Hallo zusammen,

mein Vater hat sich vor Kurzem gleich mal den GVU Trojaner auf seinem neuen Laptop eingefangen.

Habe wie im Forum beschrieben OTL laufen lassen und die Dateien unten angefügt.

Es würde mich sehr freuen, wenn uns mit unserem Problem geholfen werden könnte.

Gruß

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 13.08.2012 17:47:39 - Run 2
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\PEPS\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,18 Gb Available Physical Memory | 77,70% Memory free
15,91 Gb Paging File | 13,89 Gb Available in Paging File | 87,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683,83 Gb Total Space | 628,74 Gb Free Space | 91,94% Space Free | Partition Type: NTFS
Drive E: | 38,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: FAT32
Drive F: | 1,97 Gb Total Space | 1,87 Gb Free Space | 94,89% Space Free | Partition Type: FAT
Drive Y: | 683,83 Gb Total Space | 628,74 Gb Free Space | 91,94% Space Free | Partition Type: NTFS
 
Computer Name: LW764R268 | User Name: PEPS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\PEPS\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - c:\Windows\SysWOW64\SDIOAssist.exe (O2Micro.)
PRC - C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe (Avira GmbH)
PRC - c:\Windows\SysWOW64\srvany.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\PEPS\AppData\Local\Temp\rty0_7z.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (CodeMeter.exe) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (DTSRVC) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe (Portrait Displays, Inc.)
SRV - (DFEPService) -- c:\Programme\Dell\Feature Enhancement Pack\DFEPService.exe (Dell Inc.)
SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Wave Authentication Manager Service) -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe (Wave Systems Corp.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (TdmService) -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (SecureStorageService) -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (Credential Vault Host Control Service) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Storage) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (tcsd_win32.exe) -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVir Security Management Center Agent) -- C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe (Avira GmbH)
SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (O2SDIOAssist) -- c:\Windows\SysWOW64\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\accelern.sys (ST Microelectronics)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\HBtnKey.sys (Dell Inc.)
DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (cvusbdrv) -- C:\Windows\SysNative\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV:64bit: - (O2SDJRDR) -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys (O2Micro )
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (O2MDRRDR) -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys (O2Micro )
DRV:64bit: - (O2MDFRDR) -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys (O2Micro )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (PBADRV) -- C:\Windows\SysNative\drivers\PBADRV.SYS (Dell Inc)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {FC64CE6C-282D-4EE9-8D87-9A176923276C}
IE:64bit: - HKLM\..\SearchScopes\{FC64CE6C-282D-4EE9-8D87-9A176923276C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
IE - HKLM\..\SearchScopes\{FC64CE6C-282D-4EE9-8D87-9A176923276C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4206063096-1959457315-1102575808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8
IE - HKU\S-1-5-21-4206063096-1959457315-1102575808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10
IE - HKU\S-1-5-21-4206063096-1959457315-1102575808-1000\..\SearchScopes,DefaultScope = {FC64CE6C-282D-4EE9-8D87-9A176923276C}
IE - HKU\S-1-5-21-4206063096-1959457315-1102575808-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
IE - HKU\S-1-5-21-4206063096-1959457315-1102575808-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.23 10:12:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.04.05 16:07:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PEPS\AppData\Roaming\mozilla\Extensions
[2012.05.26 17:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PEPS\AppData\Roaming\mozilla\Firefox\Profiles\swnb4myn.default\extensions
[2012.04.05 16:07:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.23 10:12:54 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DFEPApplication] c:\Programme\Dell\Feature Enhancement Pack\DFEPApplication.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [TdmNotify] C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DT DEL] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-4206063096-1959457315-1102575808-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35068783-EC52-4084-95FF-ED3115204DB5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C0664FD-D620-4B4B-8120-7D59D2F98578}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.13 17:42:53 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\PEPS\Desktop\OTL.exe
[2012.08.13 16:21:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Broadcom
[2012.08.13 16:21:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012.08.13 16:20:09 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DW WLAN
[2012.08.13 16:19:35 | 001,124,352 | ---- | C] (Dell Inc.) -- C:\Windows\SysNative\BCMLogon.dll
[2012.08.13 16:19:32 | 008,151,552 | ---- | C] (Dell Inc.) -- C:\Windows\SysNative\BCMWLCPL.CPL
[2012.08.13 16:19:32 | 004,961,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vcredist_x64.exe
[2012.08.13 16:19:32 | 004,763,648 | ---- | C] (Dell Inc.) -- C:\Windows\SysNative\bcmttls.dll
[2012.08.13 16:19:32 | 003,161,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vcredist_x64.exe
[2012.08.13 16:19:32 | 000,095,544 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmwlcoi.dll
[2012.08.13 16:19:32 | 000,073,728 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\wltrynt.dll
[2012.08.13 16:19:32 | 000,047,632 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2012.08.13 16:19:32 | 000,022,592 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bcm42rly.sys
[2012.08.13 16:19:31 | 004,719,680 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\BCMWL664.SYS
[2012.08.13 16:19:31 | 003,900,416 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvsrv64.dll
[2012.08.13 16:19:31 | 003,566,080 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\bcmihvui64.dll
[2012.08.13 16:18:19 | 000,000,000 | ---D | C] -- C:\Users\PEPS\AppData\Local\Dell
[2012.08.13 15:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.10 17:32:32 | 000,000,000 | ---D | C] -- C:\Users\PEPS\AppData\Roaming\InstallShield
[2012.07.26 10:41:01 | 000,000,000 | ---D | C] -- C:\Users\PEPS\Documents\Dell WebCam Central
[2012.07.26 10:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2012.07.24 12:05:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.07.23 11:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.13 17:42:18 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.08.13 17:42:14 | 000,702,312 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.13 17:42:14 | 000,655,648 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.13 17:42:14 | 000,149,836 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.13 17:42:14 | 000,122,520 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.13 17:40:48 | 001,627,782 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.13 17:02:28 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\PEPS\Desktop\OTL.exe
[2012.08.13 16:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.13 16:40:29 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.13 16:40:29 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.13 16:32:47 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2012.08.13 16:32:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.13 16:32:26 | 2113,585,151 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.13 16:29:41 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad
[2012.08.13 16:19:47 | 000,974,596 | ---- | M] () -- C:\Windows\SysNative\oem59.inf
[2012.08.13 15:02:07 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.24 12:00:29 | 000,001,883 | ---- | M] () -- C:\Users\PEPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.23 11:13:35 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.07.23 11:13:35 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
 
========== Files Created - No Company Name ==========
 
[2012.08.13 16:32:47 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2012.08.13 16:30:17 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{1403b87f-64d6-ea5e-726a-88b3f9a34659}\U\00000008.@
[2012.08.13 16:29:56 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{1403b87f-64d6-ea5e-726a-88b3f9a34659}\U\00000004.@
[2012.08.13 16:19:55 | 000,974,596 | ---- | C] () -- C:\Windows\SysNative\oem59.inf
[2012.08.13 16:19:32 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll
[2012.08.13 16:19:32 | 000,000,459 | ---- | C] () -- C:\Windows\SysWow64\vcredist_x64.bat
[2012.08.13 16:19:32 | 000,000,457 | ---- | C] () -- C:\Windows\SysNative\vcredist_x64.bat
[2012.07.24 12:00:29 | 000,001,883 | ---- | C] () -- C:\Users\PEPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.24 12:00:28 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.24 11:59:09 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{1403b87f-64d6-ea5e-726a-88b3f9a34659}\U\000000cb.@
[2012.07.23 11:13:35 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.07.23 11:13:35 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.03.07 14:35:09 | 000,000,017 | ---- | C] () -- C:\Users\PEPS\AppData\Local\resmon.resmoncfg
[2012.03.07 11:42:52 | 000,000,837 | ---- | C] () -- C:\Windows\SysWow64\message_file_history.dat
[2012.03.07 11:25:27 | 000,000,000 | ---- | C] () -- C:\Windows\MS.INI
[2012.03.07 09:59:48 | 000,149,620 | ---- | C] () -- C:\Windows\campeps.ini
[2012.03.07 09:52:18 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1403b87f-64d6-ea5e-726a-88b3f9a34659}\@
[2012.03.07 09:52:18 | 000,002,048 | -HS- | C] () -- C:\Users\PEPS\AppData\Local\{1403b87f-64d6-ea5e-726a-88b3f9a34659}\@
[2012.02.13 11:04:23 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.02.13 10:05:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.02.13 10:03:29 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2012.02.13 09:56:53 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\instsrv.exe
[2012.02.13 09:56:53 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.09.27 02:23:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.02.11 19:45:27 | 001,654,222 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.20 01:18:20 | 001,008,640 | ---- | C] () -- C:\Windows\SysWow64\DemoLicense.dll
 
========== LOP Check ==========
 
[2012.03.06 18:21:12 | 000,000,000 | ---D | M] -- C:\Users\PEPS\AppData\Roaming\DisplayTune
[2009.07.14 07:08:49 | 000,019,782 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

• Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
• Starte die OTL.exe.
  Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
• Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code: Alles auswählenAufklappen

ATTFilter

:OTL
MOD - C:\Users\PEPS\AppData\Local\Temp\rty0_7z.exe () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {FC64CE6C-282D-4EE9-8D87-9A176923276C} 
IE:64bit: - HKLM\..\SearchScopes\{FC64CE6C-282D-4EE9-8D87-9A176923276C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=10 
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} 
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms} 
IE - HKLM\..\SearchScopes\{FC64CE6C-282D-4EE9-8D87-9A176923276C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-4206063096-1959457315-1102575808-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=10 
IE - HKU\S-1-5-21-4206063096-1959457315-1102575808-1000\..\SearchScopes,DefaultScope = {FC64CE6C-282D-4EE9-8D87-9A176923276C} 
IE - HKU\S-1-5-21-4206063096-1959457315-1102575808-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms} 
IE - HKU\S-1-5-21-4206063096-1959457315-1102575808-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk = File not found 
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk = File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKU\S-1-5-21-4206063096-1959457315-1102575808-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found 
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found 
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found 
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) 
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) 
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O30 - LSA: Authentication Packages - (wvauth) - File not found 
O32 - HKLM CDRom: AutoRun - 1 
 
[2012.08.13 16:32:47 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock 
[2012.08.13 16:29:41 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad 
[2012.07.24 12:00:29 | 000,001,883 | ---- | M] () -- C:\Users\PEPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 

[2012.08.13 16:29:56 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{1403b87f-64d6-ea5e-726a-88b3f9a34659}\U\00000004.@ 
[2012.08.13 16:30:17 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{1403b87f-64d6-ea5e-726a-88b3f9a34659}\U\00000008.@ 
 
[2012.07.24 11:59:09 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{1403b87f-64d6-ea5e-726a-88b3f9a34659}\U\000000cb.@ 
[2012.03.07 09:52:18 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1403b87f-64d6-ea5e-726a-88b3f9a34659}\@ 
[2012.03.07 09:52:18 | 000,002,048 | -HS- | C] () -- C:\Users\PEPS\AppData\Local\{1403b87f-64d6-ea5e-726a-88b3f9a34659}\@ 

:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         

• Schließe alle Programme.
• Klicke auf den Fix Button.
• Wenn OTL einen Neustart verlangt, bitte zulassen.
• Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
  Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

So, vielen Dank schonmal für die Hilfe.

