loadtbs - unbekanntes programm und firefox-erweiterung

STH1983 · 06.07.2012, 21:54

Hallo,

ich habe auf meinem notebook das programm "loadtbs" gefunden, ohne herstellerangabe. ebenso ein gleichnamiges firefox-addon. beides ließ sich entfernen. danach habe ich allerdings nochmal weiter gegoogelt und habe ein paar hinweise gefunden, dass loadtbs auch ein trojaner oder ähnliches sein könnte.
hier wurde das thema auch schonmal behandelt: http://www.trojaner-board.de/113104-...-programm.html

bitte um infos zum weiteren vorgehen.

danke!!

cosinus · 11.07.2012, 16:18

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

STH1983 · 11.07.2012, 18:34

Danke für die Antwort.
Habe beide Tools schon kurz nach meiner Frage laufen lassen, um zu sehen ob sie anschlagen. Haben sie nicht. Ist also alles ok?
Hier die Logs:

Malwarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.06.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
SH :: SH-VAIO [Administrator]

Schutz: Aktiviert

07.07.2012 00:15:30
mbam-log-2012-07-07 (00-15-30).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 442934
Laufzeit: 1 Stunde(n), 4 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c2ddc88c321d344dbc86e6e40c9ade31
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-07 04:01:28
# local_time=2012-07-07 06:01:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 587050 587050 0 0
# compatibility_mode=5893 16776574 100 94 22665012 93256788 0 0
# compatibility_mode=8192 67108863 100 0 23178 23178 0 0
# scanned=242835
# found=0
# cleaned=0
# scan_time=6750

cosinus · 12.07.2012, 09:52

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

STH1983 · 12.07.2012, 12:05

Danke! Hier das Log:

Code:

ATTFilter

# AdwCleaner v1.701 - Logfile created 07/12/2012 at 12:54:21
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : XX - XX-XXXX
# Running from : C:\Users\XX\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\XX\AppData\Roaming\Mozilla\Firefox\Profiles\gjci9y9t.default\prefs.js

[OK] File is clean.

-\\ Opera v12.0.1467.0

File : C:\Users\XX\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [810 octets] - [12/07/2012 12:54:21]

########## EOF - C:\AdwCleaner[R1].txt - [937 octets] ##########

cosinus · 12.07.2012, 14:42

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

STH1983 · 13.07.2012, 11:57

Hier ist das Log:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 12.07.2012 18:18:25 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\XX\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,92 Gb Total Physical Memory | 5,95 Gb Available Physical Memory | 75,19% Memory free
15,83 Gb Paging File | 13,26 Gb Available in Paging File | 83,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 225,10 Gb Total Space | 73,25 Gb Free Space | 32,54% Space Free | Partition Type: NTFS
Drive Z: | 225,10 Gb Total Space | 73,25 Gb Free Space | 32,54% Space Free | Partition Type: FAT32
 
