Trend Micro Titanium Internet Security 2012 lässt sich nicht mehr starten - Verdacht auf Malware

Chisar · 11.03.2013, 15:40

Ich habe den Verdacht, dass mein PC völlig verseucht ist mit Malware und ich frage mich, ob ich ihn einfach platt machen sollte oder ob es noch Hoffnung gibt.

Alles fing damit an, dass in meiner Toolleiste im Feld für "PC-Probleme lösen" angezeigte, dass mein Antiviren-Programm "Trend Micro Titanium Internet Security" deaktiviert sei und ich dann versucht das Programm zunächst wieder zu aktivieren und es zu öffnen (ich versuchte es auch als Administrator), was nicht gelang. Es öffnet sich immer erst im kleinen Fenster (das sonst anzeigt, dass ein Programm gerade gestartet wird) und auch in der Tollleiste blinkte es immer wieder auf, aber öffnete sich nicht. Daraufhin durchsuchte ich das web nach diesem Phänomen, mit dem Ergebnis, dass es sich wohl um Malware handeln müsste.
Der Scanner "Spybot S&D" (den ich mir in der Zwischenzeit runterlud sprach von über 300 Bedrohungen mit Bedrohungsgrad 5 (unter anderem Widgi Toolbar), von denen nicht alle beseitigt werden konnten. Das Antiviren-Programm wurde dann nach einem Neustart permanent von Windows blockiert, weshalb ich es wieder deinstalliert.
Trend Micro Titanium Internet Security 2012 deinstallierte ich dann auch, um es anschließend wieder zu installieren und einen Systemscan durchzuführen, der aber auch keinen Fund ergab. Daraufhin landete ich hier im Forum und durchlief die hier vorgeschlagenen Scans. Die logfiles habe ich angehängt und hoffe nun, dass ich hier einen Lösungsansatz kriege, entweder als „mach den Rechner platt“ oder halt ohne Gewaltanwendung! ;-)

cosinus · 11.03.2013, 16:19

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten

MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Chisar · 11.03.2013, 19:44

Hallo cosinus,
erst mal danke, dass Du mir hilfst.
Ich bin bisher nur bis zum 2. Scan (aswMBR) gekommen, der beim ersten Versuch abgebrochen wurde, Windows "aus Sicherheitsgründen" das System heruntergefahren hat und sich bei den nächsten zwei Versuchen mit einer Fehlermeldung verabschiedet: "avast! Antirootkit funktioniert nicht mehr". Soll ich den TDSSkiller trotzdem schon ausführen?
Hier schon mal das logfile zu MBAR

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.11.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Sarah :: SARAH-PC [administrator]

11.03.2013 17:55:53
mbar-log-2013-03-11 (17-55-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27830
Time elapsed: 17 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus · 11.03.2013, 22:03

Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Chisar · 12.03.2013, 07:41

Dieses Mal hat es geklappt. aswMBR ergab

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-12 07:30:13
-----------------------------
07:30:13.808    OS Version: Windows 6.1.7601 Service Pack 1
07:30:13.808    Number of processors: 4 586 0x2502
07:30:13.823    ComputerName: SARAH-PC  UserName: Sarah
07:30:32.044    Initialize success
07:30:44.836    AVAST engine defs: 13031100
07:30:56.021    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:30:56.021    Disk 0 Vendor: ST932042 D004 Size: 305245MB BusType: 3
07:30:56.052    Disk 0 MBR read successfully
07:30:56.052    Disk 0 MBR scan
07:30:56.084    Disk 0 Windows VISTA default MBR code
07:30:56.084    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
07:30:56.115    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 81920
07:30:56.146    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       290204 MB offset 30801920
07:30:56.162    Disk 0 scanning sectors +625140400
07:30:56.240    Disk 0 scanning C:\Windows\system32\drivers
07:31:23.399    Service scanning
07:32:14.037    Modules scanning
07:32:20.449    Disk 0 trace - called modules:
07:32:20.464    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
07:32:20.464    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87da9030]
07:32:20.464    3 CLASSPNP.SYS[8b54f59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x861df028]
07:32:20.480    Scan finished successfully
07:33:15.501    Disk 0 MBR has been saved successfully to "C:\Users\Sarah\Desktop\MBR.dat"
07:33:15.517    The log file has been saved successfully to "C:\Users\Sarah\Desktop\aswMBR_120313.txt"

der TDSSkiller Scan ergab dann noch das

Code:

