Externe Festplatte nur Ver.knüpfungen

cosinus · 23.10.2012, 14:19

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-2063409558-918397434-3194898666-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=114352&tt=040912_ccp_3612_4&babsrc=SP_ss&mntrId=36714090000000000000000000000000
O4 - HKU\S-1-5-21-2063409558-918397434-3194898666-1000..\Run: [Uojcjw] C:\Users\Stefan Szirtes\AppData\Roaming\Uojcjw.exe File not found
:Reg
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
""=-
:Files
C:\$Recycle.Bin\S-1-5-21-2063409558-918397434-3194898666-1000\$9db706acae3caf9d3b521c939aadad87
F:\Bacupk\Stefan Szirtes\Desktop\media.player.codec.pack.v3.9.6.setup - Kopie.exe
F:\Bacupk\Stefan Szirtes\AppData\Local\Temp
F:\*.lnk
C:\Users\Stefan Szirtes\Documents\Filme.lnk
C:\Users\Stefan Szirtes\Downloads\setup.exe
C:\Users\Stefan Szirtes\Downloads\Softonic*
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

MrPepper · 23.10.2012, 18:38

Keine Ahung ob das jetzt Funktioniert hat, weil sich OTL aufgehängt hat

Code:

ATTFilter

 
Files\Folders moved on Reboot...
File\Folder C:\Users\Stefan Szirtes\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 23.10.2012, 21:16

Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.

MrPepper · 24.10.2012, 19:05

Jetzt hats funktioniert

Code:

ATTFilter

 All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2063409558-918397434-3194898666-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry value HKEY_USERS\S-1-5-21-2063409558-918397434-3194898666-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Uojcjw not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32 not found.
========== FILES ==========
File\Folder C:\$Recycle.Bin\S-1-5-21-2063409558-918397434-3194898666-1000\$9db706acae3caf9d3b521c939aadad87 not found.
File\Folder F:\Bacupk\Stefan Szirtes\Desktop\media.player.codec.pack.v3.9.6.setup - Kopie.exe not found.
File\Folder F:\Bacupk\Stefan Szirtes\AppData\Local\Temp not found.
File\Folder F:\*.lnk not found.
File\Folder C:\Users\Stefan Szirtes\Documents\Filme.lnk not found.
File\Folder C:\Users\Stefan Szirtes\Downloads\setup.exe not found.
File\Folder C:\Users\Stefan Szirtes\Downloads\Softonic* not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\Stefan Szirtes\Desktop\cmd.bat deleted successfully.
C:\Users\Stefan Szirtes\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Stefan Szirtes
->Temp folder emptied: 442604 bytes
->Temporary Internet Files folder emptied: 9848190 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 474741678 bytes
->Flash cache emptied: 63694 bytes
 
%systemdrive% .tmp files removed: 10 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 328921760 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 7009368 bytes
 
Total Files Cleaned = 783,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10242012_194858

Files\Folders moved on Reboot...
C:\Users\Stefan Szirtes\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 24.10.2012, 20:24