Computer Name: XX-VAIO | User Name: XX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.12 18:15:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\XX\Downloads\OTL.exe
PRC - [2012.07.02 17:42:16 | 000,296,672 | ---- | M] (Microsoft Corporation) -- C:\Users\XX\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2012.07.01 02:40:09 | 001,749,224 | ---- | M] (Klipfolio Inc.) -- C:\Program Files (x86)\Klipfolio\Klipfolio.exe
PRC - [2012.06.30 09:03:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.06.30 09:02:51 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.06.30 09:02:48 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.06.30 09:02:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.06.30 09:02:46 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.06.30 09:02:46 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.22 16:40:04 | 001,288,264 | ---- | M] (Secomba GmbH) -- C:\Program Files (x86)\BoxCryptor\BoxCryptor.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.14 17:14:24 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.11.14 17:14:20 | 001,355,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.11.14 17:13:58 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011.11.14 17:13:52 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.06.13 09:49:14 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011.06.13 09:49:14 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011.05.18 17:36:24 | 000,075,912 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
PRC - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.03.29 08:48:14 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.03.29 08:47:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.03.09 12:40:12 | 000,342,984 | ---- | M] () -- C:\Program Files (x86)\OneClickInternet\WTGService.exe
PRC - [2011.03.04 10:46:50 | 000,318,464 | ---- | M] (HUAWEI Technologies Co., Ltd.) -- C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe
PRC - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe
PRC - [2011.01.29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2010.11.22 14:31:50 | 000,142,216 | ---- | M] () -- C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.02 12:19:57 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
MOD - [2012.06.30 20:04:06 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012.06.30 20:03:58 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll
MOD - [2012.06.30 20:03:57 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012.06.30 20:03:52 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012.06.30 20:03:51 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012.06.30 20:03:48 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012.06.30 20:03:42 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012.06.30 20:00:49 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.12 14:30:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 11:25:01 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012.07.03 11:23:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.06.30 09:03:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.06.30 09:02:51 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.06.30 09:02:48 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.06.30 09:02:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.06.30 09:02:46 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.01.13 12:22:24 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
SRV - [2012.01.13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2012.01.12 14:15:08 | 000,960,152 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2012.01.04 12:27:32 | 001,526,032 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012.01.04 12:14:38 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012.01.04 12:13:06 | 000,844,560 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011.12.12 03:40:36 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011.12.07 08:38:10 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011.11.14 17:14:24 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.11.14 17:14:20 | 001,355,840 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.11.14 17:13:58 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.06.13 09:49:14 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011.06.10 22:46:11 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV - [2011.05.18 17:36:24 | 000,075,912 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe -- (ActiveDelayDeviceService)
SRV - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.04.28 13:17:10 | 000,552,584 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2011.04.26 04:25:04 | 000,294,216 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Programme\TrueSuite\TrueSuite.Service.exe -- (FPLService)
SRV - [2011.03.29 08:48:14 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.03.29 08:47:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011.03.09 12:40:12 | 000,342,984 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OneClickInternet\WTGService.exe -- (WTGService)
SRV - [2011.03.04 10:46:50 | 000,318,464 | ---- | M] (HUAWEI Technologies Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe -- (GobiQDLService)
SRV - [2011.03.02 17:03:14 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2010.11.22 14:31:50 | 000,142,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe -- (Securepoint VPN)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.24 05:05:12 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2010.02.24 05:05:02 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.eu/vaioportal
IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data]
IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com [binary data]
IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.eu/vaioportal
IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\..\SearchScopes\{11A0E6F5-192B-4A8F-99D9-7F9BB6F78464}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\..\SearchScopes\{32413EC1-E16A-4117-B15D-22DB32122600}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\..\SearchScopes\{9E8F200A-E11C-49F7-B527-2E9813108658}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-21/4?satitle={searchTerms}
IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.30 09:00:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.29 14:09:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.06.30 09:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XX\AppData\Roaming\mozilla\Extensions
[2012.07.06 21:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XX\AppData\Roaming\mozilla\Firefox\Profiles\gjci9y9t.default\extensions
[2012.07.12 12:49:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.03 00:18:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.12 12:49:38 | 000,000,000 | ---D | M] (TrueSuite Website Log On) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon_toolbar@truesuite.com
[2012.07.02 10:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\webstore@truesuite.com
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\TrueSuite\x86\TrueSuite.IEBHO.dll (AuthenTec Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [VAIO Boot Manager] C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe (Sony Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3709107807-748031628-3402409794-1000..\Run: [Klipfolio] C:\Program Files (x86)\Klipfolio\Klipfolio.exe (Klipfolio Inc.)
O4 - HKU\S-1-5-21-3709107807-748031628-3402409794-1000..\Run: [SkyDrive] C:\Users\XX\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoxCryptor.lnk = C:\Program Files (x86)\BoxCryptor\BoxCryptor.exe (Secomba GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93188D7E-3597-4D3E-89DB-B9C7EF547B6F}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE867034-C7C9-45D1-B058-F13B69BBBFD9}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe_ID0ENQBO - hkey= - key= - C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BDRegion - hkey= - key= - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
MsConfig:64bit - StartUpReg: ClientAppLogon32 - hkey= - key= - C:\Programme\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)
MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: IntelPAN - hkey= - key= - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
MsConfig:64bit - StartUpReg: ISBMgr.exe - hkey= - key= - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
MsConfig:64bit - StartUpReg: RtHDVBg - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\XX\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CAD22CA4-4821-6193-A620-FEEE43C577A7} - Themes Setup
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.06 21:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.06 21:26:14 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Malwarebytes
[2012.07.06 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.06 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.06 21:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.05 19:33:08 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Windows Live
[2012.07.05 19:32:46 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\{7034B23C-5376-4172-B220-EFE40173EA06}
[2012.07.03 14:40:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.07.03 12:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012.07.03 11:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012.07.03 11:27:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.07.03 11:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012.07.03 11:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2012.07.03 11:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS4
[2012.07.03 11:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012.07.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tor Browser
[2012.07.03 00:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.07.03 00:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.07.03 00:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012.07.03 00:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.07.03 00:04:28 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.07.03 00:03:06 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.07.02 17:53:29 | 000,000,000 | R--D | C] -- C:\Users\XX\SkyDrive
[2012.07.02 17:42:24 | 000,000,000 | R--D | C] -- C:\Users\XX\fuerSkyDrive
[2012.07.02 17:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012.07.02 16:07:46 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.07.02 16:07:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012.07.02 16:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared
[2012.07.02 16:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
[2012.07.02 16:06:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2012.07.02 15:52:17 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\InstallShield
[2012.07.02 10:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.07.02 10:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueSuite
[2012.07.01 02:40:10 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Klipfolio
[2012.07.01 02:40:10 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Klipfolio
[2012.07.01 02:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klipfolio
[2012.07.01 02:40:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Klipfolio
[2012.07.01 01:17:57 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Build.A.Gadget
[2012.06.30 16:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX880 series
[2012.06.30 16:45:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012.06.30 16:44:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJFAX
[2012.06.30 16:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012.06.30 16:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012.06.30 12:28:52 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\OneClickInternet
[2012.06.30 11:30:46 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Opera
[2012.06.30 11:30:46 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Opera
[2012.06.30 11:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2012.06.30 09:17:12 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Adobe
[2012.06.30 09:14:37 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Mozilla
[2012.06.30 09:14:37 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Mozilla
[2012.06.30 09:04:55 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Avira
[2012.06.30 09:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.30 09:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.30 09:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.06.30 09:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.30 09:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.06.30 09:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.06.30 08:59:42 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Adobe
[2012.06.30 08:59:17 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\ATI
[2012.06.30 08:59:17 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\ATI
[2012.06.30 08:59:00 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Intel Corporation
[2012.06.30 08:58:25 | 000,000,000 | R--D | C] -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.06.30 08:58:25 | 000,000,000 | R--D | C] -- C:\Users\XX\Searches
[2012.06.30 08:58:25 | 000,000,000 | R--D | C] -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.06.30 08:58:18 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Identities
[2012.06.30 08:58:16 | 000,000,000 | R--D | C] -- C:\Users\XX\Contacts
[2012.06.30 08:58:14 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\VirtualStore
[2012.06.30 08:57:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\VAIO Startup Setting Tool
[2012.06.30 08:57:53 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Sony Corporation
[2012.06.30 08:57:53 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.06.30 08:57:47 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Intel
[2012.06.30 08:57:46 | 000,000,000 | --SD | C] -- C:\Users\XX\AppData\Roaming\Microsoft
[2012.06.30 08:57:46 | 000,000,000 | R--D | C] -- C:\Users\XX\Videos
[2012.06.30 08:57:46 | 000,000,000 | R--D | C] -- C:\Users\XX\Saved Games
[2012.06.30 08:57:46 | 000,000,000 | R--D | C] -- C:\Users\XX\Music
[2012.06.30 08:57:46 | 000,000,000 | R--D | C] -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.06.30 08:57:46 | 000,000,000 | R--D | C] -- C:\Users\XX\Links
[2012.06.30 08:57:46 | 000,000,000 | R--D | C] -- C:\Users\XX\Favorites
[2012.06.30 08:57:46 | 000,000,000 | R--D | C] -- C:\Users\XX\Downloads
[2012.06.30 08:57:46 | 000,000,000 | R--D | C] -- C:\Users\XX\Desktop
[2012.06.30 08:57:46 | 000,000,000 | R--D | C] -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\Vorlagen
[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\AppData\Local\Verlauf
[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\AppData\Local\Temporary Internet Files
[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\Startmenü
[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\SendTo
[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\Recent
[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\Netzwerkumgebung
[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\Lokale Einstellungen
[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\Eigene Dateien
[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\Druckumgebung
[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\Cookies
[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\AppData\Local\Anwendungsdaten
[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\Anwendungsdaten
[2012.06.30 08:57:46 | 000,000,000 | -H-D | C] -- C:\Users\XX\AppData
[2012.06.30 08:57:46 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Temp
[2012.06.30 08:57:46 | 000,000,000 | ---D | C] -- C:\Users\XX\Roaming
[2012.06.30 08:57:46 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Microsoft
[2012.06.30 08:57:46 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Media Center Programs
[2012.06.30 08:57:46 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Macromedia
[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.06.30 04:01:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.06.30 02:32:15 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\ElevatedDiagnostics
[2012.06.30 02:11:30 | 000,000,000 | ---D | C] -- C:\Users\XX\Documents\Meine empfangenen Dateien
[2012.06.30 01:45:41 | 000,000,000 | R--D | C] -- C:\Users\XX\Documents
[2012.06.29 23:18:35 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\.purple
[2012.06.29 23:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pidgin
[2012.06.29 21:47:37 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Securepoint SSL VPN
[2012.06.29 21:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Securepoint SSL VPN
[2012.06.29 21:46:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Securepoint SSL VPN
[2012.06.29 19:34:32 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\KeePass
[2012.06.29 19:22:37 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Spotify
[2012.06.29 19:22:16 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Spotify
[2012.06.29 19:01:33 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\convert
[2012.06.29 19:01:30 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\loadtbs
[2012.06.29 18:55:13 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\CD Art Display
[2012.06.29 18:55:12 | 000,094,208 | ---- | C] (MediaTexX) -- C:\Windows\SysWow64\wmpuice.dll
[2012.06.29 18:55:12 | 000,069,632 | ---- | C] (CD Art Display) -- C:\Windows\cadSSaver.scr
[2012.06.29 18:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD Art Display
[2012.06.29 18:55:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CD Art Display
[2012.06.29 18:32:49 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Scippleron
[2012.06.29 15:01:25 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Microsoft Help
[2012.06.29 15:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012.06.29 15:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.06.29 14:43:54 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Download Manager
[2012.06.29 14:18:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2
[2012.06.29 14:10:04 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Thunderbird
[2012.06.29 14:10:04 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Thunderbird
[2012.06.29 14:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.06.29 14:00:56 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Secomba_GmbH
[2012.06.29 13:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BoxCryptor
[2012.06.29 13:59:15 | 000,223,760 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsNetRdr3.dll
[2012.06.29 13:59:15 | 000,158,224 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsMntNtf3.dll
[2012.06.29 13:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BoxCryptor
[2012.06.29 13:44:00 | 000,224,528 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2012.06.29 13:44:00 | 000,183,568 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2012.06.29 13:44:00 | 000,113,936 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2012.06.29 13:44:00 | 000,068,880 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012.06.29 13:42:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
[2012.06.29 13:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012.06.29 13:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2012.06.29 13:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012.06.29 13:35:10 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Macromedia
[2012.06.29 13:29:18 | 000,000,000 | ---D | C] -- C:\Update
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.12 17:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.12 12:49:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.11 20:24:11 | 2081,275,903 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.09 14:12:26 | 000,696,225 | ---- | M] () -- C:\Users\XX\Desktop\pdf.pdf
[2012.07.03 19:13:53 | 734,321,109 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.02 16:07:46 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.07.01 16:54:09 | 000,002,080 | ---- | M] () -- C:\Users\XX\Desktop\Fortbildung.lnk
[2012.06.30 20:05:28 | 001,590,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.30 08:58:13 | 000,000,000 | RH-- | M] () -- C:\Windows\SysWow64\drivers\104D_Sony_VPCZ21A9E.mrk
[2012.06.30 08:56:26 | 000,055,513 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.06.30 02:44:15 | 000,002,857 | ---- | M] () -- C:\Users\XX\Desktop\Belkin J65.lnk
[2012.06.29 19:50:08 | 000,000,355 | ---- | M] () -- C:\Users\XX\Desktop\Computer.lnk
[2012.06.29 19:49:57 | 000,001,245 | ---- | M] () -- C:\Users\XX\Desktop\VSP.lnk
[2012.06.29 19:48:00 | 000,001,031 | ---- | M] () -- C:\Users\XX\Desktop\Bilder.lnk
[2012.06.29 19:47:52 | 000,001,014 | ---- | M] () -- C:\Users\XX\Desktop\Musik.lnk
[2012.06.29 19:47:44 | 000,001,042 | ---- | M] () -- C:\Users\XX\Desktop\Dokumente.lnk
[2012.06.29 19:47:35 | 000,000,512 | ---- | M] () -- C:\Users\XX\Desktop\Festplatte.lnk
[2012.06.29 13:59:16 | 000,001,097 | ---- | M] () -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoxCryptor.lnk
[2012.06.29 13:44:00 | 000,224,528 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2012.06.29 13:44:00 | 000,183,568 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2012.06.29 13:44:00 | 000,113,936 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2012.06.29 13:44:00 | 000,068,880 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPEnhPS.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.09 14:12:26 | 000,696,225 | ---- | C] () -- C:\Users\XX\Desktop\pdf.pdf
[2012.07.03 14:40:17 | 734,321,109 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.07.03 11:30:07 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2012.07.02 17:42:24 | 000,002,129 | ---- | C] () -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012.07.01 13:43:55 | 000,002,080 | ---- | C] () -- C:\Users\XX\Desktop\Fortbildung.lnk
[2012.06.30 11:30:44 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.06.30 09:00:57 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.30 08:58:47 | 000,001,405 | ---- | C] () -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.06.30 08:58:28 | 000,001,439 | ---- | C] () -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.06.30 08:58:13 | 000,000,000 | RH-- | C] () -- C:\Windows\SysWow64\drivers\104D_Sony_VPCZ21A9E.mrk
[2012.06.30 08:54:43 | 2081,275,903 | -HS- | C] () -- C:\hiberfil.sys
[2012.06.30 02:44:15 | 000,002,857 | ---- | C] () -- C:\Users\XX\Desktop\Belkin J65.lnk
[2012.06.29 23:18:05 | 000,000,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
[2012.06.29 19:50:08 | 000,000,355 | ---- | C] () -- C:\Users\XX\Desktop\Computer.lnk
[2012.06.29 19:48:52 | 000,001,245 | ---- | C] () -- C:\Users\XX\Desktop\VSP.lnk
[2012.06.29 19:48:00 | 000,001,031 | ---- | C] () -- C:\Users\XX\Desktop\Bilder.lnk
[2012.06.29 19:47:52 | 000,001,014 | ---- | C] () -- C:\Users\XX\Desktop\Musik.lnk
[2012.06.29 19:47:44 | 000,001,042 | ---- | C] () -- C:\Users\XX\Desktop\Dokumente.lnk
[2012.06.29 19:47:35 | 000,000,512 | ---- | C] () -- C:\Users\XX\Desktop\Festplatte.lnk
[2012.06.29 19:22:36 | 000,001,738 | ---- | C] () -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012.06.29 14:18:58 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[2012.06.29 14:09:59 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.06.29 13:59:16 | 000,001,097 | ---- | C] () -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoxCryptor.lnk
[2012.06.29 13:42:43 | 000,001,814 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Unlimited.lnk
[2012.06.29 13:42:24 | 000,002,017 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
[2012.06.29 13:31:12 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.29 13:30:11 | 000,001,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2011.06.20 21:35:23 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.06.20 21:35:20 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.06.20 21:35:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.06.20 21:35:13 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.06.20 21:06:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.20 21:05:28 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.06.20 20:57:41 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2012.07.11 10:48:02 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\.purple
[2012.06.29 18:55:13 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\CD Art Display
[2012.06.29 19:01:33 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\convert
[2012.07.12 18:18:14 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\KeePass
[2012.07.12 16:50:50 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Klipfolio
[2012.07.06 21:11:10 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\loadtbs
[2012.06.30 12:30:08 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\OneClickInternet
[2012.06.30 11:30:46 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Opera
[2012.06.29 21:48:46 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Securepoint SSL VPN
[2012.07.11 20:23:23 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Spotify
[2012.06.29 14:10:04 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Thunderbird
[2009.07.14 07:08:49 | 000,012,722 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.07.11 10:48:02 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\.purple
[2012.07.03 23:54:28 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Adobe
[2012.06.30 08:59:17 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\ATI
[2012.06.30 09:04:55 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Avira
[2012.06.29 18:55:13 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\CD Art Display
[2012.06.29 19:01:33 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\convert
[2012.07.03 00:00:50 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Download Manager
[2012.06.30 08:58:18 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Identities
[2012.07.02 15:52:17 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\InstallShield
[2012.06.30 08:57:47 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Intel
[2012.06.30 08:59:00 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Intel Corporation
[2012.07.12 18:18:14 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\KeePass
[2012.07.12 16:50:50 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Klipfolio
[2012.07.06 21:11:10 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\loadtbs
[2011.10.18 10:38:48 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Macromedia
[2012.07.06 21:26:14 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Malwarebytes
[2010.11.21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Media Center Programs
[2012.07.03 00:12:23 | 000,000,000 | --SD | M] -- C:\Users\XX\AppData\Roaming\Microsoft
[2012.06.30 09:14:42 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Mozilla
[2012.06.30 12:30:08 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\OneClickInternet
[2012.06.30 11:30:46 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Opera
[2012.06.29 21:48:46 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Securepoint SSL VPN
[2012.06.30 09:00:47 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Sony Corporation
[2012.07.11 20:23:23 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Spotify
[2012.06.29 14:10:04 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Thunderbird
 
