GVU Ihr Computer wurde gesperrt.

PeterZorn · 09.01.2013, 09:44

Hallo Leute,

Ich habe mir gerade den GVU-Trojaner eingefangen ("Ihr Computer wurde gesperrt"), der hier im Forum schon öfter aufgetaucht ist. Ich kann den Rechner noch im Abgesicherten Modus mit Netzwerktreibern starten, und habe auch schon OTL laufen lassen (wie in den meisten Threads beschrieben).

Hier die Logs:

Code:

ATTFilter

OTL logfile created on: 09.01.2013 09:26:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Peter Zorn\Downloads
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 3,02 Gb Available Physical Memory | 79,37% Memory free
7,60 Gb Paging File | 6,85 Gb Available in Paging File | 90,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 157,10 Gb Free Space | 67,49% Space Free | Partition Type: NTFS
 
Computer Name: PETERZORN-PC | User Name: Peter Zorn | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.09 09:22:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Peter Zorn\Downloads\OTL.exe
PRC - [2012.11.07 21:03:13 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.01.07 01:14:28 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2010.04.07 04:35:04 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe -- (AESTFilters)
SRV - [2012.12.11 20:01:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.07 20:54:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.04 20:41:29 | 000,236,608 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012.12.04 20:40:35 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.12.04 20:40:34 | 002,878,016 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012.12.04 20:40:24 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Stopped] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Stopped] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.11.07 21:03:13 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.08.01 15:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.26 22:09:06 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2010.04.07 04:35:04 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe -- (STacSV)
SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.11.04 13:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.11.04 13:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.10.20 10:02:10 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.07 21:03:47 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.09.26 15:47:21 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.09.26 15:45:44 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.26 22:09:25 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2012.06.27 14:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.09 16:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.01.09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.01.09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.01.09 16:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.03.24 08:17:07 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2011.01.07 01:14:28 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2011.01.07 01:14:27 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.09.29 09:38:32 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010.08.20 10:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010.06.02 22:13:20 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.04.07 04:35:04 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.03.04 21:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.03.03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.27 05:02:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.03 19:08:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.12.10 19:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.02 21:24:18 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.28 18:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.08.28 18:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.07 14:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008.07.26 14:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008.07.26 14:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008.07.26 14:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008.07.26 14:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1529273206-646565468-505323746-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1529273206-646565468-505323746-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1529273206-646565468-505323746-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 64 AC FD 3F EE CD 01  [binary data]
IE - HKU\S-1-5-21-1529273206-646565468-505323746-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1529273206-646565468-505323746-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1529273206-646565468-505323746-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1529273206-646565468-505323746-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: es-es%40dictionaries.addons.mozilla.org:1.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://pac.lrz.de/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012.12.04 21:02:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.07 20:54:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.12 22:25:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.13 08:22:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.07 20:54:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.12 22:25:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.13 08:22:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.01.07 16:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Zorn\AppData\Roaming\mozilla\Extensions
[2011.01.07 16:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Zorn\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.24 11:25:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Zorn\AppData\Roaming\mozilla\Firefox\Profiles\v8vnc8y9.default\extensions
[2012.10.16 20:34:40 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Peter Zorn\AppData\Roaming\mozilla\Firefox\Profiles\v8vnc8y9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.10.04 20:32:51 | 000,000,000 | ---D | M] (Diccionario de EspaÃ±ol/EspaÃ±a) -- C:\Users\Peter Zorn\AppData\Roaming\mozilla\Firefox\Profiles\v8vnc8y9.default\extensions\es-es@dictionaries.addons.mozilla.org
[2012.12.07 20:54:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.12.07 20:54:30 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.01 16:13:48 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.13 15:13:18 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1529273206-646565468-505323746-1000..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Peter Zorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Peter Zorn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1529273206-646565468-505323746-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-1529273206-646565468-505323746-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1529273206-646565468-505323746-1000\..Trusted Domains: datastream.com ([product] http in Trusted sites)
O15 - HKU\S-1-5-21-1529273206-646565468-505323746-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1529273206-646565468-505323746-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15B0A36E-E0FA-4A52-B546-DAD94D8F8927}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE0F4543-09A9-4B01-BE81-A6CD5DE86917}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{04f2b912-d96f-11e0-910f-f04da2aeae05}\Shell - "" = AutoRun
O33 - MountPoints2\{04f2b912-d96f-11e0-910f-f04da2aeae05}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9b4f9ef7-d7f6-11e0-9139-f04da2aeae05}\Shell - "" = AutoRun
O33 - MountPoints2\{9b4f9ef7-d7f6-11e0-9139-f04da2aeae05}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9b4f9efe-d7f6-11e0-9139-f04da2aeae05}\Shell - "" = AutoRun
O33 - MountPoints2\{9b4f9efe-d7f6-11e0-9139-f04da2aeae05}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c2166033-19ee-11e0-943c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c2166033-19ee-11e0-943c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoRcd.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SAVService - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SAVService - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.09 09:04:39 | 000,256,000 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Peter Zorn\wgsdgsdgdsgsd.dll
[2012.12.29 13:28:45 | 000,000,000 | ---D | C] -- C:\Users\Peter Zorn\AppData\Roaming\vlc
[2012.12.29 13:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.12.14 08:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.14 08:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.14 08:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.14 08:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.12.14 08:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.13 08:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.12.12 22:25:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.12 22:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.09 09:15:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.09 09:15:11 | 3062,902,784 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.09 09:12:54 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.09 09:04:43 | 000,002,962 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.09 09:04:43 | 000,001,051 | ---- | M] () -- C:\Users\Peter Zorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.09 09:04:43 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.09 09:04:43 | 000,000,069 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.09 09:04:39 | 000,256,000 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Peter Zorn\wgsdgsdgdsgsd.dll
[2013.01.09 09:01:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.09 08:27:35 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.09 08:27:35 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.09 08:24:29 | 001,465,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.09 08:24:29 | 000,641,712 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.09 08:24:29 | 000,605,342 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.09 08:24:29 | 000,125,408 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.09 08:24:29 | 000,102,582 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.09 08:23:37 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012.12.23 11:04:07 | 000,001,058 | ---- | M] () -- C:\Users\Peter Zorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.21 13:01:44 | 002,216,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.14 08:15:53 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.09 09:04:43 | 000,002,962 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.09 09:04:43 | 000,001,051 | ---- | C] () -- C:\Users\Peter Zorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.09 09:04:43 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.09 09:04:43 | 000,000,069 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.09 09:04:41 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.14 08:15:53 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.04 11:28:52 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2012.04.18 21:29:12 | 000,000,652 | ---- | C] () -- C:\Windows\wiso.ini
[2012.02.12 16:46:15 | 000,007,606 | ---- | C] () -- C:\Users\Peter Zorn\AppData\Local\Resmon.ResmonCfg
[2012.01.21 12:50:11 | 000,012,800 | ---- | C] () -- C:\Users\Peter Zorn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.18 11:04:01 | 000,011,502 | ---- | C] () -- C:\Users\Peter Zorn\gsview64.ini
[2011.02.20 14:56:57 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.02.05 16:06:23 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Academic Software Zurich
[2012.12.04 21:02:55 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\APP_NAME_NON_STRING
[2012.04.18 21:30:15 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Buhl Data Service
[2012.11.20 07:54:24 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\calibre
[2013.01.09 09:12:54 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Dropbox
[2012.06.05 22:02:42 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\IrfanView
[2011.12.23 22:54:49 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\LyX2.0
[2012.08.16 12:51:33 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Nokia
[2011.07.31 18:29:38 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\PC Suite
[2012.12.04 21:02:40 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\pdfforge
[2011.05.25 16:39:54 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Swiss Academic Software
[2011.09.05 20:41:50 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\T-Mobile
[2011.09.05 20:58:16 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\T-Mobile Internet Manager
[2011.01.07 16:40:47 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.02.17 21:18:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.10.12 02:39:34 | 000,000,000 | ---D | M] -- C:\46b3beae778969858c8de752e20746
[2011.01.13 17:58:05 | 000,000,000 | ---D | M] -- C:\ado
[2012.11.19 21:42:22 | 000,000,000 | ---D | M] -- C:\Behringer
[2011.01.07 00:52:44 | 000,000,000 | ---D | M] -- C:\dell
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.01.07 00:49:08 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.07.08 15:41:47 | 000,000,000 | ---D | M] -- C:\dynare
[2011.01.07 01:03:53 | 000,000,000 | ---D | M] -- C:\Intel
[2011.01.07 16:16:27 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.14 08:15:39 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.14 08:15:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2013.01.09 09:04:43 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.01.07 00:49:08 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.01.07 00:49:08 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.01.09 08:23:08 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.09.07 21:16:24 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.09 09:15:13 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.02.05 16:06:23 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Academic Software Zurich
[2012.11.04 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Adobe
[2012.10.06 19:20:25 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Apple Computer
[2012.12.04 21:02:55 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\APP_NAME_NON_STRING
[2012.04.18 21:30:15 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Buhl Data Service
[2012.11.20 07:54:24 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\calibre
[2013.01.09 09:12:54 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Dropbox
[2011.01.07 00:49:29 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Identities
[2011.01.07 01:01:28 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\InstallShield
[2011.01.07 01:02:35 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Intel Corporation
[2012.06.05 22:02:42 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\IrfanView
[2011.12.23 22:54:49 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\LyX2.0
[2011.01.07 23:58:10 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Macromedia
[2011.02.20 15:58:18 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\MathWorks
[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Media Center Programs
[2012.11.19 22:34:20 | 000,000,000 | --SD | M] -- C:\Users\Peter Zorn\AppData\Roaming\Microsoft
[2011.03.02 22:56:38 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\MiKTeX
[2012.02.05 15:54:00 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Mozilla
[2012.08.16 12:51:33 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Nokia
[2011.07.31 18:29:38 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\PC Suite
[2012.12.04 21:02:40 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\pdfforge
[2013.01.09 09:10:09 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Skype
[2011.05.25 16:39:54 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Swiss Academic Software
[2011.09.05 20:41:50 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\T-Mobile
[2011.09.05 20:58:16 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\T-Mobile Internet Manager
[2011.01.07 16:40:47 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\Thunderbird
[2012.12.29 13:31:30 | 000,000,000 | ---D | M] -- C:\Users\Peter Zorn\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2012.12.22 04:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Peter Zorn\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.12.22 04:01:32 | 000,203,416 | ---- | M] (Dropbox, Inc.) -- C:\Users\Peter Zorn\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
[2012.06.14 03:09:00 | 000,874,440 | ---- | M] (Dropbox, Inc.) -- C:\Users\Peter Zorn\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.06.14 03:09:06 | 000,181,776 | ---- | M] (Dropbox, Inc.) -- C:\Users\Peter Zorn\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010.10.02 20:06:49 | 001,288,704 | ---- | M] () -- C:\Users\Peter Zorn\AppData\Roaming\MiKTeX\2.9\miktex\bin\miktex-taskbar-icon.exe
[2010.10.02 20:06:49 | 001,288,704 | ---- | M] () -- C:\Users\Peter Zorn\AppData\Roaming\MiKTeX\2.9\miktex\bin\miktex-update.exe
[2010.10.02 20:06:51 | 001,288,704 | ---- | M] () -- C:\Users\Peter Zorn\AppData\Roaming\MiKTeX\2.9\miktex\bin\miktex-update_admin.exe
[2009.06.30 10:52:18 | 000,983,040 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Peter Zorn\AppData\Roaming\T-Mobile Internet Manager\LiveUpdate.exe
[2009.06.23 15:43:40 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Peter Zorn\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >

< End of report >

Könnte mir bitte jemand weiterhelfen, den Virus zu entfernen?

Grüße,
Peter

cosinus · 09.01.2013, 12:37

Hallo und

Code:

ATTFilter

64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation

Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

PeterZorn · 09.01.2013, 13:12

Das ist eine Lizenz von der Microsoft's MSDNAA Programm für Unis.

cosinus · 09.01.2013, 13:27

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

PeterZorn · 09.01.2013, 19:41

Nein, ich habe nur Sophos Endpoint Security and Control installiert. Weder im Antivirus- noch im Manipulationsschutz-Protokoll gibt es einen Fund.

Ich bin mir auch sehr sicher, dass ich den Virus erst seit heute habe (habe in Firefox auf einen Link geklickt woraufhin Flash kurz geladen wurde und dann kam schon die GVU-Seite).

Grüße,
Peter

cosinus · 09.01.2013, 23:57

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

PeterZorn · 10.01.2013, 08:26

Zur Info: Ich arbeite weiterhin immer nur im Abgesicherten Modus mit Netzwerktreibern.

Wenn ich die mbar.exe starte, bekomme ich den Hinweis, dass in der Registry der Wert "AppInit_Dlls" gefunden wurde, der auf ein Rootkit hinweisen könnte. Das Programm fragt, ob ich den Wert löschen möchte. Ich habe auf "Nein" geklickt, und das Programm geschlossen. Was soll ich hier tun?

cosinus · 10.01.2013, 16:45

Warum bitte schließt du das Programm?!

Du sollst doch einen Scan damit damit machen

PeterZorn · 10.01.2013, 18:25

"Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden." :-)

Die Frage ist, ob ich den Registry-Eintrag löschen soll oder nicht, bevor ich den Scan durchführe.

Hier nun die Log-Datei. Ich habe den Registry-Wert nicht gelöscht, der Scan im Abgesicherten Modus lief aber durch.

Code:

ATTFilter

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2013.01.10.08

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Peter Zorn :: PETERZORN-PC [administrator]

10.01.2013 20:12:57
mbar-log-2013-01-10 (20-12-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29380
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\Peter Zorn\wgsdgsdgdsgsd.dll (Trojan.FakeMS) -> Delete on reboot.
C:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> Delete on reboot.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Delete on reboot.
C:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> Delete on reboot.
C:\Users\Peter Zorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Delete on reboot.

(end)

Nach dem Neustart (kein Abgesicherter Modus) wurde ich gefragt, mit welchem Programm ich die Datei "Peter" öffnen will. Ich habe auf abbrechen geklickt, beim zweiten Scan gab es keinen Fund mehr.

Grüße,
P

cosinus · 10.01.2013, 21:18

Ok, hast recht, die Frage sollte erlaubt sein.

Man sollte da mal einen Hinweis bei MBAR einbauen falls so eine Nachfrage aufploppt.

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

PeterZorn · 10.01.2013, 22:20

Hier die aswMBR log:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-10 21:50:29
-----------------------------
21:50:29.275    OS Version: Windows x64 6.1.7600 
21:50:29.275    Number of processors: 4 586 0x2505
21:50:29.275    ComputerName: PETERZORN-PC  UserName: Peter Zorn
21:50:30.569    Initialize success
21:51:49.029    AVAST engine defs: 13011000
21:52:25.597    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:52:25.597    Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
21:52:25.612    Disk 0 MBR read successfully
21:52:25.612    Disk 0 MBR scan
21:52:25.612    Disk 0 Windows 7 default MBR code
21:52:25.628    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
21:52:25.643    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       238373 MB offset 206848
21:52:25.659    Disk 0 scanning C:\Windows\system32\drivers
21:52:37.827    Service scanning
21:53:04.176    Modules scanning
21:53:04.176    Disk 0 trace - called modules:
21:53:04.207    ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll 
21:53:04.222    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c50060]
21:53:04.222    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004afdcb0]
21:53:04.222    5 stdcfltn.sys[fffff8800196bc52] -> nt!IofCallDriver -> [0xfffffa8003b76b20]
21:53:04.238    7 ACPI.sys[fffff88000e0b781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800492b050]
21:53:05.502    AVAST engine scan C:\Windows
21:53:07.124    AVAST engine scan C:\Windows\system32
21:57:59.923    AVAST engine scan C:\Windows\system32\drivers
21:58:14.010    AVAST engine scan C:\Users\Peter Zorn
22:07:58.232    AVAST engine scan C:\ProgramData
22:09:30.709    Scan finished successfully
22:16:01.158    Disk 0 MBR has been saved successfully to "C:\Users\Peter Zorn\Desktop\MBR.dat"
22:16:01.158    The log file has been saved successfully to "C:\Users\Peter Zorn\Desktop\aswMBR.txt"

Und hier von TDSS:

Code:

ATTFilter

22:19:01.0283 1316  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:19:01.0433 1316  ============================================================
22:19:01.0433 1316  Current date / time: 2013/01/10 22:19:01.0433
22:19:01.0433 1316  SystemInfo:
22:19:01.0433 1316  
22:19:01.0433 1316  OS Version: 6.1.7600 ServicePack: 0.0
22:19:01.0433 1316  Product type: Workstation
22:19:01.0433 1316  ComputerName: PETERZORN-PC
22:19:01.0433 1316  UserName: Peter Zorn
22:19:01.0433 1316  Windows directory: C:\Windows
22:19:01.0433 1316  System windows directory: C:\Windows
22:19:01.0433 1316  Running under WOW64
22:19:01.0433 1316  Processor architecture: Intel x64
22:19:01.0433 1316  Number of processors: 4
22:19:01.0433 1316  Page size: 0x1000
22:19:01.0433 1316  Boot type: Normal boot
22:19:01.0433 1316  ============================================================
22:19:01.0893 1316  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:19:01.0893 1316  ============================================================
22:19:01.0893 1316  \Device\Harddisk0\DR0:
22:19:01.0893 1316  MBR partitions:
22:19:01.0893 1316  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:19:01.0893 1316  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
22:19:01.0893 1316  ============================================================
22:19:01.0923 1316  C: <-> \Device\Harddisk0\DR0\Partition2
22:19:01.0923 1316  ============================================================
22:19:01.0923 1316  Initialize success
22:19:01.0923 1316  ============================================================
22:20:32.0857 4612  ============================================================
22:20:32.0857 4612  Scan started
22:20:32.0857 4612  Mode: Manual; SigCheck; TDLFS; 
22:20:32.0857 4612  ============================================================
22:20:33.0371 4612  ================ Scan system memory ========================
22:20:33.0371 4612  System memory - ok
22:20:33.0371 4612  ================ Scan services =============================
22:20:33.0543 4612  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
22:20:33.0746 4612  1394ohci - ok
22:20:33.0808 4612  [ AEDB94A49236F5FF060C90E09E70281F ] Acceler         C:\Windows\system32\DRIVERS\Accelern.sys
22:20:34.0105 4612  Acceler - ok
22:20:34.0136 4612  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
22:20:34.0167 4612  ACPI - ok
22:20:34.0198 4612  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
22:20:34.0292 4612  AcpiPmi - ok
22:20:34.0370 4612  [ E5568164C070A4988BD79C896920B3C6 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
22:20:34.0401 4612  acsock - ok
22:20:34.0557 4612  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:20:34.0573 4612  AdobeARMservice - ok
22:20:34.0713 4612  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:20:34.0744 4612  AdobeFlashPlayerUpdateSvc - ok
22:20:34.0807 4612  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:20:34.0838 4612  adp94xx - ok
22:20:34.0869 4612  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:20:34.0885 4612  adpahci - ok
22:20:34.0900 4612  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:20:34.0916 4612  adpu320 - ok
22:20:34.0947 4612  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:20:35.0103 4612  AeLookupSvc - ok
22:20:35.0197 4612  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe
22:20:35.0243 4612  AESTFilters - ok
22:20:35.0321 4612  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
22:20:35.0368 4612  AFD - ok
22:20:35.0399 4612  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
22:20:35.0415 4612  agp440 - ok
22:20:35.0431 4612  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:20:35.0477 4612  ALG - ok
22:20:35.0493 4612  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
22:20:35.0509 4612  aliide - ok
22:20:35.0524 4612  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
22:20:35.0540 4612  amdide - ok
22:20:35.0540 4612  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:20:35.0571 4612  AmdK8 - ok
22:20:35.0571 4612  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:20:35.0602 4612  AmdPPM - ok
22:20:35.0618 4612  [ 7A4B413614C055935567CF88A9734D38 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
22:20:35.0633 4612  amdsata - ok
22:20:35.0649 4612  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:20:35.0665 4612  amdsbs - ok
22:20:35.0665 4612  [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
22:20:35.0680 4612  amdxata - ok
22:20:35.0711 4612  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
22:20:35.0789 4612  AppID - ok
22:20:35.0789 4612  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:20:35.0836 4612  AppIDSvc - ok
22:20:35.0852 4612  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
22:20:35.0883 4612  Appinfo - ok
22:20:35.0930 4612  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:20:35.0945 4612  Apple Mobile Device - ok
22:20:36.0008 4612  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
22:20:36.0039 4612  AppMgmt - ok
22:20:36.0070 4612  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:20:36.0086 4612  arc - ok
22:20:36.0101 4612  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:20:36.0117 4612  arcsas - ok
22:20:36.0148 4612  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:20:36.0226 4612  AsyncMac - ok
22:20:36.0242 4612  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
22:20:36.0242 4612  atapi - ok
22:20:36.0273 4612  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:20:36.0320 4612  AudioEndpointBuilder - ok
22:20:36.0335 4612  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:20:36.0382 4612  AudioSrv - ok
22:20:36.0398 4612  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:20:36.0476 4612  AxInstSV - ok
22:20:36.0507 4612  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
22:20:36.0554 4612  b06bdrv - ok
22:20:36.0569 4612  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:20:36.0601 4612  b57nd60a - ok
22:20:36.0632 4612  [ AC4E2D84DE54CD3A013AEFF0CC56095C ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
22:20:36.0647 4612  BCM42RLY - ok
22:20:36.0710 4612  [ 0B0DF4CD7C2C188C95C4E09C568AD54A ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
22:20:36.0819 4612  BCM43XX - ok
22:20:36.0850 4612  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:20:36.0881 4612  BDESVC - ok
22:20:36.0897 4612  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:20:36.0944 4612  Beep - ok
22:20:36.0991 4612  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
22:20:37.0069 4612  BFE - ok
22:20:37.0100 4612  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
22:20:37.0178 4612  BITS - ok
22:20:37.0209 4612  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:20:37.0225 4612  blbdrive - ok
22:20:37.0287 4612  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:20:37.0318 4612  Bonjour Service - ok
22:20:37.0349 4612  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:20:37.0412 4612  bowser - ok
22:20:37.0443 4612  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:20:37.0474 4612  BrFiltLo - ok
22:20:37.0474 4612  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:20:37.0505 4612  BrFiltUp - ok
22:20:37.0552 4612  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
22:20:37.0599 4612  Browser - ok
22:20:37.0646 4612  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:20:37.0693 4612  Brserid - ok
22:20:37.0693 4612  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:20:37.0724 4612  BrSerWdm - ok
22:20:37.0724 4612  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:20:37.0755 4612  BrUsbMdm - ok
22:20:37.0755 4612  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:20:37.0771 4612  BrUsbSer - ok
22:20:37.0833 4612  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
22:20:37.0895 4612  BthEnum - ok
22:20:37.0911 4612  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:20:37.0942 4612  BTHMODEM - ok
22:20:37.0958 4612  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:20:37.0989 4612  BthPan - ok
22:20:38.0020 4612  [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
22:20:38.0067 4612  BTHPORT - ok
22:20:38.0083 4612  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:20:38.0145 4612  bthserv - ok
22:20:38.0176 4612  [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
22:20:38.0207 4612  BTHUSB - ok
22:20:38.0239 4612  [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
22:20:38.0254 4612  btwaudio - ok
22:20:38.0285 4612  [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
22:20:38.0301 4612  btwavdt - ok
22:20:38.0379 4612  [ 8318678C71B12D6663D76473F5EC28B1 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:20:38.0426 4612  btwdins - ok
22:20:38.0441 4612  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
22:20:38.0441 4612  btwl2cap - ok
22:20:38.0473 4612  [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
22:20:38.0488 4612  btwrchid - ok
22:20:38.0504 4612  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:20:38.0566 4612  cdfs - ok
22:20:38.0597 4612  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:20:38.0613 4612  cdrom - ok
22:20:38.0644 4612  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:20:38.0691 4612  CertPropSvc - ok
22:20:38.0722 4612  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:20:38.0753 4612  circlass - ok
22:20:38.0769 4612  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:20:38.0800 4612  CLFS - ok
22:20:38.0847 4612  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:20:38.0878 4612  clr_optimization_v2.0.50727_32 - ok
22:20:38.0941 4612  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:20:39.0003 4612  clr_optimization_v2.0.50727_64 - ok
22:20:39.0003 4612  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:20:39.0050 4612  CmBatt - ok
22:20:39.0065 4612  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
22:20:39.0081 4612  cmdide - ok
22:20:39.0128 4612  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
22:20:39.0190 4612  CNG - ok
22:20:39.0206 4612  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:20:39.0221 4612  Compbatt - ok
22:20:39.0253 4612  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:20:39.0284 4612  CompositeBus - ok
22:20:39.0299 4612  COMSysApp - ok
22:20:39.0315 4612  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:20:39.0315 4612  crcdisk - ok
22:20:39.0362 4612  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:20:39.0440 4612  CryptSvc - ok