ATTFilter

07:33:43.0600 3116  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
07:33:44.0333 3116  ============================================================
07:33:44.0333 3116  Current date / time: 2013/03/12 07:33:44.0333
07:33:44.0333 3116  SystemInfo:
07:33:44.0333 3116  
07:33:44.0333 3116  OS Version: 6.1.7601 ServicePack: 1.0
07:33:44.0333 3116  Product type: Workstation
07:33:44.0333 3116  ComputerName: SARAH-PC
07:33:44.0333 3116  UserName: Sarah
07:33:44.0333 3116  Windows directory: C:\Windows
07:33:44.0333 3116  System windows directory: C:\Windows
07:33:44.0333 3116  Processor architecture: Intel x86
07:33:44.0333 3116  Number of processors: 4
07:33:44.0333 3116  Page size: 0x1000
07:33:44.0333 3116  Boot type: Normal boot
07:33:44.0333 3116  ============================================================
07:33:45.0160 3116  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:33:45.0160 3116  ============================================================
07:33:45.0160 3116  \Device\Harddisk0\DR0:
07:33:45.0160 3116  MBR partitions:
07:33:45.0160 3116  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
07:33:45.0160 3116  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
07:33:45.0160 3116  ============================================================
07:33:45.0191 3116  C: <-> \Device\Harddisk0\DR0\Partition2
07:33:45.0191 3116  ============================================================
07:33:45.0191 3116  Initialize success
07:33:45.0191 3116  ============================================================
07:34:04.0005 4236  ============================================================
07:34:04.0005 4236  Scan started
07:34:04.0005 4236  Mode: Manual; 
07:34:04.0005 4236  ============================================================
07:34:04.0566 4236  ================ Scan system memory ========================
07:34:04.0566 4236  System memory - ok
07:34:04.0566 4236  ================ Scan services =============================
07:34:05.0050 4236  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
07:34:05.0050 4236  1394ohci - ok
07:34:05.0081 4236  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
07:34:05.0097 4236  ACPI - ok
07:34:05.0128 4236  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
07:34:05.0128 4236  AcpiPmi - ok
07:34:05.0221 4236  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
07:34:05.0253 4236  AdobeARMservice - ok
07:34:05.0393 4236  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:34:05.0424 4236  AdobeFlashPlayerUpdateSvc - ok
07:34:05.0471 4236  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
07:34:05.0487 4236  adp94xx - ok
07:34:05.0502 4236  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
07:34:05.0502 4236  adpahci - ok
07:34:05.0518 4236  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
07:34:05.0518 4236  adpu320 - ok
07:34:05.0549 4236  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
07:34:05.0580 4236  AeLookupSvc - ok
07:34:05.0705 4236  [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\aestsrv.exe
07:34:05.0752 4236  AESTFilters - ok
07:34:05.0799 4236  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
07:34:05.0799 4236  AFD - ok
07:34:05.0845 4236  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
07:34:05.0845 4236  agp440 - ok
07:34:05.0892 4236  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
07:34:05.0892 4236  aic78xx - ok
07:34:05.0923 4236  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
07:34:05.0970 4236  ALG - ok
07:34:06.0001 4236  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:34:06.0001 4236  aliide - ok
07:34:06.0017 4236  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
07:34:06.0017 4236  amdagp - ok
07:34:06.0033 4236  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
07:34:06.0033 4236  amdide - ok
07:34:06.0079 4236  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
07:34:06.0079 4236  AmdK8 - ok
07:34:06.0095 4236  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
07:34:06.0095 4236  AmdPPM - ok
07:34:06.0126 4236  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
07:34:06.0126 4236  amdsata - ok
07:34:06.0157 4236  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
07:34:06.0157 4236  amdsbs - ok
07:34:06.0173 4236  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
07:34:06.0173 4236  amdxata - ok
07:34:07.0405 4236  [ F52603B708438E39FF38475807A01CBC ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
07:34:07.0421 4236  Amsp - ok
07:34:07.0483 4236  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
07:34:07.0483 4236  AppID - ok
07:34:07.0530 4236  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
07:34:07.0561 4236  AppIDSvc - ok
07:34:07.0593 4236  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
07:34:07.0624 4236  Appinfo - ok
07:34:07.0702 4236  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:34:07.0733 4236  Apple Mobile Device - ok
07:34:07.0780 4236  Application Updater - ok
07:34:07.0811 4236  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
07:34:07.0827 4236  arc - ok
07:34:07.0827 4236  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
07:34:07.0842 4236  arcsas - ok
07:34:07.0858 4236  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:34:07.0858 4236  AsyncMac - ok
07:34:07.0905 4236  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
07:34:07.0905 4236  atapi - ok
07:34:07.0967 4236  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:34:07.0998 4236  AudioEndpointBuilder - ok
07:34:08.0029 4236  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
07:34:08.0029 4236  Audiosrv - ok
07:34:08.0076 4236  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
07:34:08.0107 4236  AxInstSV - ok
07:34:08.0139 4236  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
07:34:08.0139 4236  b06bdrv - ok
07:34:08.0170 4236  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
07:34:08.0170 4236  b57nd60x - ok
07:34:08.0263 4236  [ DE6EE34EADDC1ADD4CAC6CF508FBAEA7 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
07:34:08.0295 4236  BCM43XX - ok
07:34:08.0357 4236  [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
07:34:08.0388 4236  BcmSqlStartupSvc - ok
07:34:08.0466 4236  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
07:34:08.0482 4236  BDESVC - ok
07:34:08.0529 4236  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:34:08.0529 4236  Beep - ok
07:34:08.0591 4236  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
07:34:08.0638 4236  BFE - ok
07:34:08.0685 4236  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
07:34:08.0685 4236  BITS - ok
07:34:08.0716 4236  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
07:34:08.0716 4236  blbdrive - ok
07:34:08.0809 4236  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:34:08.0856 4236  Bonjour Service - ok
07:34:08.0903 4236  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:34:08.0903 4236  bowser - ok
07:34:08.0919 4236  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:34:08.0919 4236  BrFiltLo - ok
07:34:08.0934 4236  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:34:08.0934 4236  BrFiltUp - ok
07:34:08.0981 4236  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
07:34:09.0012 4236  Browser - ok
07:34:09.0059 4236  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
07:34:09.0059 4236  Brserid - ok
07:34:09.0075 4236  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
07:34:09.0075 4236  BrSerWdm - ok
07:34:09.0090 4236  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
07:34:09.0090 4236  BrUsbMdm - ok
07:34:09.0106 4236  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
07:34:09.0106 4236  BrUsbSer - ok
07:34:09.0153 4236  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
07:34:09.0153 4236  BthEnum - ok
07:34:09.0184 4236  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
07:34:09.0184 4236  BTHMODEM - ok
07:34:09.0215 4236  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
07:34:09.0231 4236  BthPan - ok
07:34:09.0277 4236  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
07:34:09.0277 4236  BTHPORT - ok
07:34:09.0324 4236  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
07:34:09.0340 4236  bthserv - ok
07:34:09.0387 4236  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
07:34:09.0387 4236  BTHUSB - ok
07:34:09.0402 4236  [ 7E826BE3B3558208D5C9B00034E51BE5 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
07:34:09.0402 4236  btwaudio - ok
07:34:09.0418 4236  [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
07:34:09.0418 4236  btwavdt - ok
07:34:09.0496 4236  [ 45F36763576B8AE91E809337DC7CE4E6 ] btwdins         c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
07:34:09.0527 4236  btwdins - ok
07:34:09.0543 4236  [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
07:34:09.0543 4236  btwl2cap - ok
07:34:09.0543 4236  [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
07:34:09.0543 4236  btwrchid - ok
07:34:09.0589 4236  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:34:09.0589 4236  cdfs - ok
07:34:09.0605 4236  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
07:34:09.0621 4236  cdrom - ok
07:34:09.0667 4236  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
07:34:09.0683 4236  CertPropSvc - ok
07:34:09.0714 4236  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
07:34:09.0714 4236  circlass - ok
07:34:09.0745 4236  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
07:34:09.0745 4236  CLFS - ok
07:34:09.0855 4236  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:34:09.0886 4236  clr_optimization_v2.0.50727_32 - ok
07:34:10.0026 4236  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:34:10.0057 4236  clr_optimization_v4.0.30319_32 - ok
07:34:10.0073 4236  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
07:34:10.0073 4236  CmBatt - ok
07:34:10.0104 4236  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:34:10.0104 4236  cmdide - ok
07:34:10.0151 4236  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
07:34:10.0167 4236  CNG - ok
07:34:10.0198 4236  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
07:34:10.0198 4236  Compbatt - ok
07:34:10.0229 4236  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
07:34:10.0229 4236  CompositeBus - ok
07:34:10.0245 4236  COMSysApp - ok
07:34:10.0276 4236  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
07:34:10.0276 4236  crcdisk - ok
07:34:10.0307 4236  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:34:10.0338 4236  CryptSvc - ok
07:34:10.0385 4236  [ 0F538DF1673E5216F3BAACB6911D9D0F ] CtAudDrv        C:\Windows\system32\Drivers\CtAudDrv.sys
07:34:10.0385 4236  CtAudDrv - ok
07:34:10.0416 4236  [ 9A6CA307151505730DBFC91D97F01C7E ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
07:34:10.0416 4236  CtClsFlt - ok
07:34:10.0463 4236  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:34:10.0463 4236  DcomLaunch - ok
07:34:10.0479 4236  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
07:34:10.0525 4236  defragsvc - ok
07:34:10.0557 4236  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:34:10.0557 4236  DfsC - ok
07:34:10.0588 4236  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
07:34:10.0619 4236  Dhcp - ok
07:34:10.0635 4236  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
07:34:10.0635 4236  discache - ok
07:34:10.0681 4236  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
07:34:10.0681 4236  Disk - ok
07:34:10.0759 4236  [ 8A0A21C9E566959A31FEE2BB8629AE7B ] dleaCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\dleaserv.exe
07:34:10.0806 4236  dleaCATSCustConnectService - ok
07:34:10.0806 4236  dlea_device - ok
07:34:10.0837 4236  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:34:10.0869 4236  Dnscache - ok
07:34:10.0915 4236  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
07:34:10.0947 4236  dot3svc - ok
07:34:11.0056 4236  [ 0C23BF4CDDBECBACA8659A96C359E0DD ] DpHost          C:\Program Files\DigitalPersona\Bin\DpHostW.exe
07:34:11.0087 4236  DpHost - ok
07:34:11.0149 4236  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
07:34:11.0181 4236  DPS - ok
07:34:11.0227 4236  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
07:34:11.0227 4236  drmkaud - ok
07:34:11.0337 4236  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
07:34:11.0337 4236  DXGKrnl - ok
07:34:11.0383 4236  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
07:34:11.0415 4236  EapHost - ok
07:34:11.0602 4236  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
07:34:11.0617 4236  ebdrv - ok
07:34:11.0664 4236  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
07:34:11.0695 4236  EFS - ok
07:34:11.0773 4236  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
07:34:11.0836 4236  ehRecvr - ok
07:34:11.0867 4236  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
07:34:11.0914 4236  ehSched - ok
07:34:11.0961 4236  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
07:34:11.0961 4236  elxstor - ok
07:34:12.0023 4236  [ B92F2B3247F0A99490C1298A1D3D7B4C ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
07:34:12.0085 4236  EPSON_EB_RPCV4_04 - ok
07:34:12.0132 4236  [ 651336B99C75FB54E4B5971CF458F9BD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
07:34:12.0163 4236  EPSON_PM_RPCV4_04 - ok
07:34:12.0195 4236  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:34:12.0195 4236  ErrDev - ok
07:34:12.0241 4236  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
07:34:12.0241 4236  EventSystem - ok
07:34:12.0273 4236  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
07:34:12.0273 4236  exfat - ok
07:34:12.0304 4236  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
07:34:12.0304 4236  fastfat - ok
07:34:12.0335 4236  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
07:34:12.0413 4236  Fax - ok
07:34:12.0429 4236  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
07:34:12.0429 4236  fdc - ok
07:34:12.0444 4236  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
07:34:12.0475 4236  fdPHost - ok
07:34:12.0491 4236  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
07:34:12.0507 4236  FDResPub - ok
07:34:12.0522 4236  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:34:12.0522 4236  FileInfo - ok
07:34:12.0522 4236  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
07:34:12.0522 4236  Filetrace - ok
07:34:12.0538 4236  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
07:34:12.0538 4236  flpydisk - ok
07:34:12.0553 4236  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:34:12.0569 4236  FltMgr - ok
07:34:12.0616 4236  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
07:34:12.0725 4236  FontCache - ok
07:34:12.0772 4236  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:34:12.0787 4236  FontCache3.0.0.0 - ok
07:34:12.0803 4236  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
07:34:12.0803 4236  FsDepends - ok
07:34:12.0834 4236  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:34:12.0834 4236  Fs_Rec - ok
07:34:12.0881 4236  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
07:34:12.0897 4236  fvevol - ok
07:34:12.0912 4236  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
07:34:12.0912 4236  gagp30kx - ok
07:34:12.0959 4236  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:34:12.0959 4236  GEARAspiWDM - ok
07:34:13.0006 4236  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
07:34:13.0053 4236  gpsvc - ok
07:34:13.0146 4236  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
07:34:13.0177 4236  gupdate - ok
07:34:13.0224 4236  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
07:34:13.0224 4236  gupdatem - ok
07:34:13.0240 4236  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
07:34:13.0240 4236  hcw85cir - ok
07:34:13.0287 4236  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
07:34:13.0287 4236  HDAudBus - ok
07:34:13.0318 4236  [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
07:34:13.0318 4236  HECI - ok
07:34:13.0318 4236  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
07:34:13.0333 4236  HidBatt - ok
07:34:13.0349 4236  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
07:34:13.0349 4236  HidBth - ok
07:34:13.0365 4236  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
07:34:13.0380 4236  HidIr - ok
07:34:13.0411 4236  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
07:34:13.0427 4236  hidserv - ok
07:34:13.0474 4236  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
07:34:13.0474 4236  HidUsb - ok
07:34:13.0521 4236  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:34:13.0536 4236  hkmsvc - ok
07:34:13.0583 4236  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:34:13.0614 4236  HomeGroupListener - ok
07:34:13.0645 4236  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:34:13.0645 4236  HomeGroupProvider - ok
07:34:13.0661 4236  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
07:34:13.0661 4236  HpSAMD - ok
07:34:13.0708 4236  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:34:13.0723 4236  HTTP - ok