< %APPDATA%\*.exe /s >
[2012.06.29 19:01:24 | 012,697,088 | ---- | M] () -- C:\Users\XX\AppData\Roaming\convert\convert.exe
[2012.06.29 19:01:25 | 000,660,480 | ---- | M] () -- C:\Users\XX\AppData\Roaming\loadtbs\uninstall.exe
[2011.10.18 10:38:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\XX\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.06.29 19:22:35 | 007,609,560 | ---- | M] (Spotify Ltd) -- C:\Users\XX\AppData\Roaming\Spotify\spotify.exe
[2012.06.29 19:22:35 | 000,114,392 | ---- | M] () -- C:\Users\XX\AppData\Roaming\Spotify\SpotifyLauncher.exe
[2012.06.29 19:22:35 | 001,192,664 | ---- | M] () -- C:\Users\XX\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_08d71942172d4761\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

cosinus · 13.07.2012, 20:31

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
[2012.07.06 21:11:10 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\loadtbs
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

STH1983 · 13.07.2012, 21:14

Ok, habe den Fix ausgeführt.
Hier das Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found.
Registry value HKEY_USERS\S-1-5-21-3709107807-748031628-3402409794-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
C:\Users\**\AppData\Roaming\loadtbs\html folder moved successfully.
C:\Users\**\AppData\Roaming\loadtbs folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: **
->Temp folder emptied: 171380382 bytes
->Temporary Internet Files folder emptied: 233384301 bytes
->Java cache emptied: 390311 bytes
->FireFox cache emptied: 609439962 bytes
->Opera cache emptied: 46431088 bytes
->Flash cache emptied: 58648 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 128559163 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 123833 bytes
RecycleBin emptied: 2251 bytes
 
Total Files Cleaned = 1.135,00 mb
 
 
[EMPTYFLA**]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: **
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.0 log created on 07132012_220619

Files\Folders moved on Reboot...
C:\Users\**\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\**\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

cosinus · 13.07.2012, 22:05

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

STH1983 · 13.07.2012, 22:14

Ok, hier das Log:

Code:

ATTFilter

23:09:43.0148 6788	TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
23:09:45.0176 6788	============================================================
23:09:45.0176 6788	Current date / time: 2012/07/13 23:09:45.0176
23:09:45.0176 6788	SystemInfo:
23:09:45.0176 6788	
23:09:45.0176 6788	OS Version: 6.1.7601 ServicePack: 1.0
23:09:45.0176 6788	Product type: Workstation
23:09:45.0176 6788	ComputerName: **-VAIO
23:09:45.0176 6788	UserName: **
23:09:45.0176 6788	Windows directory: C:\Windows
23:09:45.0176 6788	System windows directory: C:\Windows
23:09:45.0176 6788	Running under WOW64
23:09:45.0176 6788	Processor architecture: Intel x64
23:09:45.0176 6788	Number of processors: 4
23:09:45.0176 6788	Page size: 0x1000
23:09:45.0176 6788	Boot type: Normal boot
23:09:45.0176 6788	============================================================
23:09:45.0566 6788	Drive \Device\Harddisk0\DR0 - Size: 0x3B9EC00000 (238.48 Gb), SectorSize: 0x200, Cylinders: 0x799B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:09:45.0581 6788	============================================================
23:09:45.0581 6788	\Device\Harddisk0\DR0:
23:09:45.0581 6788	MBR partitions:
23:09:45.0581 6788	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A91800, BlocksNum 0x32000
23:09:45.0581 6788	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1AC3800, BlocksNum 0x1C232000
23:09:45.0581 6788	============================================================
23:09:45.0581 6788	C: <-> \Device\Harddisk0\DR0\Partition1
23:09:45.0581 6788	============================================================
23:09:45.0581 6788	Initialize success
23:09:45.0581 6788	============================================================
23:09:55.0300 4232	============================================================
23:09:55.0300 4232	Scan started
23:09:55.0300 4232	Mode: Manual; SigCheck; TDLFS; 
23:09:55.0300 4232	============================================================
23:09:55.0908 4232	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:09:56.0018 4232	1394ohci - ok
23:09:56.0049 4232	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:09:56.0096 4232	ACDaemon - ok
23:09:56.0142 4232	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:09:56.0189 4232	ACPI - ok
23:09:56.0189 4232	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:09:56.0236 4232	AcpiPmi - ok
23:09:56.0252 4232	ActiveDelayDeviceService (a0c6fa0574fd2a56082201fa721bca61) C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
23:09:56.0283 4232	ActiveDelayDeviceService - ok
23:09:56.0298 4232	adfs            (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
23:09:56.0314 4232	adfs - ok
23:09:56.0361 4232	Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
23:09:56.0392 4232	Adobe Version Cue CS4 - ok
23:09:56.0408 4232	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:09:56.0423 4232	AdobeARMservice - ok
23:09:56.0517 4232	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:09:56.0548 4232	AdobeFlashPlayerUpdateSvc - ok
23:09:56.0610 4232	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:09:56.0657 4232	adp94xx - ok
23:09:56.0720 4232	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:09:56.0751 4232	adpahci - ok
23:09:56.0782 4232	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:09:56.0813 4232	adpu320 - ok
23:09:56.0829 4232	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:09:56.0922 4232	AeLookupSvc - ok
23:09:57.0000 4232	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:09:57.0047 4232	AFD - ok
23:09:57.0047 4232	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:09:57.0078 4232	agp440 - ok
23:09:57.0094 4232	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:09:57.0141 4232	ALG - ok
23:09:57.0141 4232	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:09:57.0172 4232	aliide - ok
23:09:57.0203 4232	AMD External Events Utility (60e410cbb927479aa762730c9031a6bd) C:\Windows\system32\atiesrxx.exe
23:09:57.0250 4232	AMD External Events Utility - ok
23:09:57.0250 4232	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:09:57.0281 4232	amdide - ok
23:09:57.0297 4232	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:09:57.0328 4232	AmdK8 - ok
23:09:57.0702 4232	amdkmdag        (8f3e65588cd16c4e26c366fda970917e) C:\Windows\system32\DRIVERS\atikmdag.sys
23:09:58.0046 4232	amdkmdag - ok
23:09:58.0108 4232	amdkmdap        (1b075adfe47632458e82df3220554710) C:\Windows\system32\DRIVERS\atikmpag.sys
23:09:58.0155 4232	amdkmdap - ok
23:09:58.0170 4232	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
23:09:58.0202 4232	AmdPPM - ok
23:09:58.0233 4232	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:09:58.0264 4232	amdsata - ok
23:09:58.0295 4232	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:09:58.0326 4232	amdsbs - ok
23:09:58.0326 4232	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:09:58.0358 4232	amdxata - ok
23:09:58.0389 4232	AMPPAL          (6d5225f0dd9eb4937a10ba05235fa6f1) C:\Windows\system32\DRIVERS\AMPPAL.sys
23:09:58.0420 4232	AMPPAL - ok
23:09:58.0436 4232	AMPPALP         (6d5225f0dd9eb4937a10ba05235fa6f1) C:\Windows\system32\DRIVERS\amppal.sys
23:09:58.0451 4232	AMPPALP - ok
23:09:58.0545 4232	AMPPALR3        (75130c273367f6aea472ba34f1d43b45) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
23:09:58.0592 4232	AMPPALR3 - ok
23:09:58.0701 4232	AntiVirFirewallService (6acc11e9d2f01c88251123d26c1c5489) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
23:09:58.0748 4232	AntiVirFirewallService - ok
23:09:58.0810 4232	AntiVirMailService (b7fa28aefa586fb5a04876c7b31d03e6) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
23:09:58.0841 4232	AntiVirMailService - ok
23:09:58.0857 4232	AntiVirSchedulerService (2e35310d600f4cc64624786a813a041e) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:09:58.0872 4232	AntiVirSchedulerService - ok
23:09:58.0888 4232	AntiVirService  (984102b9e2f6513008ed4e0c5ac4151d) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:09:58.0919 4232	AntiVirService - ok
23:09:58.0982 4232	AntiVirWebService (9bc7247fd7379307bcff92cf8eb64b87) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
23:09:59.0013 4232	AntiVirWebService - ok
23:09:59.0044 4232	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:09:59.0122 4232	AppID - ok
23:09:59.0138 4232	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:09:59.0231 4232	AppIDSvc - ok
23:09:59.0247 4232	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:09:59.0340 4232	Appinfo - ok
23:09:59.0372 4232	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
23:09:59.0403 4232	AppMgmt - ok
23:09:59.0418 4232	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:09:59.0450 4232	arc - ok
23:09:59.0465 4232	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:09:59.0496 4232	arcsas - ok
23:09:59.0528 4232	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:09:59.0543 4232	aspnet_state - ok
23:09:59.0559 4232	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:09:59.0652 4232	AsyncMac - ok
23:09:59.0652 4232	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:09:59.0684 4232	atapi - ok
23:09:59.0808 4232	ATSwpWDF        (26970f26ebab7d5d1b795a3f9013cd80) C:\Windows\system32\DRIVERS\ATSwpWDF.sys
23:09:59.0855 4232	ATSwpWDF - ok
23:09:59.0949 4232	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:10:00.0058 4232	AudioEndpointBuilder - ok
23:10:00.0074 4232	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:10:00.0167 4232	AudioSrv - ok
23:10:00.0198 4232	avfwim          (f3a3859d006783a0e0d40e227e52c35c) C:\Windows\system32\DRIVERS\avfwim.sys
23:10:00.0214 4232	avfwim - ok
23:10:00.0245 4232	avfwot          (bc06315a7bdbcad0c7719d1c1306a4db) C:\Windows\system32\DRIVERS\avfwot.sys
23:10:00.0276 4232	avfwot - ok
23:10:00.0292 4232	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
23:10:00.0308 4232	avgntflt - ok
23:10:00.0339 4232	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
23:10:00.0370 4232	avipbb - ok
23:10:00.0370 4232	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
23:10:00.0401 4232	avkmgr - ok
23:10:00.0417 4232	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:10:00.0464 4232	AxInstSV - ok
23:10:00.0526 4232	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:10:00.0573 4232	b06bdrv - ok
23:10:00.0620 4232	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:10:00.0651 4232	b57nd60a - ok
23:10:00.0698 4232	BBSvc           (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
23:10:00.0729 4232	BBSvc - ok
23:10:00.0760 4232	BBUpdate        (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
23:10:00.0791 4232	BBUpdate - ok
23:10:00.0822 4232	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:10:00.0854 4232	BDESVC - ok
23:10:00.0869 4232	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:10:00.0947 4232	Beep - ok
23:10:01.0056 4232	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:10:01.0150 4232	BFE - ok
23:10:01.0275 4232	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
23:10:01.0384 4232	BITS - ok
23:10:01.0400 4232	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
23:10:01.0431 4232	blbdrive - ok
23:10:01.0556 4232	Bluetooth Device Monitor (2e251b39abea79351e5633e5a7c36be4) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
23:10:01.0602 4232	Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
23:10:01.0602 4232	Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
23:10:01.0758 4232	Bluetooth Media Service (1ec546f8b6222f1f984220c1324ea945) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
23:10:01.0821 4232	Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
23:10:01.0821 4232	Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
23:10:01.0868 4232	Bluetooth OBEX Service (adb9c79ccbef779d56a9ac931f9c8df0) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
23:10:01.0914 4232	Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning
23:10:01.0914 4232	Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)
23:10:01.0946 4232	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:10:01.0961 4232	bowser - ok
23:10:01.0977 4232	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:10:02.0008 4232	BrFiltLo - ok
23:10:02.0024 4232	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:10:02.0070 4232	BrFiltUp - ok
23:10:02.0086 4232	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:10:02.0180 4232	Browser - ok
23:10:02.0226 4232	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:10:02.0258 4232	Brserid - ok
23:10:02.0273 4232	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:10:02.0304 4232	BrSerWdm - ok
23:10:02.0320 4232	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:10:02.0367 4232	BrUsbMdm - ok
23:10:02.0367 4232	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:10:02.0398 4232	BrUsbSer - ok
23:10:02.0414 4232	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
23:10:02.0460 4232	BthEnum - ok
23:10:02.0476 4232	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:10:02.0507 4232	BTHMODEM - ok
23:10:02.0538 4232	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:10:02.0570 4232	BthPan - ok
23:10:02.0648 4232	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
23:10:02.0694 4232	BTHPORT - ok
23:10:02.0710 4232	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:10:02.0804 4232	bthserv - ok
23:10:02.0819 4232	BTHSSecurityMgr (68389d0aa570bd089fdf7802abbc0b8c) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
23:10:02.0850 4232	BTHSSecurityMgr - ok
23:10:02.0866 4232	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
23:10:02.0897 4232	BTHUSB - ok
23:10:02.0897 4232	btmaudio        (274e47bd9c1367bdbfa9df10c2e6c544) C:\Windows\system32\drivers\btmaud.sys
23:10:02.0928 4232	btmaudio - ok
23:10:02.0944 4232	btmaux          (76a1340adb32798d18394aa424d584e2) C:\Windows\system32\DRIVERS\btmaux.sys
23:10:02.0975 4232	btmaux - ok
23:10:03.0022 4232	btmhsf          (40c6fec49d1cc4d112368a2bcd2bcbb7) C:\Windows\system32\DRIVERS\btmhsf.sys
23:10:03.0053 4232	btmhsf - ok
23:10:03.0100 4232	cbfs3           (384e156a681cda71b4febb0e48be57a7) C:\Windows\system32\drivers\cbfs3.sys
23:10:03.0147 4232	cbfs3 - ok
23:10:03.0162 4232	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:10:03.0256 4232	cdfs - ok
23:10:03.0287 4232	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:10:03.0318 4232	cdrom - ok
23:10:03.0334 4232	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:10:03.0428 4232	CertPropSvc - ok
23:10:03.0443 4232	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:10:03.0474 4232	circlass - ok
23:10:03.0537 4232	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:10:03.0568 4232	CLFS - ok
23:10:03.0615 4232	CLKMSVC10_9EC60124 (4642b5a3e0d2e61d08163de95fc5b949) C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
23:10:03.0646 4232	CLKMSVC10_9EC60124 - ok
23:10:03.0662 4232	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:10:03.0693 4232	clr_optimization_v2.0.50727_32 - ok
23:10:03.0708 4232	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:10:03.0740 4232	clr_optimization_v2.0.50727_64 - ok
23:10:03.0786 4232	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:10:03.0818 4232	clr_optimization_v4.0.30319_32 - ok
23:10:03.0849 4232	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:10:03.0880 4232	clr_optimization_v4.0.30319_64 - ok
23:10:03.0896 4232	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
23:10:03.0927 4232	CmBatt - ok
23:10:03.0927 4232	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:10:03.0958 4232	cmdide - ok
23:10:04.0020 4232	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
23:10:04.0083 4232	CNG - ok
23:10:04.0083 4232	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:10:04.0114 4232	Compbatt - ok
23:10:04.0130 4232	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:10:04.0161 4232	CompositeBus - ok
23:10:04.0161 4232	COMSysApp - ok
23:10:04.0176 4232	cpuz130 - ok
23:10:04.0192 4232	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:10:04.0223 4232	crcdisk - ok