Ok, eine Kontrolle bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

MrPepper · 24.10.2012, 21:19

Hier das Log:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.10.2012 22:04:54 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stefan Szirtes\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 4,78 Gb Available Physical Memory | 60,18% Memory free
15,90 Gb Paging File | 12,16 Gb Available in Paging File | 76,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 913,22 Gb Total Space | 786,38 Gb Free Space | 86,11% Space Free | Partition Type: NTFS
Drive D: | 18,00 Gb Total Space | 1,94 Gb Free Space | 10,76% Space Free | Partition Type: NTFS
Drive E: | 404,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 34,62 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: STEFANSZIRTES | User Name: Stefan Szirtes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Stefan Szirtes\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Connectify\Connectify.exe (Connectify)
PRC - C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe ()
PRC - C:\Program Files (x86)\Connectify\ConnectifyD.exe (Connectify)
PRC - C:\Program Files (x86)\Connectify\ConnectifyService.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files (x86)\BlueStacks\HD-FileSystem.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files (x86)\BlueStacks\HD-Network.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Users\Stefan Szirtes\AppData\Local\BlueStacks\RocketDock\RocketDock.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files (x86)\o2\Nori\Nori.exe (Telefónica I+D)
PRC - C:\Program Files (x86)\o2\Mobile Connection Manager\EMMSN.exe (Telefónica I+D)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe ()
PRC - C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe ()
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0e56badd6e20e2dc81c45cdff2326f6b\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f91c92735c4a913143a0914c8cb531f2\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\063174e87d258ef1db040cbfbdd4cd31\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\984f8802a334d2ae862b66bf71332c10\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d55bed00e3d36b0db5bd3994c77fe850\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\500ffaf6258746eaf0bfc333ab534a51\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b54a85f8f8f5ac297357c80b95834a90\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\697786bb51408d41d980263d90a56d03\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9abdaeea6a61127606bbc324d9177579\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d131eefaea0ca120aaf11568d8e44cad\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\360d70391adff56f1d029b1a538d2431\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\97d737762adec957a2d7c80fafb4703a\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Connectify\Vendors.dll ()
MOD - C:\Program Files (x86)\Connectify\Scannify.dll ()
MOD - C:\Program Files (x86)\Connectify\NativeLibrary.dll ()
MOD - C:\Program Files (x86)\Connectify\DriverLib.dll ()
MOD - C:\Program Files (x86)\Connectify\BuildProps.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\9b384befeb28f0117c046c03f701b277\HD-Agent.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\15eda913cab2d7d472792f231e22bc26\JSON.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll ()
MOD - C:\Users\Stefan Szirtes\AppData\Local\BlueStacks\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL ()
MOD - C:\Program Files (x86)\o2\Nori\legplgs\plgalc.dll ()
MOD - C:\Program Files (x86)\o2\Nori\legplgs\plghwi.dll ()
MOD - C:\Program Files (x86)\o2\Nori\legplgs\plgati.dll ()
MOD - C:\Program Files (x86)\o2\Mobile Connection Manager\AgendaLib.dll ()
MOD - C:\Program Files (x86)\o2\Mobile Connection Manager\langs\de_DE_md.dll ()
MOD - C:\Program Files (x86)\o2\Mobile Connection Manager\sqlite3.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe ()
MOD - C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe ()
MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL ()
MOD - C:\Users\Stefan Szirtes\AppData\Local\BlueStacks\RocketDock\RocketDock.dll ()
MOD - C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.Monitor.Core.dll ()
MOD - C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.Monitor.Common.dll ()
MOD - C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.DevMons.MCMDevMon.dll ()
MOD - C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll ()
MOD - C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.DevMons.ScanDevMon.dll ()
MOD - C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.DevMons.NetworkCardDevMon.dll ()
MOD - C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiscw.dll ()
MOD - C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdidatr.dll ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (cnnctfy2) -- C:\Windows\SysNative\drivers\cnnctfy2.sys (Connectify)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys (Symantec Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys (Symantec Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121023.021\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121023.021\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20121005.002\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121023.002\IDSviA64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (BstHdDrv) -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys (BlueStack Systems)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{C58B8590-65DF-4681-A393-E89D6CDD6E65}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/1
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{C58B8590-65DF-4681-A393-E89D6CDD6E65}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2063409558-918397434-3194898666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2063409558-918397434-3194898666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1
IE - HKU\S-1-5-21-2063409558-918397434-3194898666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2063409558-918397434-3194898666-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2063409558-918397434-3194898666-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2063409558-918397434-3194898666-1000\..\SearchScopes,DefaultScope = {b7fca997-d0fb-4fe0-8afd-255e89cf9671}
IE - HKU\S-1-5-21-2063409558-918397434-3194898666-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-2063409558-918397434-3194898666-1000\..\SearchScopes\{C58B8590-65DF-4681-A393-E89D6CDD6E65}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-2063409558-918397434-3194898666-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2063409558-918397434-3194898666-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-2063409558-918397434-3194898666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.03.24 11:17:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012.10.24 19:56:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.3.0.19\coFFFw\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.23 19:40:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.23 19:40:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.06.03 15:27:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan Szirtes\AppData\Roaming\mozilla\Extensions
[2012.06.03 15:27:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan Szirtes\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.10.23 20:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan Szirtes\AppData\Roaming\mozilla\Firefox\Profiles\ps4lxksy.default\extensions
[2012.02.25 11:21:52 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Stefan Szirtes\AppData\Roaming\mozilla\Firefox\Profiles\ps4lxksy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.17 22:13:51 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Stefan Szirtes\AppData\Roaming\mozilla\Firefox\Profiles\ps4lxksy.default\extensions\ich@maltegoetz.de
[2012.08.18 08:59:50 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Stefan Szirtes\AppData\Roaming\mozilla\firefox\profiles\ps4lxksy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.23 19:40:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.23 19:40:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.23 19:40:49 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com
[2012.10.23 19:40:52 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.28 22:35:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.28 22:35:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.28 22:35:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.28 22:35:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.28 22:35:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.28 22:35:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.10.24 19:52:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxdiamon] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4:64bit: - HKLM..\Run: [lxdimon.exe] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2063409558-918397434-3194898666-1000..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKU\S-1-5-21-2063409558-918397434-3194898666-1000..\Run: [BlueStacks App Player] C:\Program Files (x86)\BlueStacks\HD-FrontEnd.exe (BlueStack Systems, Inc.)
O4 - HKU\S-1-5-21-2063409558-918397434-3194898666-1000..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe (Connectify)
O4 - HKU\S-1-5-21-2063409558-918397434-3194898666-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2063409558-918397434-3194898666-1000..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2063409558-918397434-3194898666-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-2063409558-918397434-3194898666-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2063409558-918397434-3194898666-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-2063409558-918397434-3194898666-1000..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKU\S-1-5-21-2063409558-918397434-3194898666-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan Szirtes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan Szirtes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06CFA498-480F-43B1-AFCA-44FBF5566108}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22150367-BD8D-4FB7-8203-A7C0FF1AAE3E}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2A9F1A9-8C65-43FE-ACDB-44D59C976CC6}: NameServer = 192.168.51.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002.05.17 17:43:12 | 000,000,092 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2002.05.03 17:30:04 | 000,256,856 | R--- | M] () - E:\Autorun.bmp -- [ CDFS ]
O32 - AutoRun File - [2002.04.16 10:02:06 | 000,143,360 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.08.19 19:43:30 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.10.07 06:57:28 | 000,000,044 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{06182975-ce0c-11e1-acdd-2c413860c145}\Shell - "" = AutoRun
O33 - MountPoints2\{06182975-ce0c-11e1-acdd-2c413860c145}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{06182981-ce0c-11e1-acdd-2c413860c145}\Shell - "" = AutoRun
O33 - MountPoints2\{06182981-ce0c-11e1-acdd-2c413860c145}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{06182992-ce0c-11e1-acdd-2c413860c145}\Shell - "" = AutoRun
O33 - MountPoints2\{06182992-ce0c-11e1-acdd-2c413860c145}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{10a3e28b-edee-11e1-a19f-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{10a3e28b-edee-11e1-a19f-001e101f63cf}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2010.08.19 19:43:30 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{3a78c764-1629-11e2-b4fa-001e101f859f}\Shell - "" = AutoRun
O33 - MountPoints2\{3a78c764-1629-11e2-b4fa-001e101f859f}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2010.08.19 19:43:30 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{5486b4cb-b6dc-11e1-89f9-ac8112cf6f36}\Shell - "" = AutoRun
O33 - MountPoints2\{5486b4cb-b6dc-11e1-89f9-ac8112cf6f36}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8ec0698c-6247-11e1-bc35-2c413860c145}\Shell - "" = AutoRun
O33 - MountPoints2\{8ec0698c-6247-11e1-bc35-2c413860c145}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8ec0698e-6247-11e1-bc35-2c413860c145}\Shell - "" = AutoRun
O33 - MountPoints2\{8ec0698e-6247-11e1-bc35-2c413860c145}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9929e2ca-9df6-11e1-9a34-2c413860c145}\Shell - "" = AutoRun
O33 - MountPoints2\{9929e2ca-9df6-11e1-9a34-2c413860c145}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9fe16cb6-60c5-11e1-abf6-2c413860c145}\Shell - "" = AutoRun
O33 - MountPoints2\{9fe16cb6-60c5-11e1-abf6-2c413860c145}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9fe16da5-60c5-11e1-abf6-2c413860c145}\Shell - "" = AutoRun
O33 - MountPoints2\{9fe16da5-60c5-11e1-abf6-2c413860c145}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9fe16da9-60c5-11e1-abf6-2c413860c145}\Shell - "" = AutoRun
O33 - MountPoints2\{9fe16da9-60c5-11e1-abf6-2c413860c145}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b60261a6-b784-11e1-bcf0-1a63440d072f}\Shell - "" = AutoRun
O33 - MountPoints2\{b60261a6-b784-11e1-bcf0-1a63440d072f}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b602630d-b784-11e1-bcf0-1a63440d072f}\Shell - "" = AutoRun
O33 - MountPoints2\{b602630d-b784-11e1-bcf0-1a63440d072f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b999a18e-9fa8-11e1-9144-2c413860c145}\Shell - "" = AutoRun
O33 - MountPoints2\{b999a18e-9fa8-11e1-9144-2c413860c145}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{b999a2a7-9fa8-11e1-9144-2c413860c145}\Shell - "" = AutoRun
O33 - MountPoints2\{b999a2a7-9fa8-11e1-9144-2c413860c145}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c1be73cc-6553-11e1-9a74-2c413860c145}\Shell - "" = AutoRun
O33 - MountPoints2\{c1be73cc-6553-11e1-9a74-2c413860c145}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f3d1dc26-5f2f-11e1-9197-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f3d1dc26-5f2f-11e1-9197-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2002.04.16 10:02:06 | 000,143,360 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.24 19:57:37 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{7209ADB9-4811-4051-B0A0-600699709574}
[2012.10.24 19:44:55 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\Desktop\Neuer Ordner
[2012.10.23 19:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.23 19:29:48 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{5FCBC194-F401-4E04-A44A-5B1ABF18EAD0}
[2012.10.23 19:19:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.22 19:57:44 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\Desktop\OTL
[2012.10.21 20:51:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan Szirtes\Desktop\OTL.exe
[2012.10.21 20:47:00 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{E22841A1-B36D-4C56-8A48-EC00D8033114}
[2012.10.20 15:01:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Monte Cristo
[2012.10.20 15:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airline Tycoon Evolution
[2012.10.20 08:30:43 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{0C3DDBAE-4C96-406F-834A-7FE93E4DB82C}
[2012.10.19 16:49:07 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{F7E49EFC-DA2C-4EB6-ACF1-54AB378098C6}
[2012.10.16 18:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.16 18:45:05 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{D7EC2AFE-1FD6-4328-9BCF-5A75B6554BB7}
[2012.10.14 20:05:02 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{EA46439E-ECEF-4F18-B93B-D3EB110818B0}
[2012.10.14 19:50:01 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Roaming\Malwarebytes
[2012.10.14 19:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.14 19:49:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.14 19:49:44 | 000,000,000 | ---D | C] -- C:\Programm zum entfernen extern
[2012.10.14 19:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.14 18:39:18 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{55DB8F32-ADAD-4B1E-8D73-03E09092345F}
[2012.10.11 18:58:23 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{7A879DB4-06AE-4849-BB34-CCDAD384A36C}
[2012.10.10 21:32:33 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{34D1DD5E-03D8-46AD-9B6D-09761C4B9D35}
[2012.10.10 18:54:14 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 18:54:14 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 18:54:14 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 18:54:08 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.10 18:54:07 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.10 18:54:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.10 18:54:06 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.10 18:54:06 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.10 18:54:06 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.10 18:54:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.10 18:54:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.10 18:54:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.10 18:54:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.10 18:54:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.10 18:54:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 18:54:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 18:54:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 18:54:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 18:54:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 18:54:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.10 18:54:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 18:54:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 18:54:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 18:54:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 18:54:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 18:54:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 18:54:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 18:54:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 18:54:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 18:54:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 18:54:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 18:54:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 18:54:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 18:54:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 18:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 18:54:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.10 18:53:55 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 18:53:43 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 18:53:42 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.09 20:17:30 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{098E89FF-5A18-4490-B340-E887263B4442}
[2012.10.09 20:14:18 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Connectify Hotspot
[2012.10.09 20:14:09 | 000,031,344 | ---- | C] (Connectify) -- C:\Windows\SysNative\drivers\cnnctfy2.sys
[2012.10.09 20:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Connectify
[2012.10.09 20:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Connectify
[2012.10.08 10:20:25 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{6256FFE5-4480-4850-A2E0-864009B579D1}
[2012.10.07 21:16:43 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{A6E8C838-D3E9-44FA-BAC0-8711473B37F8}
[2012.10.07 09:14:14 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{8BB9DDC6-BF77-4F71-A2E7-665359E6EA1A}
[2012.10.06 17:54:07 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{A1D8C320-7A26-4C98-A2FB-4C8B40A5BFF7}
[2012.10.06 02:27:27 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{9B06EB72-50E5-4E87-82FD-4AE22D093C15}
[2012.10.05 08:47:25 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{3073D22B-62F7-4FB6-9559-401AD63B27C3}
[2012.10.04 22:37:02 | 051,144,335 | ---- | C] (CCE & PWO Team.                                             ) -- C:\Users\Stefan Szirtes\Desktop\PWOSetup18B.exe
[2012.10.04 20:47:03 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{FA815F3E-498E-498C-BEDC-A32754FEB0FB}
[2012.10.04 08:46:51 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{B5A422E5-86FE-42BD-B6F1-24F541ABE812}
[2012.10.03 19:43:18 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{030AA0E8-332E-4F94-B16E-11B2F717D1EB}
[2012.10.03 07:42:52 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\{6BAE2B29-F2C0-4C56-B5E3-BE295A0828D7}
[2012.10.03 00:32:01 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Local\Chris_Pietschmann_(http__
[2012.10.03 00:30:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Router
[2012.09.27 22:13:15 | 000,000,000 | ---D | C] -- C:\Users\Stefan Szirtes\AppData\Roaming\TeamViewer
[2012.09.27 22:12:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.09.25 20:45:38 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.24 22:01:00 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012.10.24 21:33:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.24 21:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.24 20:03:22 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.24 20:03:22 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.24 19:55:37 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.24 19:54:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.24 19:54:32 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.24 19:52:54 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012.10.23 19:26:43 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForStefan Szirtes.job
[2012.10.22 19:57:52 | 000,042,383 | ---- | M] () -- C:\Users\Stefan Szirtes\Desktop\OTL.rar
[2012.10.21 20:51:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan Szirtes\Desktop\OTL.exe
[2012.10.20 15:01:06 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\Airline Tycoon Evolution.lnk
[2012.10.19 22:14:36 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.19 22:14:36 | 000,664,868 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.19 22:14:36 | 000,625,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.19 22:14:36 | 000,135,004 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.19 22:14:36 | 000,110,648 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.19 19:26:01 | 000,002,590 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2012.10.16 22:11:32 | 000,010,074 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\VT20121008.022
[2012.10.16 18:44:02 | 000,002,492 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.10.16 18:43:44 | 001,562,189 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\Cat.DB
[2012.10.14 19:23:06 | 000,000,032 | ---- | M] () -- C:\Windows\Menu.INI
[2012.10.09 21:31:36 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 21:31:36 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.09 20:14:09 | 000,031,344 | ---- | M] (Connectify) -- C:\Windows\SysNative\drivers\cnnctfy2.sys
[2012.10.05 18:47:52 | 000,001,398 | ---- | M] () -- C:\Users\Stefan Szirtes\Desktop\Free YouTube to MP3 Converter.lnk
[2012.10.04 22:40:01 | 051,144,335 | ---- | M] (CCE & PWO Team.                                             ) -- C:\Users\Stefan Szirtes\Desktop\PWOSetup18B.exe
[2012.10.01 20:03:58 | 000,082,580 | ---- | M] () -- C:\Users\Stefan Szirtes\Documents\Test.pdf
[2012.10.01 18:16:05 | 000,034,451 | ---- | M] () -- C:\Users\Stefan Szirtes\Documents\Check In.jpg
[2012.09.27 22:12:51 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.09.26 12:34:14 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\isolate.ini
 