07:34:13.0755 4236  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
07:34:13.0755 4236  hwpolicy - ok
07:34:13.0801 4236  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
07:34:13.0801 4236  i8042prt - ok
07:34:13.0864 4236  [ EDF5ECC965FAAA533D35E02F47B9132E ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
07:34:13.0864 4236  iaStor - ok
07:34:13.0911 4236  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
07:34:13.0911 4236  iaStorV - ok
07:34:13.0973 4236  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
07:34:14.0113 4236  IDriverT - ok
07:34:14.0410 4236  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:34:14.0488 4236  idsvc - ok
07:34:14.0862 4236  [ 878E2BC48D3EA7140B75FBAB65CA1E01 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
07:34:14.0987 4236  igfx - ok
07:34:15.0034 4236  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
07:34:15.0034 4236  iirsp - ok
07:34:15.0081 4236  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
07:34:15.0127 4236  IKEEXT - ok
07:34:15.0143 4236  [ 2DB41BA61D5E44D0667CF126D35DCF34 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
07:34:15.0143 4236  Impcd - ok
07:34:15.0190 4236  [ 29061F25ABB6E60A5B49FBEED7A5698A ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
07:34:15.0205 4236  IntcDAud - ok
07:34:15.0237 4236  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
07:34:15.0237 4236  intelide - ok
07:34:15.0268 4236  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
07:34:15.0268 4236  intelppm - ok
07:34:15.0299 4236  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
07:34:15.0330 4236  IPBusEnum - ok
07:34:15.0346 4236  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:34:15.0346 4236  IpFilterDriver - ok
07:34:15.0393 4236  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
07:34:15.0424 4236  iphlpsvc - ok
07:34:15.0439 4236  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
07:34:15.0439 4236  IPMIDRV - ok
07:34:15.0455 4236  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
07:34:15.0455 4236  IPNAT - ok
07:34:15.0549 4236  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
07:34:15.0580 4236  iPod Service - ok
07:34:15.0627 4236  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:34:15.0627 4236  IRENUM - ok
07:34:15.0658 4236  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:34:15.0658 4236  isapnp - ok
07:34:15.0673 4236  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
07:34:15.0689 4236  iScsiPrt - ok
07:34:15.0720 4236  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
07:34:15.0720 4236  kbdclass - ok
07:34:15.0736 4236  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
07:34:15.0751 4236  kbdhid - ok
07:34:15.0767 4236  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
07:34:15.0767 4236  KeyIso - ok
07:34:15.0798 4236  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:34:15.0798 4236  KSecDD - ok
07:34:15.0814 4236  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
07:34:15.0814 4236  KSecPkg - ok
07:34:15.0892 4236  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
07:34:15.0954 4236  KtmRm - ok
07:34:15.0985 4236  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
07:34:16.0001 4236  LanmanServer - ok
07:34:16.0032 4236  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:34:16.0063 4236  LanmanWorkstation - ok
07:34:16.0110 4236  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:34:16.0110 4236  lltdio - ok
07:34:16.0157 4236  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
07:34:16.0188 4236  lltdsvc - ok
07:34:16.0204 4236  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
07:34:16.0219 4236  lmhosts - ok
07:34:16.0251 4236  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
07:34:16.0251 4236  LSI_FC - ok
07:34:16.0266 4236  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
07:34:16.0266 4236  LSI_SAS - ok
07:34:16.0282 4236  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:34:16.0282 4236  LSI_SAS2 - ok
07:34:16.0313 4236  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:34:16.0313 4236  LSI_SCSI - ok
07:34:16.0344 4236  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
07:34:16.0344 4236  luafv - ok
07:34:16.0375 4236  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
07:34:16.0375 4236  MBAMProtector - ok
07:34:16.0625 4236  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
07:34:16.0672 4236  MBAMScheduler - ok
07:34:16.0703 4236  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
07:34:16.0781 4236  MBAMService - ok
07:34:16.0812 4236  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
07:34:16.0843 4236  Mcx2Svc - ok
07:34:16.0859 4236  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
07:34:16.0875 4236  megasas - ok
07:34:16.0906 4236  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
07:34:16.0906 4236  MegaSR - ok
07:34:16.0921 4236  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
07:34:16.0937 4236  MMCSS - ok
07:34:16.0953 4236  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
07:34:16.0953 4236  Modem - ok
07:34:16.0984 4236  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
07:34:16.0984 4236  monitor - ok
07:34:17.0015 4236  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
07:34:17.0015 4236  mouclass - ok
07:34:17.0046 4236  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
07:34:17.0046 4236  mouhid - ok
07:34:17.0093 4236  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
07:34:17.0093 4236  mountmgr - ok
07:34:17.0171 4236  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:34:17.0202 4236  MozillaMaintenance - ok
07:34:17.0233 4236  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
07:34:17.0249 4236  mpio - ok
07:34:17.0265 4236  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:34:17.0265 4236  mpsdrv - ok
07:34:17.0296 4236  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
07:34:17.0358 4236  MpsSvc - ok
07:34:17.0389 4236  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:34:17.0389 4236  MRxDAV - ok
07:34:17.0436 4236  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:34:17.0436 4236  mrxsmb - ok
07:34:17.0499 4236  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:34:17.0499 4236  mrxsmb10 - ok
07:34:17.0514 4236  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:34:17.0514 4236  mrxsmb20 - ok
07:34:17.0561 4236  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
07:34:17.0561 4236  msahci - ok
07:34:17.0577 4236  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
07:34:17.0577 4236  msdsm - ok
07:34:17.0608 4236  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
07:34:17.0655 4236  MSDTC - ok
07:34:17.0670 4236  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:34:17.0686 4236  Msfs - ok
07:34:17.0686 4236  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
07:34:17.0686 4236  mshidkmdf - ok
07:34:17.0717 4236  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:34:17.0717 4236  msisadrv - ok
07:34:17.0733 4236  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
07:34:17.0764 4236  MSiSCSI - ok
07:34:17.0779 4236  msiserver - ok
07:34:17.0795 4236  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
07:34:17.0795 4236  MSKSSRV - ok
07:34:17.0811 4236  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:34:17.0811 4236  MSPCLOCK - ok
07:34:17.0811 4236  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
07:34:17.0826 4236  MSPQM - ok
07:34:17.0842 4236  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
07:34:17.0842 4236  MsRPC - ok
07:34:17.0873 4236  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
07:34:17.0873 4236  mssmbios - ok
07:34:17.0935 4236  MSSQL$MSSMLBIZ - ok
07:34:17.0982 4236  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
07:34:18.0013 4236  MSSQLServerADHelper - ok
07:34:18.0060 4236  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
07:34:18.0060 4236  MSTEE - ok
07:34:18.0076 4236  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
07:34:18.0076 4236  MTConfig - ok
07:34:18.0091 4236  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
07:34:18.0091 4236  Mup - ok
07:34:18.0154 4236  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
07:34:18.0185 4236  napagent - ok
07:34:18.0216 4236  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
07:34:18.0216 4236  NativeWifiP - ok
07:34:18.0263 4236  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:34:18.0263 4236  NDIS - ok
07:34:18.0279 4236  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
07:34:18.0279 4236  NdisCap - ok
07:34:18.0310 4236  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:34:18.0310 4236  NdisTapi - ok
07:34:18.0341 4236  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
07:34:18.0341 4236  Ndisuio - ok
07:34:18.0372 4236  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
07:34:18.0372 4236  NdisWan - ok
07:34:18.0388 4236  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
07:34:18.0403 4236  NDProxy - ok
07:34:18.0466 4236  [ 90EB97C8DBF11BB0016C51946AC5ECD6 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
07:34:18.0481 4236  Net Driver HPZ12 - ok
07:34:18.0497 4236  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
07:34:18.0497 4236  NetBIOS - ok
07:34:18.0528 4236  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
07:34:18.0528 4236  NetBT - ok
07:34:18.0544 4236  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
07:34:18.0544 4236  Netlogon - ok
07:34:18.0591 4236  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
07:34:18.0622 4236  Netman - ok
07:34:18.0653 4236  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
07:34:18.0700 4236  netprofm - ok
07:34:18.0715 4236  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:34:18.0731 4236  NetTcpPortSharing - ok
07:34:18.0762 4236  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
07:34:18.0762 4236  nfrd960 - ok
07:34:18.0793 4236  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:34:18.0825 4236  NlaSvc - ok
07:34:18.0840 4236  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:34:18.0856 4236  Npfs - ok
07:34:18.0856 4236  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
07:34:18.0887 4236  nsi - ok
07:34:18.0887 4236  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:34:18.0903 4236  nsiproxy - ok
07:34:18.0965 4236  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:34:18.0981 4236  Ntfs - ok
07:34:18.0996 4236  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
07:34:18.0996 4236  Null - ok
07:34:19.0059 4236  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:34:19.0059 4236  nvraid - ok
07:34:19.0074 4236  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:34:19.0074 4236  nvstor - ok
07:34:19.0105 4236  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:34:19.0105 4236  nv_agp - ok
07:34:19.0137 4236  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
07:34:19.0137 4236  ohci1394 - ok
07:34:19.0199 4236  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:34:19.0230 4236  ose - ok
07:34:19.0449 4236  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:34:19.0667 4236  osppsvc - ok
07:34:19.0698 4236  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
07:34:19.0729 4236  p2pimsvc - ok
07:34:19.0761 4236  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
07:34:19.0807 4236  p2psvc - ok
07:34:19.0823 4236  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
07:34:19.0823 4236  Parport - ok
07:34:19.0870 4236  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
07:34:19.0870 4236  partmgr - ok
07:34:19.0901 4236  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
07:34:19.0901 4236  Parvdm - ok
07:34:19.0917 4236  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:34:19.0948 4236  PcaSvc - ok
07:34:19.0979 4236  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
07:34:19.0979 4236  pci - ok
07:34:20.0026 4236  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
07:34:20.0026 4236  pciide - ok
07:34:20.0057 4236  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
07:34:20.0057 4236  pcmcia - ok
07:34:20.0073 4236  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
07:34:20.0088 4236  pcw - ok
07:34:20.0104 4236  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:34:20.0119 4236  PEAUTH - ok
07:34:20.0213 4236  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
07:34:20.0291 4236  pla - ok
07:34:20.0353 4236  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:34:20.0385 4236  PlugPlay - ok
07:34:20.0416 4236  [ F0EFAF6000E9FCBD77F769D527CE5F9D ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
07:34:20.0447 4236  Pml Driver HPZ12 - ok
07:34:20.0478 4236  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
07:34:20.0494 4236  PNRPAutoReg - ok
07:34:20.0525 4236  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
07:34:20.0541 4236  PNRPsvc - ok
07:34:20.0556 4236  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
07:34:20.0603 4236  PolicyAgent - ok
07:34:20.0634 4236  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
07:34:20.0665 4236  Power - ok
07:34:20.0697 4236  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:34:20.0712 4236  PptpMiniport - ok
07:34:20.0712 4236  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
07:34:20.0712 4236  Processor - ok
07:34:20.0743 4236  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
07:34:20.0790 4236  ProfSvc - ok
07:34:20.0806 4236  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:34:20.0806 4236  ProtectedStorage - ok
07:34:20.0821 4236  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
07:34:20.0837 4236  Psched - ok
07:34:20.0853 4236  [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
07:34:20.0853 4236  PxHelp20 - ok
07:34:20.0899 4236  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
07:34:20.0915 4236  ql2300 - ok
07:34:20.0931 4236  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
07:34:20.0931 4236  ql40xx - ok
07:34:21.0055 4236  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
07:34:21.0102 4236  QWAVE - ok
07:34:21.0118 4236  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:34:21.0118 4236  QWAVEdrv - ok
07:34:21.0133 4236  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:34:21.0133 4236  RasAcd - ok
07:34:21.0165 4236  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
07:34:21.0165 4236  RasAgileVpn - ok
07:34:21.0196 4236  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
07:34:21.0227 4236  RasAuto - ok
07:34:21.0243 4236  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
07:34:21.0243 4236  Rasl2tp - ok
07:34:21.0305 4236  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
07:34:21.0336 4236  RasMan - ok
07:34:21.0352 4236  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:34:21.0352 4236  RasPppoe - ok
07:34:21.0383 4236  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
07:34:21.0383 4236  RasSstp - ok
07:34:21.0399 4236  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
07:34:21.0399 4236  rdbss - ok
07:34:21.0430 4236  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
07:34:21.0430 4236  rdpbus - ok
07:34:21.0461 4236  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
07:34:21.0461 4236  RDPCDD - ok
07:34:21.0477 4236  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
07:34:21.0477 4236  RDPENCDD - ok
07:34:21.0492 4236  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
07:34:21.0492 4236  RDPREFMP - ok
07:34:21.0539 4236  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
07:34:21.0539 4236  RDPWD - ok
07:34:21.0555 4236  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
07:34:21.0555 4236  rdyboost - ok
07:34:21.0648 4236  [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
07:34:21.0664 4236  RealNetworks Downloader Resolver Service - ok
07:34:21.0711 4236  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:34:21.0742 4236  RemoteAccess - ok
07:34:21.0789 4236  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:34:21.0820 4236  RemoteRegistry - ok
07:34:21.0867 4236  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
07:34:21.0867 4236  RFCOMM - ok
07:34:21.0882 4236  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
07:34:21.0913 4236  RpcEptMapper - ok
07:34:21.0929 4236  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
07:34:21.0960 4236  RpcLocator - ok
07:34:21.0976 4236  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
07:34:21.0976 4236  RpcSs - ok
07:34:21.0991 4236  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:34:21.0991 4236  rspndr - ok
07:34:22.0023 4236  [ 31D45ECA63884FF5F7AECC50F7D1BAE0 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
07:34:22.0023 4236  RSUSBSTOR - ok
07:34:22.0069 4236  [ BCEBD5D1AABCE4EFB7597635E347C44B ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
07:34:22.0069 4236  RTL8167 - ok
07:34:22.0085 4236  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
07:34:22.0085 4236  SamSs - ok
07:34:22.0116 4236  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:34:22.0116 4236  sbp2port - ok