Hier das Ergebnis vom letzten Durchlauf:

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC64CE6C-282D-4EE9-8D87-9A176923276C}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC64CE6C-282D-4EE9-8D87-9A176923276C}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC64CE6C-282D-4EE9-8D87-9A176923276C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC64CE6C-282D-4EE9-8D87-9A176923276C}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-4206063096-1959457315-1102575808-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-4206063096-1959457315-1102575808-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4206063096-1959457315-1102575808-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-4206063096-1959457315-1102575808-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4206063096-1959457315-1102575808-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:wvauth deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. C:\ProgramData\cm-lock scheduled to be moved on reboot.
C:\ProgramData\z7_0ytr.pad moved successfully.
C:\Users\PEPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\Windows\Installer\{1403b87f-64d6-ea5e-726a-88b3f9a34659}\U\00000004.@ moved successfully.
C:\Windows\Installer\{1403b87f-64d6-ea5e-726a-88b3f9a34659}\U\00000008.@ moved successfully.
C:\Windows\Installer\{1403b87f-64d6-ea5e-726a-88b3f9a34659}\U\000000cb.@ moved successfully.
C:\Windows\Installer\{1403b87f-64d6-ea5e-726a-88b3f9a34659}\@ moved successfully.
C:\Users\PEPS\AppData\Local\{1403b87f-64d6-ea5e-726a-88b3f9a34659}\@ moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\PEPS\Desktop\cmd.bat deleted successfully.
C:\Users\PEPS\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: PEPS
->Temp folder emptied: 277982019 bytes
->Temporary Internet Files folder emptied: 204247679 bytes
->Java cache emptied: 40588 bytes
->FireFox cache emptied: 66521628 bytes
->Flash cache emptied: 540 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 273190269 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 31654285 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 643 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 814,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: PEPS
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.57.0 log created on 08142012_114516

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk not found!
File move failed. C:\ProgramData\cm-lock scheduled to be moved on reboot.
C:\Users\PEPS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\PEPS\AppData\Local\Temp\rty0_7z.exe moved successfully.

PendingFileRenameOperations files...
File C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk not found!
[2012.08.14 11:46:58 | 000,000,000 | -H-- | M] () C:\ProgramData\cm-lock : Unable to obtain MD5
File C:\Users\PEPS\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\PEPS\AppData\Local\Temp\rty0_7z.exe not found!

Registry entries deleted on Reboot...
         

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Search.
• Nach Ende des Suchlaufs öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Also, hier zuerst mal das Log-File von Malwarebytes:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
PEPS :: LW764R268 [Administrator]

14.08.2012 13:29:30
mbam-log-2012-08-14 (13-29-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 343558
Laufzeit: 28 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\_OTL\MovedFiles\08142012_114516\C_Users\PEPS\AppData\Local\Temp\rty0_7z.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\08142012_114516\C_Windows\Installer\{1403b87f-64d6-ea5e-726a-88b3f9a34659}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\08142012_114516\C_Windows\Installer\{1403b87f-64d6-ea5e-726a-88b3f9a34659}\U\000000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\PEPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Und hier das Log-File von AdwCleaner:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v1.801 - Logfile created 08/14/2012 at 14:06:31
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : PEPS - LW764R268
# Boot Mode : Normal
# Running from : C:\Users\PEPS\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\SweetIm
[x64] Key Found : HKCU\Software\SweetIm

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\PEPS\AppData\Roaming\Mozilla\Firefox\Profiles\swnb4myn.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [802 octets] - [14/08/2012 14:06:31]

########## EOF - C:\AdwCleaner[R1].txt - [929 octets] ##########
         

Sehr gut!

• Schließe alle offenen Programme und Browser.
• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Delete.
• Bestätige jeweils mit Ok.
• Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Habe nun die weiteren Schritte durchgeführt.

Hier die Ergebnisse:

AswCleaner

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v1.801 - Logfile created 08/15/2012 at 12:08:04
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : PEPS - LW764R268
# Boot Mode : Normal
# Running from : C:\Users\PEPS\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\SweetIm

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\PEPS\AppData\Roaming\Mozilla\Firefox\Profiles\swnb4myn.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [927 octets] - [14/08/2012 14:06:31]
AdwCleaner[S1].txt - [820 octets] - [15/08/2012 12:08:04]

########## EOF - C:\AdwCleaner[S1].txt - [947 octets] ##########
         

AntiMalWare

Code: Alles auswählenAufklappen

ATTFilter

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 15.08.2012 12:18:08

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, E:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	15.08.2012 12:19:05

C:\_OTL\MovedFiles\08142012_114516\C_Windows\Installer\{1403b87f-64d6-ea5e-726a-88b3f9a34659}\U\00000004.@ 	gefunden: Trojan.Win64.Sirefef!E2
C:\Windows\assembly\GAC_64\Desktop.ini 	gefunden: Trojan.Win64!E2
C:\Windows\assembly\GAC_32\Desktop.ini 	gefunden: Trojan.Win32.Sirefef!E2

Gescannt	601229
Gefunden	3

Scan Ende:	15.08.2012 12:39:52
Scan Zeit:	0:20:47

C:\_OTL\MovedFiles\08142012_114516\C_Windows\Installer\{1403b87f-64d6-ea5e-726a-88b3f9a34659}\U\00000004.@	Quarantäne Trojan.Win64.Sirefef!E2

Quarantäne	1
C:\Windows\assembly\GAC_64\Desktop.ini	Quarantäne Trojan.Win64!E2
C:\Windows\assembly\GAC_32\Desktop.ini	Quarantäne Trojan.Win32.Sirefef!E2
C:\Windows\assembly\GAC_64\Desktop.ini	Quarantäne Trojan.Win64!E2
C:\Windows\assembly\GAC_32\Desktop.ini	Quarantäne Trojan.Win32.Sirefef!E2
         

Sehr gut!

Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

• Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
• Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
• Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

• Lade und starte Eset Smartinstaller
• Haken setzen bei YES, I accept the Terms of Use.
• Klick auf Start.
• Haken setzen bei Remove found threads und Scan archives.
• Klick auf Start.
• Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Finish drücken.
• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Habe nun Eset ausgeführt und dabei folgendes Ergebnis herausbekommen:

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=98a17341d4d06c4ea69d0d0ebfd6929b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-15 01:30:57
# local_time=2012-08-15 03:30:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 422530 422530 0 0
# compatibility_mode=5893 16776574 66 94 13932462 96665332 0 0
# compatibility_mode=8192 67108863 100 0 245 245 0 0
# scanned=159795
# found=1
# cleaned=0
# scan_time=1995
${Memory}	a variant of Win32/Sirefef.EZ trojan	00000000000000000000000000000000	I
         

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

• Windows XP (nur 32-bit)
• Windows Vista (32-bit/64-bit)
• Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise

• Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
• Liste der zu deaktivierenden Programme.
  Bei Unklarheiten bitte fragen.

• ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
• Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
• Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
• Teile uns das mit und warte auf unsere Anweisungen.

• Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
• Während des Laufs von Combofix nichts anderes am Computer machen!
• Akzeptiere die Bedingungen (Disclaimer) mit "Ja".

• Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
• Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
• Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
• Bitte nicht in dieses Combofix-Fenster klicken.
• Das könnte Dein System einfrieren oder hängen bleiben lassen.
• Es wird ein Backup Deiner Registry erstellt.
• Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.

• Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
• Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
• Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

• Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
• Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

Habe Combofix nun laufen lassen.