========== Files Created - No Company Name ==========
 
[2012.10.22 19:57:52 | 000,042,383 | ---- | C] () -- C:\Users\Stefan Szirtes\Desktop\OTL.rar
[2012.10.20 15:01:06 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\Airline Tycoon Evolution.lnk
[2012.10.14 19:23:06 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2012.10.01 20:03:57 | 000,082,580 | ---- | C] () -- C:\Users\Stefan Szirtes\Documents\Test.pdf
[2012.10.01 18:16:05 | 000,034,451 | ---- | C] () -- C:\Users\Stefan Szirtes\Documents\Check In.jpg
[2012.09.27 22:12:51 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.09.27 22:12:51 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.09.15 18:11:04 | 000,003,584 | ---- | C] () -- C:\Users\Stefan Szirtes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.30 14:16:20 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.07.30 14:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.07.30 14:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.07.30 14:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.07.30 14:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.02 12:50:11 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2012.04.21 13:21:35 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.04.21 13:21:35 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.04.15 11:39:58 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012.04.15 11:37:06 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2012.04.10 13:30:03 | 001,187,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiserv.dll
[2012.04.10 13:30:03 | 000,942,080 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiusb1.dll
[2012.04.10 13:30:03 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomc.dll
[2012.04.10 13:30:03 | 000,671,744 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdihbn3.dll
[2012.04.10 13:30:03 | 000,614,400 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipmui.dll
[2012.04.10 13:30:03 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdilmpm.dll
[2012.04.10 13:30:03 | 000,517,040 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicoms.exe
[2012.04.10 13:30:03 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdicomx.dll
[2012.04.10 13:30:03 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomm.dll
[2012.04.10 13:30:03 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiinpa.dll
[2012.04.10 13:30:03 | 000,340,912 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicfg.exe
[2012.04.10 13:30:03 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiiesc.dll
[2012.04.10 13:30:03 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiih.exe
[2012.04.10 13:30:03 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\lxdiinst.dll
[2012.04.10 13:30:03 | 000,054,192 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdippls.exe
[2012.04.10 13:30:03 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiprox.dll
[2012.04.10 13:30:03 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipplc.dll
[2012.04.05 13:49:01 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.04.05 13:49:01 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2012.03.30 14:01:15 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.02.25 18:25:49 | 000,000,102 | ---- | C] () -- C:\Users\Stefan Szirtes\AppData\Local\fusioncache.dat
[2012.02.25 18:25:24 | 001,554,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.27 09:25:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.27 09:16:48 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.10.27 09:15:44 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.10.27 09:15:42 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.10.27 09:15:42 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.10.27 09:15:42 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.10.27 09:15:42 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.10.27 09:15:40 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.10.27 09:11:23 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.03 00:58:01 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011.03.03 21:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2008.06.23 14:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.05.23 18:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2063409558-918397434-3194898666-1000\$9db706acae3caf9d3b521c939aadad87\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$9db706acae3caf9d3b521c939aadad87\n.
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Public\Documents\Überweisung Kühler.avi:TOC.WMV

< End of report >

--- --- ---
[/code]

cosinus · 24.10.2012, 21:32

Verdammt, da scheint ein ZeroAccess zu werkeln
Bitte CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

MrPepper · 25.10.2012, 18:22

Hier das Log.
Hoffe mein PC ist jetzt sauber

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-10-25.01 - Stefan Szirtes 25.10.2012  18:54:53.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.8140.6113 [GMT 2:00]
ausgeführt von:: c:\users\Stefan Szirtes\Downloads\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Documents\LCMINM~1.001
c:\users\Public\Documents\LCMINT~1.003
c:\users\Public\Documents\LCMINT~1.004
c:\users\Public\Documents\LCMINU~1.005
c:\windows\IsUn0407.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64	\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-25 bis 2012-10-25  ))))))))))))))))))))))))))))))
.
.
2012-10-24 17:14 . 2012-10-24 17:14	163056	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-23 17:19 . 2012-10-23 17:19	--------	d-----w-	C:\_OTL
2012-10-20 13:01 . 2012-10-20 13:01	--------	d-----w-	c:\program files (x86)\Monte Cristo
2012-10-20 13:00 . 2001-09-05 01:18	77824	------w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2012-10-20 13:00 . 2001-09-05 01:18	225280	------w-	c:\program files (x86)\Common Files\InstallShield\IScript\IScript.dll
2012-10-20 13:00 . 2001-09-05 01:14	176128	------w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-10-20 13:00 . 2001-09-05 01:13	32768	------w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-10-20 13:00 . 2000-01-04 03:39	212992	------w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2012-10-16 16:58 . 2012-10-16 16:58	--------	d-----w-	c:\program files (x86)\ESET
2012-10-14 17:50 . 2012-10-14 17:50	--------	d-----w-	c:\users\Stefan Szirtes\AppData\Roaming\Malwarebytes
2012-10-14 17:49 . 2012-10-14 17:49	--------	d-----w-	C:\Programm zum entfernen extern
2012-10-14 17:49 . 2012-10-14 17:49	--------	d-----w-	c:\programdata\Malwarebytes
2012-10-14 17:49 . 2012-09-07 15:04	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-10 16:53 . 2012-08-24 18:05	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-10-10 16:53 . 2012-08-24 16:57	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-10-10 16:53 . 2012-09-14 19:19	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-10 16:53 . 2012-09-14 18:28	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-10-10 16:53 . 2012-08-11 00:56	715776	----a-w-	c:\windows\system32\kerberos.dll
2012-10-10 16:53 . 2012-08-10 23:56	542208	----a-w-	c:\windows\SysWow64\kerberos.dll
2012-10-10 16:53 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 16:53 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-10 16:53 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 16:53 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 16:53 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-10 16:53 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-10-09 18:14 . 2012-10-09 18:14	31344	----a-w-	c:\windows\system32\drivers\cnnctfy2.sys
2012-10-09 18:13 . 2012-10-11 17:10	--------	d-----w-	c:\program files (x86)\Connectify
2012-10-09 18:13 . 2012-10-09 18:17	--------	d-----w-	c:\programdata\Connectify
2012-10-02 22:32 . 2012-10-02 22:32	--------	d-----w-	c:\users\Stefan Szirtes\AppData\Local\Chris_Pietschmann_(http__
2012-10-02 22:30 . 2012-10-09 18:12	--------	d-----w-	c:\program files (x86)\Virtual Router
2012-10-02 16:45 . 2012-10-16 20:11	--------	d-----w-	c:\windows\system32\drivers\NISx64\1309000.009
2012-09-27 20:13 . 2012-09-27 20:23	--------	d-----w-	c:\users\Stefan Szirtes\AppData\Roaming\TeamViewer
2012-09-27 20:12 . 2012-09-27 20:12	--------	d-----w-	c:\program files (x86)\TeamViewer
2012-09-25 18:45 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 11:14 . 2012-09-15 16:08	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-10-12 11:14 . 2012-09-17 19:53	824144	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-10-11 18:09 . 2012-09-16 18:00	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-10-10 20:05 . 2012-09-15 16:08	824144	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-10 17:19 . 2012-02-24 23:58	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-10-09 19:31 . 2012-04-02 20:13	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 19:31 . 2012-02-25 08:25	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-08 08:49 . 2012-09-08 08:49	477168	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-09-08 08:49 . 2011-09-02 22:59	473072	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-24 13:58 . 2012-09-06 19:46	405152	----a-w-	c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-08-24 11:15 . 2012-09-22 11:44	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 11:44	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 11:45	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 11:45	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 11:44	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 11:45	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 11:45	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 11:44	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 11:45	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 11:44	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 11:44	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 11:44	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 11:45	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 11:45	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 11:45	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 11:45	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 11:44	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 11:44	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 11:45	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 11:45	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 11:45	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 11:45	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 17:13	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 17:13	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 17:13	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 17:13	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 16:54	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 17:13	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 17:13	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-07-31 10:42 . 2012-08-31 15:04	203104	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2012-07-31 10:42 . 2012-08-31 15:04	102240	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2012-07-30 12:16 . 2012-08-11 11:49	4659712	----a-w-	c:\windows\SysWow64\Redemption.dll
2012-07-30 12:16 . 2012-07-30 12:16	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2012-07-30 12:16 . 2012-07-30 12:16	330240	----a-w-	c:\windows\MASetupCaller.dll
2012-07-30 12:16 . 2012-07-30 12:16	30568	----a-w-	c:\windows\MusiccityDownload.exe
2012-07-30 12:16 . 2012-07-30 12:16	974848	----a-w-	c:\windows\SysWow64\cis-2.4.dll
2012-07-30 12:16 . 2012-07-30 12:16	81920	----a-w-	c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-07-30 12:16 . 2012-07-30 12:16	65536	----a-w-	c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-07-30 12:16 . 2012-07-30 12:16	57344	----a-w-	c:\windows\SysWow64\MTXSYNCICON.dll
2012-07-30 12:16 . 2012-07-30 12:16	57344	----a-w-	c:\windows\SysWow64\MK_Lyric.dll
2012-07-30 12:16 . 2012-07-30 12:16	57344	----a-w-	c:\windows\SysWow64\issacapi_se-2.3.dll
2012-07-30 12:16 . 2012-07-30 12:16	569344	----a-w-	c:\windows\SysWow64\muzdecode.ax
2012-07-30 12:16 . 2012-07-30 12:16	491520	----a-w-	c:\windows\SysWow64\muzapp.dll
2012-07-30 12:16 . 2012-07-30 12:16	49152	----a-w-	c:\windows\SysWow64\MaJGUILib.dll
2012-07-30 12:16 . 2012-07-30 12:16	45320	----a-w-	c:\windows\SysWow64\MAMACExtract.dll
2012-07-30 12:16 . 2012-07-30 12:16	45056	----a-w-	c:\windows\SysWow64\MaXMLProto.dll
2012-07-30 12:16 . 2012-07-30 12:16	45056	----a-w-	c:\windows\SysWow64\MACXMLProto.dll
2012-07-30 12:16 . 2012-07-30 12:16	40960	----a-w-	c:\windows\SysWow64\MTTELECHIP.dll
2012-07-30 12:16 . 2012-07-30 12:16	352256	----a-w-	c:\windows\SysWow64\MSLUR71.dll
2012-07-30 12:16 . 2012-07-30 12:16	258048	----a-w-	c:\windows\SysWow64\muzoggsp.ax
2012-07-30 12:16 . 2012-07-30 12:16	245760	----a-w-	c:\windows\SysWow64\MSCLib.dll
2012-07-30 12:16 . 2012-07-30 12:16	24576	----a-w-	c:\windows\SysWow64\MASetupCleaner.exe
2012-07-30 12:16 . 2012-07-30 12:16	200704	----a-w-	c:\windows\SysWow64\muzwmts.dll
2012-07-30 12:16 . 2012-07-30 12:16	155648	----a-w-	c:\windows\SysWow64\MSFLib.dll
2012-07-30 12:16 . 2012-07-30 12:16	143360	----a-w-	c:\windows\SysWow64\3DAudio.ax
2012-07-30 12:16 . 2012-07-30 12:16	135168	----a-w-	c:\windows\SysWow64\muzaf1.dll
2012-07-30 12:16 . 2012-07-30 12:16	131072	----a-w-	c:\windows\SysWow64\muzmpgsp.ax
2012-07-30 12:16 . 2012-07-30 12:16	122880	----a-w-	c:\windows\SysWow64\muzeffect.ax
2012-07-30 12:16 . 2012-07-30 12:16	118784	----a-w-	c:\windows\SysWow64\MaDRM.dll
2012-07-30 12:16 . 2012-07-30 12:16	110592	----a-w-	c:\windows\SysWow64\muzmp4sp.ax
2012-07-30 12:16 . 2012-08-11 11:49	821824	----a-w-	c:\windows\SysWow64\dgderapi.dll
2012-07-30 11:32 . 2012-07-30 11:32	708168	----a-w-	c:\windows\system32\WinUSBCoInstaller.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]
"Connectify"="c:\program files (x86)\Connectify\Connectify.exe" [2012-08-09 3985768]
"RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-08 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-25 75048]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-06-14 103992]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\23787~1.43\{16CDF~1\browsemngr.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/10/27 09:34;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-01-25 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-17 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-31 102240]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-17 136176]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-06-14 1098296]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-09-04 11776]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-31 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-25 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2011-08-15 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20121005.002\BHDrvx64.sys [2012-10-05 1385632]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 167072]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [2012-10-09 31344]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-25 283200]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121023.002\IDSvia64.sys [2012-09-01 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-07 203776]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-03-30 75104]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-03-30 385376]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe [2012-08-09 65536]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-04-25 31000]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 876976]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-09-29 200624]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-07-26 92632]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-07 9259520]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-07 301568]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-11 138912]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-08-31 256000]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-10-09 85504]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-15 12228128]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 19:31]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-17 13:13]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-17 13:13]
.
2012-10-25 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-10-23 c:\windows\Tasks\HPCeeScheduleForStefan Szirtes.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
"lxdimon.exe"="c:\program files (x86)\Lexmark 3500-4500 Series\lxdimon.exe" [2009-04-27 434856]
"lxdiamon"="c:\program files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe" [2009-04-27 25256]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Stefan Szirtes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Stefan Szirtes\AppData\Roaming\Mozilla\Firefox\Profiles\ps4lxksy.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - ExtSQL: 2012-09-08 10:49; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - c:\program files (x86)\4Sync\ShellExt.dll
ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - c:\program files (x86)\4Sync\ShellExt.dll
ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - c:\program files (x86)\4Sync\ShellExt.dll
ShellIconOverlayIdentifiers-{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} - c:\program files (x86)\4Sync\ShellExt.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
AddRemove-SimCity 3000 - c:\windows\IsUn0407.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2063409558-918397434-3194898666-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:9e,29,ea,c6,a6,49,ed,f3,e3,3c,0d,98,a9,94,d5,5a,9b,82,06,53,a8,
   e6,8d,a3,3e,ca,24,79,26,ac,09,78,90,4b,cb,b9,68,8a,96,ed,b8,e0,69,85,0f,46,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Connectify\ConnectifyD.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-25  19:10:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-25 17:09
.
Vor Suchlauf: 17 Verzeichnis(se), 846.030.364.672 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 845.498.425.344 Bytes frei
.
- - End Of File - - A86387A4F9B16C846F563C658364C902