07:34:22.0147 4236  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:34:22.0179 4236  SCardSvr - ok
07:34:22.0210 4236  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
07:34:22.0210 4236  scfilter - ok
07:34:22.0319 4236  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
07:34:22.0366 4236  Schedule - ok
07:34:22.0381 4236  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
07:34:22.0381 4236  SCPolicySvc - ok
07:34:22.0475 4236  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:34:22.0522 4236  SDRSVC - ok
07:34:22.0537 4236  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:34:22.0537 4236  secdrv - ok
07:34:22.0553 4236  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
07:34:22.0569 4236  seclogon - ok
07:34:22.0569 4236  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
07:34:22.0584 4236  SENS - ok
07:34:22.0615 4236  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
07:34:22.0631 4236  SensrSvc - ok
07:34:22.0647 4236  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
07:34:22.0647 4236  Serenum - ok
07:34:22.0647 4236  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
07:34:22.0647 4236  Serial - ok
07:34:22.0693 4236  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
07:34:22.0693 4236  sermouse - ok
07:34:22.0740 4236  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
07:34:22.0771 4236  SessionEnv - ok
07:34:22.0803 4236  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
07:34:22.0803 4236  sffdisk - ok
07:34:22.0818 4236  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
07:34:22.0818 4236  sffp_mmc - ok
07:34:22.0834 4236  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
07:34:22.0834 4236  sffp_sd - ok
07:34:22.0834 4236  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
07:34:22.0834 4236  sfloppy - ok
07:34:22.0881 4236  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:34:22.0912 4236  SharedAccess - ok
07:34:22.0974 4236  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:34:23.0021 4236  ShellHWDetection - ok
07:34:23.0068 4236  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
07:34:23.0068 4236  sisagp - ok
07:34:23.0083 4236  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:34:23.0083 4236  SiSRaid2 - ok
07:34:23.0083 4236  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
07:34:23.0083 4236  SiSRaid4 - ok
07:34:23.0115 4236  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
07:34:23.0115 4236  Smb - ok
07:34:23.0161 4236  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:34:23.0177 4236  SNMPTRAP - ok
07:34:23.0193 4236  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
07:34:23.0193 4236  spldr - ok
07:34:23.0239 4236  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
07:34:23.0286 4236  Spooler - ok
07:34:23.0458 4236  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
07:34:23.0505 4236  sppsvc - ok
07:34:23.0551 4236  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
07:34:23.0598 4236  sppuinotify - ok
07:34:23.0629 4236  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
07:34:23.0661 4236  SQLBrowser - ok
07:34:23.0723 4236  [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
07:34:23.0754 4236  SQLWriter - ok
07:34:23.0785 4236  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
07:34:23.0785 4236  srv - ok
07:34:23.0801 4236  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:34:23.0817 4236  srv2 - ok
07:34:23.0832 4236  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:34:23.0832 4236  srvnet - ok
07:34:23.0910 4236  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
07:34:23.0941 4236  SSDPSRV - ok
07:34:23.0957 4236  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
07:34:23.0973 4236  SstpSvc - ok
07:34:24.0082 4236  [ 02AC634138C33F6CD90D4ADDAC4B0E5A ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\STacSV.exe
07:34:24.0222 4236  STacSV - ok
07:34:24.0285 4236  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
07:34:24.0285 4236  stexstor - ok
07:34:24.0331 4236  [ E287C7F8A58F484135940E19767A6ECA ] STHDA           C:\Windows\system32\DRIVERS\stwrt.sys
07:34:24.0347 4236  STHDA - ok
07:34:24.0394 4236  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
07:34:24.0394 4236  StillCam - ok
07:34:24.0441 4236  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
07:34:24.0472 4236  StiSvc - ok
07:34:24.0550 4236  [ E476C66713C842F58E61A95826ED1D57 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
07:34:24.0581 4236  stllssvr - ok
07:34:24.0597 4236  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
07:34:24.0612 4236  swenum - ok
07:34:24.0690 4236  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
07:34:24.0753 4236  swprv - ok
07:34:24.0784 4236  [ D776EB85A20696D9D43129CCF6E703E2 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
07:34:24.0799 4236  SynTP - ok
07:34:24.0909 4236  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
07:34:24.0940 4236  SysMain - ok
07:34:24.0987 4236  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:34:25.0018 4236  TabletInputService - ok
07:34:25.0049 4236  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
07:34:25.0096 4236  TapiSrv - ok
07:34:25.0158 4236  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
07:34:25.0205 4236  TBS - ok
07:34:25.0283 4236  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
07:34:25.0283 4236  Tcpip - ok
07:34:25.0361 4236  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
07:34:25.0377 4236  TCPIP6 - ok
07:34:25.0408 4236  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:34:25.0408 4236  tcpipreg - ok
07:34:25.0455 4236  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
07:34:25.0455 4236  TDPIPE - ok
07:34:25.0486 4236  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
07:34:25.0486 4236  TDTCP - ok
07:34:25.0517 4236  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
07:34:25.0517 4236  tdx - ok
07:34:25.0595 4236  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
07:34:25.0595 4236  TermDD - ok
07:34:25.0642 4236  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
07:34:25.0689 4236  TermService - ok
07:34:25.0720 4236  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
07:34:25.0735 4236  Themes - ok
07:34:25.0782 4236  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
07:34:25.0782 4236  THREADORDER - ok
07:34:25.0845 4236  [ D0B08F941C0B06846533C6A38DD09B22 ] tmactmon        C:\Windows\system32\DRIVERS\tmactmon.sys
07:34:25.0845 4236  tmactmon - ok
07:34:25.0891 4236  [ 0C9ACEF23B537D6E8B1373C98D066B1C ] tmcomm          C:\Windows\system32\DRIVERS\tmcomm.sys
07:34:25.0907 4236  tmcomm - ok
07:34:25.0938 4236  [ 21992E703051934DCFA6D1477B12FC41 ] TMEBC           C:\Windows\system32\DRIVERS\TMEBC32.sys
07:34:25.0954 4236  TMEBC - ok
07:34:25.0969 4236  [ 63828FBD740F178DE2E2D42C3136FDEE ] tmevtmgr        C:\Windows\system32\DRIVERS\tmevtmgr.sys
07:34:25.0969 4236  tmevtmgr - ok
07:34:26.0001 4236  [ 43C1B7C778B296D492AF6D2ABB2ECF7F ] tmtdi           C:\Windows\system32\DRIVERS\tmtdi.sys
07:34:26.0001 4236  tmtdi - ok
07:34:26.0032 4236  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
07:34:26.0047 4236  TrkWks - ok
07:34:26.0110 4236  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:34:26.0125 4236  TrustedInstaller - ok
07:34:26.0157 4236  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
07:34:26.0157 4236  tssecsrv - ok
07:34:26.0219 4236  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
07:34:26.0219 4236  TsUsbFlt - ok
07:34:26.0266 4236  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:34:26.0281 4236  tunnel - ok
07:34:26.0313 4236  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
07:34:26.0313 4236  uagp35 - ok
07:34:26.0375 4236  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:34:26.0375 4236  udfs - ok
07:34:26.0469 4236  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
07:34:26.0500 4236  UI0Detect - ok
07:34:26.0531 4236  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:34:26.0531 4236  uliagpkx - ok
07:34:26.0578 4236  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
07:34:26.0578 4236  umbus - ok
07:34:26.0593 4236  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
07:34:26.0609 4236  UmPass - ok
07:34:26.0640 4236  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
07:34:26.0671 4236  upnphost - ok
07:34:26.0718 4236  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
07:34:26.0718 4236  USBAAPL - ok
07:34:26.0734 4236  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
07:34:26.0734 4236  usbccgp - ok
07:34:26.0781 4236  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
07:34:26.0781 4236  usbcir - ok
07:34:26.0796 4236  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
07:34:26.0812 4236  usbehci - ok
07:34:26.0843 4236  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
07:34:26.0843 4236  usbhub - ok
07:34:26.0874 4236  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
07:34:26.0874 4236  usbohci - ok
07:34:26.0905 4236  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
07:34:26.0905 4236  usbprint - ok
07:34:26.0937 4236  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
07:34:26.0937 4236  usbscan - ok
07:34:26.0952 4236  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:34:26.0952 4236  USBSTOR - ok
07:34:26.0983 4236  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
07:34:26.0983 4236  usbuhci - ok
07:34:26.0999 4236  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
07:34:26.0999 4236  usbvideo - ok
07:34:27.0030 4236  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
07:34:27.0046 4236  UxSms - ok
07:34:27.0077 4236  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
07:34:27.0077 4236  VaultSvc - ok
07:34:27.0249 4236  [ FCF1A2BDDCDF9F317B9650800E61C397 ] vcsFPService    C:\Windows\system32\vcsFPService.exe
07:34:27.0280 4236  vcsFPService - ok
07:34:27.0311 4236  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
07:34:27.0311 4236  vdrvroot - ok
07:34:27.0373 4236  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
07:34:27.0420 4236  vds - ok
07:34:27.0545 4236  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
07:34:27.0545 4236  vga - ok
07:34:27.0576 4236  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
07:34:27.0592 4236  VgaSave - ok
07:34:27.0623 4236  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
07:34:27.0623 4236  vhdmp - ok
07:34:27.0654 4236  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
07:34:27.0654 4236  viaagp - ok
07:34:27.0670 4236  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
07:34:27.0685 4236  ViaC7 - ok
07:34:27.0701 4236  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
07:34:27.0701 4236  viaide - ok
07:34:27.0717 4236  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:34:27.0732 4236  volmgr - ok
07:34:27.0748 4236  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
07:34:27.0748 4236  volmgrx - ok
07:34:27.0795 4236  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
07:34:27.0795 4236  volsnap - ok
07:34:27.0841 4236  [ 5EA22CB6B100212837A97F281EDB3C47 ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
07:34:27.0888 4236  vpnagent - ok
07:34:27.0919 4236  [ E1F2333A88EC4A5C8EA6BE357323B72D ] vpnva           C:\Windows\system32\DRIVERS\vpnva.sys
07:34:27.0919 4236  vpnva - ok
07:34:27.0951 4236  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
07:34:27.0951 4236  vsmraid - ok
07:34:28.0044 4236  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
07:34:28.0153 4236  VSS - ok
07:34:28.0169 4236  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
07:34:28.0169 4236  vwifibus - ok
07:34:28.0200 4236  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
07:34:28.0200 4236  vwififlt - ok
07:34:28.0231 4236  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
07:34:28.0231 4236  vwifimp - ok
07:34:28.0278 4236  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
07:34:28.0309 4236  W32Time - ok
07:34:28.0356 4236  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
07:34:28.0356 4236  WacomPen - ok
07:34:28.0387 4236  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
07:34:28.0387 4236  WANARP - ok
07:34:28.0387 4236  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:34:28.0403 4236  Wanarpv6 - ok
07:34:28.0543 4236  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
07:34:28.0621 4236  wbengine - ok
07:34:28.0668 4236  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
07:34:28.0684 4236  WbioSrvc - ok
07:34:28.0715 4236  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
07:34:28.0762 4236  wcncsvc - ok
07:34:28.0793 4236  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:34:28.0824 4236  WcsPlugInService - ok
07:34:28.0840 4236  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
07:34:28.0840 4236  Wd - ok
07:34:28.0902 4236  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:34:28.0918 4236  Wdf01000 - ok
07:34:28.0933 4236  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:34:28.0965 4236  WdiServiceHost - ok
07:34:28.0965 4236  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
07:34:28.0980 4236  WdiSystemHost - ok
07:34:29.0058 4236  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
07:34:29.0136 4236  WebClient - ok
07:34:29.0152 4236  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:34:29.0183 4236  Wecsvc - ok
07:34:29.0183 4236  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
07:34:29.0199 4236  wercplsupport - ok
07:34:29.0199 4236  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:34:29.0214 4236  WerSvc - ok
07:34:29.0245 4236  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
07:34:29.0261 4236  WfpLwf - ok
07:34:29.0355 4236  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
07:34:29.0355 4236  WIMMount - ok
07:34:29.0433 4236  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
07:34:29.0511 4236  WinDefend - ok
07:34:29.0511 4236  WinHttpAutoProxySvc - ok
07:34:29.0573 4236  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
07:34:29.0589 4236  Winmgmt - ok
07:34:29.0651 4236  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
07:34:29.0838 4236  WinRM - ok
07:34:29.0916 4236  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
07:34:29.0932 4236  WinUSB - ok
07:34:29.0963 4236  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
07:34:30.0010 4236  Wlansvc - ok
07:34:30.0041 4236  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
07:34:30.0041 4236  WmiAcpi - ok
07:34:30.0088 4236  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:34:30.0135 4236  wmiApSrv - ok
07:34:30.0197 4236  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
07:34:30.0244 4236  WMPNetworkSvc - ok
07:34:30.0306 4236  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:34:30.0322 4236  WPCSvc - ok
07:34:30.0353 4236  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:34:30.0369 4236  WPDBusEnum - ok
07:34:30.0384 4236  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
07:34:30.0384 4236  ws2ifsl - ok
07:34:30.0400 4236  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
07:34:30.0415 4236  wscsvc - ok
07:34:30.0415 4236  WSearch - ok
07:34:30.0493 4236  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
07:34:30.0525 4236  wuauserv - ok
07:34:30.0571 4236  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
07:34:30.0571 4236  WudfPf - ok
07:34:30.0618 4236  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
07:34:30.0618 4236  WUDFRd - ok
07:34:30.0634 4236  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
07:34:30.0665 4236  wudfsvc - ok
07:34:30.0681 4236  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
07:34:30.0696 4236  WwanSvc - ok
07:34:30.0743 4236  ================ Scan global ===============================
07:34:30.0759 4236  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
07:34:30.0852 4236  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
07:34:30.0961 4236  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
07:34:31.0008 4236  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
07:34:31.0055 4236  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
07:34:31.0117 4236  [Global] - ok
07:34:31.0117 4236  ================ Scan MBR ==================================
07:34:31.0164 4236  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
07:34:32.0615 4236  \Device\Harddisk0\DR0 - ok
07:34:32.0615 4236  ================ Scan VBR ==================================
07:34:32.0646 4236  [ EA83281303B01CB2A447C64D6AE10A02 ] \Device\Harddisk0\DR0\Partition1
07:34:32.0646 4236  \Device\Harddisk0\DR0\Partition1 - ok
07:34:32.0662 4236  [ 24054C406272F53F6826F9C7F2B00BCA ] \Device\Harddisk0\DR0\Partition2
07:34:32.0677 4236  \Device\Harddisk0\DR0\Partition2 - ok
07:34:32.0677 4236  ============================================================
07:34:32.0677 4236  Scan finished
07:34:32.0677 4236  ============================================================
07:34:32.0693 4840  Detected object count: 0
07:34:32.0693 4840  Actual detected object count: 0

