	SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:44:02.0720 3692	SrvHsfV92 - ok
10:44:02.0860 3692	SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:44:02.0907 3692	SrvHsfWinac - ok
10:44:02.0938 3692	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:44:02.0970 3692	srvnet - ok
10:44:03.0016 3692	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:44:03.0079 3692	SSDPSRV - ok
10:44:03.0110 3692	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:44:03.0141 3692	SstpSvc - ok
10:44:03.0188 3692	ssudmdm         (855335bf5792e56164f98c012e3d92dd) C:\Windows\system32\DRIVERS\ssudmdm.sys
10:44:03.0235 3692	ssudmdm - ok
10:44:03.0328 3692	STacSV          (810199dcc3bdc38304d7d649992ea7bc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
10:44:03.0360 3692	STacSV - ok
10:44:03.0375 3692	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:44:03.0406 3692	stexstor - ok
10:44:03.0469 3692	STHDA           (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
10:44:03.0516 3692	STHDA - ok
10:44:03.0531 3692	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
10:44:03.0547 3692	StillCam - ok
10:44:03.0625 3692	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:44:03.0687 3692	stisvc - ok
10:44:03.0703 3692	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:44:03.0718 3692	swenum - ok
10:44:03.0781 3692	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:44:03.0874 3692	swprv - ok
10:44:03.0921 3692	SynTP           (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
10:44:03.0921 3692	SynTP - ok
10:44:04.0062 3692	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:44:04.0140 3692	SysMain - ok
10:44:04.0249 3692	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:44:04.0311 3692	TabletInputService - ok
10:44:04.0358 3692	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:44:04.0436 3692	TapiSrv - ok
10:44:04.0467 3692	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:44:04.0498 3692	TBS - ok
10:44:04.0670 3692	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:44:04.0748 3692	Tcpip - ok
10:44:04.0920 3692	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:44:04.0935 3692	TCPIP6 - ok
10:44:05.0013 3692	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:44:05.0076 3692	tcpipreg - ok
10:44:05.0091 3692	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:44:05.0122 3692	TDPIPE - ok
10:44:05.0154 3692	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:44:05.0169 3692	TDTCP - ok
10:44:05.0216 3692	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:44:05.0263 3692	tdx - ok
10:44:05.0278 3692	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:44:05.0294 3692	TermDD - ok
10:44:05.0341 3692	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:44:05.0419 3692	TermService - ok
10:44:05.0434 3692	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:44:05.0450 3692	Themes - ok
10:44:05.0481 3692	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:44:05.0512 3692	THREADORDER - ok
10:44:05.0528 3692	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:44:05.0575 3692	TrkWks - ok
10:44:05.0637 3692	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:44:05.0700 3692	TrustedInstaller - ok
10:44:05.0746 3692	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:44:05.0778 3692	tssecsrv - ok
10:44:05.0824 3692	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:44:05.0856 3692	TsUsbFlt - ok
10:44:05.0902 3692	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:44:05.0965 3692	tunnel - ok
10:44:06.0074 3692	TVCapSvc        (3048a48d730c2c905897a0a25ae8822d) c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
10:44:06.0090 3692	TVCapSvc - ok
10:44:06.0121 3692	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:44:06.0136 3692	uagp35 - ok
10:44:06.0183 3692	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:44:06.0261 3692	udfs - ok
10:44:06.0292 3692	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:44:06.0308 3692	UI0Detect - ok
10:44:06.0324 3692	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:44:06.0339 3692	uliagpkx - ok
10:44:06.0355 3692	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:44:06.0370 3692	umbus - ok
10:44:06.0402 3692	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:44:06.0433 3692	UmPass - ok
10:44:06.0480 3692	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:44:06.0558 3692	upnphost - ok
10:44:06.0589 3692	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:44:06.0620 3692	usbccgp - ok
10:44:06.0636 3692	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:44:06.0651 3692	usbcir - ok
10:44:06.0667 3692	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:44:06.0714 3692	usbehci - ok
10:44:06.0745 3692	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:44:06.0792 3692	usbhub - ok
10:44:06.0807 3692	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:44:06.0823 3692	usbohci - ok
10:44:06.0854 3692	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:44:06.0885 3692	usbprint - ok