--- --- ---

cosinus · 25.10.2012, 18:59

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Folder::
C:\$Recycle.Bin\S-1-5-21-2063409558-918397434-3194898666-1000\$9db706acae3caf9d3b521c939aadad87

Registry::
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
""=-

Dirlook::
c:\windows\SysWow64
c:\users\Public\Documents

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

MrPepper · 25.10.2012, 19:34

Geht leider nur gezippt...

cosinus · 25.10.2012, 21:53

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

MrPepper · 26.10.2012, 14:35

Code:

ATTFilter

 15:21:36.0110 5488  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
15:21:36.0812 5488  ============================================================
15:21:36.0812 5488  Current date / time: 2012/10/26 15:21:36.0812
15:21:36.0812 5488  SystemInfo:
15:21:36.0812 5488  
15:21:36.0812 5488  OS Version: 6.1.7601 ServicePack: 1.0
15:21:36.0812 5488  Product type: Workstation
15:21:36.0812 5488  ComputerName: STEFANSZIRTES
15:21:36.0812 5488  UserName: Stefan Szirtes
15:21:36.0812 5488  Windows directory: C:\Windows
15:21:36.0812 5488  System windows directory: C:\Windows
15:21:36.0812 5488  Running under WOW64
15:21:36.0812 5488  Processor architecture: Intel x64
15:21:36.0812 5488  Number of processors: 8
15:21:36.0812 5488  Page size: 0x1000
15:21:36.0812 5488  Boot type: Normal boot
15:21:36.0812 5488  ============================================================
15:21:37.0264 5488  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:21:37.0264 5488  ============================================================
15:21:37.0264 5488  \Device\Harddisk0\DR0:
15:21:37.0264 5488  MBR partitions:
15:21:37.0264 5488  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:21:37.0264 5488  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x7226E800
15:21:37.0264 5488  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x722D2800, BlocksNum 0x2400800
15:21:37.0264 5488  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x746D3000, BlocksNum 0x335B0
15:21:37.0264 5488  ============================================================
15:21:37.0295 5488  C: <-> \Device\Harddisk0\DR0\Partition2
15:21:37.0358 5488  D: <-> \Device\Harddisk0\DR0\Partition3
15:21:37.0358 5488  ============================================================
15:21:37.0358 5488  Initialize success
15:21:37.0358 5488  ============================================================
15:22:39.0195 7228  ============================================================
15:22:39.0195 7228  Scan started
15:22:39.0195 7228  Mode: Manual; SigCheck; TDLFS; 
15:22:39.0195 7228  ============================================================
15:22:39.0835 7228  ================ Scan system memory ========================
15:22:39.0835 7228  System memory - ok
15:22:39.0835 7228  ================ Scan services =============================
15:22:40.0069 7228  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:22:40.0147 7228  1394ohci - ok
15:22:40.0193 7228  [ 733CA4DF8BE48A1009B86FA442551CA4 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
15:22:40.0209 7228  Accelerometer - ok
15:22:40.0256 7228  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:22:40.0271 7228  ACPI - ok
15:22:40.0303 7228  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:22:40.0396 7228  AcpiPmi - ok
15:22:40.0521 7228  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:22:40.0521 7228  AdobeARMservice - ok
15:22:40.0677 7228  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:22:40.0693 7228  AdobeFlashPlayerUpdateSvc - ok
15:22:40.0771 7228  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:22:40.0786 7228  adp94xx - ok
15:22:40.0833 7228  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:22:40.0849 7228  adpahci - ok
15:22:40.0864 7228  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:22:40.0880 7228  adpu320 - ok
15:22:40.0927 7228  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:22:41.0051 7228  AeLookupSvc - ok
15:22:41.0129 7228  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
15:22:41.0192 7228  AESTFilters - ok
15:22:41.0223 7228  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:22:41.0301 7228  AFD - ok
15:22:41.0332 7228  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:22:41.0332 7228  agp440 - ok
15:22:41.0395 7228  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:22:41.0441 7228  ALG - ok
15:22:41.0488 7228  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:22:41.0504 7228  aliide - ok
15:22:41.0551 7228  [ 46052887A640397A834CFA61D607BFC5 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:22:41.0644 7228  AMD External Events Utility - ok
15:22:41.0660 7228  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:22:41.0675 7228  amdide - ok
15:22:41.0707 7228  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:22:41.0753 7228  AmdK8 - ok
15:22:41.0941 7228  [ F419E5CC07DECDAB85E4E6ADAB1DBB49 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:22:42.0175 7228  amdkmdag - ok
15:22:42.0221 7228  [ A2F3F99349169D53E91A953A6F539635 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:22:42.0253 7228  amdkmdap - ok
15:22:42.0284 7228  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:22:42.0299 7228  AmdPPM - ok
15:22:42.0331 7228  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:22:42.0346 7228  amdsata - ok
15:22:42.0346 7228  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:22:42.0362 7228  amdsbs - ok
15:22:42.0377 7228  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:22:42.0377 7228  amdxata - ok
15:22:42.0409 7228  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:22:42.0549 7228  AppID - ok
15:22:42.0596 7228  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:22:42.0658 7228  AppIDSvc - ok
15:22:42.0705 7228  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
15:22:42.0752 7228  Appinfo - ok
15:22:42.0814 7228  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
15:22:42.0814 7228  arc - ok
15:22:42.0830 7228  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:22:42.0845 7228  arcsas - ok
15:22:42.0908 7228  aspnet_state - ok
15:22:42.0923 7228  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:22:42.0970 7228  AsyncMac - ok
15:22:43.0001 7228  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:22:43.0001 7228  atapi - ok
15:22:43.0048 7228  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:22:43.0126 7228  AudioEndpointBuilder - ok
15:22:43.0126 7228  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:22:43.0157 7228  AudioSrv - ok
15:22:43.0204 7228  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:22:43.0282 7228  AxInstSV - ok
15:22:43.0329 7228  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:22:43.0391 7228  b06bdrv - ok
15:22:43.0423 7228  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:22:43.0469 7228  b57nd60a - ok
15:22:43.0563 7228  [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
15:22:43.0610 7228  BCM43XX - ok
15:22:43.0641 7228  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:22:43.0688 7228  BDESVC - ok
15:22:43.0719 7228  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:22:43.0781 7228  Beep - ok
15:22:43.0844 7228  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:22:43.0906 7228  BFE - ok
15:22:44.0078 7228  [ 652F4D186325B69FFE80EE18AE9ACC77 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20121005.002\BHDrvx64.sys
15:22:44.0109 7228  BHDrvx64 - ok
15:22:44.0140 7228  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
15:22:44.0218 7228  BITS - ok
15:22:44.0234 7228  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:22:44.0265 7228  blbdrive - ok
15:22:44.0296 7228  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:22:44.0343 7228  bowser - ok
15:22:44.0374 7228  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:22:44.0405 7228  BrFiltLo - ok
15:22:44.0437 7228  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:22:44.0437 7228  BrFiltUp - ok
15:22:44.0483 7228  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:22:44.0530 7228  BridgeMP - ok
15:22:44.0561 7228  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:22:44.0624 7228  Browser - ok
15:22:44.0655 7228  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:22:44.0702 7228  Brserid - ok
15:22:44.0749 7228  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:22:44.0780 7228  BrSerWdm - ok
15:22:44.0780 7228  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:22:44.0842 7228  BrUsbMdm - ok
15:22:44.0858 7228  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:22:44.0873 7228  BrUsbSer - ok
15:22:44.0967 7228  [ 1B0AC62217751AC1F70897915D0B190E ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
15:22:44.0983 7228  BstHdAndroidSvc - ok
15:22:45.0029 7228  [ BE25F16AE8C246CA6A588028C5CC5798 ] BstHdDrv        C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
15:22:45.0045 7228  BstHdDrv - ok
15:22:45.0061 7228  [ 403B6EEC568115D1AF14AF6A77830928 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
15:22:45.0076 7228  BstHdLogRotatorSvc - ok
15:22:45.0092 7228  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:22:45.0123 7228  BTHMODEM - ok
15:22:45.0170 7228  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:22:45.0201 7228  bthserv - ok
15:22:45.0248 7228  catchme - ok
15:22:45.0326 7228  [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys
15:22:45.0341 7228  ccSet_NIS - ok
15:22:45.0373 7228  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:22:45.0419 7228  cdfs - ok
15:22:45.0451 7228  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:22:45.0482 7228  cdrom - ok
15:22:45.0544 7228  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:22:45.0591 7228  CertPropSvc - ok
15:22:45.0638 7228  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:22:45.0669 7228  circlass - ok
15:22:45.0716 7228  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:22:45.0731 7228  CLFS - ok
15:22:45.0809 7228  [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
15:22:45.0825 7228  CLKMSVC10_38F51D56 - ok
15:22:45.0856 7228  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:22:45.0856 7228  clr_optimization_v2.0.50727_32 - ok
15:22:45.0903 7228  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:22:45.0919 7228  clr_optimization_v2.0.50727_64 - ok
15:22:45.0981 7228  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:22:45.0997 7228  clr_optimization_v4.0.30319_32 - ok
15:22:46.0059 7228  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:22:46.0075 7228  clr_optimization_v4.0.30319_64 - ok
15:22:46.0090 7228  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
15:22:46.0106 7228  clwvd - ok
15:22:46.0137 7228  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:22:46.0153 7228  CmBatt - ok
15:22:46.0184 7228  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:22:46.0199 7228  cmdide - ok
15:22:46.0246 7228  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
15:22:46.0277 7228  CNG - ok
15:22:46.0309 7228  [ 040FF3B09F26926A3792E047DB0F47DD ] cnnctfy2        C:\Windows\system32\DRIVERS\cnnctfy2.sys
15:22:46.0324 7228  cnnctfy2 - ok
15:22:46.0355 7228  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:22:46.0355 7228  Compbatt - ok
15:22:46.0387 7228  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:22:46.0418 7228  CompositeBus - ok
15:22:46.0433 7228  COMSysApp - ok
15:22:46.0480 7228  [ B522559ED52A1A8AC28A5100166F1AEC ] Connectify      C:\Program Files (x86)\Connectify\ConnectifyService.exe
15:22:46.0511 7228  Connectify ( UnsignedFile.Multi.Generic ) - warning
15:22:46.0511 7228  Connectify - detected UnsignedFile.Multi.Generic (1)
15:22:46.0543 7228  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:22:46.0558 7228  crcdisk - ok
15:22:46.0605 7228  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:22:46.0652 7228  CryptSvc - ok
15:22:46.0699 7228  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:22:46.0745 7228  DcomLaunch - ok
15:22:46.0792 7228  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:22:46.0839 7228  defragsvc - ok
15:22:46.0901 7228  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:22:46.0933 7228  DfsC - ok
15:22:46.0964 7228  [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
15:22:46.0979 7228  dg_ssudbus - ok
15:22:47.0026 7228  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:22:47.0089 7228  Dhcp - ok
15:22:47.0135 7228  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:22:47.0167 7228  discache - ok
15:22:47.0213 7228  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
15:22:47.0213 7228  Disk - ok
15:22:47.0260 7228  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:22:47.0323 7228  Dnscache - ok
15:22:47.0338 7228  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:22:47.0385 7228  dot3svc - ok
15:22:47.0416 7228  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:22:47.0463 7228  DPS - ok
15:22:47.0510 7228  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:22:47.0541 7228  drmkaud - ok
15:22:47.0603 7228  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:22:47.0619 7228  dtsoftbus01 - ok
15:22:47.0666 7228  [ A4F408AD1065C7AD2ED332C68025B435 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:22:47.0681 7228  DXGKrnl - ok
15:22:47.0744 7228  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:22:47.0791 7228  EapHost - ok
15:22:47.0884 7228  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:22:47.0962 7228  ebdrv - ok
15:22:48.0040 7228  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:22:48.0056 7228  eeCtrl - ok
15:22:48.0103 7228  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:22:48.0165 7228  EFS - ok
15:22:48.0243 7228  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:22:48.0305 7228  ehRecvr - ok
15:22:48.0368 7228  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:22:48.0399 7228  ehSched - ok