22:20:39.0471 4612  [ 4A6173C2279B498CD8F57CAE504564CB ] CSC             C:\Windows\system32\drivers\csc.sys
22:20:39.0518 4612  CSC - ok
22:20:39.0565 4612  [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService      C:\Windows\System32\cscsvc.dll
22:20:39.0627 4612  CscService - ok
22:20:39.0658 4612  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:20:39.0736 4612  DcomLaunch - ok
22:20:39.0767 4612  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:20:39.0814 4612  defragsvc - ok
22:20:39.0845 4612  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:20:39.0892 4612  DfsC - ok
22:20:39.0908 4612  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:20:39.0986 4612  Dhcp - ok
22:20:40.0017 4612  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:20:40.0064 4612  discache - ok
22:20:40.0079 4612  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:20:40.0095 4612  Disk - ok
22:20:40.0126 4612  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:20:40.0204 4612  Dnscache - ok
22:20:40.0220 4612  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
22:20:40.0267 4612  dot3svc - ok
22:20:40.0298 4612  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
22:20:40.0329 4612  DPS - ok
22:20:40.0360 4612  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:20:40.0391 4612  drmkaud - ok
22:20:40.0454 4612  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:20:40.0501 4612  DXGKrnl - ok
22:20:40.0532 4612  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:20:40.0579 4612  EapHost - ok
22:20:40.0781 4612  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
22:20:40.0875 4612  ebdrv - ok
22:20:40.0906 4612  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
22:20:40.0984 4612  EFS - ok
22:20:41.0140 4612  [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:20:41.0218 4612  ehRecvr - ok
22:20:41.0234 4612  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:20:41.0265 4612  ehSched - ok
22:20:41.0281 4612  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:20:41.0312 4612  elxstor - ok
22:20:41.0312 4612  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
22:20:41.0343 4612  ErrDev - ok
22:20:41.0374 4612  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:20:41.0421 4612  EventSystem - ok
22:20:41.0437 4612  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:20:41.0483 4612  exfat - ok
22:20:41.0499 4612  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:20:41.0546 4612  fastfat - ok
22:20:41.0577 4612  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
22:20:41.0624 4612  Fax - ok
22:20:41.0639 4612  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:20:41.0655 4612  fdc - ok
22:20:41.0671 4612  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:20:41.0717 4612  fdPHost - ok
22:20:41.0733 4612  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:20:41.0764 4612  FDResPub - ok
22:20:41.0780 4612  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:20:41.0795 4612  FileInfo - ok
22:20:41.0811 4612  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:20:41.0842 4612  Filetrace - ok
22:20:41.0873 4612  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:20:41.0889 4612  flpydisk - ok
22:20:41.0905 4612  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:20:41.0920 4612  FltMgr - ok
22:20:41.0967 4612  [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache       C:\Windows\system32\FntCache.dll
22:20:42.0092 4612  FontCache - ok
22:20:42.0139 4612  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:20:42.0201 4612  FontCache3.0.0.0 - ok
22:20:42.0201 4612  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:20:42.0217 4612  FsDepends - ok
22:20:42.0263 4612  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:20:42.0279 4612  Fs_Rec - ok
22:20:42.0295 4612  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:20:42.0310 4612  fvevol - ok
22:20:42.0326 4612  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:20:42.0341 4612  gagp30kx - ok
22:20:42.0373 4612  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:20:42.0404 4612  GEARAspiWDM - ok
22:20:42.0419 4612  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
22:20:42.0466 4612  gpsvc - ok
22:20:42.0482 4612  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:20:42.0513 4612  hcw85cir - ok
22:20:42.0544 4612  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:20:42.0575 4612  HdAudAddService - ok
22:20:42.0591 4612  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:20:42.0622 4612  HDAudBus - ok
22:20:42.0653 4612  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
22:20:42.0669 4612  HECIx64 - ok
22:20:42.0669 4612  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:20:42.0700 4612  HidBatt - ok
22:20:42.0747 4612  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:20:42.0778 4612  HidBth - ok
22:20:42.0794 4612  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:20:42.0825 4612  HidIr - ok
22:20:42.0825 4612  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
22:20:42.0872 4612  hidserv - ok
22:20:42.0903 4612  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:20:42.0903 4612  HidUsb - ok
22:20:42.0934 4612  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:20:42.0981 4612  hkmsvc - ok
22:20:42.0997 4612  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:20:43.0028 4612  HomeGroupListener - ok
22:20:43.0059 4612  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:20:43.0075 4612  HomeGroupProvider - ok
22:20:43.0106 4612  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
22:20:43.0121 4612  HpSAMD - ok
22:20:43.0184 4612  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:20:43.0246 4612  HTTP - ok
22:20:43.0262 4612  hwdatacard - ok
22:20:43.0277 4612  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:20:43.0293 4612  hwpolicy - ok
22:20:43.0324 4612  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:20:43.0324 4612  i8042prt - ok
22:20:43.0371 4612  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
22:20:43.0387 4612  iaStor - ok
22:20:43.0433 4612  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:20:43.0449 4612  IAStorDataMgrSvc - ok
22:20:43.0496 4612  [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
22:20:43.0527 4612  iaStorV - ok
22:20:43.0589 4612  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:20:43.0730 4612  idsvc - ok
22:20:44.0385 4612  [ FBACBED7A37B3223822470FF1D8EA00F ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:20:44.0666 4612  igfx - ok
22:20:44.0713 4612  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:20:44.0713 4612  iirsp - ok
22:20:44.0759 4612  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
22:20:44.0853 4612  IKEEXT - ok
22:20:44.0884 4612  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
22:20:44.0915 4612  Impcd - ok
22:20:44.0947 4612  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
22:20:44.0978 4612  IntcDAud - ok
22:20:45.0009 4612  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
22:20:45.0025 4612  intelide - ok
22:20:45.0056 4612  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:20:45.0071 4612  intelppm - ok
22:20:45.0087 4612  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:20:45.0149 4612  IPBusEnum - ok
22:20:45.0165 4612  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:20:45.0212 4612  IpFilterDriver - ok
22:20:45.0227 4612  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:20:45.0274 4612  iphlpsvc - ok
22:20:45.0290 4612  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:20:45.0305 4612  IPMIDRV - ok
22:20:45.0305 4612  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:20:45.0352 4612  IPNAT - ok
22:20:45.0430 4612  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:20:45.0477 4612  iPod Service - ok
22:20:45.0493 4612  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:20:45.0508 4612  IRENUM - ok
22:20:45.0524 4612  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
22:20:45.0539 4612  isapnp - ok
22:20:45.0539 4612  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:20:45.0555 4612  iScsiPrt - ok
22:20:45.0571 4612  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:20:45.0586 4612  kbdclass - ok
22:20:45.0602 4612  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:20:45.0617 4612  kbdhid - ok
22:20:45.0617 4612  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
22:20:45.0633 4612  KeyIso - ok
22:20:45.0664 4612  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:20:45.0680 4612  KSecDD - ok
22:20:45.0695 4612  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:20:45.0711 4612  KSecPkg - ok
22:20:45.0711 4612  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:20:45.0758 4612  ksthunk - ok
22:20:45.0789 4612  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:20:45.0836 4612  KtmRm - ok
22:20:45.0867 4612  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:20:45.0898 4612  LanmanServer - ok
22:20:45.0914 4612  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:20:45.0976 4612  LanmanWorkstation - ok
22:20:46.0007 4612  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:20:46.0070 4612  lltdio - ok
22:20:46.0101 4612  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:20:46.0148 4612  lltdsvc - ok
22:20:46.0148 4612  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:20:46.0195 4612  lmhosts - ok
22:20:46.0241 4612  [ 5460828F8951D310B42B442877603B8D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:20:46.0257 4612  LMS - ok
22:20:46.0288 4612  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:20:46.0304 4612  LSI_FC - ok
22:20:46.0304 4612  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:20:46.0319 4612  LSI_SAS - ok
22:20:46.0335 4612  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:20:46.0351 4612  LSI_SAS2 - ok
22:20:46.0366 4612  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:20:46.0382 4612  LSI_SCSI - ok
22:20:46.0397 4612  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:20:46.0429 4612  luafv - ok
22:20:46.0475 4612  [ 07389F6925E490D2DB7882110E99921C ] lvpepf64        C:\Windows\system32\DRIVERS\lv302a64.sys
22:20:46.0491 4612  lvpepf64 - ok
22:20:46.0538 4612  [ 7F0BA3A6E8996F15693C6B7D81DA049E ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
22:20:46.0600 4612  LVRS64 - ok
22:20:46.0647 4612  [ 5C3FF68267A5D242EE79EE01B993D6CE ] LVUSBS64        C:\Windows\system32\drivers\LVUSBS64.sys
22:20:46.0663 4612  LVUSBS64 - ok