10:44:06.0916 3692	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:44:06.0963 3692	usbscan - ok
10:44:06.0979 3692	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:44:07.0026 3692	USBSTOR - ok
10:44:07.0041 3692	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:44:07.0057 3692	usbuhci - ok
10:44:07.0088 3692	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:44:07.0135 3692	usbvideo - ok
10:44:07.0150 3692	usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
10:44:07.0197 3692	usb_rndisx - ok
10:44:07.0213 3692	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:44:07.0260 3692	UxSms - ok
10:44:07.0291 3692	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:44:07.0306 3692	VaultSvc - ok
10:44:07.0447 3692	vcsFPService    (fb9d2a2c10f2c1e392f2a491e82823d7) C:\Windows\system32\vcsFPService.exe
10:44:07.0494 3692	vcsFPService - ok
10:44:07.0587 3692	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:44:07.0618 3692	vdrvroot - ok
10:44:07.0681 3692	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:44:07.0743 3692	vds - ok
10:44:07.0774 3692	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:44:07.0790 3692	vga - ok
10:44:07.0790 3692	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:44:07.0821 3692	VgaSave - ok
10:44:07.0837 3692	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:44:07.0852 3692	vhdmp - ok
10:44:07.0868 3692	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:44:07.0884 3692	viaide - ok
10:44:07.0899 3692	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:44:07.0899 3692	volmgr - ok
10:44:07.0977 3692	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:44:08.0024 3692	volmgrx - ok
10:44:08.0055 3692	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:44:08.0071 3692	volsnap - ok
10:44:08.0102 3692	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:44:08.0102 3692	vsmraid - ok
10:44:08.0227 3692	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:44:08.0305 3692	VSS - ok
10:44:08.0383 3692	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:44:08.0430 3692	vwifibus - ok
10:44:08.0445 3692	VWiFiFlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:44:08.0492 3692	VWiFiFlt - ok
10:44:08.0523 3692	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:44:08.0554 3692	vwifimp - ok
10:44:08.0586 3692	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:44:08.0664 3692	W32Time - ok
10:44:08.0695 3692	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:44:08.0710 3692	WacomPen - ok
10:44:08.0742 3692	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:44:08.0804 3692	WANARP - ok
10:44:08.0804 3692	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:44:08.0835 3692	Wanarpv6 - ok
10:44:08.0944 3692	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:44:08.0991 3692	WatAdminSvc - ok
10:44:09.0116 3692	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:44:09.0210 3692	wbengine - ok
10:44:09.0303 3692	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:44:09.0334 3692	WbioSrvc - ok
10:44:09.0412 3692	WcesComm        (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
10:44:09.0444 3692	WcesComm - ok
10:44:09.0506 3692	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:44:09.0568 3692	wcncsvc - ok
10:44:09.0584 3692	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:44:09.0631 3692	WcsPlugInService - ok
10:44:09.0662 3692	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:44:09.0693 3692	Wd - ok
10:44:09.0756 3692	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:44:09.0802 3692	Wdf01000 - ok
10:44:09.0818 3692	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:44:09.0912 3692	WdiServiceHost - ok
10:44:09.0912 3692	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:44:09.0927 3692	WdiSystemHost - ok
10:44:09.0958 3692	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:44:10.0005 3692	WebClient - ok
10:44:10.0036 3692	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:44:10.0083 3692	Wecsvc - ok
10:44:10.0099 3692	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:44:10.0161 3692	wercplsupport - ok
10:44:10.0177 3692	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:44:10.0224 3692	WerSvc - ok
10:44:10.0270 3692	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:44:10.0302 3692	WfpLwf - ok
10:44:10.0317 3692	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:44:10.0317 3692	WIMMount - ok
10:44:10.0348 3692	WinDefend - ok
10:44:10.0348 3692	WinHttpAutoProxySvc - ok
10:44:10.0426 3692	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:44:10.0489 3692	Winmgmt - ok
10:44:10.0645 3692	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:44:10.0754 3692	WinRM - ok
10:44:10.0879 3692	WinUSB          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
10:44:10.0910 3692	WinUSB - ok
10:44:10.0988 3692	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:44:11.0050 3692	Wlansvc - ok