cosinus · 12.03.2013, 16:53

Zitat:

07:34:04.0005 4236 Scan started
07:34:04.0005 4236 Mode: Manual;

Bitte die Anleitungen richtig lesen und auch richtig umesetzen - du hast den TDSS-Killer falsch eingestellt

Chisar · 12.03.2013, 17:02

oh man...also ein zweites Mal mit richtiger Voreinstellung (hoffentlich) TDSSKiller:

Code:

ATTFilter

16:59:03.0319 1132  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:59:03.0678 1132  ============================================================
16:59:03.0678 1132  Current date / time: 2013/03/12 16:59:03.0678
16:59:03.0678 1132  SystemInfo:
16:59:03.0678 1132  
16:59:03.0678 1132  OS Version: 6.1.7601 ServicePack: 1.0
16:59:03.0678 1132  Product type: Workstation
16:59:03.0678 1132  ComputerName: SARAH-PC
16:59:03.0678 1132  UserName: Sarah
16:59:03.0678 1132  Windows directory: C:\Windows
16:59:03.0678 1132  System windows directory: C:\Windows
16:59:03.0678 1132  Processor architecture: Intel x86
16:59:03.0678 1132  Number of processors: 4
16:59:03.0678 1132  Page size: 0x1000
16:59:03.0678 1132  Boot type: Normal boot
16:59:03.0678 1132  ============================================================
16:59:04.0770 1132  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:59:04.0770 1132  ============================================================
16:59:04.0770 1132  \Device\Harddisk0\DR0:
16:59:04.0770 1132  MBR partitions:
16:59:04.0770 1132  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
16:59:04.0770 1132  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
16:59:04.0770 1132  ============================================================
16:59:04.0786 1132  C: <-> \Device\Harddisk0\DR0\Partition2
16:59:04.0786 1132  ============================================================
16:59:04.0786 1132  Initialize success
16:59:04.0786 1132  ============================================================
16:59:38.0326 2920  ============================================================
16:59:38.0326 2920  Scan started
16:59:38.0326 2920  Mode: Manual; SigCheck; TDLFS; 
16:59:38.0326 2920  ============================================================
16:59:40.0370 2920  ================ Scan system memory ========================
16:59:40.0370 2920  System memory - ok
16:59:40.0370 2920  ================ Scan services =============================
16:59:40.0588 2920  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:59:40.0791 2920  1394ohci - ok
16:59:40.0822 2920  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:59:40.0838 2920  ACPI - ok
16:59:40.0869 2920  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:59:41.0009 2920  AcpiPmi - ok
16:59:41.0165 2920  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:59:41.0228 2920  AdobeARMservice - ok
16:59:41.0321 2920  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:59:41.0384 2920  AdobeFlashPlayerUpdateSvc - ok
16:59:41.0446 2920  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:59:41.0524 2920  adp94xx - ok
16:59:41.0571 2920  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:59:41.0649 2920  adpahci - ok
16:59:41.0680 2920  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:59:41.0711 2920  adpu320 - ok
16:59:41.0742 2920  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:59:41.0898 2920  AeLookupSvc - ok
16:59:42.0086 2920  [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\aestsrv.exe
16:59:42.0164 2920  AESTFilters - ok
16:59:42.0242 2920  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
16:59:42.0335 2920  AFD - ok
16:59:42.0382 2920  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
16:59:42.0444 2920  agp440 - ok
16:59:42.0507 2920  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
16:59:42.0569 2920  aic78xx - ok
16:59:42.0632 2920  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
16:59:42.0725 2920  ALG - ok
16:59:42.0772 2920  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:59:42.0850 2920  aliide - ok
16:59:42.0881 2920  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:59:42.0928 2920  amdagp - ok
16:59:42.0944 2920  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:59:42.0975 2920  amdide - ok
16:59:43.0022 2920  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:59:43.0131 2920  AmdK8 - ok
16:59:43.0146 2920  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:59:43.0224 2920  AmdPPM - ok
16:59:43.0256 2920  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:59:43.0334 2920  amdsata - ok
16:59:43.0349 2920  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:59:43.0443 2920  amdsbs - ok
16:59:43.0474 2920  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:59:43.0490 2920  amdxata - ok
16:59:44.0238 2920  [ F52603B708438E39FF38475807A01CBC ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
16:59:44.0285 2920  Amsp - ok
16:59:44.0348 2920  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
16:59:44.0488 2920  AppID - ok
16:59:44.0535 2920  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:59:44.0660 2920  AppIDSvc - ok
16:59:44.0722 2920  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
16:59:44.0769 2920  Appinfo - ok
16:59:44.0925 2920  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:59:44.0956 2920  Apple Mobile Device - ok
16:59:44.0987 2920  Application Updater - ok
16:59:45.0034 2920  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:59:45.0096 2920  arc - ok
16:59:45.0128 2920  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:59:45.0190 2920  arcsas - ok
16:59:45.0206 2920  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:59:45.0346 2920  AsyncMac - ok
16:59:45.0424 2920  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
16:59:45.0502 2920  atapi - ok
16:59:45.0564 2920  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:59:45.0705 2920  AudioEndpointBuilder - ok
16:59:45.0720 2920  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:59:45.0752 2920  Audiosrv - ok
16:59:45.0814 2920  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:59:45.0908 2920  AxInstSV - ok
16:59:45.0939 2920  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
16:59:46.0048 2920  b06bdrv - ok
16:59:46.0110 2920  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
16:59:46.0204 2920  b57nd60x - ok
16:59:46.0298 2920  [ DE6EE34EADDC1ADD4CAC6CF508FBAEA7 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
16:59:46.0376 2920  BCM43XX - ok
16:59:46.0454 2920  [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
16:59:46.0500 2920  BcmSqlStartupSvc - ok
16:59:46.0547 2920  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:59:46.0688 2920  BDESVC - ok
16:59:46.0719 2920  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:59:46.0797 2920  Beep - ok
16:59:46.0844 2920  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
16:59:46.0953 2920  BFE - ok
16:59:47.0031 2920  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
16:59:47.0109 2920  BITS - ok
16:59:47.0156 2920  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:59:47.0249 2920  blbdrive - ok
16:59:47.0405 2920  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:59:47.0452 2920  Bonjour Service - ok
16:59:47.0499 2920  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:59:47.0608 2920  bowser - ok
16:59:47.0655 2920  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:59:47.0748 2920  BrFiltLo - ok
16:59:47.0764 2920  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:59:47.0858 2920  BrFiltUp - ok
16:59:47.0889 2920  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
16:59:47.0982 2920  Browser - ok
16:59:47.0998 2920  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:59:48.0154 2920  Brserid - ok
16:59:48.0185 2920  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:59:48.0248 2920  BrSerWdm - ok
16:59:48.0294 2920  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:59:48.0372 2920  BrUsbMdm - ok
16:59:48.0404 2920  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:59:48.0482 2920  BrUsbSer - ok
16:59:48.0528 2920  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
16:59:48.0669 2920  BthEnum - ok
16:59:48.0700 2920  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:59:48.0809 2920  BTHMODEM - ok
16:59:48.0856 2920  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:59:48.0918 2920  BthPan - ok
16:59:49.0012 2920  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
16:59:49.0152 2920  BTHPORT - ok
16:59:49.0184 2920  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
16:59:49.0262 2920  bthserv - ok
16:59:49.0293 2920  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
16:59:49.0355 2920  BTHUSB - ok
16:59:49.0386 2920  [ 7E826BE3B3558208D5C9B00034E51BE5 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
16:59:49.0449 2920  btwaudio - ok
16:59:49.0496 2920  [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
16:59:49.0542 2920  btwavdt - ok
16:59:49.0636 2920  [ 45F36763576B8AE91E809337DC7CE4E6 ] btwdins         c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:59:49.0683 2920  btwdins - ok
16:59:49.0714 2920  [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
16:59:49.0761 2920  btwl2cap - ok
16:59:49.0776 2920  [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
16:59:49.0808 2920  btwrchid - ok
16:59:49.0839 2920  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:59:49.0932 2920  cdfs - ok
16:59:49.0979 2920  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
16:59:50.0042 2920  cdrom - ok
16:59:50.0120 2920  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:59:50.0229 2920  CertPropSvc - ok
16:59:50.0244 2920  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:59:50.0307 2920  circlass - ok
16:59:50.0338 2920  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
16:59:50.0354 2920  CLFS - ok
16:59:50.0432 2920  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:59:50.0510 2920  clr_optimization_v2.0.50727_32 - ok
16:59:50.0603 2920  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:59:50.0650 2920  clr_optimization_v4.0.30319_32 - ok
16:59:50.0697 2920  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:59:50.0728 2920  CmBatt - ok
16:59:50.0744 2920  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:59:50.0790 2920  cmdide - ok
16:59:50.0822 2920  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
16:59:50.0884 2920  CNG - ok
16:59:50.0931 2920  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:59:50.0993 2920  Compbatt - ok
16:59:51.0040 2920  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:59:51.0118 2920  CompositeBus - ok
16:59:51.0134 2920  COMSysApp - ok
16:59:51.0149 2920  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:59:51.0212 2920  crcdisk - ok
16:59:51.0274 2920  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:59:51.0352 2920  CryptSvc - ok
16:59:51.0399 2920  [ 0F538DF1673E5216F3BAACB6911D9D0F ] CtAudDrv        C:\Windows\system32\Drivers\CtAudDrv.sys
16:59:51.0508 2920  CtAudDrv - ok
16:59:51.0555 2920  [ 9A6CA307151505730DBFC91D97F01C7E ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
16:59:51.0648 2920  CtClsFlt - ok
16:59:51.0726 2920  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:59:51.0789 2920  DcomLaunch - ok
16:59:51.0804 2920  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:59:51.0867 2920  defragsvc - ok
16:59:51.0929 2920  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:59:52.0007 2920  DfsC - ok
16:59:52.0101 2920  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:59:52.0241 2920  Dhcp - ok
16:59:52.0272 2920  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
16:59:52.0335 2920  discache - ok
16:59:52.0366 2920  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:59:52.0428 2920  Disk - ok
16:59:52.0538 2920  [ 8A0A21C9E566959A31FEE2BB8629AE7B ] dleaCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\dleaserv.exe
16:59:52.0600 2920  dleaCATSCustConnectService - ok
16:59:52.0631 2920  dlea_device - ok
16:59:52.0662 2920  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:59:52.0803 2920  Dnscache - ok
16:59:52.0881 2920  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:59:52.0943 2920  dot3svc - ok
16:59:53.0052 2920  [ 0C23BF4CDDBECBACA8659A96C359E0DD ] DpHost          C:\Program Files\DigitalPersona\Bin\DpHostW.exe
16:59:53.0099 2920  DpHost ( UnsignedFile.Multi.Generic ) - warning
16:59:53.0099 2920  DpHost - detected UnsignedFile.Multi.Generic (1)
16:59:53.0146 2920  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
16:59:53.0286 2920  DPS - ok
16:59:53.0318 2920  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:59:53.0349 2920  drmkaud - ok
16:59:53.0396 2920  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:59:53.0505 2920  DXGKrnl - ok
16:59:53.0552 2920  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
16:59:53.0676 2920  EapHost - ok
16:59:54.0051 2920  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
16:59:54.0238 2920  ebdrv - ok
16:59:54.0285 2920  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
16:59:54.0332 2920  EFS - ok
16:59:54.0503 2920  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:59:54.0690 2920  ehRecvr - ok
16:59:54.0722 2920  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
16:59:54.0893 2920  ehSched - ok
16:59:54.0956 2920  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:59:55.0080 2920  elxstor - ok
16:59:55.0190 2920  [ B92F2B3247F0A99490C1298A1D3D7B4C ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
16:59:55.0252 2920  EPSON_EB_RPCV4_04 - ok
16:59:55.0346 2920  [ 651336B99C75FB54E4B5971CF458F9BD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
16:59:55.0408 2920  EPSON_PM_RPCV4_04 - ok
16:59:55.0439 2920  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:59:55.0517 2920  ErrDev - ok
16:59:55.0580 2920  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
16:59:55.0658 2920  EventSystem - ok
16:59:55.0689 2920  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
16:59:55.0814 2920  exfat - ok
16:59:55.0845 2920  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:59:55.0954 2920  fastfat - ok
16:59:56.0016 2920  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
16:59:56.0094 2920  Fax - ok
16:59:56.0141 2920  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:59:56.0219 2920  fdc - ok
16:59:56.0250 2920  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
16:59:56.0313 2920  fdPHost - ok
16:59:56.0344 2920  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
16:59:56.0406 2920  FDResPub - ok
16:59:56.0438 2920  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:59:56.0516 2920  FileInfo - ok
16:59:56.0531 2920  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:59:56.0594 2920  Filetrace - ok
16:59:56.0640 2920  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:59:56.0718 2920  flpydisk - ok
16:59:56.0750 2920  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:59:56.0812 2920  FltMgr - ok
16:59:56.0890 2920  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
16:59:56.0999 2920  FontCache - ok
16:59:57.0062 2920  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:59:57.0093 2920  FontCache3.0.0.0 - ok
16:59:57.0108 2920  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:59:57.0171 2920  FsDepends - ok
16:59:57.0202 2920  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:59:57.0218 2920  Fs_Rec - ok
16:59:57.0280 2920  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:59:57.0296 2920  fvevol - ok
16:59:57.0327 2920  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:59:57.0374 2920  gagp30kx - ok
16:59:57.0420 2920  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:59:57.0483 2920  GEARAspiWDM - ok
16:59:57.0576 2920  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:59:57.0717 2920  gpsvc - ok
16:59:57.0842 2920  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
16:59:57.0904 2920  gupdate - ok
16:59:57.0935 2920  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
16:59:57.0935 2920  gupdatem - ok
16:59:57.0998 2920  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:59:58.0107 2920  hcw85cir - ok
16:59:58.0169 2920  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:59:58.0200 2920  HDAudBus - ok
16:59:58.0232 2920  [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
16:59:58.0356 2920  HECI - ok
16:59:58.0388 2920  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:59:58.0434 2920  HidBatt - ok
16:59:58.0450 2920  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:59:58.0528 2920  HidBth - ok
16:59:58.0544 2920  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:59:58.0622 2920  HidIr - ok
16:59:58.0653 2920  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
16:59:58.0778 2920  hidserv - ok
16:59:58.0824 2920  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:59:58.0871 2920  HidUsb - ok
16:59:58.0902 2920  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:59:58.0996 2920  hkmsvc - ok
16:59:59.0043 2920  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:59:59.0199 2920  HomeGroupListener - ok
16:59:59.0230 2920  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:59:59.0277 2920  HomeGroupProvider - ok
16:59:59.0308 2920  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:59:59.0386 2920  HpSAMD - ok
16:59:59.0433 2920  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:59:59.0480 2920  HTTP - ok