22:20:46.0694 4612  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:20:46.0741 4612  Mcx2Svc - ok
22:20:46.0741 4612  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:20:46.0756 4612  megasas - ok
22:20:46.0772 4612  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:20:46.0803 4612  MegaSR - ok
22:20:46.0834 4612  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:20:46.0897 4612  MMCSS - ok
22:20:46.0897 4612  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:20:46.0959 4612  Modem - ok
22:20:46.0975 4612  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:20:46.0990 4612  monitor - ok
22:20:47.0021 4612  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:20:47.0021 4612  mouclass - ok
22:20:47.0053 4612  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:20:47.0068 4612  mouhid - ok
22:20:47.0084 4612  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:20:47.0099 4612  mountmgr - ok
22:20:47.0177 4612  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:20:47.0193 4612  MozillaMaintenance - ok
22:20:47.0209 4612  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
22:20:47.0224 4612  mpio - ok
22:20:47.0240 4612  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:20:47.0287 4612  mpsdrv - ok
22:20:47.0302 4612  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:20:47.0380 4612  MpsSvc - ok
22:20:47.0396 4612  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:20:47.0411 4612  MRxDAV - ok
22:20:47.0443 4612  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:20:47.0521 4612  mrxsmb - ok
22:20:47.0552 4612  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:20:47.0599 4612  mrxsmb10 - ok
22:20:47.0614 4612  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:20:47.0645 4612  mrxsmb20 - ok
22:20:47.0661 4612  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
22:20:47.0677 4612  msahci - ok
22:20:47.0692 4612  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
22:20:47.0708 4612  msdsm - ok
22:20:47.0723 4612  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:20:47.0770 4612  MSDTC - ok
22:20:47.0801 4612  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:20:47.0833 4612  Msfs - ok
22:20:47.0864 4612  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:20:47.0926 4612  mshidkmdf - ok
22:20:47.0942 4612  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
22:20:47.0957 4612  msisadrv - ok
22:20:47.0973 4612  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:20:48.0020 4612  MSiSCSI - ok
22:20:48.0035 4612  msiserver - ok
22:20:48.0051 4612  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:20:48.0098 4612  MSKSSRV - ok
22:20:48.0098 4612  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:20:48.0160 4612  MSPCLOCK - ok
22:20:48.0176 4612  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:20:48.0223 4612  MSPQM - ok
22:20:48.0238 4612  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:20:48.0254 4612  MsRPC - ok
22:20:48.0269 4612  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:20:48.0285 4612  mssmbios - ok
22:20:48.0285 4612  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:20:48.0332 4612  MSTEE - ok
22:20:48.0347 4612  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:20:48.0363 4612  MTConfig - ok
22:20:48.0379 4612  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:20:48.0394 4612  Mup - ok
22:20:48.0410 4612  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
22:20:48.0457 4612  napagent - ok
22:20:48.0503 4612  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:20:48.0566 4612  NativeWifiP - ok
22:20:48.0597 4612  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:20:48.0644 4612  NDIS - ok
22:20:48.0659 4612  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:20:48.0706 4612  NdisCap - ok
22:20:48.0737 4612  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:20:48.0800 4612  NdisTapi - ok
22:20:48.0815 4612  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:20:48.0862 4612  Ndisuio - ok
22:20:48.0893 4612  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:20:48.0925 4612  NdisWan - ok
22:20:48.0940 4612  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:20:48.0987 4612  NDProxy - ok
22:20:49.0003 4612  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:20:49.0034 4612  NetBIOS - ok
22:20:49.0049 4612  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:20:49.0096 4612  NetBT - ok
22:20:49.0112 4612  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
22:20:49.0127 4612  Netlogon - ok
22:20:49.0159 4612  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:20:49.0205 4612  Netman - ok
22:20:49.0237 4612  [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:20:49.0315 4612  NetMsmqActivator - ok
22:20:49.0315 4612  [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:20:49.0330 4612  NetPipeActivator - ok
22:20:49.0346 4612  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:20:49.0393 4612  netprofm - ok
22:20:49.0408 4612  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:20:49.0424 4612  NetTcpActivator - ok
22:20:49.0424 4612  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:20:49.0439 4612  NetTcpPortSharing - ok
22:20:49.0455 4612  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:20:49.0455 4612  nfrd960 - ok
22:20:49.0486 4612  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:20:49.0533 4612  NlaSvc - ok
22:20:49.0564 4612  [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
22:20:49.0627 4612  nmwcd - ok
22:20:49.0658 4612  [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
22:20:49.0673 4612  nmwcdc - ok
22:20:49.0689 4612  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:20:49.0736 4612  Npfs - ok
22:20:49.0751 4612  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:20:49.0798 4612  nsi - ok
22:20:49.0814 4612  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:20:49.0861 4612  nsiproxy - ok
22:20:49.0907 4612  [ 356698A13C4630D5B31C37378D469196 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:20:49.0970 4612  Ntfs - ok
22:20:49.0970 4612  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:20:50.0017 4612  Null - ok
22:20:50.0048 4612  [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
22:20:50.0063 4612  nvraid - ok
22:20:50.0095 4612  [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
22:20:50.0110 4612  nvstor - ok
22:20:50.0126 4612  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
22:20:50.0141 4612  nv_agp - ok
22:20:50.0141 4612  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
22:20:50.0173 4612  ohci1394 - ok
22:20:50.0219 4612  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:20:50.0235 4612  ose - ok
22:20:50.0266 4612  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:20:50.0297 4612  p2pimsvc - ok
22:20:50.0313 4612  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:20:50.0344 4612  p2psvc - ok
22:20:50.0344 4612  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:20:50.0360 4612  Parport - ok
22:20:50.0391 4612  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:20:50.0391 4612  partmgr - ok
22:20:50.0422 4612  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:20:50.0453 4612  PcaSvc - ok
22:20:50.0485 4612  [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
22:20:50.0516 4612  pccsmcfd - ok
22:20:50.0516 4612  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
22:20:50.0547 4612  pci - ok
22:20:50.0547 4612  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
22:20:50.0563 4612  pciide - ok
22:20:50.0578 4612  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:20:50.0594 4612  pcmcia - ok
22:20:50.0609 4612  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:20:50.0625 4612  pcw - ok
22:20:50.0719 4612  [ 98655F862BB07CFB1CCC9262DA621AE1 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
22:20:50.0781 4612  PDF Architect Helper Service - ok
22:20:50.0828 4612  [ 73406F96E946F2B38615375269EF286F ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
22:20:50.0890 4612  PDF Architect Service - ok
22:20:50.0906 4612  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:20:50.0968 4612  PEAUTH - ok
22:20:51.0015 4612  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
22:20:51.0077 4612  PeerDistSvc - ok
22:20:51.0155 4612  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:20:51.0187 4612  PerfHost - ok
22:20:51.0296 4612  [ 087A343DFC337F37723DD7912DE6B6CD ] PID_PEPI        C:\Windows\system32\DRIVERS\LV302V64.SYS
22:20:51.0389 4612  PID_PEPI - ok
22:20:51.0436 4612  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
22:20:51.0530 4612  pla - ok
22:20:51.0592 4612  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:20:51.0670 4612  PlugPlay - ok
22:20:51.0686 4612  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:20:51.0717 4612  PNRPAutoReg - ok
22:20:51.0733 4612  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:20:51.0748 4612  PNRPsvc - ok
22:20:51.0779 4612  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:20:51.0857 4612  PolicyAgent - ok
22:20:51.0873 4612  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:20:51.0920 4612  Power - ok
22:20:51.0951 4612  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:20:51.0998 4612  PptpMiniport - ok
22:20:52.0013 4612  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:20:52.0029 4612  Processor - ok
22:20:52.0060 4612  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
22:20:52.0107 4612  ProfSvc - ok
22:20:52.0107 4612  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:20:52.0123 4612  ProtectedStorage - ok
22:20:52.0138 4612  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:20:52.0185 4612  Psched - ok
22:20:52.0232 4612  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:20:52.0294 4612  ql2300 - ok
22:20:52.0325 4612  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:20:52.0325 4612  ql40xx - ok
22:20:52.0357 4612  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:20:52.0372 4612  QWAVE - ok
22:20:52.0388 4612  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:20:52.0419 4612  QWAVEdrv - ok
22:20:52.0419 4612  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:20:52.0466 4612  RasAcd - ok
22:20:52.0497 4612  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:20:52.0544 4612  RasAgileVpn - ok
22:20:52.0544 4612  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:20:52.0591 4612  RasAuto - ok
22:20:52.0606 4612  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:20:52.0637 4612  Rasl2tp - ok