15:22:48.0446 7228  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:22:48.0461 7228  elxstor - ok
15:22:48.0508 7228  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:22:48.0524 7228  EraserUtilRebootDrv - ok
15:22:48.0586 7228  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:22:48.0617 7228  ErrDev - ok
15:22:48.0680 7228  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:22:48.0742 7228  EventSystem - ok
15:22:48.0789 7228  [ D83EB7ADE99D99A4CD6568AC1261D35E ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
15:22:48.0805 7228  ewusbnet - ok
15:22:48.0836 7228  [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
15:22:48.0883 7228  ew_hwusbdev - ok
15:22:48.0914 7228  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:22:48.0945 7228  exfat - ok
15:22:48.0961 7228  ezSharedSvc - ok
15:22:48.0976 7228  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:22:49.0023 7228  fastfat - ok
15:22:49.0085 7228  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:22:49.0148 7228  Fax - ok
15:22:49.0179 7228  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
15:22:49.0226 7228  fdc - ok
15:22:49.0257 7228  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:22:49.0288 7228  fdPHost - ok
15:22:49.0304 7228  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:22:49.0351 7228  FDResPub - ok
15:22:49.0382 7228  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:22:49.0397 7228  FileInfo - ok
15:22:49.0429 7228  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:22:49.0475 7228  Filetrace - ok
15:22:49.0507 7228  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:22:49.0522 7228  flpydisk - ok
15:22:49.0538 7228  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:22:49.0553 7228  FltMgr - ok
15:22:49.0616 7228  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
15:22:49.0678 7228  FontCache - ok
15:22:49.0725 7228  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:22:49.0725 7228  FontCache3.0.0.0 - ok
15:22:49.0803 7228  [ 2074A85A6B8F84A5A9C60B915B465FAF ] FPLService      C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
15:22:49.0834 7228  FPLService - ok
15:22:49.0850 7228  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:22:49.0850 7228  FsDepends - ok
15:22:49.0897 7228  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:22:49.0897 7228  Fs_Rec - ok
15:22:49.0943 7228  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:22:49.0943 7228  fvevol - ok
15:22:49.0975 7228  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:22:49.0990 7228  gagp30kx - ok
15:22:50.0037 7228  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:22:50.0053 7228  GamesAppService - ok
15:22:50.0099 7228  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:22:50.0131 7228  gpsvc - ok
15:22:50.0193 7228  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:22:50.0209 7228  gupdate - ok
15:22:50.0209 7228  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:22:50.0224 7228  gupdatem - ok
15:22:50.0255 7228  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:22:50.0302 7228  hcw85cir - ok
15:22:50.0349 7228  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:22:50.0365 7228  HdAudAddService - ok
15:22:50.0427 7228  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:22:50.0458 7228  HDAudBus - ok
15:22:50.0474 7228  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:22:50.0505 7228  HidBatt - ok
15:22:50.0505 7228  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:22:50.0521 7228  HidBth - ok
15:22:50.0567 7228  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:22:50.0583 7228  HidIr - ok
15:22:50.0614 7228  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
15:22:50.0677 7228  hidserv - ok
15:22:50.0708 7228  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:22:50.0723 7228  HidUsb - ok
15:22:50.0755 7228  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:22:50.0817 7228  hkmsvc - ok
15:22:50.0864 7228  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:22:50.0911 7228  HomeGroupListener - ok
15:22:50.0942 7228  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:22:50.0973 7228  HomeGroupProvider - ok
15:22:51.0067 7228  [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:22:51.0082 7228  HP Support Assistant Service - ok
15:22:51.0145 7228  [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
15:22:51.0160 7228  HPClientSvc - ok
15:22:51.0254 7228  [ 8F123D1FA65ADECEA0244C615EA95DFA ] hpCMSrv         C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
15:22:51.0269 7228  hpCMSrv - ok
15:22:51.0285 7228  [ BDFE112FA2F3422842E83DA631065B37 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
15:22:51.0301 7228  hpdskflt - ok
15:22:51.0363 7228  [ E7C7829BA0395E48F8C8FE16B8832344 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:22:51.0394 7228  hpqwmiex - ok
15:22:51.0425 7228  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:22:51.0441 7228  HpSAMD - ok
15:22:51.0457 7228  [ A92D6DE158BC0671D9336580F6414044 ] hpsrv           C:\Windows\system32\Hpservice.exe
15:22:51.0472 7228  hpsrv - ok
15:22:51.0550 7228  [ 77C15D7E8F002A173EEBFF0B20CD697D ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
15:22:51.0550 7228  HPWMISVC - ok
15:22:51.0581 7228  [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
15:22:51.0644 7228  HTCAND64 - ok
15:22:51.0722 7228  [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
15:22:51.0722 7228  htcnprot - ok
15:22:51.0784 7228  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:22:51.0831 7228  HTTP - ok
15:22:51.0893 7228  [ C2212C930D7A6CC21972B9882683D271 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
15:22:51.0940 7228  huawei_enumerator - ok
15:22:52.0018 7228  [ 6E05228393CD614B983568EC40C262C3 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:22:52.0065 7228  hwdatacard - ok
15:22:52.0096 7228  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:22:52.0096 7228  hwpolicy - ok
15:22:52.0112 7228  hwusbdev - ok
15:22:52.0127 7228  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:22:52.0143 7228  i8042prt - ok
15:22:52.0159 7228  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:22:52.0174 7228  iaStor - ok
15:22:52.0283 7228  [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:22:52.0299 7228  IAStorDataMgrSvc - ok
15:22:52.0330 7228  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:22:52.0346 7228  iaStorV - ok
15:22:52.0408 7228  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:22:52.0455 7228  idsvc - ok
15:22:52.0549 7228  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121025.001\IDSvia64.sys
15:22:52.0564 7228  IDSVia64 - ok
15:22:52.0611 7228  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:22:52.0611 7228  iirsp - ok
15:22:52.0658 7228  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:22:52.0705 7228  IKEEXT - ok
15:22:52.0751 7228  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
15:22:52.0767 7228  IntcDAud - ok
15:22:52.0798 7228  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:22:52.0798 7228  intelide - ok
15:22:53.0141 7228  [ 6383899C5F964D71B0F96B81FBE59BB8 ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
15:22:53.0407 7228  intelkmd - ok
15:22:53.0453 7228  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:22:53.0485 7228  intelppm - ok
15:22:53.0516 7228  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:22:53.0563 7228  IPBusEnum - ok
15:22:53.0594 7228  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:22:53.0609 7228  IpFilterDriver - ok
15:22:53.0672 7228  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:22:53.0719 7228  iphlpsvc - ok
15:22:53.0750 7228  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:22:53.0781 7228  IPMIDRV - ok
15:22:53.0828 7228  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:22:53.0875 7228  IPNAT - ok
15:22:53.0906 7228  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:22:53.0921 7228  IRENUM - ok
15:22:53.0953 7228  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:22:53.0968 7228  isapnp - ok
15:22:53.0984 7228  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:22:53.0984 7228  iScsiPrt - ok
15:22:54.0031 7228  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:22:54.0046 7228  kbdclass - ok
15:22:54.0062 7228  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:22:54.0109 7228  kbdhid - ok
15:22:54.0140 7228  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:22:54.0140 7228  KeyIso - ok
15:22:54.0187 7228  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:22:54.0202 7228  KSecDD - ok
15:22:54.0202 7228  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:22:54.0218 7228  KSecPkg - ok
15:22:54.0249 7228  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:22:54.0296 7228  ksthunk - ok
15:22:54.0343 7228  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:22:54.0389 7228  KtmRm - ok
15:22:54.0452 7228  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:22:54.0514 7228  LanmanServer - ok
15:22:54.0561 7228  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:22:54.0608 7228  LanmanWorkstation - ok
15:22:54.0655 7228  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:22:54.0701 7228  lltdio - ok
15:22:54.0764 7228  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:22:54.0811 7228  lltdsvc - ok
15:22:54.0842 7228  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:22:54.0889 7228  lmhosts - ok
15:22:54.0951 7228  [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:22:54.0951 7228  LMS - ok
15:22:54.0998 7228  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:22:55.0013 7228  LSI_FC - ok
15:22:55.0013 7228  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:22:55.0029 7228  LSI_SAS - ok
15:22:55.0029 7228  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:22:55.0029 7228  LSI_SAS2 - ok
15:22:55.0029 7228  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:22:55.0045 7228  LSI_SCSI - ok
15:22:55.0076 7228  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:22:55.0123 7228  luafv - ok
15:22:55.0169 7228  lxdi_device - ok
15:22:55.0232 7228  [ 23488767CB18FC3FF39E3AF1DB3FB02C ] massfilter      C:\Windows\system32\drivers\massfilter.sys
15:22:55.0279 7228  massfilter - ok
15:22:55.0341 7228  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:22:55.0372 7228  Mcx2Svc - ok
15:22:55.0403 7228  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:22:55.0419 7228  megasas - ok
15:22:55.0419 7228  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:22:55.0435 7228  MegaSR - ok
15:22:55.0450 7228  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
15:22:55.0466 7228  MEIx64 - ok
15:22:55.0591 7228  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:22:55.0606 7228  Microsoft Office Groove Audit Service - ok
15:22:55.0637 7228  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:22:55.0684 7228  MMCSS - ok
15:22:55.0731 7228  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:22:55.0778 7228  Modem - ok
15:22:55.0825 7228  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:22:55.0856 7228  monitor - ok
15:22:55.0887 7228  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:22:55.0903 7228  mouclass - ok
15:22:55.0934 7228  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:22:55.0965 7228  mouhid - ok
15:22:55.0996 7228  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:22:56.0012 7228  mountmgr - ok
15:22:56.0027 7228  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:22:56.0027 7228  mpio - ok
15:22:56.0059 7228  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:22:56.0074 7228  mpsdrv - ok
15:22:56.0137 7228  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:22:56.0183 7228  MpsSvc - ok
15:22:56.0215 7228  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:22:56.0261 7228  MRxDAV - ok
15:22:56.0293 7228  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:22:56.0371 7228  mrxsmb - ok
15:22:56.0386 7228  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:22:56.0433 7228  mrxsmb10 - ok
15:22:56.0449 7228  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:22:56.0449 7228  mrxsmb20 - ok
15:22:56.0464 7228  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:22:56.0480 7228  msahci - ok
15:22:56.0527 7228  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:22:56.0527 7228  msdsm - ok
15:22:56.0558 7228  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:22:56.0589 7228  MSDTC - ok
15:22:56.0620 7228  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:22:56.0651 7228  Msfs - ok
15:22:56.0683 7228  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:22:56.0729 7228  mshidkmdf - ok
15:22:56.0761 7228  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:22:56.0761 7228  msisadrv - ok
15:22:56.0792 7228  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:22:56.0823 7228  MSiSCSI - ok
15:22:56.0823 7228  msiserver - ok
15:22:56.0854 7228  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:22:56.0901 7228  MSKSSRV - ok
15:22:56.0932 7228  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:22:56.0979 7228  MSPCLOCK - ok
15:22:57.0010 7228  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:22:57.0057 7228  MSPQM - ok
15:22:57.0104 7228  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:22:57.0135 7228  MsRPC - ok
15:22:57.0151 7228  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:22:57.0166 7228  mssmbios - ok
15:22:57.0182 7228  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:22:57.0229 7228  MSTEE - ok
15:22:57.0244 7228  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:22:57.0260 7228  MTConfig - ok
15:22:57.0275 7228  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:22:57.0275 7228  Mup - ok
15:22:57.0307 7228  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:22:57.0369 7228  napagent - ok
15:22:57.0416 7228  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:22:57.0447 7228  NativeWifiP - ok