23:10:04.0254 4232	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:10:04.0286 4232	CryptSvc - ok
23:10:04.0364 4232	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
23:10:04.0395 4232	CSC - ok
23:10:04.0488 4232	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
23:10:04.0551 4232	CscService - ok
23:10:04.0613 4232	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:10:04.0722 4232	DcomLaunch - ok
23:10:04.0769 4232	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:10:04.0863 4232	defragsvc - ok
23:10:04.0894 4232	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:10:04.0972 4232	DfsC - ok
23:10:05.0019 4232	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:10:05.0097 4232	Dhcp - ok
23:10:05.0112 4232	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:10:05.0190 4232	discache - ok
23:10:05.0206 4232	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:10:05.0222 4232	Disk - ok
23:10:05.0237 4232	dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
23:10:05.0268 4232	dmvsc - ok
23:10:05.0284 4232	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:10:05.0315 4232	Dnscache - ok
23:10:05.0362 4232	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:10:05.0440 4232	dot3svc - ok
23:10:05.0456 4232	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:10:05.0534 4232	DPS - ok
23:10:05.0549 4232	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:10:05.0580 4232	drmkaud - ok
23:10:05.0705 4232	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:10:05.0752 4232	DXGKrnl - ok
23:10:05.0783 4232	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:10:05.0877 4232	EapHost - ok
23:10:06.0111 4232	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:10:06.0236 4232	ebdrv - ok
23:10:06.0251 4232	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:10:06.0282 4232	EFS - ok
23:10:06.0376 4232	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:10:06.0438 4232	ehRecvr - ok
23:10:06.0454 4232	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:10:06.0501 4232	ehSched - ok
23:10:06.0563 4232	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:10:06.0610 4232	elxstor - ok
23:10:06.0610 4232	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:10:06.0657 4232	ErrDev - ok
23:10:06.0704 4232	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:10:06.0813 4232	EventSystem - ok
23:10:07.0016 4232	EvtEng          (88894171b312b829150cc7b25202d70a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:10:07.0109 4232	EvtEng - ok
23:10:07.0125 4232	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:10:07.0218 4232	exfat - ok
23:10:07.0234 4232	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:10:07.0343 4232	fastfat - ok
23:10:07.0421 4232	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:10:07.0484 4232	Fax - ok
23:10:07.0484 4232	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:10:07.0515 4232	fdc - ok
23:10:07.0530 4232	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:10:07.0624 4232	fdPHost - ok
23:10:07.0640 4232	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:10:07.0718 4232	FDResPub - ok
23:10:07.0733 4232	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:10:07.0764 4232	FileInfo - ok
23:10:07.0780 4232	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:10:07.0874 4232	Filetrace - ok
23:10:07.0967 4232	FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:10:08.0014 4232	FLEXnet Licensing Service - ok
23:10:08.0154 4232	FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
23:10:08.0217 4232	FLEXnet Licensing Service 64 - ok
23:10:08.0232 4232	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:10:08.0264 4232	flpydisk - ok
23:10:08.0310 4232	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:10:08.0342 4232	FltMgr - ok
23:10:08.0498 4232	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:10:08.0560 4232	FontCache - ok
23:10:08.0576 4232	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:10:08.0591 4232	FontCache3.0.0.0 - ok
23:10:08.0638 4232	FPLService      (8f46017c1442e25b2bed0377a4733ec1) C:\Program Files\TrueSuite\TrueSuite.Service.exe
23:10:08.0669 4232	FPLService - ok
23:10:08.0700 4232	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:10:08.0732 4232	FsDepends - ok
23:10:08.0732 4232	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:10:08.0763 4232	Fs_Rec - ok
23:10:08.0810 4232	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:10:08.0841 4232	fvevol - ok
23:10:08.0856 4232	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:10:08.0888 4232	gagp30kx - ok
23:10:08.0888 4232	gobi3kfilter    (9495607c14f345e9632b3e1c12cea7b0) C:\Windows\system32\DRIVERS\gobi3kfilter.sys
23:10:08.0919 4232	gobi3kfilter - ok
23:10:08.0981 4232	gobi3kmbb       (4cfac59c1203a3dba7c3dcfcdd503860) C:\Windows\system32\DRIVERS\gobi3kmbb.sys
23:10:09.0012 4232	gobi3kmbb - ok
23:10:09.0044 4232	gobi3kserial    (dbb405772f1c21cb7ed51593bad5880d) C:\Windows\system32\DRIVERS\gobi3kserial.sys
23:10:09.0075 4232	gobi3kserial - ok
23:10:09.0122 4232	GobiQDLService  (1808b4a32a781f152db731f1581aa81c) C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe
23:10:09.0137 4232	GobiQDLService ( UnsignedFile.Multi.Generic ) - warning
23:10:09.0137 4232	GobiQDLService - detected UnsignedFile.Multi.Generic (1)
23:10:09.0246 4232	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:10:09.0356 4232	gpsvc - ok
23:10:09.0371 4232	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:10:09.0402 4232	hcw85cir - ok
23:10:09.0449 4232	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:10:09.0496 4232	HdAudAddService - ok
23:10:09.0512 4232	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:10:09.0558 4232	HDAudBus - ok
23:10:09.0558 4232	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:10:09.0590 4232	HidBatt - ok
23:10:09.0605 4232	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:10:09.0652 4232	HidBth - ok
23:10:09.0668 4232	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:10:09.0699 4232	HidIr - ok
23:10:09.0714 4232	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:10:09.0792 4232	hidserv - ok
23:10:09.0808 4232	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:10:09.0839 4232	HidUsb - ok
23:10:09.0855 4232	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:10:09.0948 4232	hkmsvc - ok
23:10:09.0995 4232	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:10:10.0026 4232	HomeGroupListener - ok
23:10:10.0058 4232	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:10:10.0089 4232	HomeGroupProvider - ok
23:10:10.0104 4232	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:10:10.0136 4232	HpSAMD - ok
23:10:10.0229 4232	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:10:10.0338 4232	HTTP - ok
23:10:10.0354 4232	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:10:10.0370 4232	hwpolicy - ok
23:10:10.0401 4232	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:10:10.0432 4232	i8042prt - ok
23:10:10.0494 4232	iaStor          (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\drivers\iaStor.sys
23:10:10.0541 4232	iaStor - ok
23:10:10.0541 4232	IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:10:10.0557 4232	IAStorDataMgrSvc - ok
23:10:10.0619 4232	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:10:10.0666 4232	iaStorV - ok
23:10:10.0682 4232	iBtFltCoex      (fc47f5cf561bf0fd897efd1a9604dccf) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
23:10:10.0697 4232	iBtFltCoex - ok
23:10:10.0916 4232	IconMan_R       (3cc7b3bb1a9ea201a040883edfaa67a0) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
23:10:11.0040 4232	IconMan_R - ok
23:10:11.0181 4232	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:10:11.0228 4232	idsvc - ok
23:10:11.0243 4232	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:10:11.0274 4232	iirsp - ok
23:10:11.0399 4232	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:10:11.0508 4232	IKEEXT - ok
23:10:11.0742 4232	IntcAzAudAddService (1b491f385ee96f9d9ee4cb430c8cd29e) C:\Windows\system32\drivers\RTKVHD64.sys
23:10:11.0867 4232	IntcAzAudAddService - ok
23:10:11.0930 4232	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:10:11.0961 4232	IntcDAud - ok
23:10:11.0961 4232	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:10:11.0992 4232	intelide - ok
23:10:12.0429 4232	intelkmd        (370c2a8629b30f910f740387795ddc6f) C:\Windows\system32\DRIVERS\igdpmd64.sys
23:10:12.0850 4232	intelkmd - ok
23:10:12.0897 4232	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
23:10:12.0912 4232	intelppm - ok
23:10:12.0944 4232	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:10:13.0037 4232	IPBusEnum - ok
23:10:13.0053 4232	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:10:13.0131 4232	IpFilterDriver - ok
23:10:13.0224 4232	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:10:13.0318 4232	iphlpsvc - ok
23:10:13.0334 4232	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:10:13.0365 4232	IPMIDRV - ok
23:10:13.0380 4232	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:10:13.0474 4232	IPNAT - ok
23:10:13.0490 4232	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:10:13.0536 4232	IRENUM - ok
23:10:13.0536 4232	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:10:13.0568 4232	isapnp - ok
23:10:13.0599 4232	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:10:13.0646 4232	iScsiPrt - ok
23:10:13.0646 4232	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:10:13.0677 4232	kbdclass - ok
23:10:13.0692 4232	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:10:13.0724 4232	kbdhid - ok
23:10:13.0724 4232	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:10:13.0755 4232	KeyIso - ok
23:10:13.0770 4232	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
23:10:13.0802 4232	KSecDD - ok
23:10:13.0817 4232	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
23:10:13.0848 4232	KSecPkg - ok
23:10:13.0864 4232	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:10:13.0942 4232	ksthunk - ok
23:10:14.0004 4232	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:10:14.0098 4232	KtmRm - ok
23:10:14.0145 4232	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
23:10:14.0238 4232	LanmanServer - ok
23:10:14.0254 4232	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:10:14.0348 4232	LanmanWorkstation - ok
23:10:14.0379 4232	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:10:14.0457 4232	lltdio - ok
23:10:14.0504 4232	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:10:14.0597 4232	lltdsvc - ok
23:10:14.0613 4232	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:10:14.0706 4232	lmhosts - ok
23:10:14.0769 4232	LMS             (e7859ba062db5e23c6dd34ad66b09f50) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:10:14.0800 4232	LMS - ok
23:10:14.0831 4232	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:10:14.0862 4232	LSI_FC - ok
23:10:14.0878 4232	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:10:14.0909 4232	LSI_SAS - ok
23:10:14.0925 4232	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:10:14.0940 4232	LSI_SAS2 - ok
23:10:14.0972 4232	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:10:15.0003 4232	LSI_SCSI - ok
23:10:15.0018 4232	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:10:15.0112 4232	luafv - ok
23:10:15.0112 4232	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
23:10:15.0143 4232	MBAMProtector - ok
23:10:15.0221 4232	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:10:15.0268 4232	MBAMService - ok
23:10:15.0284 4232	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:10:15.0330 4232	Mcx2Svc - ok
23:10:15.0330 4232	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:10:15.0362 4232	megasas - ok
23:10:15.0408 4232	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:10:15.0440 4232	MegaSR - ok
23:10:15.0455 4232	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
23:10:15.0471 4232	MEIx64 - ok
23:10:15.0486 4232	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:10:15.0580 4232	MMCSS - ok
23:10:15.0596 4232	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:10:15.0689 4232	Modem - ok
23:10:15.0689 4232	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:10:15.0736 4232	monitor - ok
23:10:15.0752 4232	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:10:15.0767 4232	mouclass - ok
23:10:15.0783 4232	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:10:15.0814 4232	mouhid - ok
23:10:15.0830 4232	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:10:15.0861 4232	mountmgr - ok
23:10:15.0876 4232	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:10:15.0908 4232	MozillaMaintenance - ok
23:10:15.0939 4232	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:10:15.0970 4232	mpio - ok
23:10:15.0986 4232	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:10:16.0064 4232	mpsdrv - ok
23:10:16.0173 4232	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:10:16.0282 4232	MpsSvc - ok
23:10:16.0313 4232	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:10:16.0360 4232	MRxDAV - ok
23:10:16.0376 4232	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:10:16.0407 4232	mrxsmb - ok
23:10:16.0454 4232	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:10:16.0485 4232	mrxsmb10 - ok
23:10:16.0500 4232	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:10:16.0532 4232	mrxsmb20 - ok
23:10:16.0547 4232	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:10:16.0563 4232	msahci - ok
23:10:16.0594 4232	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:10:16.0625 4232	msdsm - ok
23:10:16.0641 4232	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:10:16.0688 4232	MSDTC - ok
23:10:16.0688 4232	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:10:16.0781 4232	Msfs - ok
23:10:16.0797 4232	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:10:16.0890 4232	mshidkmdf - ok
23:10:16.0890 4232	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:10:16.0922 4232	msisadrv - ok
23:10:16.0937 4232	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:10:17.0031 4232	MSiSCSI - ok