22:20:52.0653 4612  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
22:20:52.0700 4612  RasMan - ok
22:20:52.0715 4612  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:20:52.0778 4612  RasPppoe - ok
22:20:52.0793 4612  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:20:52.0840 4612  RasSstp - ok
22:20:52.0871 4612  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:20:52.0903 4612  rdbss - ok
22:20:52.0918 4612  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:20:52.0934 4612  rdpbus - ok
22:20:52.0949 4612  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:20:52.0981 4612  RDPCDD - ok
22:20:53.0012 4612  [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
22:20:53.0043 4612  RDPDR - ok
22:20:53.0043 4612  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:20:53.0090 4612  RDPENCDD - ok
22:20:53.0121 4612  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:20:53.0152 4612  RDPREFMP - ok
22:20:53.0199 4612  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:20:53.0230 4612  RDPWD - ok
22:20:53.0246 4612  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:20:53.0261 4612  rdyboost - ok
22:20:53.0293 4612  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:20:53.0339 4612  RemoteAccess - ok
22:20:53.0355 4612  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:20:53.0402 4612  RemoteRegistry - ok
22:20:53.0449 4612  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:20:53.0480 4612  RFCOMM - ok
22:20:53.0495 4612  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:20:53.0558 4612  RpcEptMapper - ok
22:20:53.0573 4612  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:20:53.0605 4612  RpcLocator - ok
22:20:53.0620 4612  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
22:20:53.0667 4612  RpcSs - ok
22:20:53.0683 4612  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:20:53.0745 4612  rspndr - ok
22:20:53.0776 4612  [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:20:53.0792 4612  RTL8167 - ok
22:20:53.0823 4612  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
22:20:53.0854 4612  s3cap - ok
22:20:53.0854 4612  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
22:20:53.0870 4612  SamSs - ok
22:20:53.0948 4612  [ 6BB693764144C2B35EF3ADAC92E07DDF ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
22:20:53.0963 4612  SAVAdminService - ok
22:20:54.0010 4612  [ C3999EF390EB460A636E9FFBA040BF8A ] SAVOnAccess     C:\Windows\system32\DRIVERS\savonaccess.sys
22:20:54.0041 4612  SAVOnAccess - ok
22:20:54.0041 4612  [ D31E18B53B0E52C234568BB61EEC7940 ] SAVService      C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
22:20:54.0088 4612  SAVService - ok
22:20:54.0104 4612  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
22:20:54.0119 4612  sbp2port - ok
22:20:54.0135 4612  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:20:54.0182 4612  SCardSvr - ok
22:20:54.0197 4612  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:20:54.0244 4612  scfilter - ok
22:20:54.0291 4612  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
22:20:54.0353 4612  Schedule - ok
22:20:54.0353 4612  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:20:54.0400 4612  SCPolicySvc - ok
22:20:54.0416 4612  [ 7D67AEABEB597C602EDB5B3AE316E96A ] sdcfilter       C:\Windows\system32\DRIVERS\sdcfilter.sys
22:20:54.0431 4612  sdcfilter - ok
22:20:54.0447 4612  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:20:54.0494 4612  SDRSVC - ok
22:20:54.0509 4612  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:20:54.0572 4612  secdrv - ok
22:20:54.0572 4612  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
22:20:54.0619 4612  seclogon - ok
22:20:54.0634 4612  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:20:54.0681 4612  SENS - ok
22:20:54.0681 4612  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:20:54.0712 4612  SensrSvc - ok
22:20:54.0712 4612  Ser2pl - ok
22:20:54.0728 4612  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:20:54.0743 4612  Serenum - ok
22:20:54.0775 4612  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:20:54.0790 4612  Serial - ok
22:20:54.0821 4612  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:20:54.0853 4612  sermouse - ok
22:20:54.0915 4612  [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
22:20:54.0946 4612  ServiceLayer - ok
22:20:54.0962 4612  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
22:20:55.0009 4612  SessionEnv - ok
22:20:55.0009 4612  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
22:20:55.0040 4612  sffdisk - ok
22:20:55.0040 4612  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:20:55.0071 4612  sffp_mmc - ok
22:20:55.0071 4612  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
22:20:55.0087 4612  sffp_sd - ok
22:20:55.0087 4612  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:20:55.0118 4612  sfloppy - ok
22:20:55.0133 4612  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:20:55.0180 4612  SharedAccess - ok
22:20:55.0196 4612  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:20:55.0243 4612  ShellHWDetection - ok
22:20:55.0258 4612  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:20:55.0274 4612  SiSRaid2 - ok
22:20:55.0289 4612  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:20:55.0305 4612  SiSRaid4 - ok
22:20:55.0352 4612  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:20:55.0367 4612  SkypeUpdate - ok
22:20:55.0383 4612  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:20:55.0430 4612  Smb - ok
22:20:55.0461 4612  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:20:55.0492 4612  SNMPTRAP - ok
22:20:55.0539 4612  [ 3F04E2F60FEAAF96D144C9462575FD24 ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
22:20:55.0555 4612  Sophos AutoUpdate Service - ok
22:20:55.0633 4612  [ BD03374253F79CE7A716A870DC85BD84 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
22:20:55.0664 4612  Sophos Web Control Service - ok
22:20:55.0695 4612  [ 69FBE35A8165ADBC313AA7F64B868CA1 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
22:20:55.0695 4612  SophosBootDriver - ok
22:20:55.0726 4612  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:20:55.0742 4612  spldr - ok
22:20:55.0757 4612  [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler         C:\Windows\System32\spoolsv.exe
22:20:55.0804 4612  Spooler - ok
22:20:55.0898 4612  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
22:20:56.0023 4612  sppsvc - ok
22:20:56.0023 4612  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:20:56.0069 4612  sppuinotify - ok
22:20:56.0101 4612  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:20:56.0179 4612  srv - ok
22:20:56.0194 4612  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:20:56.0225 4612  srv2 - ok
22:20:56.0272 4612  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:20:56.0288 4612  srvnet - ok
22:20:56.0319 4612  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:20:56.0366 4612  SSDPSRV - ok
22:20:56.0381 4612  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:20:56.0428 4612  SstpSvc - ok
22:20:56.0537 4612  [ DE9E765BD64FFF598E9F3AAB41874D8A ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe
22:20:56.0600 4612  STacSV - ok
22:20:56.0647 4612  [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn        C:\Windows\system32\DRIVERS\stdcfltn.sys
22:20:56.0662 4612  stdcfltn - ok
22:20:56.0694 4612  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:20:56.0710 4612  stexstor - ok
22:20:56.0741 4612  [ 3FE584503DC68CD206143BC334C43484 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
22:20:56.0772 4612  STHDA - ok
22:20:56.0788 4612  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
22:20:56.0819 4612  stisvc - ok
22:20:56.0835 4612  [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
22:20:56.0850 4612  storflt - ok
22:20:56.0882 4612  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
22:20:56.0897 4612  StorSvc - ok
22:20:56.0913 4612  [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
22:20:56.0928 4612  storvsc - ok
22:20:56.0944 4612  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:20:56.0960 4612  swenum - ok
22:20:57.0053 4612  [ 4402D541DA0413CB128D0455E9753B60 ] swi_service     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
22:20:57.0162 4612  swi_service - ok
22:20:57.0334 4612  [ 79FF2406BB7EB7DACB12EE3DBF8F91AE ] swi_update_64   C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
22:20:57.0396 4612  swi_update_64 - ok
22:20:57.0428 4612  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:20:57.0490 4612  swprv - ok
22:20:57.0521 4612  [ 064A2530A4A7C7CEC1BE6A1945645BE4 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:20:57.0537 4612  SynTP - ok
22:20:57.0599 4612  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
22:20:57.0662 4612  SysMain - ok
22:20:57.0677 4612  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:20:57.0694 4612  TabletInputService - ok
22:20:57.0709 4612  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:20:57.0772 4612  TapiSrv - ok
22:20:57.0787 4612  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:20:57.0834 4612  TBS - ok
22:20:57.0975 4612  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:20:58.0037 4612  Tcpip - ok
22:20:58.0053 4612  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:20:58.0099 4612  TCPIP6 - ok
22:20:58.0131 4612  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:20:58.0162 4612  tcpipreg - ok
22:20:58.0177 4612  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:20:58.0240 4612  TDPIPE - ok
22:20:58.0271 4612  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:20:58.0318 4612  TDTCP - ok
22:20:58.0349 4612  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:20:58.0411 4612  tdx - ok
22:20:58.0427 4612  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:20:58.0443 4612  TermDD - ok
22:20:58.0474 4612  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
22:20:58.0536 4612  TermService - ok
22:20:58.0536 4612  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:20:58.0583 4612  Themes - ok
22:20:58.0599 4612  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:20:58.0645 4612  THREADORDER - ok
22:20:58.0645 4612  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:20:58.0692 4612  TrkWks - ok
22:20:58.0739 4612  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:20:58.0755 4612  TrustedInstaller - ok
22:20:58.0770 4612  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:20:58.0817 4612  tssecsrv - ok