15:22:57.0525 7228  [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121025.025\ENG64.SYS
15:22:57.0525 7228  NAVENG - ok
15:22:57.0759 7228  [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121025.025\EX64.SYS
15:22:57.0790 7228  NAVEX15 - ok
15:22:57.0868 7228  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:22:57.0884 7228  NDIS - ok
15:22:57.0899 7228  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:22:57.0946 7228  NdisCap - ok
15:22:57.0993 7228  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:22:58.0024 7228  NdisTapi - ok
15:22:58.0040 7228  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:22:58.0102 7228  Ndisuio - ok
15:22:58.0118 7228  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:22:58.0180 7228  NdisWan - ok
15:22:58.0196 7228  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:22:58.0227 7228  NDProxy - ok
15:22:58.0258 7228  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:22:58.0305 7228  NetBIOS - ok
15:22:58.0336 7228  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:22:58.0367 7228  NetBT - ok
15:22:58.0383 7228  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:22:58.0383 7228  Netlogon - ok
15:22:58.0430 7228  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:22:58.0477 7228  Netman - ok
15:22:58.0492 7228  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:22:58.0555 7228  netprofm - ok
15:22:58.0586 7228  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:22:58.0601 7228  NetTcpPortSharing - ok
15:22:58.0633 7228  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:22:58.0633 7228  nfrd960 - ok
15:22:58.0742 7228  [ F2840DBFE9322F35557219AE82CC4597 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
15:22:58.0757 7228  NIS - ok
15:22:58.0789 7228  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:22:58.0835 7228  NlaSvc - ok
15:22:58.0882 7228  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:22:58.0913 7228  Npfs - ok
15:22:58.0929 7228  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:22:58.0945 7228  nsi - ok
15:22:58.0960 7228  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:22:59.0007 7228  nsiproxy - ok
15:22:59.0069 7228  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:22:59.0101 7228  Ntfs - ok
15:22:59.0132 7228  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:22:59.0163 7228  Null - ok
15:22:59.0194 7228  [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
15:22:59.0225 7228  nusb3hub - ok
15:22:59.0257 7228  [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:22:59.0303 7228  nusb3xhc - ok
15:22:59.0335 7228  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
15:22:59.0366 7228  NVENETFD - ok
15:22:59.0381 7228  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:22:59.0397 7228  nvraid - ok
15:22:59.0428 7228  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:22:59.0444 7228  nvstor - ok
15:22:59.0444 7228  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:22:59.0459 7228  nv_agp - ok
15:22:59.0553 7228  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:22:59.0569 7228  odserv - ok
15:22:59.0584 7228  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:22:59.0584 7228  ohci1394 - ok
15:22:59.0631 7228  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:22:59.0631 7228  ose - ok
15:22:59.0662 7228  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:22:59.0709 7228  p2pimsvc - ok
15:22:59.0756 7228  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:22:59.0771 7228  p2psvc - ok
15:22:59.0787 7228  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
15:22:59.0787 7228  Parport - ok
15:22:59.0818 7228  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:22:59.0818 7228  partmgr - ok
15:22:59.0881 7228  [ AFADA8B97BE3C9398DC6C770409C3544 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
15:22:59.0927 7228  PassThru Service ( UnsignedFile.Multi.Generic ) - warning
15:22:59.0927 7228  PassThru Service - detected UnsignedFile.Multi.Generic (1)
15:22:59.0959 7228  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:22:59.0990 7228  PcaSvc - ok
15:23:00.0037 7228  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:23:00.0037 7228  pci - ok
15:23:00.0052 7228  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:23:00.0052 7228  pciide - ok
15:23:00.0068 7228  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:23:00.0083 7228  pcmcia - ok
15:23:00.0099 7228  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:23:00.0099 7228  pcw - ok
15:23:00.0146 7228  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:23:00.0193 7228  PEAUTH - ok
15:23:00.0302 7228  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:23:00.0333 7228  PerfHost - ok
15:23:00.0458 7228  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:23:00.0536 7228  pla - ok
15:23:00.0583 7228  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:23:00.0629 7228  PlugPlay - ok
15:23:00.0645 7228  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:23:00.0676 7228  PNRPAutoReg - ok
15:23:00.0707 7228  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:23:00.0707 7228  PNRPsvc - ok
15:23:00.0739 7228  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:23:00.0785 7228  PolicyAgent - ok
15:23:00.0832 7228  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:23:00.0879 7228  Power - ok
15:23:00.0926 7228  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:23:00.0973 7228  PptpMiniport - ok
15:23:01.0004 7228  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
15:23:01.0051 7228  Processor - ok
15:23:01.0129 7228  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:23:01.0191 7228  ProfSvc - ok
15:23:01.0191 7228  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:23:01.0207 7228  ProtectedStorage - ok
15:23:01.0238 7228  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:23:01.0269 7228  Psched - ok
15:23:01.0331 7228  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:23:01.0363 7228  ql2300 - ok
15:23:01.0378 7228  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:23:01.0394 7228  ql40xx - ok
15:23:01.0441 7228  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:23:01.0456 7228  QWAVE - ok
15:23:01.0472 7228  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:23:01.0503 7228  QWAVEdrv - ok
15:23:01.0519 7228  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:23:01.0550 7228  RasAcd - ok
15:23:01.0597 7228  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:23:01.0628 7228  RasAgileVpn - ok
15:23:01.0659 7228  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:23:01.0706 7228  RasAuto - ok
15:23:01.0737 7228  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:23:01.0784 7228  Rasl2tp - ok
15:23:01.0831 7228  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:23:01.0893 7228  RasMan - ok
15:23:01.0924 7228  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:23:01.0971 7228  RasPppoe - ok
15:23:02.0002 7228  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:23:02.0049 7228  RasSstp - ok
15:23:02.0080 7228  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:23:02.0127 7228  rdbss - ok
15:23:02.0158 7228  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
15:23:02.0189 7228  rdpbus - ok
15:23:02.0236 7228  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:23:02.0283 7228  RDPCDD - ok
15:23:02.0299 7228  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:23:02.0345 7228  RDPENCDD - ok
15:23:02.0377 7228  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:23:02.0392 7228  RDPREFMP - ok
15:23:02.0439 7228  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:23:02.0470 7228  RDPWD - ok
15:23:02.0501 7228  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:23:02.0501 7228  rdyboost - ok
15:23:02.0533 7228  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:23:02.0579 7228  RemoteAccess - ok
15:23:02.0611 7228  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:23:02.0642 7228  RemoteRegistry - ok
15:23:02.0657 7228  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:23:02.0720 7228  RpcEptMapper - ok
15:23:02.0751 7228  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:23:02.0767 7228  RpcLocator - ok
15:23:02.0798 7228  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:23:02.0829 7228  RpcSs - ok
15:23:02.0876 7228  [ D5C3E1629A3F7F0857D27949252B94CE ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
15:23:02.0891 7228  RSPCIESTOR - ok
15:23:02.0938 7228  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:23:02.0969 7228  rspndr - ok
15:23:03.0001 7228  [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:23:03.0016 7228  RTL8167 - ok
15:23:03.0032 7228  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:23:03.0032 7228  SamSs - ok
15:23:03.0063 7228  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:23:03.0063 7228  sbp2port - ok
15:23:03.0079 7228  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:23:03.0110 7228  SCardSvr - ok
15:23:03.0125 7228  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:23:03.0172 7228  scfilter - ok
15:23:03.0235 7228  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:23:03.0297 7228  Schedule - ok
15:23:03.0328 7228  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:23:03.0359 7228  SCPolicySvc - ok
15:23:03.0375 7228  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
15:23:03.0406 7228  sdbus - ok
15:23:03.0453 7228  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:23:03.0500 7228  SDRSVC - ok
15:23:03.0531 7228  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:23:03.0578 7228  secdrv - ok
15:23:03.0593 7228  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:23:03.0625 7228  seclogon - ok
15:23:03.0671 7228  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
15:23:03.0718 7228  SENS - ok
15:23:03.0749 7228  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:23:03.0796 7228  SensrSvc - ok
15:23:03.0827 7228  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:23:03.0859 7228  Serenum - ok
15:23:03.0859 7228  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
15:23:03.0874 7228  Serial - ok
15:23:03.0905 7228  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:23:03.0937 7228  sermouse - ok
15:23:03.0968 7228  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:23:04.0015 7228  SessionEnv - ok
15:23:04.0061 7228  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:23:04.0077 7228  sffdisk - ok
15:23:04.0077 7228  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:23:04.0108 7228  sffp_mmc - ok
15:23:04.0108 7228  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:23:04.0139 7228  sffp_sd - ok
15:23:04.0171 7228  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:23:04.0202 7228  sfloppy - ok
15:23:04.0249 7228  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:23:04.0311 7228  SharedAccess - ok
15:23:04.0358 7228  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:23:04.0405 7228  ShellHWDetection - ok
15:23:04.0467 7228  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:23:04.0467 7228  SiSRaid2 - ok
15:23:04.0483 7228  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:23:04.0483 7228  SiSRaid4 - ok
15:23:04.0529 7228  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:23:04.0545 7228  SkypeUpdate - ok
15:23:04.0576 7228  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:23:04.0623 7228  Smb - ok
15:23:04.0670 7228  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:23:04.0701 7228  SNMPTRAP - ok
15:23:04.0732 7228  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:23:04.0748 7228  spldr - ok
15:23:04.0779 7228  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:23:04.0810 7228  Spooler - ok
15:23:04.0888 7228  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:23:04.0997 7228  sppsvc - ok
15:23:05.0029 7228  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:23:05.0060 7228  sppuinotify - ok
15:23:05.0200 7228  [ 891793E00432FA055CF040605C260E49 ] SRTSP           C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS
15:23:05.0216 7228  SRTSP - ok
15:23:05.0247 7228  [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX          C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS
15:23:05.0263 7228  SRTSPX - ok
15:23:05.0278 7228  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:23:05.0294 7228  srv - ok
15:23:05.0325 7228  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:23:05.0356 7228  srv2 - ok
15:23:05.0403 7228  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:23:05.0419 7228  SrvHsfHDA - ok
15:23:05.0465 7228  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:23:05.0528 7228  SrvHsfV92 - ok
15:23:05.0559 7228  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:23:05.0575 7228  SrvHsfWinac - ok
15:23:05.0606 7228  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:23:05.0606 7228  srvnet - ok
15:23:05.0653 7228  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:23:05.0699 7228  SSDPSRV - ok
15:23:05.0715 7228  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:23:05.0746 7228  SstpSvc - ok
15:23:05.0809 7228  [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
15:23:05.0824 7228  ssudmdm - ok
15:23:05.0871 7228  [ 86678C2F5081FEA3517D78E92230B5FF ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
15:23:05.0887 7228  STacSV - ok
15:23:05.0902 7228  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:23:05.0918 7228  stexstor - ok
15:23:05.0965 7228  [ 74387B34B43F94E380608888C56A5CCD ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
15:23:06.0011 7228  STHDA - ok
15:23:06.0058 7228  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
15:23:06.0089 7228  StillCam - ok
15:23:06.0136 7228  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:23:06.0167 7228  stisvc - ok
15:23:06.0199 7228  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:23:06.0214 7228  swenum - ok
15:23:06.0245 7228  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:23:06.0308 7228  swprv - ok