16:59:59.0511 2920  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:59:59.0526 2920  hwpolicy - ok
16:59:59.0558 2920  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:59:59.0667 2920  i8042prt - ok
16:59:59.0698 2920  [ EDF5ECC965FAAA533D35E02F47B9132E ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
16:59:59.0729 2920  iaStor - ok
16:59:59.0760 2920  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:59:59.0838 2920  iaStorV - ok
16:59:59.0916 2920  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:00:00.0072 2920  IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:00:00.0072 2920  IDriverT - detected UnsignedFile.Multi.Generic (1)
17:00:00.0213 2920  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:00:00.0369 2920  idsvc - ok
17:00:00.0634 2920  [ 878E2BC48D3EA7140B75FBAB65CA1E01 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
17:00:01.0055 2920  igfx - ok
17:00:01.0102 2920  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:00:01.0149 2920  iirsp - ok
17:00:01.0227 2920  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:00:01.0320 2920  IKEEXT - ok
17:00:01.0336 2920  [ 2DB41BA61D5E44D0667CF126D35DCF34 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
17:00:01.0430 2920  Impcd - ok
17:00:01.0461 2920  [ 29061F25ABB6E60A5B49FBEED7A5698A ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
17:00:01.0539 2920  IntcDAud - ok
17:00:01.0570 2920  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:00:01.0617 2920  intelide - ok
17:00:01.0664 2920  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:00:01.0710 2920  intelppm - ok
17:00:01.0742 2920  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:00:01.0835 2920  IPBusEnum - ok
17:00:01.0851 2920  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:00:01.0929 2920  IpFilterDriver - ok
17:00:01.0976 2920  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:00:02.0085 2920  iphlpsvc - ok
17:00:02.0116 2920  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:00:02.0178 2920  IPMIDRV - ok
17:00:02.0210 2920  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:00:02.0334 2920  IPNAT - ok
17:00:02.0459 2920  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:00:02.0522 2920  iPod Service - ok
17:00:02.0553 2920  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:00:02.0584 2920  IRENUM - ok
17:00:02.0646 2920  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:00:02.0693 2920  isapnp - ok
17:00:02.0709 2920  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:00:02.0802 2920  iScsiPrt - ok
17:00:02.0849 2920  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:00:02.0880 2920  kbdclass - ok
17:00:02.0896 2920  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:00:02.0990 2920  kbdhid - ok
17:00:03.0005 2920  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
17:00:03.0021 2920  KeyIso - ok
17:00:03.0052 2920  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:00:03.0130 2920  KSecDD - ok
17:00:03.0146 2920  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:00:03.0224 2920  KSecPkg - ok
17:00:03.0270 2920  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:00:03.0395 2920  KtmRm - ok
17:00:03.0411 2920  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:00:03.0473 2920  LanmanServer - ok
17:00:03.0504 2920  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:00:03.0582 2920  LanmanWorkstation - ok
17:00:03.0629 2920  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:00:03.0738 2920  lltdio - ok
17:00:03.0785 2920  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:00:03.0863 2920  lltdsvc - ok
17:00:03.0894 2920  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:00:04.0004 2920  lmhosts - ok
17:00:04.0035 2920  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:00:04.0082 2920  LSI_FC - ok
17:00:04.0113 2920  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:00:04.0160 2920  LSI_SAS - ok
17:00:04.0175 2920  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:00:04.0206 2920  LSI_SAS2 - ok
17:00:04.0238 2920  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:00:04.0284 2920  LSI_SCSI - ok
17:00:04.0300 2920  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
17:00:04.0378 2920  luafv - ok
17:00:04.0425 2920  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:00:04.0440 2920  MBAMProtector - ok
17:00:04.0487 2920  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:00:04.0565 2920  MBAMScheduler - ok
17:00:04.0612 2920  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:00:04.0690 2920  MBAMService - ok
17:00:04.0737 2920  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:00:04.0784 2920  Mcx2Svc - ok
17:00:04.0799 2920  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:00:04.0846 2920  megasas - ok
17:00:04.0893 2920  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:00:04.0971 2920  MegaSR - ok
17:00:05.0002 2920  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
17:00:05.0111 2920  MMCSS - ok
17:00:05.0127 2920  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
17:00:05.0205 2920  Modem - ok
17:00:05.0220 2920  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:00:05.0252 2920  monitor - ok
17:00:05.0283 2920  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:00:05.0330 2920  mouclass - ok
17:00:05.0361 2920  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:00:05.0392 2920  mouhid - ok
17:00:05.0423 2920  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:00:05.0423 2920  mountmgr - ok
17:00:05.0501 2920  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:00:05.0564 2920  MozillaMaintenance - ok
17:00:05.0595 2920  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:00:05.0657 2920  mpio - ok
17:00:05.0673 2920  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:00:05.0766 2920  mpsdrv - ok
17:00:05.0813 2920  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:00:05.0907 2920  MpsSvc - ok
17:00:05.0954 2920  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:00:06.0032 2920  MRxDAV - ok
17:00:06.0063 2920  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:00:06.0141 2920  mrxsmb - ok
17:00:06.0172 2920  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:00:06.0281 2920  mrxsmb10 - ok
17:00:06.0297 2920  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:00:06.0375 2920  mrxsmb20 - ok
17:00:06.0406 2920  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
17:00:06.0468 2920  msahci - ok
17:00:06.0500 2920  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:00:06.0578 2920  msdsm - ok
17:00:06.0624 2920  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
17:00:06.0734 2920  MSDTC - ok
17:00:06.0765 2920  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:00:06.0827 2920  Msfs - ok
17:00:06.0843 2920  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:00:06.0936 2920  mshidkmdf - ok
17:00:06.0952 2920  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:00:06.0999 2920  msisadrv - ok
17:00:07.0030 2920  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:00:07.0155 2920  MSiSCSI - ok
17:00:07.0155 2920  msiserver - ok
17:00:07.0186 2920  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:00:07.0233 2920  MSKSSRV - ok
17:00:07.0248 2920  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:00:07.0295 2920  MSPCLOCK - ok
17:00:07.0326 2920  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:00:07.0420 2920  MSPQM - ok
17:00:07.0436 2920  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:00:07.0498 2920  MsRPC - ok
17:00:07.0529 2920  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:00:07.0560 2920  mssmbios - ok
17:00:07.0623 2920  MSSQL$MSSMLBIZ - ok
17:00:07.0670 2920  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:00:07.0732 2920  MSSQLServerADHelper - ok
17:00:07.0794 2920  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:00:07.0872 2920  MSTEE - ok
17:00:07.0888 2920  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:00:07.0966 2920  MTConfig - ok
17:00:07.0982 2920  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:00:08.0013 2920  Mup - ok
17:00:08.0044 2920  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
17:00:08.0075 2920  napagent - ok
17:00:08.0122 2920  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:00:08.0169 2920  NativeWifiP - ok
17:00:08.0216 2920  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:00:08.0231 2920  NDIS - ok
17:00:08.0247 2920  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:00:08.0356 2920  NdisCap - ok
17:00:08.0372 2920  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:00:08.0465 2920  NdisTapi - ok
17:00:08.0496 2920  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:00:08.0559 2920  Ndisuio - ok
17:00:08.0590 2920  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:00:08.0715 2920  NdisWan - ok
17:00:08.0730 2920  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:00:08.0808 2920  NDProxy - ok
17:00:08.0871 2920  [ 90EB97C8DBF11BB0016C51946AC5ECD6 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:00:08.0918 2920  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:00:08.0918 2920  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:00:08.0964 2920  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:00:09.0074 2920  NetBIOS - ok
17:00:09.0105 2920  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:00:09.0136 2920  NetBT - ok
17:00:09.0152 2920  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
17:00:09.0167 2920  Netlogon - ok
17:00:09.0198 2920  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
17:00:09.0276 2920  Netman - ok
17:00:09.0292 2920  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
17:00:09.0339 2920  netprofm - ok
17:00:09.0370 2920  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:00:09.0401 2920  NetTcpPortSharing - ok
17:00:09.0432 2920  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:00:09.0479 2920  nfrd960 - ok
17:00:09.0510 2920  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:00:09.0573 2920  NlaSvc - ok
17:00:09.0588 2920  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:00:09.0635 2920  Npfs - ok
17:00:09.0666 2920  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
17:00:09.0760 2920  nsi - ok
17:00:09.0776 2920  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:00:09.0822 2920  nsiproxy - ok
17:00:09.0869 2920  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:00:09.0978 2920  Ntfs - ok
17:00:09.0994 2920  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
17:00:10.0088 2920  Null - ok
17:00:10.0119 2920  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:00:10.0166 2920  nvraid - ok
17:00:10.0181 2920  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:00:10.0275 2920  nvstor - ok
17:00:10.0290 2920  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:00:10.0353 2920  nv_agp - ok
17:00:10.0384 2920  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:00:10.0446 2920  ohci1394 - ok
17:00:10.0493 2920  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:00:10.0571 2920  ose - ok
17:00:10.0743 2920  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:00:10.0821 2920  osppsvc - ok
17:00:10.0883 2920  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:00:11.0008 2920  p2pimsvc - ok
17:00:11.0039 2920  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:00:11.0102 2920  p2psvc - ok
17:00:11.0133 2920  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:00:11.0226 2920  Parport - ok
17:00:11.0258 2920  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:00:11.0304 2920  partmgr - ok
17:00:11.0320 2920  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
17:00:11.0351 2920  Parvdm - ok
17:00:11.0367 2920  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:00:11.0398 2920  PcaSvc - ok
17:00:11.0429 2920  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
17:00:11.0492 2920  pci - ok
17:00:11.0538 2920  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
17:00:11.0601 2920  pciide - ok
17:00:11.0648 2920  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:00:11.0694 2920  pcmcia - ok
17:00:11.0726 2920  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
17:00:11.0788 2920  pcw - ok
17:00:11.0835 2920  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:00:11.0991 2920  PEAUTH - ok
17:00:12.0069 2920  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
17:00:12.0194 2920  pla - ok
17:00:12.0240 2920  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:00:12.0365 2920  PlugPlay - ok
17:00:12.0396 2920  [ F0EFAF6000E9FCBD77F769D527CE5F9D ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:00:12.0474 2920  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:00:12.0474 2920  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:00:12.0490 2920  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:00:12.0552 2920  PNRPAutoReg - ok
17:00:12.0568 2920  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:00:12.0599 2920  PNRPsvc - ok
17:00:12.0646 2920  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:00:12.0724 2920  PolicyAgent - ok
17:00:12.0755 2920  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
17:00:12.0833 2920  Power - ok
17:00:12.0880 2920  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:00:12.0958 2920  PptpMiniport - ok
17:00:12.0989 2920  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:00:13.0052 2920  Processor - ok
17:00:13.0083 2920  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
17:00:13.0161 2920  ProfSvc - ok
17:00:13.0176 2920  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:00:13.0208 2920  ProtectedStorage - ok
17:00:13.0223 2920  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:00:13.0270 2920  Psched - ok
17:00:13.0301 2920  [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
17:00:13.0332 2920  PxHelp20 - ok
17:00:13.0379 2920  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:00:13.0504 2920  ql2300 - ok
17:00:13.0520 2920  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:00:13.0598 2920  ql40xx - ok
17:00:13.0629 2920  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
17:00:13.0707 2920  QWAVE - ok
17:00:13.0722 2920  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:00:13.0754 2920  QWAVEdrv - ok
17:00:13.0769 2920  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:00:13.0832 2920  RasAcd - ok
17:00:13.0878 2920  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:00:13.0988 2920  RasAgileVpn - ok
17:00:14.0003 2920  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
17:00:14.0066 2920  RasAuto - ok
17:00:14.0097 2920  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:00:14.0175 2920  Rasl2tp - ok
17:00:14.0206 2920  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
17:00:14.0300 2920  RasMan - ok
17:00:14.0331 2920  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:00:14.0409 2920  RasPppoe - ok
17:00:14.0440 2920  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:00:14.0502 2920  RasSstp - ok
17:00:14.0518 2920  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:00:14.0612 2920  rdbss - ok
17:00:14.0627 2920  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:00:14.0690 2920  rdpbus - ok
17:00:14.0721 2920  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:00:14.0783 2920  RDPCDD - ok
17:00:14.0814 2920  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:00:14.0861 2920  RDPENCDD - ok
17:00:14.0877 2920  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:00:14.0908 2920  RDPREFMP - ok
17:00:14.0939 2920  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:00:15.0048 2920  RDPWD - ok
17:00:15.0095 2920  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:00:15.0158 2920  rdyboost - ok
17:00:15.0236 2920  [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
17:00:15.0282 2920  RealNetworks Downloader Resolver Service - ok
17:00:15.0298 2920  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:00:15.0392 2920  RemoteAccess - ok
17:00:15.0423 2920  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:00:15.0532 2920  RemoteRegistry - ok
17:00:15.0579 2920  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:00:15.0672 2920  RFCOMM - ok
17:00:15.0704 2920  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:00:15.0782 2920  RpcEptMapper - ok
17:00:15.0813 2920  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
17:00:15.0875 2920  RpcLocator - ok
17:00:15.0906 2920  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
17:00:15.0969 2920  RpcSs - ok
17:00:16.0000 2920  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:00:16.0094 2920  rspndr - ok
17:00:16.0156 2920  [ 31D45ECA63884FF5F7AECC50F7D1BAE0 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
17:00:16.0250 2920  RSUSBSTOR - ok
17:00:16.0296 2920  [ BCEBD5D1AABCE4EFB7597635E347C44B ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
17:00:16.0421 2920  RTL8167 - ok
17:00:16.0437 2920  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
17:00:16.0452 2920  SamSs - ok
17:00:16.0499 2920  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:00:16.0562 2920  sbp2port - ok
17:00:16.0624 2920  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:00:16.0702 2920  SCardSvr - ok