Hier das Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-08-14.05 - PEPS 15.08.2012  18:41:38.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8149.6588 [GMT 2:00]
ausgeführt von:: c:\users\PEPS\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\instsrv.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-15 bis 2012-08-15  ))))))))))))))))))))))))))))))
.
.
2012-08-15 16:44 . 2012-08-15 16:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-15 10:11 . 2012-08-15 12:52	--------	d-----w-	c:\program files (x86)\Emsisoft Anti-Malware
2012-08-14 11:27 . 2012-08-14 11:27	--------	d-----w-	c:\users\PEPS\AppData\Roaming\Malwarebytes
2012-08-14 11:26 . 2012-08-14 11:26	--------	d-----w-	c:\programdata\Malwarebytes
2012-08-14 11:26 . 2012-08-14 11:26	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-14 11:26 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-14 09:45 . 2012-08-14 09:45	--------	d-----w-	C:\_OTL
2012-08-13 14:21 . 2012-08-13 14:21	--------	d-----w-	c:\program files (x86)\Broadcom
2012-08-13 14:21 . 2012-08-13 14:21	--------	d-----w-	c:\program files (x86)\Cisco
2012-08-13 14:18 . 2012-08-13 14:18	--------	d-----w-	c:\users\PEPS\AppData\Local\Dell
2012-08-10 15:32 . 2012-08-10 15:32	--------	d-----w-	c:\users\PEPS\AppData\Roaming\InstallShield
2012-07-26 08:41 . 2012-07-26 08:41	--------	d-----w-	c:\programdata\Creative
2012-07-24 10:05 . 2012-07-24 10:05	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2012-07-23 08:12 . 2012-07-23 08:12	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-23 08:12 . 2012-07-23 08:12	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 13:49 . 2012-04-07 11:36	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 13:49 . 2012-02-13 07:40	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-14 07:18 . 2012-03-07 12:36	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-14 07:20	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-13 21:41	14172672	----a-w-	c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-13 21:41	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-13 21:41	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-13 21:41	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-13 21:41	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-13 21:41	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-13 21:41	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 21:12	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 21:13	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 21:13	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 21:13	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 21:12	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 21:13	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 21:12	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 21:12	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 21:12	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-13 22:07	17807360	----a-w-	c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-13 22:07	10924032	----a-w-	c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-13 22:07	2311680	----a-w-	c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-13 22:07	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-13 22:07	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-13 22:07	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-13 22:07	237056	----a-w-	c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-13 22:07	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-13 22:07	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-13 22:07	818688	----a-w-	c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-13 22:07	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-13 22:07	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-13 22:07	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-13 22:07	248320	----a-w-	c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-13 22:07	1800192	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-13 22:07	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-13 22:07	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-13 22:07	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-13 22:07	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-13 21:41	458704	----a-w-	c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-13 21:41	151920	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-13 21:41	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-13 21:41	340992	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-13 21:41	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-13 21:41	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-13 21:41	225280	----a-w-	c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-13 21:41	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-13 21:41	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-05-29 21:19 . 2012-03-07 07:51	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-29 21:19 . 2012-03-07 07:51	139360	----a-w-	c:\windows\system32\drivers\avfwot.sys
2012-05-29 21:19 . 2012-03-07 07:51	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-29 21:19 . 2012-03-07 07:51	114128	----a-w-	c:\windows\system32\drivers\avfwim.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-27 343168]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-08-09 112408]
"DT DEL"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-10-13 121648]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-07-12 162408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2011-12-16 8186256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-23 113120]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-16 22128]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-27 203776]
S2 AntiVir Security Management Center Agent;Avira Security Management Center Agent;c:\program files (x86)\Avira\Avira Security Management Center Agent\agent.exe [2009-04-01 636161]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-12-16 2368912]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-05-13 1043872]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-05-13 36768]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-08-24 2279320]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-08-12 113456]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [2011-07-22 27760]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-27 9321472]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-27 306176]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-07 231440]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-05-10 38504]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-07-20 342704]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 13:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 23:46	139128	----a-w-	c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 23:46	139128	----a-w-	c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-07 525312]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2011-08-24 7077272]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-18 6492672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\PEPS\AppData\Roaming\Mozilla\Firefox\Profiles\swnb4myn.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-15  18:48:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-15 16:48
.
Vor Suchlauf: 13 Verzeichnis(se), 673.560.797.184 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 673.253.060.608 Bytes frei
.
- - End Of File - - A6C296BF7AEA9433FE8E6AC129855870
         

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

Hier das Ergebnis:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.16.07

Windows 7 Service Pack 1 x64 FAT
Internet Explorer 9.0.8112.16421
PEPS :: LW764R268 [Administrator]

16.08.2012 12:08:33
mbam-log-2012-08-16 (12-08-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 347923
Laufzeit: 31 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir (Trojan.0access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

TDSSKiller von Kaspersky

- Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
- Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
- deaktiviere vorübergehend dein AntiVirus-Programm
- Starte die TDSSKiller.exe durch Doppelklick.
- Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
- Bestätige das ggfs. mit Y(es).
- Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
- Poste den Inhalt von C:\TDSSKiller.txt hier in den Thread.

Hier findest Du eine ausführlichere TDSSKiller Anleitung.

So, hier das Ergebnis von Tdsskiller:

Code: Alles auswählenAufklappen

ATTFilter

13:48:01.0641 4172  TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
13:48:01.0641 4172  ============================================================
13:48:01.0641 4172  Current date / time: 2012/08/16 13:48:01.0641
13:48:01.0641 4172  SystemInfo:
13:48:01.0641 4172  
13:48:01.0641 4172  OS Version: 6.1.7601 ServicePack: 1.0
13:48:01.0641 4172  Product type: Workstation
13:48:01.0656 4172  ComputerName: LW764R268
13:48:01.0656 4172  UserName: PEPS
13:48:01.0656 4172  Windows directory: C:\Windows
13:48:01.0656 4172  System windows directory: C:\Windows
13:48:01.0656 4172  Running under WOW64
13:48:01.0656 4172  Processor architecture: Intel x64
13:48:01.0656 4172  Number of processors: 4
13:48:01.0656 4172  Page size: 0x1000
13:48:01.0656 4172  Boot type: Normal boot
13:48:01.0656 4172  ============================================================
13:48:02.0249 4172  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:48:02.0265 4172  Drive \Device\Harddisk1\DR1 - Size: 0x2740000 (0.04 Gb), SectorSize: 0x200, Cylinders: 0x5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:48:02.0280 4172  Drive \Device\Harddisk2\DR3 - Size: 0x7E680000 (1.98 Gb), SectorSize: 0x200, Cylinders: 0x101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:48:02.0280 4172  ============================================================
13:48:02.0280 4172  \Device\Harddisk0\DR0:
13:48:02.0280 4172  MBR partitions:
13:48:02.0280 4172  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D86000
13:48:02.0280 4172  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D9A000, BlocksNum 0x557AA000
13:48:02.0280 4172  \Device\Harddisk1\DR1:
13:48:02.0296 4172  MBR partitions:
13:48:02.0296 4172  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x13986
13:48:02.0296 4172  \Device\Harddisk2\DR3:
13:48:02.0296 4172  MBR partitions:
13:48:02.0296 4172  \Device\Harddisk2\DR3\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3F33E0
13:48:02.0296 4172  ============================================================
13:48:02.0327 4172  C: <-> \Device\Harddisk0\DR0\Partition2
13:48:02.0327 4172  ============================================================
13:48:02.0327 4172  Initialize success
13:48:02.0327 4172  ============================================================
13:48:38.0441 1456  ============================================================
13:48:38.0441 1456  Scan started
13:48:38.0441 1456  Mode: Manual; 
13:48:38.0441 1456  ============================================================
13:48:38.0893 1456  ================ Scan services =============================
13:48:39.0736 1456  [ a87d604aea360176311474c87a63bb88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
13:48:39.0736 1456  1394ohci - ok
13:48:39.0767 1456  [ 1575a815c27789061f34b4f55ae0b5c3 ] Acceler         C:\Windows\system32\DRIVERS\accelern.sys
13:48:39.0783 1456  Acceler - ok
13:48:39.0798 1456  [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:48:39.0798 1456  ACPI - ok
13:48:39.0814 1456  [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:48:39.0814 1456  AcpiPmi - ok
13:48:39.0892 1456  [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:48:39.0892 1456  AdobeARMservice - ok
13:48:39.0985 1456  [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:48:39.0985 1456  AdobeFlashPlayerUpdateSvc - ok
13:48:40.0032 1456  [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:48:40.0032 1456  adp94xx - ok
13:48:40.0048 1456  [ 597f78224ee9224ea1a13d6350ced962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:48:40.0048 1456  adpahci - ok
13:48:40.0079 1456  [ e109549c90f62fb570b9540c4b148e54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:48:40.0079 1456  adpu320 - ok
13:48:40.0110 1456  [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:48:40.0110 1456  AeLookupSvc - ok
13:48:40.0157 1456  [ a6fb9db8f1a86861d955fd6975977ae0 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
13:48:40.0157 1456  AESTFilters - ok
13:48:40.0204 1456  [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD             C:\Windows\system32\drivers\afd.sys
13:48:40.0204 1456  AFD - ok
13:48:40.0219 1456  [ 608c14dba7299d8cb6ed035a68a15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:48:40.0235 1456  agp440 - ok
13:48:40.0235 1456  [ 3290d6946b5e30e70414990574883ddb ] ALG             C:\Windows\System32\alg.exe
13:48:40.0251 1456  ALG - ok
13:48:40.0266 1456  [ 5812713a477a3ad7363c7438ca2ee038 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:48:40.0266 1456  aliide - ok
13:48:40.0297 1456  [ 0ecc9f3bbf427c10034770ab6c491993 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:48:40.0313 1456  AMD External Events Utility - ok
13:48:40.0313 1456  [ 1ff8b4431c353ce385c875f194924c0c ] amdide          C:\Windows\system32\drivers\amdide.sys
13:48:40.0313 1456  amdide - ok
13:48:40.0313 1456  [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:48:40.0313 1456  AmdK8 - ok
13:48:40.0469 1456  [ c0b060a39d0795a25c1a2db547dd0f03 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:48:40.0609 1456  amdkmdag - ok
13:48:40.0656 1456  [ 487e7babfb7f0349b37eeed918dae548 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
13:48:40.0656 1456  amdkmdap - ok
13:48:40.0703 1456  [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
13:48:40.0703 1456  AmdPPM - ok
13:48:40.0734 1456  [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:48:40.0734 1456  amdsata - ok
13:48:40.0765 1456  [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:48:40.0765 1456  amdsbs - ok
13:48:40.0781 1456  [ 540daf1cea6094886d72126fd7c33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:48:40.0781 1456  amdxata - ok
13:48:40.0843 1456  [ 86a1ec27d7aaf23fcb015af8cbc80c64 ] AntiVir Security Management Center Agent C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe
13:48:40.0843 1456  AntiVir Security Management Center Agent - ok
13:48:40.0875 1456  [ 466a0d95960dad3222c896d2cea99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:48:40.0875 1456  AntiVirSchedulerService - ok
13:48:40.0906 1456  [ a489be6bb0aa1ff406b488b60542314b ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:48:40.0906 1456  AntiVirService - ok
13:48:40.0937 1456  [ 6d4cb1f46a0ac05326f834fd6b822479 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
13:48:40.0937 1456  ApfiltrService - ok
13:48:40.0953 1456  [ 89a69c3f2f319b43379399547526d952 ] AppID           C:\Windows\system32\drivers\appid.sys
13:48:40.0968 1456  AppID - ok
13:48:40.0984 1456  [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:48:40.0984 1456  AppIDSvc - ok
13:48:40.0984 1456  [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
13:48:40.0984 1456  Appinfo - ok
13:48:41.0031 1456  [ 4aba3e75a76195a3e38ed2766c962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:48:41.0031 1456  AppMgmt - ok
13:48:41.0031 1456  [ c484f8ceb1717c540242531db7845c4e ] arc             C:\Windows\system32\drivers\arc.sys
13:48:41.0046 1456  arc - ok
13:48:41.0062 1456  [ 019af6924aefe7839f61c830227fe79c ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:48:41.0062 1456  arcsas - ok
13:48:41.0218 1456  [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:48:41.0249 1456  aspnet_state - ok
13:48:41.0280 1456  [ 769765ce2cc62867468cea93969b2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:48:41.0280 1456  AsyncMac - ok
13:48:41.0311 1456  [ 02062c0b390b7729edc9e69c680a6f3c ] atapi           C:\Windows\system32\drivers\atapi.sys
13:48:41.0311 1456  atapi - ok
13:48:41.0389 1456  [ dbb487d09f56c674430ac454fd8bcab9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
13:48:41.0389 1456  AtiHDAudioService - ok
13:48:41.0483 1456  [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:48:41.0530 1456  AudioEndpointBuilder - ok
13:48:41.0545 1456  [ f23fef6d569fce88671949894a8becf1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:48:41.0561 1456  AudioSrv - ok
13:48:41.0608 1456  [ 26e38b5a58c6c55fafbc563eeddb0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
13:48:41.0608 1456  avgntflt - ok
13:48:41.0623 1456  [ 9d1f00beff84cbbf46d7f052bc7e0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
13:48:41.0623 1456  avipbb - ok
13:48:41.0655 1456  [ 248db59fc86de44d2779f4c7fb1a567d ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
13:48:41.0655 1456  avkmgr - ok
13:48:41.0717 1456  [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:48:41.0717 1456  AxInstSV - ok
13:48:41.0811 1456  [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:48:41.0811 1456  b06bdrv - ok
13:48:41.0873 1456  [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:48:41.0873 1456  b57nd60a - ok
13:48:41.0967 1456  [ 87f3bcf82a63e900af896cd930bf7e05 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
13:48:41.0967 1456  BBSvc - ok
13:48:42.0060 1456  [ 78779ee07231c658b483b1f38b5088df ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
13:48:42.0060 1456  BBUpdate - ok
13:48:42.0091 1456  [ c3d8920a5aaf10a72cedb57d3339280a ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
13:48:42.0091 1456  BCM42RLY - ok
13:48:42.0185 1456  [ d20ee58c13ff343b90550861ebcd9ddd ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
13:48:42.0341 1456  BCM43XX - ok
13:48:42.0372 1456  [ fde360167101b4e45a96f939f388aeb0 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:48:42.0372 1456  BDESVC - ok
13:48:42.0403 1456  [ 16a47ce2decc9b099349a5f840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:48:42.0403 1456  Beep - ok
13:48:42.0450 1456  [ 82974d6a2fd19445cc5171fc378668a4 ] BFE             C:\Windows\System32\bfe.dll
13:48:42.0450 1456  BFE - ok
13:48:42.0481 1456  [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:48:42.0481 1456  blbdrive - ok
13:48:42.0497 1456  [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:48:42.0497 1456  bowser - ok
13:48:42.0528 1456  [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
13:48:42.0528 1456  BrFiltLo - ok
13:48:42.0544 1456  [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
13:48:42.0544 1456  BrFiltUp - ok
13:48:42.0559 1456  [ 5c2f352a4e961d72518261257aae204b ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
13:48:42.0559 1456  BridgeMP - ok
13:48:42.0591 1456  [ 8ef0d5c41ec907751b8429162b1239ed ] Browser         C:\Windows\System32\browser.dll
13:48:42.0591 1456  Browser - ok
13:48:42.0591 1456  [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:48:42.0606 1456  Brserid - ok
13:48:42.0606 1456  [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:48:42.0606 1456  BrSerWdm - ok
13:48:42.0622 1456  [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:48:42.0622 1456  BrUsbMdm - ok
13:48:42.0637 1456  [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:48:42.0637 1456  BrUsbSer - ok
13:48:42.0637 1456  [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:48:42.0653 1456  BTHMODEM - ok
13:48:42.0669 1456  [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv         C:\Windows\system32\bthserv.dll
13:48:42.0669 1456  bthserv - ok
13:48:42.0700 1456  catchme - ok
13:48:42.0731 1456  [ b8bd2bb284668c84865658c77574381a ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:48:42.0731 1456  cdfs - ok
13:48:42.0793 1456  [ f036ce71586e93d94dab220d7bdf4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:48:42.0793 1456  cdrom - ok
13:48:42.0840 1456  [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc     C:\Windows\System32\certprop.dll
13:48:42.0840 1456  CertPropSvc - ok
13:48:42.0871 1456  [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass        C:\Windows\system32\drivers\circlass.sys
13:48:42.0871 1456  circlass - ok
13:48:42.0903 1456  [ fe1ec06f2253f691fe36217c592a0206 ] CLFS            C:\Windows\system32\CLFS.sys
13:48:42.0903 1456  CLFS - ok
13:48:42.0949 1456  [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:48:42.0965 1456  clr_optimization_v2.0.50727_32 - ok
13:48:42.0981 1456  [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:48:42.0981 1456  clr_optimization_v2.0.50727_64 - ok
13:48:43.0027 1456  [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:48:43.0121 1456  clr_optimization_v4.0.30319_32 - ok