23:10:17.0046 4232	msiserver - ok
23:10:17.0046 4232	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:10:17.0140 4232	MSKSSRV - ok
23:10:17.0156 4232	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:10:17.0234 4232	MSPCLOCK - ok
23:10:17.0249 4232	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:10:17.0343 4232	MSPQM - ok
23:10:17.0374 4232	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:10:17.0421 4232	MsRPC - ok
23:10:17.0436 4232	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:10:17.0452 4232	mssmbios - ok
23:10:17.0468 4232	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:10:17.0561 4232	MSTEE - ok
23:10:17.0561 4232	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:10:17.0592 4232	MTConfig - ok
23:10:17.0608 4232	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:10:17.0639 4232	Mup - ok
23:10:17.0670 4232	mv61xx          (c40050b9eaf862edb166571b7a030e80) C:\Windows\system32\drivers\mv61xx.sys
23:10:17.0686 4232	mv61xx - ok
23:10:17.0748 4232	MyWiFiDHCPDNS   (c00f9a366c3cfa2f18ca7835e15e4c95) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
23:10:17.0780 4232	MyWiFiDHCPDNS - ok
23:10:17.0842 4232	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:10:17.0936 4232	napagent - ok
23:10:17.0982 4232	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:10:18.0029 4232	NativeWifiP - ok
23:10:18.0170 4232	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
23:10:18.0232 4232	NDIS - ok
23:10:18.0248 4232	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:10:18.0341 4232	NdisCap - ok
23:10:18.0341 4232	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:10:18.0435 4232	NdisTapi - ok
23:10:18.0450 4232	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:10:18.0528 4232	Ndisuio - ok
23:10:18.0560 4232	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:10:18.0653 4232	NdisWan - ok
23:10:18.0669 4232	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:10:18.0747 4232	NDProxy - ok
23:10:18.0762 4232	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:10:18.0856 4232	NetBIOS - ok
23:10:18.0903 4232	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:10:18.0996 4232	NetBT - ok
23:10:18.0996 4232	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:10:19.0028 4232	Netlogon - ok
23:10:19.0090 4232	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:10:19.0184 4232	Netman - ok
23:10:19.0230 4232	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:10:19.0262 4232	NetMsmqActivator - ok
23:10:19.0262 4232	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:10:19.0293 4232	NetPipeActivator - ok
23:10:19.0355 4232	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:10:19.0449 4232	netprofm - ok
23:10:19.0464 4232	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:10:19.0496 4232	NetTcpActivator - ok
23:10:19.0496 4232	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:10:19.0527 4232	NetTcpPortSharing - ok
23:10:19.0901 4232	NETwNs64        (b25fe0fa523579b6fa327311a579866e) C:\Windows\system32\DRIVERS\NETwNs64.sys
23:10:20.0198 4232	NETwNs64 - ok
23:10:20.0229 4232	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:10:20.0260 4232	nfrd960 - ok
23:10:20.0307 4232	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:10:20.0400 4232	NlaSvc - ok
23:10:20.0416 4232	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:10:20.0510 4232	Npfs - ok
23:10:20.0525 4232	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:10:20.0603 4232	nsi - ok
23:10:20.0619 4232	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:10:20.0712 4232	nsiproxy - ok
23:10:20.0915 4232	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:10:21.0009 4232	Ntfs - ok
23:10:21.0024 4232	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:10:21.0118 4232	Null - ok
23:10:21.0134 4232	nusb3hub        (b227e75ad10a142dd326b4cc8d73a6d9) C:\Windows\system32\DRIVERS\nusb3hub.sys
23:10:21.0165 4232	nusb3hub - ok
23:10:21.0196 4232	nusb3xhc        (55959db860e4e484681586824d09e52c) C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:10:21.0227 4232	nusb3xhc - ok
23:10:21.0258 4232	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:10:21.0274 4232	nvraid - ok
23:10:21.0305 4232	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:10:21.0336 4232	nvstor - ok
23:10:21.0368 4232	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:10:21.0399 4232	nv_agp - ok
23:10:21.0461 4232	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:10:21.0492 4232	odserv - ok
23:10:21.0508 4232	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:10:21.0539 4232	ohci1394 - ok
23:10:21.0555 4232	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:10:21.0586 4232	ose - ok
23:10:21.0633 4232	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:10:21.0680 4232	p2pimsvc - ok
23:10:21.0726 4232	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:10:21.0773 4232	p2psvc - ok
23:10:21.0789 4232	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:10:21.0820 4232	Parport - ok
23:10:21.0836 4232	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:10:21.0867 4232	partmgr - ok
23:10:21.0898 4232	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:10:21.0945 4232	PcaSvc - ok
23:10:21.0976 4232	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:10:22.0007 4232	pci - ok
23:10:22.0007 4232	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:10:22.0038 4232	pciide - ok
23:10:22.0085 4232	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:10:22.0116 4232	pcmcia - ok
23:10:22.0132 4232	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:10:22.0148 4232	pcw - ok
23:10:22.0241 4232	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:10:22.0350 4232	PEAUTH - ok
23:10:22.0506 4232	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
23:10:22.0569 4232	PeerDistSvc - ok
23:10:22.0647 4232	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:10:22.0678 4232	PerfHost - ok
23:10:22.0881 4232	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:10:23.0006 4232	pla - ok
23:10:23.0084 4232	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:10:23.0115 4232	PlugPlay - ok
23:10:23.0130 4232	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:10:23.0162 4232	PNRPAutoReg - ok
23:10:23.0177 4232	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:10:23.0208 4232	PNRPsvc - ok
23:10:23.0286 4232	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:10:23.0380 4232	PolicyAgent - ok
23:10:23.0427 4232	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:10:23.0520 4232	Power - ok
23:10:23.0536 4232	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:10:23.0630 4232	PptpMiniport - ok
23:10:23.0645 4232	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:10:23.0676 4232	Processor - ok
23:10:23.0708 4232	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
23:10:23.0739 4232	ProfSvc - ok
23:10:23.0754 4232	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:10:23.0786 4232	ProtectedStorage - ok
23:10:23.0801 4232	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:10:23.0895 4232	Psched - ok
23:10:23.0910 4232	PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:10:23.0926 4232	PxHlpa64 - ok
23:10:24.0113 4232	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:10:24.0207 4232	ql2300 - ok
23:10:24.0238 4232	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:10:24.0269 4232	ql40xx - ok
23:10:24.0300 4232	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:10:24.0347 4232	QWAVE - ok
23:10:24.0363 4232	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:10:24.0410 4232	QWAVEdrv - ok
23:10:24.0410 4232	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:10:24.0503 4232	RasAcd - ok
23:10:24.0519 4232	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:10:24.0612 4232	RasAgileVpn - ok
23:10:24.0628 4232	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:10:24.0722 4232	RasAuto - ok
23:10:24.0737 4232	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:10:24.0831 4232	Rasl2tp - ok
23:10:24.0893 4232	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:10:24.0987 4232	RasMan - ok
23:10:25.0018 4232	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:10:25.0112 4232	RasPppoe - ok
23:10:25.0127 4232	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:10:25.0205 4232	RasSstp - ok
23:10:25.0252 4232	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:10:25.0346 4232	rdbss - ok
23:10:25.0361 4232	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:10:25.0392 4232	rdpbus - ok
23:10:25.0408 4232	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:10:25.0486 4232	RDPCDD - ok
23:10:25.0517 4232	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
23:10:25.0548 4232	RDPDR - ok
23:10:25.0564 4232	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:10:25.0642 4232	RDPENCDD - ok
23:10:25.0658 4232	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:10:25.0751 4232	RDPREFMP - ok
23:10:25.0782 4232	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:10:25.0814 4232	RDPWD - ok
23:10:25.0845 4232	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:10:25.0876 4232	rdyboost - ok
23:10:25.0985 4232	RegSrvc         (79b2095737f44d9573de9850d3571c37) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:10:26.0048 4232	RegSrvc - ok
23:10:26.0063 4232	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:10:26.0157 4232	RemoteAccess - ok
23:10:26.0188 4232	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:10:26.0282 4232	RemoteRegistry - ok
23:10:26.0313 4232	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:10:26.0344 4232	RFCOMM - ok
23:10:26.0391 4232	Roxio UPnP Renderer 10 (65226131770b22ef24fb869ad821de47) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
23:10:26.0422 4232	Roxio UPnP Renderer 10 - ok
23:10:26.0484 4232	Roxio Upnp Server 10 (2a3d24e83e5f63bf4a0220fdd23457cb) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
23:10:26.0516 4232	Roxio Upnp Server 10 - ok
23:10:26.0531 4232	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:10:26.0625 4232	RpcEptMapper - ok
23:10:26.0625 4232	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:10:26.0672 4232	RpcLocator - ok
23:10:26.0734 4232	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:10:26.0828 4232	RpcSs - ok
23:10:26.0890 4232	RSPCIESTOR      (ebbfa2b4e317af86e93fec4c04d7a9b3) C:\Windows\system32\DRIVERS\RtsPStor.sys
23:10:26.0921 4232	RSPCIESTOR - ok
23:10:26.0937 4232	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:10:27.0030 4232	rspndr - ok
23:10:27.0077 4232	RTHDMIAzAudService (c618475866f6a7129f64a55961c1bb8b) C:\Windows\system32\drivers\RtHDMIVX.sys
23:10:27.0108 4232	RTHDMIAzAudService - ok
23:10:27.0140 4232	RtkAudioService (40d3496d401e5852c9a4d856d20b5475) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
23:10:27.0155 4232	RtkAudioService - ok
23:10:27.0218 4232	RTL8167         (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:10:27.0249 4232	RTL8167 - ok
23:10:27.0264 4232	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
23:10:27.0296 4232	s3cap - ok
23:10:27.0311 4232	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:10:27.0342 4232	SamSs - ok
23:10:27.0342 4232	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:10:27.0374 4232	sbp2port - ok
23:10:27.0405 4232	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:10:27.0498 4232	SCardSvr - ok
23:10:27.0514 4232	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:10:27.0592 4232	scfilter - ok
23:10:27.0748 4232	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:10:27.0873 4232	Schedule - ok
23:10:27.0888 4232	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:10:27.0966 4232	SCPolicySvc - ok
23:10:27.0998 4232	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:10:28.0044 4232	SDRSVC - ok
23:10:28.0044 4232	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:10:28.0138 4232	secdrv - ok
23:10:28.0154 4232	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:10:28.0232 4232	seclogon - ok
23:10:28.0263 4232	Securepoint VPN (74509c9c64f531d96865c7cdb7e3df5a) C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe
23:10:28.0278 4232	Securepoint VPN - ok
23:10:28.0294 4232	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:10:28.0388 4232	SENS - ok
23:10:28.0403 4232	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:10:28.0434 4232	SensrSvc - ok
23:10:28.0450 4232	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:10:28.0481 4232	Serenum - ok
23:10:28.0481 4232	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:10:28.0512 4232	Serial - ok
23:10:28.0528 4232	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:10:28.0559 4232	sermouse - ok
23:10:28.0590 4232	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:10:28.0684 4232	SessionEnv - ok
23:10:28.0684 4232	SFEP            (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
23:10:28.0715 4232	SFEP - ok
23:10:28.0715 4232	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:10:28.0762 4232	sffdisk - ok
23:10:28.0762 4232	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:10:28.0809 4232	sffp_mmc - ok
23:10:28.0809 4232	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:10:28.0840 4232	sffp_sd - ok
23:10:28.0856 4232	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:10:28.0887 4232	sfloppy - ok
23:10:28.0934 4232	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:10:29.0027 4232	SharedAccess - ok
23:10:29.0090 4232	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:10:29.0183 4232	ShellHWDetection - ok
23:10:29.0199 4232	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:10:29.0230 4232	SiSRaid2 - ok
23:10:29.0230 4232	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:10:29.0261 4232	SiSRaid4 - ok
23:10:29.0277 4232	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:10:29.0370 4232	Smb - ok
23:10:29.0386 4232	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:10:29.0417 4232	SNMPTRAP - ok
23:10:29.0433 4232	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:10:29.0448 4232	spldr - ok