17:00:16.0733 2920  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:00:16.0796 2920  scfilter - ok
17:00:16.0842 2920  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
17:00:16.0936 2920  Schedule - ok
17:00:16.0952 2920  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:00:16.0983 2920  SCPolicySvc - ok
17:00:17.0014 2920  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:00:17.0061 2920  SDRSVC - ok
17:00:17.0108 2920  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:00:17.0186 2920  secdrv - ok
17:00:17.0201 2920  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
17:00:17.0326 2920  seclogon - ok
17:00:17.0342 2920  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
17:00:17.0404 2920  SENS - ok
17:00:17.0435 2920  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:00:17.0560 2920  SensrSvc - ok
17:00:17.0622 2920  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:00:17.0700 2920  Serenum - ok
17:00:17.0716 2920  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:00:17.0794 2920  Serial - ok
17:00:17.0841 2920  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:00:17.0872 2920  sermouse - ok
17:00:17.0903 2920  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:00:17.0966 2920  SessionEnv - ok
17:00:17.0981 2920  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:00:18.0012 2920  sffdisk - ok
17:00:18.0028 2920  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:00:18.0059 2920  sffp_mmc - ok
17:00:18.0075 2920  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:00:18.0106 2920  sffp_sd - ok
17:00:18.0106 2920  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:00:18.0137 2920  sfloppy - ok
17:00:18.0184 2920  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:00:18.0309 2920  SharedAccess - ok
17:00:18.0356 2920  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:00:18.0465 2920  ShellHWDetection - ok
17:00:18.0512 2920  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:00:18.0574 2920  sisagp - ok
17:00:18.0621 2920  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:00:18.0699 2920  SiSRaid2 - ok
17:00:18.0699 2920  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:00:18.0730 2920  SiSRaid4 - ok
17:00:18.0746 2920  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:00:18.0808 2920  Smb - ok
17:00:18.0886 2920  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:00:18.0933 2920  SNMPTRAP - ok
17:00:18.0948 2920  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:00:18.0995 2920  spldr - ok
17:00:19.0042 2920  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
17:00:19.0089 2920  Spooler - ok
17:00:19.0198 2920  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
17:00:19.0260 2920  sppsvc - ok
17:00:19.0292 2920  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:00:19.0385 2920  sppuinotify - ok
17:00:19.0401 2920  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:00:19.0432 2920  SQLBrowser - ok
17:00:19.0479 2920  [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:00:19.0526 2920  SQLWriter - ok
17:00:19.0557 2920  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:00:19.0682 2920  srv - ok
17:00:19.0713 2920  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:00:19.0775 2920  srv2 - ok
17:00:19.0791 2920  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:00:19.0853 2920  srvnet - ok
17:00:19.0884 2920  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:00:19.0947 2920  SSDPSRV - ok
17:00:19.0962 2920  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:00:20.0056 2920  SstpSvc - ok
17:00:20.0134 2920  [ 02AC634138C33F6CD90D4ADDAC4B0E5A ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\STacSV.exe
17:00:20.0321 2920  STacSV - ok
17:00:20.0337 2920  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:00:20.0415 2920  stexstor - ok
17:00:20.0462 2920  [ E287C7F8A58F484135940E19767A6ECA ] STHDA           C:\Windows\system32\DRIVERS\stwrt.sys
17:00:20.0508 2920  STHDA - ok
17:00:20.0540 2920  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
17:00:20.0633 2920  StillCam - ok
17:00:20.0664 2920  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
17:00:20.0758 2920  StiSvc - ok
17:00:20.0820 2920  [ E476C66713C842F58E61A95826ED1D57 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
17:00:20.0852 2920  stllssvr - ok
17:00:20.0883 2920  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:00:20.0914 2920  swenum - ok
17:00:20.0930 2920  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
17:00:20.0992 2920  swprv - ok
17:00:21.0039 2920  [ D776EB85A20696D9D43129CCF6E703E2 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:00:21.0086 2920  SynTP - ok
17:00:21.0117 2920  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
17:00:21.0164 2920  SysMain - ok
17:00:21.0179 2920  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:00:21.0242 2920  TabletInputService - ok
17:00:21.0273 2920  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:00:21.0382 2920  TapiSrv - ok
17:00:21.0398 2920  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
17:00:21.0507 2920  TBS - ok
17:00:21.0554 2920  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:00:21.0678 2920  Tcpip - ok
17:00:21.0725 2920  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:00:21.0772 2920  TCPIP6 - ok
17:00:21.0803 2920  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:00:21.0897 2920  tcpipreg - ok
17:00:21.0944 2920  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:00:22.0053 2920  TDPIPE - ok
17:00:22.0084 2920  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:00:22.0131 2920  TDTCP - ok
17:00:22.0178 2920  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:00:22.0287 2920  tdx - ok
17:00:22.0318 2920  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:00:22.0365 2920  TermDD - ok
17:00:22.0396 2920  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
17:00:22.0536 2920  TermService - ok
17:00:22.0568 2920  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
17:00:22.0599 2920  Themes - ok
17:00:22.0646 2920  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
17:00:22.0677 2920  THREADORDER - ok
17:00:22.0724 2920  [ D0B08F941C0B06846533C6A38DD09B22 ] tmactmon        C:\Windows\system32\DRIVERS\tmactmon.sys
17:00:22.0770 2920  tmactmon - ok
17:00:22.0817 2920  [ 0C9ACEF23B537D6E8B1373C98D066B1C ] tmcomm          C:\Windows\system32\DRIVERS\tmcomm.sys
17:00:22.0880 2920  tmcomm - ok
17:00:22.0911 2920  [ 21992E703051934DCFA6D1477B12FC41 ] TMEBC           C:\Windows\system32\DRIVERS\TMEBC32.sys
17:00:22.0958 2920  TMEBC - ok
17:00:22.0973 2920  [ 63828FBD740F178DE2E2D42C3136FDEE ] tmevtmgr        C:\Windows\system32\DRIVERS\tmevtmgr.sys
17:00:22.0989 2920  tmevtmgr - ok
17:00:23.0004 2920  [ 43C1B7C778B296D492AF6D2ABB2ECF7F ] tmtdi           C:\Windows\system32\DRIVERS\tmtdi.sys
17:00:23.0036 2920  tmtdi - ok
17:00:23.0082 2920  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
17:00:23.0176 2920  TrkWks - ok
17:00:23.0238 2920  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:00:23.0285 2920  TrustedInstaller - ok
17:00:23.0301 2920  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:00:23.0379 2920  tssecsrv - ok
17:00:23.0426 2920  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:00:23.0519 2920  TsUsbFlt - ok
17:00:23.0582 2920  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:00:23.0691 2920  tunnel - ok
17:00:23.0722 2920  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:00:23.0800 2920  uagp35 - ok
17:00:23.0831 2920  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:00:23.0925 2920  udfs - ok
17:00:23.0956 2920  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:00:24.0018 2920  UI0Detect - ok
17:00:24.0034 2920  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:00:24.0065 2920  uliagpkx - ok
17:00:24.0112 2920  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
17:00:24.0206 2920  umbus - ok
17:00:24.0237 2920  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:00:24.0284 2920  UmPass - ok
17:00:24.0315 2920  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
17:00:24.0346 2920  upnphost - ok
17:00:24.0393 2920  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
17:00:24.0486 2920  USBAAPL - ok
17:00:24.0518 2920  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:00:24.0627 2920  usbccgp - ok
17:00:24.0642 2920  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:00:24.0720 2920  usbcir - ok
17:00:24.0752 2920  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:00:24.0798 2920  usbehci - ok
17:00:24.0830 2920  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:00:24.0939 2920  usbhub - ok
17:00:24.0954 2920  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:00:25.0001 2920  usbohci - ok
17:00:25.0064 2920  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:00:25.0095 2920  usbprint - ok
17:00:25.0157 2920  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:00:25.0235 2920  usbscan - ok
17:00:25.0266 2920  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:00:25.0376 2920  USBSTOR - ok
17:00:25.0407 2920  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:00:25.0422 2920  usbuhci - ok
17:00:25.0454 2920  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
17:00:25.0532 2920  usbvideo - ok
17:00:25.0563 2920  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
17:00:25.0610 2920  UxSms - ok
17:00:25.0625 2920  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
17:00:25.0641 2920  VaultSvc - ok
17:00:25.0766 2920  [ FCF1A2BDDCDF9F317B9650800E61C397 ] vcsFPService    C:\Windows\system32\vcsFPService.exe
17:00:25.0828 2920  vcsFPService - ok
17:00:25.0844 2920  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:00:25.0906 2920  vdrvroot - ok
17:00:25.0953 2920  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
17:00:26.0078 2920  vds - ok
17:00:26.0109 2920  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:00:26.0187 2920  vga - ok
17:00:26.0202 2920  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:00:26.0296 2920  VgaSave - ok
17:00:26.0327 2920  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:00:26.0358 2920  vhdmp - ok
17:00:26.0374 2920  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:00:26.0436 2920  viaagp - ok
17:00:26.0452 2920  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
17:00:26.0530 2920  ViaC7 - ok
17:00:26.0561 2920  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
17:00:26.0592 2920  viaide - ok
17:00:26.0608 2920  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:00:26.0639 2920  volmgr - ok
17:00:26.0655 2920  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:00:26.0670 2920  volmgrx - ok
17:00:26.0686 2920  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:00:26.0764 2920  volsnap - ok
17:00:26.0826 2920  [ 5EA22CB6B100212837A97F281EDB3C47 ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
17:00:26.0873 2920  vpnagent - ok
17:00:26.0904 2920  [ E1F2333A88EC4A5C8EA6BE357323B72D ] vpnva           C:\Windows\system32\DRIVERS\vpnva.sys
17:00:26.0967 2920  vpnva - ok
17:00:26.0998 2920  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:00:27.0045 2920  vsmraid - ok
17:00:27.0092 2920  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
17:00:27.0216 2920  VSS - ok
17:00:27.0232 2920  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:00:27.0263 2920  vwifibus - ok
17:00:27.0294 2920  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:00:27.0372 2920  vwififlt - ok
17:00:27.0404 2920  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
17:00:27.0419 2920  vwifimp - ok
17:00:27.0450 2920  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
17:00:27.0575 2920  W32Time - ok
17:00:27.0575 2920  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:00:27.0638 2920  WacomPen - ok
17:00:27.0669 2920  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:00:27.0731 2920  WANARP - ok
17:00:27.0731 2920  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:00:27.0762 2920  Wanarpv6 - ok
17:00:27.0794 2920  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
17:00:27.0903 2920  wbengine - ok
17:00:27.0934 2920  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:00:28.0012 2920  WbioSrvc - ok
17:00:28.0043 2920  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:00:28.0121 2920  wcncsvc - ok
17:00:28.0137 2920  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:00:28.0184 2920  WcsPlugInService - ok
17:00:28.0199 2920  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:00:28.0230 2920  Wd - ok
17:00:28.0277 2920  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:00:28.0386 2920  Wdf01000 - ok
17:00:28.0402 2920  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:00:28.0527 2920  WdiServiceHost - ok
17:00:28.0542 2920  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:00:28.0558 2920  WdiSystemHost - ok
17:00:28.0620 2920  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
17:00:28.0714 2920  WebClient - ok
17:00:28.0745 2920  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:00:28.0823 2920  Wecsvc - ok
17:00:28.0839 2920  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:00:28.0886 2920  wercplsupport - ok
17:00:28.0917 2920  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:00:29.0026 2920  WerSvc - ok
17:00:29.0057 2920  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:00:29.0088 2920  WfpLwf - ok
17:00:29.0104 2920  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:00:29.0135 2920  WIMMount - ok
17:00:29.0229 2920  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:00:29.0338 2920  WinDefend - ok
17:00:29.0354 2920  WinHttpAutoProxySvc - ok
17:00:29.0385 2920  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:00:29.0494 2920  Winmgmt - ok
17:00:29.0541 2920  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
17:00:29.0744 2920  WinRM - ok
17:00:29.0806 2920  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
17:00:29.0868 2920  WinUSB - ok
17:00:29.0900 2920  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:00:30.0009 2920  Wlansvc - ok
17:00:30.0024 2920  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:00:30.0056 2920  WmiAcpi - ok
17:00:30.0087 2920  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:00:30.0149 2920  wmiApSrv - ok
17:00:30.0258 2920  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:00:30.0290 2920  WMPNetworkSvc - ok
17:00:30.0305 2920  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:00:30.0383 2920  WPCSvc - ok
17:00:30.0414 2920  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:00:30.0461 2920  WPDBusEnum - ok
17:00:30.0477 2920  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:00:30.0570 2920  ws2ifsl - ok
17:00:30.0602 2920  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
17:00:30.0633 2920  wscsvc - ok
17:00:30.0633 2920  WSearch - ok
17:00:30.0711 2920  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
17:00:30.0773 2920  wuauserv - ok
17:00:30.0804 2920  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:00:30.0898 2920  WudfPf - ok
17:00:30.0929 2920  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:00:31.0007 2920  WUDFRd - ok
17:00:31.0054 2920  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:00:31.0101 2920  wudfsvc - ok
17:00:31.0116 2920  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:00:31.0179 2920  WwanSvc - ok
17:00:31.0210 2920  ================ Scan global ===============================
17:00:31.0241 2920  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:00:31.0319 2920  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:00:31.0382 2920  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:00:31.0413 2920  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:00:31.0491 2920  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:00:31.0569 2920  [Global] - ok
17:00:31.0569 2920  ================ Scan MBR ==================================
17:00:31.0600 2920  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:00:32.0458 2920  \Device\Harddisk0\DR0 - ok
17:00:32.0458 2920  ================ Scan VBR ==================================
17:00:32.0458 2920  [ EA83281303B01CB2A447C64D6AE10A02 ] \Device\Harddisk0\DR0\Partition1
17:00:32.0458 2920  \Device\Harddisk0\DR0\Partition1 - ok
17:00:32.0489 2920  [ 24054C406272F53F6826F9C7F2B00BCA ] \Device\Harddisk0\DR0\Partition2
17:00:32.0489 2920  \Device\Harddisk0\DR0\Partition2 - ok
17:00:32.0505 2920  ============================================================
17:00:32.0505 2920  Scan finished
17:00:32.0505 2920  ============================================================
17:00:32.0520 4848  Detected object count: 4
17:00:32.0520 4848  Actual detected object count: 4
17:00:54.0048 4848  DpHost ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:54.0048 4848  DpHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:00:54.0048 4848  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:54.0048 4848  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:00:54.0048 4848  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:54.0048 4848  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:00:54.0048 4848  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:54.0048 4848  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:01:01.0100 2656  Deinitialize success