13:48:43.0121 1456  [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:48:43.0137 1456  clr_optimization_v4.0.30319_64 - ok
13:48:43.0168 1456  [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:48:43.0168 1456  CmBatt - ok
13:48:43.0183 1456  [ e19d3f095812725d88f9001985b94edd ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:48:43.0183 1456  cmdide - ok
13:48:43.0199 1456  [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG             C:\Windows\system32\Drivers\cng.sys
13:48:43.0215 1456  CNG - ok
13:48:43.0293 1456  [ 2e27b361c6ede58c9d8668a5d812c9be ] CodeMeter.exe   C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
13:48:43.0324 1456  CodeMeter.exe - ok
13:48:43.0339 1456  [ 102de219c3f61415f964c88e9085ad14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:48:43.0355 1456  Compbatt - ok
13:48:43.0355 1456  [ 03edb043586cceba243d689bdda370a8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
13:48:43.0371 1456  CompositeBus - ok
13:48:43.0371 1456  COMSysApp - ok
13:48:43.0386 1456  [ 1c827878a998c18847245fe1f34ee597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:48:43.0386 1456  crcdisk - ok
13:48:43.0433 1456  [ d8e4f20bd26d8dca4cb67a796d7eec84 ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
13:48:43.0464 1456  Credential Vault Host Control Service - ok
13:48:43.0480 1456  [ ec31c9a4d1059e599dd1dbb50b84f278 ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
13:48:43.0480 1456  Credential Vault Host Storage - ok
13:48:43.0511 1456  [ 4f5414602e2544a4554d95517948b705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:48:43.0511 1456  CryptSvc - ok
13:48:43.0527 1456  [ 54da3dfd29ed9f1619b6f53f3ce55e49 ] CSC             C:\Windows\system32\drivers\csc.sys
13:48:43.0542 1456  CSC - ok
13:48:43.0558 1456  [ 3ab183ab4d2c79dcf459cd2c1266b043 ] CscService      C:\Windows\System32\cscsvc.dll
13:48:43.0558 1456  CscService - ok
13:48:43.0589 1456  [ 8ce04a5bdd2ce6e62ce02a1c27093104 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
13:48:43.0589 1456  CtClsFlt - ok
13:48:43.0605 1456  [ afd403048b1753eb4225ca476f663350 ] cvusbdrv        C:\Windows\system32\Drivers\cvusbdrv.sys
13:48:43.0605 1456  cvusbdrv - ok
13:48:43.0636 1456  [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:48:43.0651 1456  DcomLaunch - ok
13:48:43.0683 1456  [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc       C:\Windows\System32\defragsvc.dll
13:48:43.0683 1456  defragsvc - ok
13:48:43.0761 1456  [ b85201f1aae97cd58fde0db18120f924 ] DFEPService     c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
13:48:43.0792 1456  DFEPService - ok
13:48:43.0807 1456  [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:48:43.0807 1456  DfsC - ok
13:48:43.0885 1456  [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:48:43.0885 1456  Dhcp - ok
13:48:43.0901 1456  [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache        C:\Windows\system32\drivers\discache.sys
13:48:43.0917 1456  discache - ok
13:48:43.0963 1456  [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk            C:\Windows\system32\drivers\disk.sys
13:48:43.0979 1456  Disk - ok
13:48:44.0010 1456  [ 5db085a8a6600be6401f2b24eecb5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
13:48:44.0010 1456  dmvsc - ok
13:48:44.0057 1456  [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:48:44.0057 1456  Dnscache - ok
13:48:44.0088 1456  [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:48:44.0088 1456  dot3svc - ok
13:48:44.0119 1456  [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS             C:\Windows\system32\dps.dll
13:48:44.0119 1456  DPS - ok
13:48:44.0135 1456  [ 9b19f34400d24df84c858a421c205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:48:44.0135 1456  drmkaud - ok
13:48:44.0182 1456  [ 18d61c6c8c7ea60386b9a65b79e2b9fc ] DTSRVC          C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
13:48:44.0182 1456  DTSRVC - ok
13:48:44.0229 1456  [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:48:44.0260 1456  DXGKrnl - ok
13:48:44.0291 1456  [ eafcb4551836ff44ee775ceddfa7a77e ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
13:48:44.0307 1456  e1cexpress - ok
13:48:44.0322 1456  [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost         C:\Windows\System32\eapsvc.dll
13:48:44.0322 1456  EapHost - ok
13:48:44.0416 1456  [ dc5d737f51be844d8c82c695eb17372f ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:48:44.0541 1456  ebdrv - ok
13:48:44.0556 1456  [ c118a82cd78818c29ab228366ebf81c3 ] EFS             C:\Windows\System32\lsass.exe
13:48:44.0556 1456  EFS - ok
13:48:44.0619 1456  [ c4002b6b41975f057d98c439030cea07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:48:44.0650 1456  ehRecvr - ok
13:48:44.0665 1456  [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched         C:\Windows\ehome\ehsched.exe
13:48:44.0665 1456  ehSched - ok
13:48:44.0697 1456  [ 0e5da5369a0fcaea12456dd852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:48:44.0712 1456  elxstor - ok
13:48:44.0728 1456  [ 34a3c54752046e79a126e15c51db409b ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:48:44.0728 1456  ErrDev - ok
13:48:44.0759 1456  [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem     C:\Windows\system32\es.dll
13:48:44.0759 1456  EventSystem - ok
13:48:44.0775 1456  [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat           C:\Windows\system32\drivers\exfat.sys
13:48:44.0775 1456  exfat - ok
13:48:44.0790 1456  [ 0adc83218b66a6db380c330836f3e36d ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:48:44.0806 1456  fastfat - ok
13:48:44.0837 1456  [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax             C:\Windows\system32\fxssvc.exe
13:48:44.0837 1456  Fax - ok
13:48:44.0853 1456  [ d765d19cd8ef61f650c384f62fac00ab ] fdc             C:\Windows\system32\drivers\fdc.sys
13:48:44.0853 1456  fdc - ok
13:48:44.0884 1456  [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:48:44.0884 1456  fdPHost - ok
13:48:44.0899 1456  [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:48:44.0899 1456  FDResPub - ok
13:48:44.0931 1456  [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:48:44.0931 1456  FileInfo - ok
13:48:44.0946 1456  [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:48:44.0946 1456  Filetrace - ok
13:48:44.0946 1456  [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
13:48:44.0962 1456  flpydisk - ok
13:48:44.0977 1456  [ da6b67270fd9db3697b20fce94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:48:44.0977 1456  FltMgr - ok
13:48:45.0024 1456  [ 5c4cb4086fb83115b153e47add961a0c ] FontCache       C:\Windows\system32\FntCache.dll
13:48:45.0071 1456  FontCache - ok
13:48:45.0118 1456  [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:48:45.0118 1456  FontCache3.0.0.0 - ok
13:48:45.0149 1456  [ d43703496149971890703b4b1b723eac ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:48:45.0149 1456  FsDepends - ok
13:48:45.0165 1456  [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:48:45.0165 1456  Fs_Rec - ok
13:48:45.0196 1456  [ 1f7b25b858fa27015169fe95e54108ed ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:48:45.0196 1456  fvevol - ok
13:48:45.0211 1456  [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:48:45.0227 1456  gagp30kx - ok
13:48:45.0243 1456  [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc           C:\Windows\System32\gpsvc.dll
13:48:45.0258 1456  gpsvc - ok
13:48:45.0305 1456  [ 0e485f2c759f155170da9f35354034e9 ] HBtnKey         C:\Windows\system32\drivers\HBtnKey.sys
13:48:45.0305 1456  HBtnKey - ok
13:48:45.0321 1456  [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:48:45.0321 1456  hcw85cir - ok
13:48:45.0352 1456  [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:48:45.0367 1456  HdAudAddService - ok
13:48:45.0399 1456  [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:48:45.0399 1456  HDAudBus - ok
13:48:45.0414 1456  [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
13:48:45.0414 1456  HidBatt - ok
13:48:45.0430 1456  [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:48:45.0430 1456  HidBth - ok
13:48:45.0445 1456  [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:48:45.0445 1456  HidIr - ok
13:48:45.0461 1456  [ bd9eb3958f213f96b97b1d897dee006d ] hidserv         C:\Windows\System32\hidserv.dll
13:48:45.0477 1456  hidserv - ok
13:48:45.0508 1456  [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:48:45.0508 1456  HidUsb - ok
13:48:45.0539 1456  [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:48:45.0539 1456  hkmsvc - ok
13:48:45.0555 1456  [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:48:45.0570 1456  HomeGroupListener - ok
13:48:45.0601 1456  [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:48:45.0601 1456  HomeGroupProvider - ok
13:48:45.0633 1456  [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:48:45.0633 1456  HpSAMD - ok
13:48:45.0664 1456  [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:48:45.0695 1456  HTTP - ok
13:48:45.0695 1456  [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:48:45.0695 1456  hwpolicy - ok
13:48:45.0726 1456  [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:48:45.0726 1456  i8042prt - ok
13:48:45.0742 1456  [ d7921d5a870b11cc1adab198a519d50a ] iaStor          C:\Windows\system32\drivers\iaStor.sys
13:48:45.0757 1456  iaStor - ok
13:48:45.0820 1456  [ 8fff9083252c16fe3960173722605e9e ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:48:45.0820 1456  IAStorDataMgrSvc - ok
13:48:45.0867 1456  [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:48:45.0867 1456  iaStorV - ok
13:48:45.0929 1456  [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:48:45.0960 1456  idsvc - ok
13:48:45.0976 1456  [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:48:45.0976 1456  iirsp - ok
13:48:46.0023 1456  [ fcd84c381e0140af901e58d48882d26b ] IKEEXT          C:\Windows\System32\ikeext.dll
13:48:46.0054 1456  IKEEXT - ok
13:48:46.0085 1456  [ dd587a55390ed2295bce6d36ad567da9 ] Impcd           C:\Windows\system32\drivers\Impcd.sys
13:48:46.0085 1456  Impcd - ok
13:48:46.0132 1456  [ d7b978f4504d3da95a21002863d0e7ee ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
13:48:46.0132 1456  Intel(R) PROSet Monitoring Service - ok
13:48:46.0163 1456  [ f00f20e70c6ec3aa366910083a0518aa ] intelide        C:\Windows\system32\drivers\intelide.sys
13:48:46.0163 1456  intelide - ok
13:48:46.0179 1456  [ ada036632c664caa754079041cf1f8c1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:48:46.0179 1456  intelppm - ok
13:48:46.0210 1456  [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:48:46.0225 1456  IPBusEnum - ok
13:48:46.0241 1456  [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:48:46.0241 1456  IpFilterDriver - ok
13:48:46.0319 1456  [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:48:46.0335 1456  iphlpsvc - ok
13:48:46.0366 1456  [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:48:46.0366 1456  IPMIDRV - ok
13:48:46.0381 1456  [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:48:46.0381 1456  IPNAT - ok
13:48:46.0413 1456  [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:48:46.0413 1456  IRENUM - ok
13:48:46.0428 1456  [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:48:46.0428 1456  isapnp - ok
13:48:46.0444 1456  [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:48:46.0444 1456  iScsiPrt - ok
13:48:46.0475 1456  [ 6c85719a21b3f62c2c76280f4bd36c7b ] jhi_service     C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
13:48:46.0475 1456  jhi_service - ok
13:48:46.0506 1456  [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:48:46.0506 1456  kbdclass - ok
13:48:46.0522 1456  [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
13:48:46.0537 1456  kbdhid - ok
13:48:46.0537 1456  [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso          C:\Windows\system32\lsass.exe
13:48:46.0537 1456  KeyIso - ok
13:48:46.0569 1456  [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:48:46.0569 1456  KSecDD - ok