23:10:29.0526 4232	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:10:29.0636 4232	Spooler - ok
23:10:30.0057 4232	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:10:30.0244 4232	sppsvc - ok
23:10:30.0291 4232	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:10:30.0384 4232	sppuinotify - ok
23:10:30.0447 4232	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:10:30.0494 4232	srv - ok
23:10:30.0556 4232	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:10:30.0587 4232	srv2 - ok
23:10:30.0618 4232	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:10:30.0650 4232	srvnet - ok
23:10:30.0681 4232	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:10:30.0774 4232	SSDPSRV - ok
23:10:30.0790 4232	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:10:30.0884 4232	SstpSvc - ok
23:10:30.0899 4232	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:10:30.0915 4232	stexstor - ok
23:10:31.0008 4232	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:10:31.0071 4232	stisvc - ok
23:10:31.0086 4232	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
23:10:31.0118 4232	storflt - ok
23:10:31.0133 4232	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
23:10:31.0164 4232	StorSvc - ok
23:10:31.0164 4232	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
23:10:31.0196 4232	storvsc - ok
23:10:31.0196 4232	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:10:31.0227 4232	swenum - ok
23:10:31.0305 4232	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:10:31.0414 4232	swprv - ok
23:10:31.0476 4232	SynTP           (d6efc1aeb1f6cec033c004b936679330) C:\Windows\system32\DRIVERS\SynTP.sys
23:10:31.0508 4232	SynTP - ok
23:10:31.0742 4232	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:10:31.0835 4232	SysMain - ok
23:10:31.0866 4232	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:10:31.0913 4232	TabletInputService - ok
23:10:31.0913 4232	tap0901         (bcd6a90d6fd757ce9c29ddc850f7f231) C:\Windows\system32\DRIVERS\tap0901.sys
23:10:31.0944 4232	tap0901 - ok
23:10:31.0991 4232	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:10:32.0085 4232	TapiSrv - ok
23:10:32.0100 4232	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:10:32.0194 4232	TBS - ok
23:10:32.0397 4232	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:10:32.0522 4232	Tcpip - ok
23:10:32.0600 4232	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:10:32.0693 4232	TCPIP6 - ok
23:10:32.0724 4232	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:10:32.0802 4232	tcpipreg - ok
23:10:32.0818 4232	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:10:32.0834 4232	TDPIPE - ok
23:10:32.0849 4232	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:10:32.0865 4232	TDTCP - ok
23:10:32.0896 4232	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:10:32.0958 4232	tdx - ok
23:10:32.0974 4232	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:10:33.0005 4232	TermDD - ok
23:10:33.0083 4232	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:10:33.0177 4232	TermService - ok
23:10:33.0192 4232	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:10:33.0224 4232	Themes - ok
23:10:33.0255 4232	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:10:33.0333 4232	THREADORDER - ok
23:10:33.0348 4232	TPM             (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
23:10:33.0380 4232	TPM - ok
23:10:33.0411 4232	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:10:33.0504 4232	TrkWks - ok
23:10:33.0536 4232	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:10:33.0629 4232	TrustedInstaller - ok
23:10:33.0645 4232	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:10:33.0723 4232	tssecsrv - ok
23:10:33.0738 4232	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:10:33.0770 4232	TsUsbFlt - ok
23:10:33.0785 4232	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:10:33.0801 4232	TsUsbGD - ok
23:10:33.0832 4232	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:10:33.0926 4232	tunnel - ok
23:10:33.0941 4232	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:10:33.0972 4232	uagp35 - ok
23:10:34.0019 4232	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:10:34.0113 4232	udfs - ok
23:10:34.0128 4232	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:10:34.0175 4232	UI0Detect - ok
23:10:34.0175 4232	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:10:34.0206 4232	uliagpkx - ok
23:10:34.0222 4232	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:10:34.0253 4232	umbus - ok
23:10:34.0253 4232	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:10:34.0284 4232	UmPass - ok
23:10:34.0316 4232	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
23:10:34.0362 4232	UmRdpService - ok
23:10:34.0690 4232	UNS             (e91f8afbd7fb96c94b266579d6bfa77a) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:10:34.0815 4232	UNS - ok
23:10:34.0893 4232	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:10:34.0986 4232	upnphost - ok
23:10:35.0018 4232	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:10:35.0049 4232	usbccgp - ok
23:10:35.0064 4232	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:10:35.0096 4232	usbcir - ok
23:10:35.0111 4232	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:10:35.0142 4232	usbehci - ok
23:10:35.0189 4232	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
23:10:35.0236 4232	usbhub - ok
23:10:35.0236 4232	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:10:35.0267 4232	usbohci - ok
23:10:35.0283 4232	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
23:10:35.0314 4232	usbprint - ok
23:10:35.0330 4232	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:10:35.0376 4232	USBSTOR - ok
23:10:35.0376 4232	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:10:35.0408 4232	usbuhci - ok
23:10:35.0439 4232	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
23:10:35.0470 4232	usbvideo - ok
23:10:35.0486 4232	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:10:35.0579 4232	UxSms - ok
23:10:35.0595 4232	VAIO Event Service (dcb1f83ad167d16d263ce57c94e9eedf) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
23:10:35.0626 4232	VAIO Event Service - ok
23:10:35.0704 4232	VAIO Power Management (a0ae3b86395b5038a4af988826a20430) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
23:10:35.0766 4232	VAIO Power Management - ok
23:10:35.0766 4232	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:10:35.0798 4232	VaultSvc - ok
23:10:35.0813 4232	VCService       (d347d3abe070aa09c22fc37121555d52) C:\Program Files\Sony\VAIO Care\VCService.exe
23:10:35.0829 4232	VCService - ok
23:10:35.0844 4232	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:10:35.0876 4232	vdrvroot - ok
23:10:35.0938 4232	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:10:36.0047 4232	vds - ok
23:10:36.0063 4232	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:10:36.0094 4232	vga - ok
23:10:36.0110 4232	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:10:36.0188 4232	VgaSave - ok
23:10:36.0234 4232	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:10:36.0250 4232	vhdmp - ok
23:10:36.0266 4232	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:10:36.0281 4232	viaide - ok
23:10:36.0312 4232	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
23:10:36.0344 4232	vmbus - ok
23:10:36.0359 4232	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
23:10:36.0375 4232	VMBusHID - ok
23:10:36.0390 4232	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:10:36.0406 4232	volmgr - ok
23:10:36.0468 4232	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:10:36.0515 4232	volmgrx - ok
23:10:36.0562 4232	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:10:36.0593 4232	volsnap - ok
23:10:36.0624 4232	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:10:36.0656 4232	vsmraid - ok
23:10:36.0780 4232	VSNService      (b9547dbc7db6ef5e3149e3e7165a5ca6) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
23:10:36.0874 4232	VSNService - ok
23:10:37.0061 4232	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:10:37.0202 4232	VSS - ok
23:10:37.0373 4232	VUAgent         (fb4a1695d2d74f9c92ca5e84795cdbe1) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
23:10:37.0436 4232	VUAgent - ok
23:10:37.0467 4232	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:10:37.0514 4232	vwifibus - ok
23:10:37.0529 4232	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:10:37.0560 4232	vwififlt - ok
23:10:37.0576 4232	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:10:37.0607 4232	vwifimp - ok
23:10:37.0623 4232	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:10:37.0701 4232	W32Time - ok
23:10:37.0716 4232	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:10:37.0748 4232	WacomPen - ok
23:10:37.0763 4232	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:10:37.0857 4232	WANARP - ok
23:10:37.0857 4232	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:10:37.0950 4232	Wanarpv6 - ok
23:10:38.0013 4232	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:10:38.0091 4232	wbengine - ok
23:10:38.0122 4232	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:10:38.0169 4232	WbioSrvc - ok
23:10:38.0184 4232	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:10:38.0247 4232	wcncsvc - ok
23:10:38.0247 4232	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:10:38.0294 4232	WcsPlugInService - ok
23:10:38.0294 4232	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:10:38.0325 4232	Wd - ok
23:10:38.0418 4232	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:10:38.0465 4232	Wdf01000 - ok
23:10:38.0465 4232	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:10:38.0543 4232	WdiServiceHost - ok
23:10:38.0559 4232	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:10:38.0606 4232	WdiSystemHost - ok
23:10:38.0621 4232	wdkmd           (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys
23:10:38.0637 4232	wdkmd - ok
23:10:38.0652 4232	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:10:38.0715 4232	WebClient - ok
23:10:38.0730 4232	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:10:38.0824 4232	Wecsvc - ok
23:10:38.0840 4232	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:10:38.0933 4232	wercplsupport - ok
23:10:38.0949 4232	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:10:39.0042 4232	WerSvc - ok
23:10:39.0058 4232	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:10:39.0136 4232	WfpLwf - ok
23:10:39.0152 4232	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:10:39.0183 4232	WIMMount - ok
23:10:39.0183 4232	WinDefend - ok
23:10:39.0198 4232	WinHttpAutoProxySvc - ok
23:10:39.0261 4232	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:10:39.0354 4232	Winmgmt - ok
23:10:39.0620 4232	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:10:39.0760 4232	WinRM - ok
23:10:39.0900 4232	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:10:39.0978 4232	Wlansvc - ok
23:10:39.0994 4232	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:10:40.0010 4232	wlcrasvc - ok
23:10:40.0244 4232	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:10:40.0353 4232	wlidsvc - ok
23:10:40.0368 4232	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:10:40.0400 4232	WmiAcpi - ok
23:10:40.0446 4232	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:10:40.0478 4232	wmiApSrv - ok
23:10:40.0478 4232	WMPNetworkSvc - ok
23:10:40.0493 4232	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:10:40.0524 4232	WPCSvc - ok
23:10:40.0556 4232	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:10:40.0587 4232	WPDBusEnum - ok
23:10:40.0602 4232	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:10:40.0680 4232	ws2ifsl - ok
23:10:40.0712 4232	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
23:10:40.0758 4232	wscsvc - ok
23:10:40.0758 4232	WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
23:10:40.0805 4232	WSDPrintDevice - ok
23:10:40.0805 4232	WSDScan         (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
23:10:40.0852 4232	WSDScan - ok
23:10:40.0852 4232	WSearch - ok
23:10:40.0914 4232	WTGService      (205025f9793e4db64d939a526cd42bee) C:\Program Files (x86)\OneClickInternet\WTGService.exe
23:10:40.0946 4232	WTGService - ok
23:10:41.0148 4232	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:10:41.0289 4232	wuauserv - ok
23:10:41.0320 4232	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:10:41.0398 4232	WudfPf - ok
23:10:41.0429 4232	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:10:41.0523 4232	WUDFRd - ok
23:10:41.0554 4232	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:10:41.0632 4232	wudfsvc - ok
23:10:41.0679 4232	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:10:41.0726 4232	WwanSvc - ok
23:10:41.0772 4232	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:10:41.0882 4232	\Device\Harddisk0\DR0 - ok
23:10:41.0897 4232	Boot (0x1200)   (9874043b9785a7af60e9227bfdd44321) \Device\Harddisk0\DR0\Partition0
23:10:41.0897 4232	\Device\Harddisk0\DR0\Partition0 - ok
23:10:41.0897 4232	Boot (0x1200)   (383d232ee8f2e8f5d5268621ad8b4dc2) \Device\Harddisk0\DR0\Partition1
23:10:41.0897 4232	\Device\Harddisk0\DR0\Partition1 - ok
23:10:41.0913 4232	============================================================
23:10:41.0913 4232	Scan finished
23:10:41.0913 4232	============================================================
23:10:41.0928 1408	Detected object count: 4
23:10:41.0928 1408	Actual detected object count: 4
23:10:59.0744 1408	Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
23:10:59.0744 1408	Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:10:59.0744 1408	Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:10:59.0744 1408	Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:10:59.0759 1408	Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:10:59.0759 1408	Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:10:59.0759 1408	GobiQDLService ( UnsignedFile.Multi.Generic ) - skipped by user
23:10:59.0759 1408	GobiQDLService ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 13.07.2012, 22:15