10:44:11.0082 3692	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:44:11.0113 3692	WmiAcpi - ok
10:44:11.0191 3692	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:44:11.0238 3692	wmiApSrv - ok
10:44:11.0269 3692	WMPNetworkSvc - ok
10:44:11.0300 3692	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:44:11.0331 3692	WPCSvc - ok
10:44:11.0378 3692	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:44:11.0409 3692	WPDBusEnum - ok
10:44:11.0440 3692	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:44:11.0472 3692	ws2ifsl - ok
10:44:11.0487 3692	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:44:11.0503 3692	wscsvc - ok
10:44:11.0503 3692	WSearch - ok
10:44:11.0690 3692	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:44:11.0768 3692	wuauserv - ok
10:44:11.0877 3692	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:44:11.0940 3692	WudfPf - ok
10:44:11.0955 3692	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:44:11.0986 3692	WUDFRd - ok
10:44:12.0018 3692	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:44:12.0049 3692	wudfsvc - ok
10:44:12.0064 3692	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:44:12.0096 3692	WwanSvc - ok
10:44:12.0142 3692	yukonw7         (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
10:44:12.0205 3692	yukonw7 - ok
10:44:12.0283 3692	{55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
10:44:12.0298 3692	{55662437-DA8C-40c0-AADA-2C816A897A49} - ok
10:44:12.0345 3692	MBR (0x1B8)     (64ea83af647a08ae218cf8c3a645dd23) \Device\Harddisk0\DR0
10:44:12.0673 3692	\Device\Harddisk0\DR0 - ok
10:44:12.0673 3692	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
10:44:13.0141 3692	\Device\Harddisk1\DR1 - ok
10:44:13.0141 3692	MBR (0x1B8)     (6159147feee061810823891f9f20dc90) \Device\Harddisk2\DR2
10:44:15.0169 3692	\Device\Harddisk2\DR2 - ok
10:44:15.0184 3692	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
10:44:18.0772 3692	\Device\Harddisk3\DR3 - ok
10:44:18.0772 3692	Boot (0x1200)   (26f14a2b8b65ff36869b2081a96dffaf) \Device\Harddisk0\DR0\Partition0
10:44:18.0772 3692	\Device\Harddisk0\DR0\Partition0 - ok
10:44:18.0788 3692	Boot (0x1200)   (ec3ac3bb5afb4142d7fe43a5301bb4b4) \Device\Harddisk0\DR0\Partition1
10:44:18.0804 3692	\Device\Harddisk0\DR0\Partition1 - ok
10:44:18.0835 3692	Boot (0x1200)   (754a279aba00e2e38329a4584cba9293) \Device\Harddisk0\DR0\Partition2
10:44:18.0835 3692	\Device\Harddisk0\DR0\Partition2 - ok
10:44:18.0850 3692	Boot (0x1200)   (82588838ca9bba12185b65d4c914a2a6) \Device\Harddisk0\DR0\Partition3
10:44:18.0850 3692	\Device\Harddisk0\DR0\Partition3 - ok
10:44:18.0850 3692	Boot (0x1200)   (6678ba69ebfe7a96d8e913dcc97fbc65) \Device\Harddisk1\DR1\Partition0
10:44:18.0850 3692	\Device\Harddisk1\DR1\Partition0 - ok
10:44:18.0866 3692	Boot (0x1200)   (2432e74c136230ef92463b009ea76545) \Device\Harddisk3\DR3\Partition0
10:44:18.0866 3692	\Device\Harddisk3\DR3\Partition0 - ok
10:44:18.0866 3692	============================================================
10:44:18.0866 3692	Scan finished
10:44:18.0866 3692	============================================================
10:44:18.0882 0704	Detected object count: 8
10:44:18.0882 0704	Actual detected object count: 8
10:45:23.0825 0704	AVerAF15 ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:23.0825 0704	AVerAF15 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:23.0825 0704	DpHost ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:23.0825 0704	DpHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:23.0825 0704	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:23.0825 0704	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:23.0825 0704	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:23.0825 0704	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:23.0840 0704	HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:23.0840 0704	HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:23.0840 0704	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:23.0840 0704	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:23.0840 0704	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:23.0840 0704	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:45:23.0840 0704	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:45:23.0840 0704	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Gruss
Rymer

25.06.2012, 08:43	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner entdeckt: Sperrmeldung erhalten Code: ATTFilter C:\Users\* \Downloads\Adobe Acrobat Professional 8.10\PDF_Writer.exe Du hast ein Acrobat Pro? Aus welcher Quelle? __________________ Logfiles bitte immer in CODE-Tags posten*

26.06.2012, 14:13	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner entdeckt: Sperrmeldung erhalten Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner entdeckt: Sperrmeldung erhalten

Plagegeister aller Art und deren Bekämpfung: Trojaner entdeckt: Sperrmeldung erhalten