15:23:06.0355 7228  [ 8B2430762099598DA40686F754632EFD ] SymDS           C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS
15:23:06.0370 7228  SymDS - ok
15:23:06.0448 7228  [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA          C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS
15:23:06.0511 7228  SymEFA - ok
15:23:06.0557 7228  [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:23:06.0573 7228  SymEvent - ok
15:23:06.0604 7228  [ B681D1B0F9596684225DCC9B94C6BACF ] SymIM           C:\Windows\system32\DRIVERS\SymIMv.sys
15:23:06.0620 7228  SymIM - ok
15:23:06.0667 7228  [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON         C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS
15:23:06.0682 7228  SymIRON - ok
15:23:06.0698 7228  [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS         C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS
15:23:06.0713 7228  SymNetS - ok
15:23:06.0745 7228  [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
15:23:06.0760 7228  SynTP - ok
15:23:06.0807 7228  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:23:06.0854 7228  SysMain - ok
15:23:06.0901 7228  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:23:06.0947 7228  TabletInputService - ok
15:23:06.0979 7228  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:23:07.0010 7228  TapiSrv - ok
15:23:07.0025 7228  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:23:07.0057 7228  TBS - ok
15:23:07.0135 7228  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:23:07.0197 7228  Tcpip - ok
15:23:07.0244 7228  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:23:07.0275 7228  TCPIP6 - ok
15:23:07.0291 7228  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:23:07.0337 7228  tcpipreg - ok
15:23:07.0369 7228  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:23:07.0415 7228  TDPIPE - ok
15:23:07.0447 7228  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:23:07.0462 7228  TDTCP - ok
15:23:07.0478 7228  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:23:07.0493 7228  tdx - ok
15:23:07.0603 7228  [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
15:23:07.0634 7228  TeamViewer7 - ok
15:23:07.0665 7228  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:23:07.0681 7228  TermDD - ok
15:23:07.0696 7228  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:23:07.0759 7228  TermService - ok
15:23:07.0852 7228  [ 46B389E1A1C8E66D877402FC0821A371 ] TGCM_ImportWiFiSvc C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
15:23:07.0852 7228  TGCM_ImportWiFiSvc - ok
15:23:07.0915 7228  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:23:07.0930 7228  Themes - ok
15:23:07.0961 7228  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:23:07.0993 7228  THREADORDER - ok
15:23:08.0071 7228  [ E319535A8124F25C1C9C5288CACF3101 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
15:23:08.0086 7228  TomTomHOMEService - ok
15:23:08.0117 7228  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:23:08.0164 7228  TrkWks - ok
15:23:08.0211 7228  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:23:08.0273 7228  TrustedInstaller - ok
15:23:08.0305 7228  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:23:08.0351 7228  tssecsrv - ok
15:23:08.0383 7228  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:23:08.0429 7228  TsUsbFlt - ok
15:23:08.0429 7228  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:23:08.0461 7228  TsUsbGD - ok
15:23:08.0523 7228  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:23:08.0570 7228  tunnel - ok
15:23:08.0601 7228  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:23:08.0601 7228  uagp35 - ok
15:23:08.0632 7228  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:23:08.0679 7228  udfs - ok
15:23:08.0710 7228  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:23:08.0726 7228  UI0Detect - ok
15:23:08.0757 7228  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:23:08.0757 7228  uliagpkx - ok
15:23:08.0804 7228  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:23:08.0851 7228  umbus - ok
15:23:08.0897 7228  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:23:08.0929 7228  UmPass - ok
15:23:09.0147 7228  [ A678E5DDD974903DD71F503BDCACA218 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:23:09.0209 7228  UNS - ok
15:23:09.0241 7228  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:23:09.0303 7228  upnphost - ok
15:23:09.0319 7228  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:23:09.0350 7228  usbccgp - ok
15:23:09.0381 7228  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:23:09.0397 7228  usbcir - ok
15:23:09.0412 7228  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:23:09.0443 7228  usbehci - ok
15:23:09.0475 7228  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:23:09.0506 7228  usbhub - ok
15:23:09.0553 7228  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:23:09.0584 7228  usbohci - ok
15:23:09.0599 7228  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:23:09.0631 7228  usbprint - ok
15:23:09.0677 7228  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:23:09.0693 7228  usbscan - ok
15:23:09.0724 7228  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:23:09.0771 7228  USBSTOR - ok
15:23:09.0787 7228  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:23:09.0818 7228  usbuhci - ok
15:23:09.0865 7228  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
15:23:09.0880 7228  usbvideo - ok
15:23:09.0911 7228  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
15:23:09.0943 7228  usb_rndisx - ok
15:23:09.0989 7228  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:23:10.0036 7228  UxSms - ok
15:23:10.0067 7228  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:23:10.0083 7228  VaultSvc - ok
15:23:10.0099 7228  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:23:10.0099 7228  vdrvroot - ok
15:23:10.0161 7228  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:23:10.0208 7228  vds - ok
15:23:10.0255 7228  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:23:10.0270 7228  vga - ok
15:23:10.0286 7228  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:23:10.0333 7228  VgaSave - ok
15:23:10.0348 7228  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:23:10.0364 7228  vhdmp - ok
15:23:10.0379 7228  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:23:10.0379 7228  viaide - ok
15:23:10.0457 7228  [ 6E021D6DA429AD7288FE8322E2BBA96B ] VMCService      C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
15:23:10.0473 7228  VMCService ( UnsignedFile.Multi.Generic ) - warning
15:23:10.0473 7228  VMCService - detected UnsignedFile.Multi.Generic (1)
15:23:10.0535 7228  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:23:10.0535 7228  volmgr - ok
15:23:10.0551 7228  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:23:10.0567 7228  volmgrx - ok
15:23:10.0582 7228  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:23:10.0582 7228  volsnap - ok
15:23:10.0613 7228  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:23:10.0629 7228  vsmraid - ok
15:23:10.0691 7228  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:23:10.0769 7228  VSS - ok
15:23:10.0816 7228  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:23:10.0832 7228  vwifibus - ok
15:23:10.0847 7228  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:23:10.0894 7228  vwififlt - ok
15:23:10.0925 7228  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:23:10.0925 7228  vwifimp - ok
15:23:10.0941 7228  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:23:10.0972 7228  W32Time - ok
15:23:11.0019 7228  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:23:11.0050 7228  WacomPen - ok
15:23:11.0081 7228  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:23:11.0128 7228  WANARP - ok
15:23:11.0159 7228  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:23:11.0191 7228  Wanarpv6 - ok
15:23:11.0253 7228  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:23:11.0284 7228  WatAdminSvc - ok
15:23:11.0347 7228  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:23:11.0425 7228  wbengine - ok
15:23:11.0440 7228  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:23:11.0456 7228  WbioSrvc - ok
15:23:11.0487 7228  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:23:11.0518 7228  wcncsvc - ok
15:23:11.0549 7228  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:23:11.0565 7228  WcsPlugInService - ok
15:23:11.0581 7228  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
15:23:11.0596 7228  Wd - ok
15:23:11.0627 7228  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:23:11.0659 7228  Wdf01000 - ok
15:23:11.0690 7228  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:23:11.0783 7228  WdiServiceHost - ok
15:23:11.0783 7228  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:23:11.0799 7228  WdiSystemHost - ok
15:23:11.0846 7228  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:23:11.0877 7228  WebClient - ok
15:23:11.0908 7228  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:23:11.0971 7228  Wecsvc - ok
15:23:11.0986 7228  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:23:12.0017 7228  wercplsupport - ok
15:23:12.0049 7228  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:23:12.0080 7228  WerSvc - ok
15:23:12.0095 7228  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:23:12.0127 7228  WfpLwf - ok
15:23:12.0158 7228  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:23:12.0158 7228  WIMMount - ok
15:23:12.0189 7228  WinDefend - ok
15:23:12.0189 7228  WinHttpAutoProxySvc - ok
15:23:12.0251 7228  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:23:12.0283 7228  Winmgmt - ok
15:23:12.0345 7228  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:23:12.0407 7228  WinRM - ok
15:23:12.0439 7228  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
15:23:12.0470 7228  WinUsb - ok
15:23:12.0548 7228  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:23:12.0595 7228  Wlansvc - ok
15:23:12.0719 7228  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:23:12.0766 7228  wlidsvc - ok
15:23:12.0797 7228  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:23:12.0829 7228  WmiAcpi - ok
15:23:12.0875 7228  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:23:12.0891 7228  wmiApSrv - ok
15:23:12.0938 7228  WMPNetworkSvc - ok
15:23:12.0969 7228  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:23:12.0985 7228  WPCSvc - ok
15:23:13.0000 7228  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:23:13.0000 7228  WPDBusEnum - ok
15:23:13.0016 7228  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:23:13.0047 7228  ws2ifsl - ok
15:23:13.0094 7228  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
15:23:13.0125 7228  wscsvc - ok
15:23:13.0125 7228  WSearch - ok
15:23:13.0203 7228  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:23:13.0281 7228  wuauserv - ok
15:23:13.0297 7228  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:23:13.0343 7228  WudfPf - ok
15:23:13.0375 7228  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:23:13.0437 7228  WUDFRd - ok
15:23:13.0468 7228  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:23:13.0484 7228  wudfsvc - ok
15:23:13.0515 7228  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:23:13.0562 7228  WwanSvc - ok
15:23:13.0609 7228  [ F98415E5B83742C901D0A336972509A0 ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
15:23:13.0624 7228  ZTEusbmdm6k - ok
15:23:13.0655 7228  [ F98415E5B83742C901D0A336972509A0 ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
15:23:13.0655 7228  ZTEusbnmea - ok
15:23:13.0702 7228  [ F98415E5B83742C901D0A336972509A0 ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
15:23:13.0718 7228  ZTEusbser6k - ok
15:23:13.0749 7228  ================ Scan global ===============================
15:23:13.0780 7228  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:23:13.0827 7228  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:23:13.0827 7228  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:23:13.0858 7228  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:23:13.0874 7228  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:23:13.0874 7228  [Global] - ok
15:23:13.0874 7228  ================ Scan MBR ==================================
15:23:13.0889 7228  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:23:14.0217 7228  \Device\Harddisk0\DR0 - ok
15:23:14.0217 7228  ================ Scan VBR ==================================
15:23:14.0233 7228  [ E693C535E4169B27AD774E7B9C181081 ] \Device\Harddisk0\DR0\Partition1
15:23:14.0248 7228  \Device\Harddisk0\DR0\Partition1 - ok
15:23:14.0264 7228  [ 26A0D9D81767C0AC7897846DF9F716E9 ] \Device\Harddisk0\DR0\Partition2
15:23:14.0264 7228  \Device\Harddisk0\DR0\Partition2 - ok
15:23:14.0295 7228  [ 45D7AE5985A23162D54CA38FF7CFBA2F ] \Device\Harddisk0\DR0\Partition3
15:23:14.0295 7228  \Device\Harddisk0\DR0\Partition3 - ok
15:23:14.0342 7228  [ 8AB56B70332FEC2EAD817FCCC32F25ED ] \Device\Harddisk0\DR0\Partition4
15:23:14.0342 7228  \Device\Harddisk0\DR0\Partition4 - ok
15:23:14.0342 7228  ============================================================
15:23:14.0342 7228  Scan finished
15:23:14.0342 7228  ============================================================
15:23:14.0357 7892  Detected object count: 3
15:23:14.0357 7892  Actual detected object count: 3
15:24:01.0282 7892  Connectify ( UnsignedFile.Multi.Generic ) - skipped by user
15:24:01.0282 7892  Connectify ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:24:01.0282 7892  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:24:01.0282 7892  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:24:01.0282 7892  VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
15:24:01.0282 7892  VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:26:19.0979 7804  Deinitialize success