13:48:46.0584 1456  [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:48:46.0584 1456  KSecPkg - ok
13:48:46.0600 1456  [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:48:46.0615 1456  ksthunk - ok
13:48:46.0647 1456  [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:48:46.0662 1456  KtmRm - ok
13:48:46.0709 1456  [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
13:48:46.0725 1456  LanmanServer - ok
13:48:46.0740 1456  [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:48:46.0756 1456  LanmanWorkstation - ok
13:48:46.0771 1456  [ 1538831cf8ad2979a04c423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:48:46.0787 1456  lltdio - ok
13:48:46.0803 1456  [ c1185803384ab3feed115f79f109427f ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:48:46.0803 1456  lltdsvc - ok
13:48:46.0818 1456  [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:48:46.0818 1456  lmhosts - ok
13:48:46.0849 1456  [ 519d66259df1672aabce9d2e0acc5552 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:48:46.0849 1456  LMS - ok
13:48:46.0896 1456  [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:48:46.0896 1456  LSI_FC - ok
13:48:46.0912 1456  [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:48:46.0912 1456  LSI_SAS - ok
13:48:46.0927 1456  [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:48:46.0927 1456  LSI_SAS2 - ok
13:48:46.0943 1456  [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:48:46.0943 1456  LSI_SCSI - ok
13:48:46.0959 1456  [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv           C:\Windows\system32\drivers\luafv.sys
13:48:46.0959 1456  luafv - ok
13:48:46.0990 1456  [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:48:47.0005 1456  Mcx2Svc - ok
13:48:47.0005 1456  [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:48:47.0005 1456  megasas - ok
13:48:47.0037 1456  [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:48:47.0037 1456  MegaSR - ok
13:48:47.0068 1456  [ a6518dcc42f7a6e999bb3bea8fd87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
13:48:47.0068 1456  MEIx64 - ok
13:48:47.0099 1456  [ e40e80d0304a73e8d269f7141d77250b ] MMCSS           C:\Windows\system32\mmcss.dll
13:48:47.0099 1456  MMCSS - ok
13:48:47.0099 1456  [ 800ba92f7010378b09f9ed9270f07137 ] Modem           C:\Windows\system32\drivers\modem.sys
13:48:47.0099 1456  Modem - ok
13:48:47.0115 1456  [ b03d591dc7da45ece20b3b467e6aadaa ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:48:47.0115 1456  monitor - ok
13:48:47.0146 1456  [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:48:47.0146 1456  mouclass - ok
13:48:47.0161 1456  [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:48:47.0161 1456  mouhid - ok
13:48:47.0177 1456  [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:48:47.0177 1456  mountmgr - ok
13:48:47.0255 1456  [ 15d5398eed42c2504bb3d4fc875c15d1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:48:47.0255 1456  MozillaMaintenance - ok
13:48:47.0271 1456  [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:48:47.0286 1456  mpio - ok
13:48:47.0286 1456  [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:48:47.0286 1456  mpsdrv - ok
13:48:47.0364 1456  [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:48:47.0395 1456  MpsSvc - ok
13:48:47.0411 1456  [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:48:47.0411 1456  MRxDAV - ok
13:48:47.0442 1456  [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:48:47.0458 1456  mrxsmb - ok
13:48:47.0473 1456  [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:48:47.0489 1456  mrxsmb10 - ok
13:48:47.0505 1456  [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:48:47.0505 1456  mrxsmb20 - ok
13:48:47.0536 1456  [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:48:47.0536 1456  msahci - ok
13:48:47.0567 1456  [ db801a638d011b9633829eb6f663c900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:48:47.0567 1456  msdsm - ok
13:48:47.0583 1456  [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC           C:\Windows\System32\msdtc.exe
13:48:47.0583 1456  MSDTC - ok
13:48:47.0614 1456  [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:48:47.0614 1456  Msfs - ok
13:48:47.0629 1456  [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:48:47.0645 1456  mshidkmdf - ok
13:48:47.0661 1456  [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:48:47.0661 1456  msisadrv - ok
13:48:47.0692 1456  [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:48:47.0692 1456  MSiSCSI - ok
13:48:47.0707 1456  msiserver - ok
13:48:47.0723 1456  [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:48:47.0723 1456  MSKSSRV - ok
13:48:47.0739 1456  [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:48:47.0739 1456  MSPCLOCK - ok
13:48:47.0754 1456  [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:48:47.0754 1456  MSPQM - ok
13:48:47.0785 1456  [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:48:47.0801 1456  MsRPC - ok
13:48:47.0817 1456  [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:48:47.0817 1456  mssmbios - ok
13:48:47.0832 1456  [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:48:47.0832 1456  MSTEE - ok
13:48:47.0848 1456  [ 7ea404308934e675bffde8edf0757bcd ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
13:48:47.0848 1456  MTConfig - ok
13:48:47.0863 1456  [ f9a18612fd3526fe473c1bda678d61c8 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:48:47.0863 1456  Mup - ok
13:48:47.0895 1456  [ 582ac6d9873e31dfa28a4547270862dd ] napagent        C:\Windows\system32\qagentRT.dll
13:48:47.0910 1456  napagent - ok
13:48:47.0941 1456  [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:48:47.0957 1456  NativeWifiP - ok
13:48:48.0004 1456  [ c38b8ae57f78915905064a9a24dc1586 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:48:48.0051 1456  NDIS - ok
13:48:48.0066 1456  [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:48:48.0066 1456  NdisCap - ok
13:48:48.0097 1456  [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:48:48.0097 1456  NdisTapi - ok
13:48:48.0113 1456  [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:48:48.0113 1456  Ndisuio - ok
13:48:48.0129 1456  [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:48:48.0144 1456  NdisWan - ok
13:48:48.0160 1456  [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:48:48.0160 1456  NDProxy - ok
13:48:48.0175 1456  [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:48:48.0175 1456  NetBIOS - ok
13:48:48.0175 1456  [ 09594d1089c523423b32a4229263f068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:48:48.0175 1456  NetBT - ok
13:48:48.0191 1456  [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon        C:\Windows\system32\lsass.exe
13:48:48.0191 1456  Netlogon - ok
13:48:48.0222 1456  [ 847d3ae376c0817161a14a82c8922a9e ] Netman          C:\Windows\System32\netman.dll
13:48:48.0238 1456  Netman - ok
13:48:48.0253 1456  [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:48:48.0285 1456  NetMsmqActivator - ok
13:48:48.0300 1456  [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:48:48.0300 1456  NetPipeActivator - ok
13:48:48.0316 1456  [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm        C:\Windows\System32\netprofm.dll
13:48:48.0331 1456  netprofm - ok
13:48:48.0347 1456  [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:48:48.0347 1456  NetTcpActivator - ok
13:48:48.0347 1456  [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:48:48.0347 1456  NetTcpPortSharing - ok
13:48:48.0394 1456  [ 73ce12b8bdd747b0063cb0a7ef44cea7 ] netvsc          C:\Windows\system32\DRIVERS\netvsc60.sys
13:48:48.0394 1456  netvsc - ok
13:48:48.0425 1456  [ 77889813be4d166cdab78ddba990da92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:48:48.0425 1456  nfrd960 - ok
13:48:48.0456 1456  [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:48:48.0472 1456  NlaSvc - ok
13:48:48.0487 1456  [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:48:48.0487 1456  Npfs - ok
13:48:48.0487 1456  [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi             C:\Windows\system32\nsisvc.dll
13:48:48.0487 1456  nsi - ok
13:48:48.0503 1456  [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:48:48.0503 1456  nsiproxy - ok
13:48:48.0550 1456  [ a2f74975097f52a00745f9637451fdd8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:48:48.0597 1456  Ntfs - ok
13:48:48.0612 1456  [ 9899284589f75fa8724ff3d16aed75c1 ] Null            C:\Windows\system32\drivers\Null.sys
13:48:48.0612 1456  Null - ok
13:48:48.0628 1456  [ a7127e86f9ffe2a53e271b56b2c4cedf ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
13:48:48.0643 1456  nusb3hub - ok
13:48:48.0659 1456  [ 49bbec6f48d5f9284b03abf3a959b19b ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:48:48.0675 1456  nusb3xhc - ok
13:48:48.0690 1456  [ 0a92cb65770442ed0dc44834632f66ad ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:48:48.0706 1456  nvraid - ok
13:48:48.0721 1456  [ dab0e87525c10052bf65f06152f37e4a ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:48:48.0721 1456  nvstor - ok
13:48:48.0753 1456  [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:48:48.0753 1456  nv_agp - ok
13:48:48.0768 1456  [ 4e37455db16aec75862b1d0bc35b589e ] O2FLASH         C:\Windows\system32\DRIVERS\o2flash.exe
13:48:48.0768 1456  O2FLASH - ok
13:48:48.0799 1456  [ 6172db160fc566cf24307941c0e94d8e ] O2MDFRDR        C:\Windows\system32\drivers\O2MDFw7x64.sys
13:48:48.0799 1456  O2MDFRDR - ok
13:48:48.0815 1456  [ 8ed738aba394bbf6d7802698be453112 ] O2MDRRDR        C:\Windows\system32\DRIVERS\O2MDRw7x64.sys
13:48:48.0831 1456  O2MDRRDR - ok
13:48:48.0877 1456  [ 4635935fc972c582632bf45c26bfcb0e ] O2SDIOAssist    c:\Windows\SysWOW64\srvany.exe
13:48:48.0877 1456  O2SDIOAssist - ok
13:48:48.0909 1456  [ a9c1e6b7c134fad124338b7944fa996d ] O2SDJRDR        C:\Windows\system32\DRIVERS\o2sdjw7x64.sys
13:48:48.0909 1456  O2SDJRDR - ok
13:48:48.0924 1456  [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:48:48.0924 1456  ohci1394 - ok
13:48:48.0987 1456  [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:48:48.0987 1456  ose - ok
13:48:49.0158 1456  [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:48:49.0455 1456  osppsvc - ok
13:48:49.0486 1456  [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:48:49.0486 1456  p2pimsvc - ok
13:48:49.0501 1456  [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:48:49.0501 1456  p2psvc - ok
13:48:49.0533 1456  [ 0086431c29c35be1dbc43f52cc273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:48:49.0533 1456  Parport - ok
13:48:49.0564 1456  [ e9766131eeade40a27dc27d2d68fba9c ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:48:49.0564 1456  partmgr - ok
13:48:49.0579 1456  [ 363b3f857abee85767e01e3044c539cd ] PBADRV          C:\Windows\system32\DRIVERS\PBADRV.sys
13:48:49.0579 1456  PBADRV - ok
13:48:49.0611 1456  [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:48:49.0611 1456  PcaSvc - ok
13:48:49.0642 1456  [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci             C:\Windows\system32\drivers\pci.sys
13:48:49.0642 1456  pci - ok
13:48:49.0673 1456  [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide          C:\Windows\system32\drivers\pciide.sys
13:48:49.0673 1456  pciide - ok
13:48:49.0673 1456  [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:48:49.0689 1456  pcmcia - ok
13:48:49.0704 1456  [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:48:49.0704 1456  pcw - ok
13:48:49.0735 1456  [ ee6539339e76ee69793609a5f12a7b80 ] PdiService      C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
13:48:49.0735 1456  PdiService - ok
13:48:49.0767 1456  [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:48:49.0782 1456  PEAUTH - ok
13:48:49.0845 1456  [ b9b0a4299dd2d76a4243f75fd54dc680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:48:49.0876 1456  PeerDistSvc - ok
13:48:49.0907 1456  [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:48:49.0907 1456  PerfHost - ok
13:48:49.0954 1456  [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla             C:\Windows\system32\pla.dll