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

STH1983 · 13.07.2012, 23:59

Musste ab und an das Touchpad antippen, weil das Notebook sonst in den Ruhezustand gegangen wäre...
[code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-07-13.03 - ** 14.07.2012   0:36.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8108.6018 [GMT 2:00]
ausgeführt von:: c:\users\**\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
c:\windows\SysWow64\Drivers\atapi.sys . . . ist infiziert!!
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-13 bis 2012-07-13  ))))))))))))))))))))))))))))))
.
.
2012-07-13 20:06 . 2012-07-13 20:06	--------	d-----w-	C:\_OTL
2012-07-11 18:07 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 18:01 . 2012-06-02 11:57	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-07-11 18:01 . 2012-06-02 08:16	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-07-11 05:16 . 2012-06-06 06:06	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-07-07 07:24 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2012-07-06 19:42 . 2012-07-06 19:42	--------	d-----w-	c:\program files (x86)\ESET
2012-07-06 19:26 . 2012-07-06 19:26	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-06 19:26 . 2012-07-06 19:26	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-06 19:26 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-03 10:02 . 2012-07-03 10:06	--------	d-----w-	c:\programdata\FLEXnet
2012-07-03 09:43 . 2012-07-03 09:43	--------	d-----w-	c:\programdata\ALM
2012-07-03 09:35 . 2008-04-07 03:38	24416	----a-r-	c:\windows\system32\AdobePDFUI.dll
2012-07-03 09:27 . 2012-07-03 09:27	--------	d-----w-	c:\windows\SysWow64\spool
2012-07-03 09:27 . 2012-07-03 09:27	--------	d-----w-	c:\program files (x86)\Adobe Media Player
2012-07-03 09:25 . 2012-07-03 09:25	--------	d-----w-	c:\program files\Common Files\Macrovision Shared
2012-07-03 09:25 . 2012-07-03 09:48	--------	d-----w-	c:\program files\Common Files\Adobe
2012-07-03 09:23 . 2012-07-03 09:23	--------	d-----w-	c:\program files (x86)\Common Files\Macrovision Shared
2012-07-02 22:30 . 2012-06-09 08:28	--------	d-----w-	c:\program files (x86)\Tor Browser
2012-07-02 22:18 . 2012-07-02 22:18	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-07-02 22:18 . 2012-07-02 22:18	476936	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-07-02 22:04 . 2012-07-03 10:27	--------	d-----w-	c:\program files (x86)\Microsoft Works
2012-07-02 22:04 . 2012-07-02 22:04	--------	d-----w-	c:\windows\PCHEALTH
2012-07-02 22:03 . 2012-07-02 22:03	--------	d-----r-	C:\MSOCache
2012-07-02 15:42 . 2012-07-02 15:42	--------	d-----w-	c:\programdata\Microsoft SkyDrive
2012-07-02 14:07 . 2012-07-02 14:07	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2012-07-02 14:07 . 2012-07-02 14:07	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-07-02 14:07 . 2012-07-02 14:07	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2012-07-02 14:07 . 2012-07-02 14:07	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2012-07-02 14:07 . 2012-07-02 14:07	--------	d-----w-	c:\program files (x86)\OpenAL
2012-07-02 14:07 . 2012-07-02 14:07	--------	d-----w-	c:\program files (x86)\Common Files\Futuremark Shared
2012-07-02 14:06 . 2012-07-02 14:06	--------	d-----w-	c:\program files (x86)\Futuremark
2012-07-02 08:04 . 2012-07-02 08:37	--------	d-----w-	c:\programdata\TrueSuite
2012-07-02 08:03 . 2012-07-02 08:04	--------	d-----w-	c:\program files\TrueSuite
2012-07-02 08:03 . 2012-07-02 08:03	--------	d-----w-	c:\windows\system32\wocaffe
2012-07-01 00:40 . 2012-07-01 00:40	--------	d-----w-	c:\program files (x86)\Klipfolio
2012-06-30 18:08 . 2011-04-28 03:55	552960	----a-w-	c:\windows\system32\drivers\bthport.sys
2012-06-30 18:08 . 2011-04-28 03:54	80384	----a-w-	c:\windows\system32\drivers\BTHUSB.SYS
2012-06-30 14:45 . 2012-06-30 14:45	--------	d--h--w-	c:\windows\system32\CanonIJ Uninstaller Information
2012-06-30 14:45 . 2012-06-30 14:45	--------	d--h--w-	c:\programdata\CanonBJ
2012-06-30 14:45 . 2010-10-18 03:00	88576	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNMPPAN.DLL
2012-06-30 14:45 . 2010-10-18 03:00	29696	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNMPDAN.DLL
2012-06-30 14:44 . 2012-06-30 14:44	--------	d--h--w-	c:\programdata\CanonIJFAX
2012-06-30 14:44 . 2010-11-12 03:00	302080	----a-w-	c:\windows\system32\CNCALAN.DLL
2012-06-30 14:44 . 2010-10-18 03:00	374784	----a-w-	c:\windows\system32\CNMLMAN.DLL
2012-06-30 14:42 . 2012-06-30 14:42	--------	d-----w-	c:\program files\Canon
2012-06-30 14:42 . 2012-06-30 14:42	--------	d-----w-	c:\program files (x86)\Canon
2012-06-30 09:30 . 2012-06-30 09:30	--------	d-----w-	c:\program files (x86)\Opera
2012-06-30 07:04 . 2012-06-30 07:03	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-06-30 07:04 . 2012-06-30 07:03	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-06-30 07:04 . 2012-06-30 07:03	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-06-30 07:04 . 2012-06-30 07:03	139360	----a-w-	c:\windows\system32\drivers\avfwot.sys
2012-06-30 07:04 . 2012-06-30 07:03	114128	----a-w-	c:\windows\system32\drivers\avfwim.sys
2012-06-30 07:04 . 2012-06-30 07:04	--------	d-----w-	c:\programdata\Avira
2012-06-30 07:04 . 2012-06-30 07:04	--------	d-----w-	c:\program files (x86)\Avira
2012-06-30 07:00 . 2012-06-30 07:00	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-06-30 06:59 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-06-30 06:59 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-06-30 06:59 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-06-30 02:01 . 2012-06-30 02:01	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2012-06-30 01:41 . 2012-06-30 01:41	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2012-06-30 01:29 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-06-30 01:29 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2012-06-30 01:29 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-06-30 01:29 . 2012-03-01 06:38	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-06-30 01:29 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2012-06-30 01:29 . 2012-03-01 05:37	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-06-30 01:29 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-06-30 01:08 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2012-06-30 01:07 . 2011-07-16 05:37	421888	----a-w-	c:\windows\system32\KernelBase.dll
2012-06-29 21:17 . 2012-06-29 21:18	--------	d-----w-	c:\program files (x86)\Pidgin
2012-06-29 19:46 . 2012-06-29 19:46	--------	d-----w-	c:\program files (x86)\Securepoint SSL VPN
2012-06-29 16:55 . 2009-09-05 18:28	69632	----a-w-	c:\windows\cadSSaver.scr
2012-06-29 16:55 . 2003-01-27 12:27	94208	----a-w-	c:\windows\SysWow64\wmpuice.dll
2012-06-29 16:55 . 2012-06-29 16:55	--------	d-----w-	c:\program files (x86)\CD Art Display
2012-06-29 13:01 . 2012-07-11 18:07	--------	d-----w-	c:\programdata\Microsoft Help
2012-06-29 12:18 . 2012-06-29 12:18	--------	d-----w-	c:\program files (x86)\KeePass Password Safe 2
2012-06-29 12:09 . 2012-06-29 12:09	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2012-06-29 11:59 . 2012-06-07 09:24	352144	----a-w-	c:\windows\system32\drivers\cbfs3.sys
2012-06-29 11:59 . 2012-06-07 09:24	223760	----a-w-	c:\windows\SysWow64\CbFsNetRdr3.dll
2012-06-29 11:59 . 2012-06-07 09:24	190480	----a-w-	c:\windows\system32\CbFsMntNtf3.dll
2012-06-29 11:59 . 2012-06-07 09:24	158224	----a-w-	c:\windows\SysWow64\CbFsMntNtf3.dll
2012-06-29 11:59 . 2012-06-07 09:24	141328	----a-w-	c:\windows\system32\CbFsNetRdr3.dll
2012-06-29 11:59 . 2012-06-29 11:59	--------	d-----w-	c:\program files (x86)\BoxCryptor
2012-06-29 11:44 . 2012-06-29 11:44	68880	----a-w-	c:\windows\SysWow64\SynTPEnhPS.dll
2012-06-29 11:44 . 2012-06-29 11:44	422160	----a-w-	c:\windows\system32\SynCOM.dll
2012-06-29 11:44 . 2012-06-29 11:44	421136	----a-w-	c:\windows\system32\drivers\SynTP.sys
2012-06-29 11:44 . 2012-06-29 11:44	280336	----a-w-	c:\windows\system32\SynCtrl.dll
2012-06-29 11:44 . 2012-06-29 11:44	229648	----a-w-	c:\windows\system32\SynTPAPI.dll
2012-06-29 11:44 . 2012-06-29 11:44	224528	----a-w-	c:\windows\SysWow64\SynCtrl.dll
2012-06-29 11:44 . 2012-06-29 11:44	183568	----a-w-	c:\windows\SysWow64\SynCOM.dll
2012-06-29 11:44 . 2012-06-29 11:44	150800	----a-w-	c:\windows\system32\SynTPCo9.dll
2012-06-29 11:44 . 2012-06-29 11:44	113936	----a-w-	c:\windows\SysWow64\SynTPCOM.dll
2012-06-29 11:44 . 2012-06-29 11:44	1048576	----a-w-	c:\windows\system32\syndata.bin
2012-06-29 11:40 . 2012-06-29 11:40	--------	d-----w-	c:\programdata\Intel
2012-06-29 11:39 . 2012-06-29 11:39	--------	d-----w-	c:\program files (x86)\Cisco
2012-06-29 11:39 . 2012-01-03 02:21	9888872	----a-w-	c:\windows\SysWow64\RtsPStorIcon.dll
2012-06-29 11:31 . 2012-07-12 12:30	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-29 11:31 . 2012-07-12 12:30	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-29 11:31 . 2012-06-29 11:31	--------	d-----w-	c:\windows\system32\Macromed
2012-06-29 11:29 . 2012-07-13 14:15	--------	d-----w-	C:\Update
2012-06-29 11:25 . 2012-06-29 11:25	--------	d-----w-	c:\windows\system32\appmgmt
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-02 22:18 . 2011-10-18 08:29	472840	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-06-30 06:58 . 2010-06-24 09:33	19736	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-23 11:57 . 2012-05-23 11:57	14696	----a-w-	c:\windows\system32\drivers\mv61xxmm.sys
2012-05-23 11:57 . 2012-05-23 11:57	183144	----a-w-	c:\windows\system32\drivers\mv61xx.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-07-12 20:29	220632	----a-w-	c:\users\**\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-07-12 20:29	220632	----a-w-	c:\users\**\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-07-12 20:29	220632	----a-w-	c:\users\**\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-06-07 09:24	158224	----a-w-	c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Klipfolio"="c:\program files (x86)\Klipfolio\Klipfolio.exe" [2012-07-01 1749224]
"SkyDrive"="c:\users\**\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-07-12 238552]
"Spotify Web Helper"="c:\users\**\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-29 1192664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VAIO Boot Manager"="c:\program files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [2011-05-18 2101896]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-06-30 348624]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BoxCryptor.lnk - c:\program files (x86)\BoxCryptor\BoxCryptor.exe [2012-6-22 1288264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-11-14 921664]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-11-14 995392]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/10/18 10:39;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-03-02 240112]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2010-02-24 362992]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2011-12-12 195072]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-11-14 1355840]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-11-14 51712]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-11-14 84480]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 327168]
R3 cpuz130;cpuz130;c:\users\**\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-07-03 1038088]
R3 gobi3kfilter;Qualcomm Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\DRIVERS\gobi3kfilter.sys [2010-12-13 34304]
R3 gobi3kmbb;Qualcomm Gobi 3000 USB-NDIS 6.20 miniport;c:\windows\system32\DRIVERS\gobi3kmbb.sys [2010-12-14 399360]
R3 gobi3kserial;Qualcomm Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\gobi3kserial.sys [2010-12-13 233984]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-01-04 340240]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2010-02-24 313840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2012-05-23 183144]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-06-30 139360]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-06-30 27760]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-06-07 352144]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ActiveDelayDeviceService;ActiveDelayDeviceService;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [2011-05-18 75912]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-31 203776]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-12 661504]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-06-30 619472]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-06-30 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-06-30 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-06-30 465360]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-13 135952]
S2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe [2011-04-26 294216]
S2 GobiQDLService;Qualcomm Gobi Anywhere Download Service;c:\program files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe [2011-03-04 318464]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-07 2429544]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-06-10 199272]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 Securepoint VPN;Securepoint VPN;c:\program files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe [2010-11-22 142216]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-03-29 2656280]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-04-28 552584]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-01-12 960152]
S2 WTGService;WTGService;c:\program files (x86)\OneClickInternet\WTGService.exe [2011-03-09 342984]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-31 9259520]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-31 307712]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-12-12 195072]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2011-01-27 894240]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-06-30 114128]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-05-31 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-05-31 12262624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2011-03-29 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-12-12 8616448]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-10-25 96768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-10-25 213504]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-01-03 340072]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-21 425064]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-04-08 42392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 44561361
*NewlyCreated* - MV61XX
*Deregistered* - 44561361
*Deregistered* - CLKMDRV10_9EC60124
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 12:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-07-12 20:29	244688	----a-w-	c:\users\**\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-07-12 20:29	244688	----a-w-	c:\users\**\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-07-12 20:29	244688	----a-w-	c:\users\**\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-06-07 09:24	190480	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-31 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-31 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-31 418840]
"vncutil"="c:\program files\Realtek\Audio\HDA\vncutil64.exe" [2011-06-10 562792]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-10 11817576]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-11-14 10358784]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]
"ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 421192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sony.eu/vaioportal
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: An vorhandenes PDF anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{93188D7E-3597-4D3E-89DB-B9C7EF547B6F}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\**\AppData\Roaming\Mozilla\Firefox\Profiles\gjci9y9t.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-14  00:52:35
ComboFix-quarantined-files.txt  2012-07-13 22:52
.
Vor Suchlauf: 13 Verzeichnis(se), 78.740.590.592 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 78.935.879.680 Bytes frei
.
- - End Of File - - F0BA083952D9CBDCA018B9FAC5E60F64

--- --- ---

Hey nochmals, hatte gerade Zeit und habe wegen des ComboFix-Logs mit Systemlook gemäß Board-Anleitung nach atapi.sys gesucht. Hier das Ergebnis, vielleicht hilft das ja

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 10:48 on 14/07/2012 by SH
Administrator - Elevation successful

========== filefind ==========

Searching for "atapi.sys"
C:\Windows\erdnt\cache64\atapi.sys	--a---- 24128 bytes	[22:49 13/07/2012]	[01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
C:\Windows\System32\drivers\atapi.sys	--a---- 24128 bytes	[23:19 13/07/2009]	[01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys	--a---- 24128 bytes	[23:19 13/07/2009]	[01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys	--a---- 24128 bytes	[23:19 13/07/2009]	[01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C

-= EOF =-

cosinus · 14.07.2012, 13:37

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

FCopy::
C:\Windows\erdnt\cache64\atapi.sys | C:\Windows\SysWow64\Drivers\atapi.sys

Filelook::
C:\Windows\SysWow64\Drivers\atapi.sys
C:\Windows\erdnt\cache64\atapi.sys

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

STH1983 · 14.07.2012, 14:59

Ok, hier kommt das Log. Dazu sollte ich erwähnen, dass ich heute Vormittag "Samsung Kies" installiert habe.

loadtbs - unbekanntes programm und firefox-erweiterung

Plagegeister aller Art und deren Bekämpfung: loadtbs - unbekanntes programm und firefox-erweiterung