cosinus · 26.10.2012, 14:45

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

MrPepper · 26.10.2012, 15:02

Code:

ATTFilter

 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-26 15:53:02
-----------------------------
15:53:02.368    OS Version: Windows x64 6.1.7601 Service Pack 1
15:53:02.368    Number of processors: 8 586 0x2A07
15:53:02.368    ComputerName: STEFANSZIRTES  UserName: 
15:53:04.488    Initialize success
15:53:42.028    AVAST engine download error: 0
15:53:58.818    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:53:58.818    Disk 0 Vendor: TOSHIBA_ GL00 Size: 953869MB BusType: 3
15:53:58.828    Disk 0 MBR read successfully
15:53:58.828    Disk 0 MBR scan
15:53:58.828    Disk 0 Windows 7 default MBR code
15:53:58.828    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
15:53:58.838    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       935133 MB offset 409600
15:53:58.868    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        18433 MB offset 1915561984
15:53:58.878    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      102 MB offset 1953312768
15:53:58.918    Disk 0 scanning C:\Windows\system32\drivers
15:54:05.168    Service scanning
15:54:50.002    Modules scanning
15:54:50.002    Disk 0 trace - called modules:
15:54:50.033    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll 
15:54:50.033    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ff3790]
15:54:50.049    3 CLASSPNP.SYS[fffff880015c943f] -> nt!IofCallDriver -> [0xfffffa8007f02b10]
15:54:50.049    5 hpdskflt.sys[fffff880019ed189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007dcf050]
15:54:50.049    Scan finished successfully
15:55:14.697    Disk 0 MBR has been saved successfully to "C:\Users\Stefan Szirtes\Desktop\MBR.dat"
15:55:14.697    The log file has been saved successfully to "C:\Users\Stefan Szirtes\Desktop\aswMBR.txt"

cosinus · 26.10.2012, 15:16

Ok, eine Kontrolle bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

23.10.2012, 21:16	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Externe Festplatte nur Ver.knüpfungen Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus. __________________ __________________

Externe Festplatte nur Ver.knüpfungen

Log-Analyse und Auswertung: Externe Festplatte nur Ver.knüpfungen