22:20:58.0833 4612  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:20:58.0879 4612  tunnel - ok
22:20:58.0895 4612  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:20:58.0911 4612  uagp35 - ok
22:20:58.0926 4612  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:20:58.0973 4612  udfs - ok
22:20:58.0989 4612  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:20:59.0004 4612  UI0Detect - ok
22:20:59.0020 4612  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
22:20:59.0035 4612  uliagpkx - ok
22:20:59.0051 4612  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:20:59.0067 4612  umbus - ok
22:20:59.0082 4612  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:20:59.0082 4612  UmPass - ok
22:20:59.0113 4612  [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService    C:\Windows\System32\umrdp.dll
22:20:59.0129 4612  UmRdpService - ok
22:20:59.0301 4612  [ 9E89C2D6945389270DE067CE51FF7425 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:20:59.0363 4612  UNS - ok
22:20:59.0379 4612  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:20:59.0425 4612  upnphost - ok
22:20:59.0457 4612  [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
22:20:59.0488 4612  upperdev - ok
22:20:59.0519 4612  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
22:20:59.0535 4612  USBAAPL64 - ok
22:20:59.0566 4612  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:20:59.0597 4612  usbaudio - ok
22:20:59.0613 4612  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:20:59.0644 4612  usbccgp - ok
22:20:59.0644 4612  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
22:20:59.0675 4612  usbcir - ok
22:20:59.0691 4612  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:20:59.0706 4612  usbehci - ok
22:20:59.0737 4612  [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:20:59.0769 4612  usbhub - ok
22:20:59.0769 4612  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:20:59.0784 4612  usbohci - ok
22:20:59.0800 4612  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:20:59.0815 4612  usbprint - ok
22:20:59.0847 4612  [ 0F0C72A657C622286013788B886968AD ] usbser          C:\Windows\system32\drivers\usbser.sys
22:20:59.0862 4612  usbser - ok
22:20:59.0893 4612  [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
22:20:59.0925 4612  UsbserFilt - ok
22:20:59.0940 4612  [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:20:59.0956 4612  USBSTOR - ok
22:20:59.0956 4612  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:20:59.0971 4612  usbuhci - ok
22:21:00.0003 4612  [ D501E12614B00A3252073101D6A1A74B ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
22:21:00.0034 4612  usbvideo - ok
22:21:00.0049 4612  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:21:00.0112 4612  UxSms - ok
22:21:00.0127 4612  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
22:21:00.0143 4612  VaultSvc - ok
22:21:00.0159 4612  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
22:21:00.0174 4612  vdrvroot - ok
22:21:00.0205 4612  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
22:21:00.0237 4612  vds - ok
22:21:00.0252 4612  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:21:00.0268 4612  vga - ok
22:21:00.0283 4612  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:21:00.0330 4612  VgaSave - ok
22:21:00.0346 4612  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
22:21:00.0361 4612  vhdmp - ok
22:21:00.0377 4612  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
22:21:00.0393 4612  viaide - ok
22:21:00.0408 4612  [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
22:21:00.0424 4612  vmbus - ok
22:21:00.0424 4612  [ AE10C35761889E65A6F7176937C5592C ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
22:21:00.0455 4612  VMBusHID - ok
22:21:00.0471 4612  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
22:21:00.0471 4612  volmgr - ok
22:21:00.0486 4612  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:21:00.0517 4612  volmgrx - ok
22:21:00.0549 4612  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:21:00.0564 4612  volsnap - ok
22:21:00.0627 4612  [ 8CA9793CBEE993660FF7FC2769A4E252 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
22:21:00.0658 4612  vpnagent - ok
22:21:00.0705 4612  [ BE7FE15AC90B9F02CBE011AE2426DD0F ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
22:21:00.0720 4612  vpnva - ok
22:21:00.0736 4612  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:21:00.0767 4612  vsmraid - ok
22:21:00.0829 4612  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
22:21:00.0876 4612  VSS - ok
22:21:00.0892 4612  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:21:00.0907 4612  vwifibus - ok
22:21:00.0939 4612  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:21:00.0970 4612  vwififlt - ok
22:21:01.0001 4612  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:21:01.0017 4612  vwifimp - ok
22:21:01.0032 4612  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:21:01.0079 4612  W32Time - ok
22:21:01.0095 4612  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:21:01.0126 4612  WacomPen - ok
22:21:01.0157 4612  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:21:01.0204 4612  WANARP - ok
22:21:01.0204 4612  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:21:01.0251 4612  Wanarpv6 - ok
22:21:01.0313 4612  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:21:01.0563 4612  WatAdminSvc - ok
22:21:01.0641 4612  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
22:21:01.0687 4612  wbengine - ok
22:21:01.0719 4612  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:21:01.0734 4612  WbioSrvc - ok
22:21:01.0750 4612  [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:21:01.0765 4612  wcncsvc - ok
22:21:01.0781 4612  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:21:01.0797 4612  WcsPlugInService - ok
22:21:01.0828 4612  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:21:01.0828 4612  Wd - ok
22:21:01.0859 4612  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:21:01.0875 4612  Wdf01000 - ok
22:21:01.0890 4612  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:21:01.0921 4612  WdiServiceHost - ok
22:21:01.0921 4612  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:21:01.0953 4612  WdiSystemHost - ok
22:21:01.0968 4612  [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient       C:\Windows\System32\webclnt.dll
22:21:01.0999 4612  WebClient - ok
22:21:02.0031 4612  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:21:02.0109 4612  Wecsvc - ok
22:21:02.0124 4612  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:21:02.0171 4612  wercplsupport - ok
22:21:02.0202 4612  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:21:02.0233 4612  WerSvc - ok
22:21:02.0265 4612  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:21:02.0296 4612  WfpLwf - ok
22:21:02.0311 4612  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:21:02.0327 4612  WIMMount - ok
22:21:02.0343 4612  WinDefend - ok
22:21:02.0343 4612  WinHttpAutoProxySvc - ok
22:21:02.0389 4612  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:21:02.0436 4612  Winmgmt - ok
22:21:02.0530 4612  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:21:02.0623 4612  WinRM - ok
22:21:02.0655 4612  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:21:02.0670 4612  WinUsb - ok
22:21:02.0701 4612  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:21:02.0733 4612  Wlansvc - ok
22:21:02.0826 4612  [ DE816A0624D54D68E1FB8A9028DCF81A ] wltrysvc        C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
22:21:02.0873 4612  wltrysvc ( UnsignedFile.Multi.Generic ) - warning
22:21:02.0873 4612  wltrysvc - detected UnsignedFile.Multi.Generic (1)
22:21:02.0889 4612  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:21:02.0904 4612  WmiAcpi - ok
22:21:02.0935 4612  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:21:02.0967 4612  wmiApSrv - ok
22:21:02.0998 4612  WMPNetworkSvc - ok
22:21:03.0013 4612  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:21:03.0029 4612  WPCSvc - ok
22:21:03.0045 4612  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:21:03.0076 4612  WPDBusEnum - ok
22:21:03.0091 4612  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:21:03.0123 4612  ws2ifsl - ok
22:21:03.0138 4612  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
22:21:03.0169 4612  wscsvc - ok
22:21:03.0185 4612  WSearch - ok
22:21:03.0294 4612  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:21:03.0357 4612  wuauserv - ok
22:21:03.0372 4612  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:21:03.0403 4612  WudfPf - ok
22:21:03.0435 4612  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:21:03.0466 4612  WUDFRd - ok
22:21:03.0481 4612  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:21:03.0528 4612  wudfsvc - ok
22:21:03.0544 4612  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:21:03.0559 4612  WwanSvc - ok
22:21:03.0591 4612  ================ Scan global ===============================
22:21:03.0622 4612  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:21:03.0669 4612  [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
22:21:03.0684 4612  [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
22:21:03.0731 4612  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:21:03.0762 4612  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:21:03.0778 4612  [Global] - ok
22:21:03.0778 4612  ================ Scan MBR ==================================
22:21:03.0793 4612  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:21:04.0807 4612  \Device\Harddisk0\DR0 - ok
22:21:04.0807 4612  ================ Scan VBR ==================================
22:21:04.0854 4612  [ 986C8D80EB041D3F79815860E532F572 ] \Device\Harddisk0\DR0\Partition1
22:21:04.0854 4612  \Device\Harddisk0\DR0\Partition1 - ok
22:21:04.0854 4612  [ B17CD78A50541801FC2E8F8F4AC9DC99 ] \Device\Harddisk0\DR0\Partition2
22:21:04.0854 4612  \Device\Harddisk0\DR0\Partition2 - ok
22:21:04.0854 4612  ============================================================
22:21:04.0854 4612  Scan finished
22:21:04.0854 4612  ============================================================
22:21:04.0885 5968  Detected object count: 1
22:21:04.0885 5968  Actual detected object count: 1
22:21:29.0362 5968  wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:21:29.0362 5968  wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 10.01.2013, 23:48