13:48:49.0985 1456  pla - ok
13:48:50.0016 1456  [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:48:50.0032 1456  PlugPlay - ok
13:48:50.0047 1456  [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:48:50.0047 1456  PNRPAutoReg - ok
13:48:50.0063 1456  [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:48:50.0063 1456  PNRPsvc - ok
13:48:50.0094 1456  [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:48:50.0110 1456  PolicyAgent - ok
13:48:50.0125 1456  [ a2cca4fb273e6050f17a0a416cff2fcd ] Power           C:\Windows\system32\umpo.dll
13:48:50.0125 1456  Power - ok
13:48:50.0157 1456  [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:48:50.0157 1456  PptpMiniport - ok
13:48:50.0157 1456  [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor       C:\Windows\system32\drivers\processr.sys
13:48:50.0172 1456  Processor - ok
13:48:50.0203 1456  [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:48:50.0203 1456  ProfSvc - ok
13:48:50.0219 1456  [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:48:50.0219 1456  ProtectedStorage - ok
13:48:50.0235 1456  [ 0557cf5a2556bd58e26384169d72438d ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:48:50.0235 1456  Psched - ok
13:48:50.0281 1456  [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:48:50.0313 1456  ql2300 - ok
13:48:50.0313 1456  [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:48:50.0313 1456  ql40xx - ok
13:48:50.0344 1456  [ 906191634e99aea92c4816150bda3732 ] QWAVE           C:\Windows\system32\qwave.dll
13:48:50.0359 1456  QWAVE - ok
13:48:50.0375 1456  [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:48:50.0375 1456  QWAVEdrv - ok
13:48:50.0391 1456  [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:48:50.0391 1456  RasAcd - ok
13:48:50.0422 1456  [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:48:50.0422 1456  RasAgileVpn - ok
13:48:50.0453 1456  [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto         C:\Windows\System32\rasauto.dll
13:48:50.0453 1456  RasAuto - ok
13:48:50.0469 1456  [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:48:50.0484 1456  Rasl2tp - ok
13:48:50.0500 1456  [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan          C:\Windows\System32\rasmans.dll
13:48:50.0500 1456  RasMan - ok
13:48:50.0515 1456  [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:48:50.0531 1456  RasPppoe - ok
13:48:50.0531 1456  [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:48:50.0531 1456  RasSstp - ok
13:48:50.0547 1456  [ 77f665941019a1594d887a74f301fa2f ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:48:50.0562 1456  rdbss - ok
13:48:50.0562 1456  [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:48:50.0578 1456  rdpbus - ok
13:48:50.0593 1456  [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:48:50.0593 1456  RDPCDD - ok
13:48:50.0625 1456  [ 1b6163c503398b23ff8b939c67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:48:50.0625 1456  RDPDR - ok
13:48:50.0656 1456  [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:48:50.0656 1456  RDPENCDD - ok
13:48:50.0656 1456  [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:48:50.0671 1456  RDPREFMP - ok
13:48:50.0687 1456  [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:48:50.0687 1456  RDPWD - ok
13:48:50.0687 1456  [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:48:50.0703 1456  rdyboost - ok
13:48:50.0734 1456  [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:48:50.0734 1456  RemoteAccess - ok
13:48:50.0749 1456  [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:48:50.0765 1456  RemoteRegistry - ok
13:48:50.0781 1456  [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:48:50.0781 1456  RpcEptMapper - ok
13:48:50.0796 1456  [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator      C:\Windows\system32\locator.exe
13:48:50.0796 1456  RpcLocator - ok
13:48:50.0827 1456  [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs           C:\Windows\system32\rpcss.dll
13:48:50.0843 1456  RpcSs - ok
13:48:50.0859 1456  [ ddc86e4f8e7456261e637e3552e804ff ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:48:50.0874 1456  rspndr - ok
13:48:50.0874 1456  [ e60c0a09f997826c7627b244195ab581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
13:48:50.0890 1456  s3cap - ok
13:48:50.0905 1456  [ c118a82cd78818c29ab228366ebf81c3 ] SamSs           C:\Windows\system32\lsass.exe
13:48:50.0905 1456  SamSs - ok
13:48:50.0921 1456  [ ac03af3329579fffb455aa2daabbe22b ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:48:50.0921 1456  sbp2port - ok
13:48:50.0937 1456  [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:48:50.0937 1456  SCardSvr - ok
13:48:50.0937 1456  [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:48:50.0952 1456  scfilter - ok
13:48:50.0983 1456  [ 262f6592c3299c005fd6bec90fc4463a ] Schedule        C:\Windows\system32\schedsvc.dll
13:48:51.0015 1456  Schedule - ok
13:48:51.0046 1456  [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:48:51.0046 1456  SCPolicySvc - ok
13:48:51.0061 1456  [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:48:51.0061 1456  SDRSVC - ok
13:48:51.0077 1456  [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:48:51.0077 1456  secdrv - ok
13:48:51.0093 1456  [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon        C:\Windows\system32\seclogon.dll
13:48:51.0093 1456  seclogon - ok
13:48:51.0217 1456  [ 8365191d0fe7df5972b889821adbe62b ] SecureStorageService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
13:48:51.0280 1456  SecureStorageService - ok
13:48:51.0295 1456  [ c32ab8fa018ef34c0f113bd501436d21 ] SENS            C:\Windows\system32\sens.dll
13:48:51.0295 1456  SENS - ok
13:48:51.0295 1456  [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:48:51.0295 1456  SensrSvc - ok
13:48:51.0327 1456  [ cb624c0035412af0debec78c41f5ca1b ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:48:51.0327 1456  Serenum - ok
13:48:51.0358 1456  [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial          C:\Windows\system32\drivers\serial.sys
13:48:51.0358 1456  Serial - ok
13:48:51.0373 1456  [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:48:51.0373 1456  sermouse - ok
13:48:51.0405 1456  [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:48:51.0405 1456  SessionEnv - ok
13:48:51.0420 1456  [ a554811bcd09279536440c964ae35bbf ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:48:51.0420 1456  sffdisk - ok
13:48:51.0436 1456  [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:48:51.0436 1456  sffp_mmc - ok
13:48:51.0436 1456  [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:48:51.0436 1456  sffp_sd - ok
13:48:51.0451 1456  [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:48:51.0451 1456  sfloppy - ok
13:48:51.0514 1456  [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:48:51.0529 1456  SharedAccess - ok
13:48:51.0545 1456  [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:48:51.0561 1456  ShellHWDetection - ok
13:48:51.0576 1456  [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:48:51.0576 1456  SiSRaid2 - ok
13:48:51.0592 1456  [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:48:51.0592 1456  SiSRaid4 - ok
13:48:51.0607 1456  [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:48:51.0607 1456  Smb - ok
13:48:51.0639 1456  [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:48:51.0654 1456  SNMPTRAP - ok
13:48:51.0654 1456  [ b9e31e5cacdfe584f34f730a677803f9 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:48:51.0654 1456  spldr - ok
13:48:51.0732 1456  [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler         C:\Windows\System32\spoolsv.exe
13:48:51.0748 1456  Spooler - ok
13:48:51.0857 1456  [ e17e0188bb90fae42d83e98707efa59c ] sppsvc          C:\Windows\system32\sppsvc.exe
13:48:51.0951 1456  sppsvc - ok
13:48:51.0951 1456  [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:48:51.0966 1456  sppuinotify - ok
13:48:51.0997 1456  [ 441fba48bff01fdb9d5969ebc1838f0b ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:48:51.0997 1456  srv - ok
13:48:52.0029 1456  [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:48:52.0029 1456  srv2 - ok
13:48:52.0044 1456  [ 27e461f0be5bff5fc737328f749538c3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:48:52.0044 1456  srvnet - ok
13:48:52.0075 1456  [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:48:52.0075 1456  SSDPSRV - ok
13:48:52.0091 1456  [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:48:52.0107 1456  SstpSvc - ok
13:48:52.0138 1456  [ 46b72c1c296c1e985d031d98f0ffa5e5 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
13:48:52.0138 1456  STacSV - ok
13:48:52.0153 1456  [ e4ea2412fb1b8aee33667a9cc6d456a4 ] stdcfltn        C:\Windows\system32\DRIVERS\stdcfltn.sys
13:48:52.0169 1456  stdcfltn - ok
13:48:52.0200 1456  [ f3817967ed533d08327dc73bc4d5542a ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:48:52.0200 1456  stexstor - ok
13:48:52.0231 1456  [ 501b376781eb6e46aae43946e3dd7d84 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
13:48:52.0247 1456  STHDA - ok
13:48:52.0278 1456  [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc          C:\Windows\System32\wiaservc.dll
13:48:52.0294 1456  stisvc - ok
13:48:52.0309 1456  [ c40841817ef57d491f22eb103da587cc ] StorSvc         C:\Windows\system32\storsvc.dll
13:48:52.0309 1456  StorSvc - ok
13:48:52.0325 1456  [ d34e4943d5ac096c8edeebfd80d76e23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:48:52.0325 1456  storvsc - ok
13:48:52.0341 1456  [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:48:52.0341 1456  swenum - ok
13:48:52.0387 1456  [ e08e46fdd841b7184194011ca1955a0b ] swprv           C:\Windows\System32\swprv.dll
13:48:52.0387 1456  swprv - ok
13:48:52.0403 1456  [ 4cdd7df58730d23ba9cb5829a6e2ecea ] SynthVid        C:\Windows\system32\DRIVERS\VMBusVideoM.sys
13:48:52.0403 1456  SynthVid - ok
13:48:52.0434 1456  [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain         C:\Windows\system32\sysmain.dll
13:48:52.0481 1456  SysMain - ok
13:48:52.0481 1456  [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:48:52.0481 1456  TabletInputService - ok
13:48:52.0497 1456  [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:48:52.0512 1456  TapiSrv - ok
13:48:52.0512 1456  [ 1be03ac720f4d302ea01d40f588162f6 ] TBS             C:\Windows\System32\tbssvc.dll
13:48:52.0528 1456  TBS - ok
13:48:52.0559 1456  [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:48:52.0621 1456  Tcpip - ok
13:48:52.0653 1456  [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:48:52.0668 1456  TCPIP6 - ok
13:48:52.0699 1456  [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:48:52.0699 1456  tcpipreg - ok
13:48:52.0762 1456  [ 3d52b206d9f6f3ecfdb5d676614e47b6 ] tcsd_win32.exe  C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
13:48:52.0793 1456  tcsd_win32.exe - ok
13:48:52.0902 1456  [ e2f626e4a23e12de31d8820ff143a456 ] TdmService      C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
13:48:52.0996 1456  TdmService - ok
13:48:52.0996 1456  [ 3371d21011695b16333a3934340c4e7c ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:48:53.0011 1456  TDPIPE - ok
13:48:53.0027 1456  [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:48:53.0043 1456  TDTCP - ok
13:48:53.0058 1456  [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:48:53.0074 1456  tdx - ok
13:48:53.0089 1456  [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:48:53.0089 1456  TermDD - ok
13:48:53.0183 1456  [ 2e648163254233755035b46dd7b89123 ] TermService     C:\Windows\System32\termsrv.dll
13:48:53.0214 1456  TermService - ok
13:48:53.0230 1456  [ f0344071948d1a1fa732231785a0664c ] Themes          C:\Windows\system32\themeservice.dll
13:48:53.0230 1456  Themes - ok
13:48:53.0246 1456  [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER     C:\Windows\system32\mmcss.dll
13:48:53.0246 1456  THREADORDER - ok
13:48:53.0261 1456  [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks          C:\Windows\System32\trkwks.dll
13:48:53.0261 1456  TrkWks - ok
13:48:53.0308 1456  [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:48:53.0308 1456  TrustedInstaller - ok
13:48:53.0339 1456  [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:48:53.0355 1456  tssecsrv - ok
13:48:53.0386 1456  [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:48:53.0386 1456  TsUsbFlt - ok
13:48:53.0402 1456  [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
13:48:53.0417 1456  TsUsbGD - ok
13:48:53.0448 1456  [ 3566a8daafa27af944f5d705eaa64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:48:53.0448 1456  tunnel - ok
13:48:53.0464 1456  [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:48:53.0464 1456  uagp35 - ok
13:48:53.0480 1456  [ ff4232a1a64012baa1fd97c7b67df593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:48:53.0480 1456  udfs - ok
13:48:53.0511 1456  [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:48:53.0511 1456  UI0Detect - ok
13:48:53.0542 1456  [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:48:53.0542 1456  uliagpkx - ok
13:48:53.0558 1456  [ dc54a574663a895c8763af0fa1ff7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:48:53.0558 1456  umbus - ok
13:48:53.0573 1456  [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass          C:\Windows\system32\drivers\umpass.sys
13:48:53.0573 1456  UmPass - ok
13:48:53.0604 1456  [ a293dcd756d04d8492a750d03b9a297c ] UmRdpService    C:\Windows\System32\umrdp.dll
13:48:53.0604 1456  UmRdpService - ok
13:48:53.0698 1456  [ 1b71370aec1115f80d9a4a209317c968 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:48:53.0760 1456  UNS - ok
13:48:53.0807 1456  [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost        C:\Windows\System32\upnphost.dll
13:48:53.0807 1456  upnphost - ok
13:48:53.0838 1456  [ 19ad7990c0b67e48dac5b26f99628223 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:48:53.0838 1456  usbccgp - ok
13:48:53.0870 1456  [ af0892a803fdda7492f595368e3b68e7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:48:53.0870 1456  usbcir - ok
13:48:53.0885 1456  [ c025055fe7b87701eb042095df1a2d7b ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:48:53.0885 1456  usbehci - ok
13:48:53.0932 1456  [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:48:53.0932 1456  usbhub - ok
13:48:53.0948 1456  [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:48:53.0963 1456  usbohci - ok
13:48:53.0979 1456  [ 73188f58fb384e75c4063d29413cee3d ] usbprint        C:\Windows\system32\drivers\usbprint.sys
13:48:53.0979 1456  usbprint - ok
13:48:53.0994 1456  [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:48:53.0994 1456  USBSTOR - ok
13:48:54.0026 1456  [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:48:54.0026 1456  usbuhci - ok
13:48:54.0057 1456  [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:48:54.0072 1456  usbvideo - ok
13:48:54.0088 1456  [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms           C:\Windows\System32\uxsms.dll
13:48:54.0088 1456  UxSms - ok
13:48:54.0104 1456  [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc        C:\Windows\system32\lsass.exe
13:48:54.0104 1456  VaultSvc - ok
13:48:54.0119 1456  [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:48:54.0119 1456  vdrvroot - ok
13:48:54.0135 1456  [ 8d6b481601d01a456e75c3210f1830be ] vds             C:\Windows\System32\vds.exe
13:48:54.0150 1456  vds - ok
13:48:54.0166 1456  [ da4da3f5e02943c2dc8c6ed875de68dd ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:48:54.0166 1456  vga - ok
13:48:54.0182 1456  [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:48:54.0182 1456  VgaSave - ok
13:48:54.0197 1456  [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:48:54.0197 1456  vhdmp - ok
13:48:54.0213 1456  [ e5689d93ffe4e5d66c0178761240dd54 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:48:54.0228 1456  viaide - ok
13:48:54.0244 1456  [ 7de90b48f210d29649380545db45a187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:48:54.0244 1456  VMBusHID - ok
13:48:54.0275 1456  [ d2aafd421940f640b407aefaaebd91b0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:48:54.0275 1456  volmgr - ok
13:48:54.0291 1456  [ a255814907c89be58b79ef2f189b843b ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:48:54.0306 1456  volmgrx - ok
13:48:54.0322 1456  [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:48:54.0322 1456  volsnap - ok
13:48:54.0353 1456  [ b4a73ca4ef9a02b9738cea9ad5fe5917 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
13:48:54.0353 1456  vpcbus - ok
13:48:54.0369 1456  [ e675fb2b48c54f09895482e2253b289c ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
13:48:54.0384 1456  vpcnfltr - ok
13:48:54.0400 1456  [ 5fb42082b0d19a0268705f1dd343df20 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
13:48:54.0400 1456  vpcusb - ok
13:48:54.0431 1456  [ 30d4243726a15a14f5c5e45898d14394 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
13:48:54.0447 1456  vpcvmm - ok
13:48:54.0478 1456  [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:48:54.0478 1456  vsmraid - ok
13:48:54.0540 1456  [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS             C:\Windows\system32\vssvc.exe
13:48:54.0572 1456  VSS - ok
13:48:54.0587 1456  [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:48:54.0587 1456  vwifibus - ok
13:48:54.0618 1456  [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:48:54.0618 1456  vwififlt - ok
13:48:54.0634 1456  [ 1c9d80cc3849b3788048078c26486e1a ] W32Time         C:\Windows\system32\w32time.dll
13:48:54.0650 1456  W32Time - ok
13:48:54.0665 1456  [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:48:54.0665 1456  WacomPen - ok
13:48:54.0681 1456  [ 356afd78a6ed4457169241ac3965230c ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:48:54.0696 1456  WANARP - ok
13:48:54.0696 1456  [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:48:54.0696 1456  Wanarpv6 - ok
13:48:54.0759 1456  [ e45bce01f15eeb240fe9db83b9d86be3 ] Wave Authentication Manager Service C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
13:48:54.0806 1456  Wave Authentication Manager Service - ok
13:48:54.0868 1456  [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine        C:\Windows\system32\wbengine.exe
13:48:54.0884 1456  wbengine - ok
13:48:54.0899 1456  [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:48:54.0899 1456  WbioSrvc - ok
13:48:54.0915 1456  [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:48:54.0915 1456  wcncsvc - ok
13:48:54.0930 1456  [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:48:54.0930 1456  WcsPlugInService - ok
13:48:54.0946 1456  [ 72889e16ff12ba0f235467d6091b17dc ] Wd              C:\Windows\system32\drivers\wd.sys
13:48:54.0946 1456  Wd - ok
13:48:54.0977 1456  [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:48:55.0008 1456  Wdf01000 - ok
13:48:55.0008 1456  [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:48:55.0024 1456  WdiServiceHost - ok
13:48:55.0024 1456  [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:48:55.0024 1456  WdiSystemHost - ok
13:48:55.0040 1456  [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient       C:\Windows\System32\webclnt.dll
13:48:55.0040 1456  WebClient - ok
13:48:55.0055 1456  [ c749025a679c5103e575e3b48e092c43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:48:55.0055 1456  Wecsvc - ok
13:48:55.0071 1456  [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:48:55.0071 1456  wercplsupport - ok
13:48:55.0086 1456  [ 6d137963730144698cbd10f202e9f251 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:48:55.0086 1456  WerSvc - ok
13:48:55.0102 1456  [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:48:55.0102 1456  WfpLwf - ok
13:48:55.0118 1456  [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:48:55.0118 1456  WIMMount - ok
13:48:55.0149 1456  WinDefend - ok
13:48:55.0164 1456  WinHttpAutoProxySvc - ok
13:48:55.0211 1456  [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:48:55.0227 1456  Winmgmt - ok
13:48:55.0305 1456  [ bcb1310604aa415c4508708975b3931e ] WinRM           C:\Windows\system32\WsmSvc.dll
13:48:55.0320 1456  WinRM - ok
13:48:55.0367 1456  [ fe88b288356e7b47b74b13372add906d ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
13:48:55.0367 1456  WinUsb - ok
13:48:55.0383 1456  [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:48:55.0414 1456  Wlansvc - ok
13:48:55.0461 1456  [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:48:55.0461 1456  wlcrasvc - ok
13:48:55.0554 1456  [ 7e47c328fc4768cb8beafbcfafa70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:48:55.0586 1456  wlidsvc - ok
13:48:55.0617 1456  [ 55dbb16fdc57808615323389241fdc99 ] wltrysvc        C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
13:48:55.0632 1456  wltrysvc - ok
13:48:55.0648 1456  [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
13:48:55.0648 1456  WmiAcpi - ok
13:48:55.0679 1456  [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:48:55.0679 1456  wmiApSrv - ok
13:48:55.0710 1456  WMPNetworkSvc - ok
13:48:55.0742 1456  [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:48:55.0742 1456  WPCSvc - ok
13:48:55.0757 1456  [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:48:55.0757 1456  WPDBusEnum - ok
13:48:55.0773 1456  [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:48:55.0788 1456  ws2ifsl - ok
13:48:55.0788 1456  [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc          C:\Windows\system32\wscsvc.dll
13:48:55.0804 1456  wscsvc - ok
13:48:55.0804 1456  WSearch - ok
13:48:55.0866 1456  [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:48:55.0929 1456  wuauserv - ok
13:48:55.0929 1456  [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:48:55.0944 1456  WudfPf - ok
13:48:55.0944 1456  [ cf8d590be3373029d57af80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:48:55.0944 1456  WUDFRd - ok
13:48:55.0960 1456  [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:48:55.0960 1456  wudfsvc - ok
13:48:55.0976 1456  [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:48:55.0976 1456  WwanSvc - ok
13:48:55.0991 1456  ================ Scan global ===============================
13:48:56.0022 1456  (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
13:48:56.0038 1456  (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
13:48:56.0054 1456  (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
13:48:56.0085 1456  (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
13:48:56.0116 1456  (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
13:48:56.0132 1456  [Global] - ok
13:48:56.0132 1456  ================ Scan MBR ==================================
13:48:56.0147 1456  MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:48:56.0334 1456  \Device\Harddisk0\DR0 - ok
13:48:56.0412 1456  MBR (0x1B8)     (633150eb706c046d64591b7da0597813) \Device\Harddisk1\DR1
13:48:56.0537 1456  \Device\Harddisk1\DR1 - ok
13:48:56.0537 1456  MBR (0x1B8)     (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk2\DR3
13:48:57.0910 1456  \Device\Harddisk2\DR3 - ok
13:48:57.0926 1456  ================ Scan VBR ==================================
13:48:57.0926 1456  Boot (0x1200)   (2d2a9ba37542ed60d27092be3b4f4c2a) \Device\Harddisk0\DR0\Partition1
13:48:57.0926 1456  \Device\Harddisk0\DR0\Partition1 - ok
13:48:57.0926 1456  Boot (0x1200)   (58eedc8b1e935ec2da1044bdc6b62abb) \Device\Harddisk0\DR0\Partition2
13:48:57.0926 1456  \Device\Harddisk0\DR0\Partition2 - ok
13:48:57.0957 1456  Boot (0x1200)   (8b110597cdd3c0cf8110a0a9a7b41010) \Device\Harddisk1\DR1\Partition1
13:48:57.0957 1456  \Device\Harddisk1\DR1\Partition1 - ok
13:48:57.0972 1456  Boot (0x1200)   (70c0542354710bf47aacde73f8f56306) \Device\Harddisk2\DR3\Partition1
13:48:57.0972 1456  \Device\Harddisk2\DR3\Partition1 - ok
13:48:57.0972 1456  ============================================================
13:48:57.0972 1456  Scan finished
13:48:57.0972 1456  ============================================================
13:48:57.0988 3624  Detected object count: 0
13:48:57.0988 3624  Actual detected object count: 0
13:49:35.0272 2516  Deinitialize success