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

PeterZorn · 11.01.2013, 08:20

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 13-01-11.01 - Peter Zorn 11.01.2013   8:02.1.4 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.3895.2055 [GMT 1:00]
ausgeführt von:: c:\users\Peter Zorn\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\Uninstall.exe
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chw
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\Peter Zorn\AppData\Local\assembly\tmp
c:\users\Peter Zorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-11 bis 2013-01-11  ))))))))))))))))))))))))))))))
.
.
2013-01-11 07:09 . 2013-01-11 07:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-10 07:29 . 2013-01-10 07:29	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-09 08:04 . 2013-01-09 08:04	2962	----a-w-	c:\programdata\dsgsdgdsgdsgw.js
2013-01-09 07:30 . 2012-11-09 04:49	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-01-09 07:30 . 2012-11-09 05:34	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 07:30 . 2012-11-02 05:30	2001408	----a-w-	c:\windows\system32\msxml6.dll
2013-01-09 07:30 . 2012-11-02 05:30	1880064	----a-w-	c:\windows\system32\msxml3.dll
2013-01-09 07:30 . 2012-11-02 04:50	1388544	----a-w-	c:\windows\SysWow64\msxml6.dll
2013-01-09 07:30 . 2012-11-02 04:50	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2013-01-09 07:30 . 2012-11-20 05:55	307200	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-09 07:30 . 2012-11-20 05:10	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2013-01-09 07:29 . 2012-11-23 03:45	3147264	----a-w-	c:\windows\system32\win32k.sys
2013-01-08 06:42 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3A9CF4B-F0C9-4779-AC87-EE930FDEF153}\mpengine.dll
2012-12-29 12:28 . 2012-12-29 12:31	--------	d-----w-	c:\users\Peter Zorn\AppData\Roaming\vlc
2012-12-20 22:53 . 2012-12-16 16:52	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-20 22:53 . 2012-12-16 14:40	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-20 22:53 . 2012-12-16 14:25	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-20 22:53 . 2012-12-16 14:25	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-14 07:15 . 2012-12-14 07:15	--------	d-----w-	c:\program files\iPod
2012-12-14 07:15 . 2012-12-14 07:15	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-14 07:15 . 2012-12-14 07:15	--------	d-----w-	c:\program files\iTunes
2012-12-14 07:15 . 2012-12-14 07:15	--------	d-----w-	c:\program files (x86)\iTunes
2012-12-13 07:22 . 2013-01-10 18:57	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2012-12-12 21:25 . 2012-12-12 21:25	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-12-12 21:25 . 2012-12-12 21:24	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-12-12 21:24 . 2012-12-12 21:24	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-12 21:24 . 2012-12-12 21:24	--------	d-----w-	c:\program files (x86)\Java
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 22:43 . 2011-01-07 11:53	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-10 20:01 . 2012-04-03 06:05	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-10 20:01 . 2011-05-28 11:39	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 21:24 . 2011-04-06 12:31	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-11-08 10:29 . 2012-11-08 10:29	1402312	----a-w-	c:\windows\SysWow64\msxml4.dll
2012-11-07 20:03 . 2012-11-07 20:03	154952	----a-w-	c:\windows\system32\drivers\savonaccess.sys
2012-11-07 20:02 . 2012-07-26 21:11	37440	----a-w-	c:\windows\system32\SophosBootTasks.exe
2012-10-28 17:32 . 2012-12-04 20:02	103936	----a-w-	c:\windows\system32\pdfcmon.dll
2012-10-25 02:12 . 2012-10-25 02:12	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
2012-11-22 16:05	91784	----a-w-	c:\program files (x86)\PDF Architect\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{25A3A431-30BB-47C8-AD6A-E1063801134F}"= "c:\program files (x86)\PDF Architect\PDFIEPlugin.dll" [2012-11-22 731784]
.
[HKEY_CLASSES_ROOT\clsid\{25a3a431-30bb-47c8-ad6a-e1063801134f}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{78D9250B-1DEB-4469-9B35-591AB7D41CAA}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Peter Zorn\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Peter Zorn\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Peter Zorn\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-12-04 928832]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"NSU_agent"="c:\program files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-09-26 522232]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\Peter Zorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Peter Zorn\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 1082144]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe [2012-4-18 1380504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [2012-12-04 2010688]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-09-26 107432]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2012-07-26 36640]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-07 1255736]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2011-03-24 25608]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2012-11-07 154952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [2009-03-03 89600]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2012-11-22 1522312]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2012-11-22 905864]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2013-01-10 217744]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2012-11-07 159296]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2012-07-26 357400]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-12-04 2878016]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-09-26 479224]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-09-29 27760]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Peter Zorn\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Peter Zorn\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Peter Zorn\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Peter Zorn\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-09 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-09 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-09 414744]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-01-07 5712896]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-10-01 727664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
Trusted Zone: datastream.com\product
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Peter Zorn\AppData\Roaming\Mozilla\Firefox\Profiles\v8vnc8y9.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2012-12-04 21:02; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-SecureW2 EAP Suite - c:\program files (x86)\SecureW2\Uninstall.exe
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,cd,e5,bf,c0,18,d4,4b,8a,fc,2d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,cd,e5,bf,c0,18,d4,4b,8a,fc,2d,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-11  08:13:14
ComboFix-quarantined-files.txt  2013-01-11 07:13
.
Vor Suchlauf: 12 Verzeichnis(se), 166.936.592.384 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 166.775.644.160 Bytes frei
.
- - End Of File - - 11B4D957F0811BB85776357C5E5E00F9
         
 --- --- ---

cosinus · 11.01.2013, 16:48

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

PeterZorn · 11.01.2013, 19:03

Code:

ATTFilter

# AdwCleaner v2.105 - Datei am 11/01/2013 um 19:05:24 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional  (64 bits)
# Benutzer : Peter Zorn - PETERZORN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Peter Zorn\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\Peter Zorn\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0 (en-US)

Datei : C:\Users\Peter Zorn\AppData\Roaming\Mozilla\Firefox\Profiles\v8vnc8y9.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1193 octets] - [11/01/2013 19:05:24]

########## EOF - C:\AdwCleaner[R1].txt - [1253 octets] ##########

In der Combofix-Logfile steht, dass Dateien von xp-Antispy und dem SecureW2-Client gelöscht wurden. Stimmt das, muss ich die Anwendungen neu installieren?

09.01.2013, 12:37	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GVU Ihr Computer wurde gesperrt. Hallo und Code: ATTFilter 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender? Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? __________________ __________________

09.01.2013, 13:27	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GVU Ihr Computer wurde gesperrt. Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! __________________ Logfiles bitte immer in CODE-Tags posten

10.01.2013, 16:45	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GVU Ihr Computer wurde gesperrt. Warum bitte schließt du das Programm?! Du sollst doch einen Scan damit damit machen __________________ Logfiles bitte immer in CODE-Tags posten

GVU Ihr Computer wurde gesperrt.

Plagegeister aller Art und deren Bekämpfung: GVU Ihr Computer wurde gesperrt.