cosinus · 12.03.2013, 17:52

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Chisar · 12.03.2013, 18:45

Logfile Combofix:

Code:

ATTFilter

ComboFix 13-03-11.01 - Sarah 12.03.2013  18:31:25.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2935.1587 [GMT 1:00]
ausgeführt von:: c:\users\Sarah\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AEAAFBC3-2C6F-4D87-A765-8725339B49E3}.xps
c:\users\Sarah\Documents\~WRL1680.tmp
c:\windows\security\Database\tmp.edb
c:\windows\system32\SET41EB.tmp
c:\windows\system32\SET93AD.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-12 bis 2013-03-12  ))))))))))))))))))))))))))))))
.
.
2013-03-12 17:37 . 2013-03-12 17:37	--------	d-----w-	c:\users\Sarah\AppData\Local\temp
2013-03-12 17:37 . 2013-03-12 17:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-11 14:26 . 2013-03-11 14:26	--------	d-----w-	c:\program files\7-Zip
2013-03-11 13:20 . 2013-03-11 13:20	--------	d-----w-	c:\users\Sarah\AppData\Roaming\Malwarebytes
2013-03-11 13:20 . 2013-03-11 13:20	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-11 13:20 . 2013-03-11 13:20	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-03-11 13:20 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-11 12:05 . 2013-03-11 13:06	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-03-11 12:04 . 2013-03-11 13:13	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2013-03-11 11:59 . 2013-03-11 11:59	--------	d-----w-	C:\TMRescueDisk
2013-03-11 11:54 . 2012-05-02 19:27	92304	----a-w-	c:\windows\system32\drivers\tmtdi.sys
2013-03-11 11:54 . 2012-08-24 13:06	38328	----a-w-	c:\windows\system32\drivers\TMEBC32.sys
2013-03-11 11:54 . 2012-07-12 10:30	94200	----a-w-	c:\windows\system32\drivers\tmactmon.sys
2013-03-11 11:54 . 2012-07-12 10:29	75624	----a-w-	c:\windows\system32\drivers\tmevtmgr.sys
2013-03-11 11:54 . 2012-07-12 10:29	257928	----a-w-	c:\windows\system32\drivers\tmcomm.sys
2013-03-11 11:54 . 2013-03-11 11:54	59	----a-w-	c:\windows\system32\SupportTool.exe.bat
2013-03-11 11:52 . 2013-03-11 11:55	--------	d-----w-	c:\program files\Trend Micro
2013-03-11 10:11 . 2013-02-19 02:58	6954968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{399F7C05-12A8-457D-B800-EB29EF9FF036}\mpengine.dll
2013-03-06 18:35 . 2013-03-11 09:36	--------	d-----w-	c:\programdata\HP Photo Creations
2013-03-06 18:35 . 2013-03-11 09:36	--------	d-----w-	c:\program files\HP Photo Creations
2013-02-27 11:38 . 2013-03-11 09:43	--------	d-----w-	c:\users\Sarah\AppData\Roaming\HpUpdate
2013-02-27 11:37 . 2011-09-09 14:53	544616	------w-	c:\windows\system32\HPDiscoPM5C12.dll
2013-02-27 11:37 . 2013-02-27 11:37	--------	d-----w-	c:\programdata\HP
2013-02-27 11:36 . 2013-02-27 11:38	--------	d-----w-	c:\program files\HP
2013-02-27 11:29 . 2013-02-27 11:29	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-02-27 11:28 . 2013-02-27 11:41	--------	d-----w-	c:\users\Sarah\AppData\Local\HP
2013-02-20 07:55 . 2013-03-11 12:27	--------	d-----w-	c:\program files\pdfforge Toolbar
2013-02-20 07:55 . 2013-03-11 12:27	--------	d-----w-	c:\program files\Common Files\Spigot
2013-02-15 22:31 . 2013-02-15 22:31	186432	----a-w-	c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-02-11 09:00 . 2013-02-11 09:00	--------	d-----w-	c:\programdata\Ask
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-11 11:39 . 2012-11-01 09:11	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-11 11:39 . 2012-11-01 09:11	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-27 11:29 . 2012-09-20 12:47	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-02-27 11:29 . 2010-06-08 06:53	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-17 00:28 . 2012-07-17 14:51	232336	------w-	c:\windows\system32\MpSigStub.exe
2012-12-23 21:48 . 2010-04-19 06:02	499712	----a-w-	c:\windows\system32\msvcp71.dll
2012-12-23 21:48 . 2010-04-19 06:02	348160	----a-w-	c:\windows\system32\msvcr71.dll
2012-12-16 14:13 . 2012-12-23 21:50	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-23 21:50	34304	----a-w-	c:\windows\system32\atmlib.dll
2013-03-11 09:42 . 2013-03-11 09:42	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-10 1594664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-01-05 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-11 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-11 166936]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]
"dleamon.exe"="c:\program files\Dell V310-V510 Series\dleamon.exe" [2010-01-18 770728]
"EzPrint"="c:\program files\Dell V310-V510 Series\ezprint.exe" [2010-01-18 139944]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-12-23 295072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-07-25 133456]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-25 1374864]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli DPPWDFLT
.
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dleaserv.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 TMEBC;TMEBC;c:\windows\system32\DRIVERS\TMEBC32.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\aestsrv.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 46603978
*Deregistered* - 46603978
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-01 11:39]
.
2013-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-17 21:34]
.
2013-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-17 21:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\p6pkdhxa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.http - proxy.uni-hamburg.de
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-03-11 12:54; {22181a4d-af90-4ca3-a569-faed9118d6bc}; c:\program files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF - ExtSQL: 2013-03-11 12:54; tmbepff-7.5@trendmicro.com; c:\program files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\firefoxextension
FF - ExtSQL: 2013-03-11 12:55; {22C7F6C6-8D67-4534-92B5-529A0EC09405}; c:\program files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF - ExtSQL: !HIDDEN! 2010-08-15 23:01; otis@digitalpersona.com; c:\program files\DigitalPersona\Bin\FirefoxExt
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
HKLM-Run-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(656)
c:\windows\system32\DPPWDFLT.DLL
.
Zeit der Fertigstellung: 2013-03-12  18:39:01
ComboFix-quarantined-files.txt  2013-03-12 17:39
.
Vor Suchlauf: 11 Verzeichnis(se), 234.185.797.632 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 234.287.140.864 Bytes frei
.
- - End Of File - - 0701AE14911559C5E17ED28F74D39CBB

cosinus · 12.03.2013, 23:20

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Chisar · 13.03.2013, 06:56

JRT - Junkware Removal Tool

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Home Premium x86
Ran by Sarah on 13.03.2013 at  6:12:17,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] application updater 
Successfully deleted: [Service] application updater 



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\application updater
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\search settings



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Sarah\appdata\locallow\pdfforge"
Successfully deleted: [Folder] "C:\Users\Sarah\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files\pdfforge toolbar"
Successfully deleted: [Folder] "C:\Program Files\Common Files\spigot"
Successfully deleted: [Folder] "C:\ProgramData\ask" 



~~~ FireFox

Successfully deleted: [File] C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\p6pkdhxa.default\user.js
Successfully deleted: [File] C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\p6pkdhxa.default\searchplugins\askcom.xml
Successfully deleted the following from C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\p6pkdhxa.default\prefs.js

user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
Emptied folder: C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\p6pkdhxa.default\minidumps [73 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.03.2013 at  6:14:50,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

adwCleaner

Code:

ATTFilter

# AdwCleaner v2.114 - Datei am 13/03/2013 um 06:21:42 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Sarah - SARAH-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sarah\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\p6pkdhxa.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1568 octets] - [13/03/2013 06:19:36]
AdwCleaner[R2].txt - [1628 octets] - [13/03/2013 06:20:27]
AdwCleaner[R3].txt - [1688 octets] - [13/03/2013 06:21:29]
AdwCleaner[S1].txt - [1621 octets] - [13/03/2013 06:21:42]

########## EOF - C:\AdwCleaner[S1].txt - [1681 octets] ##########

OTL.text

Code:

ATTFilter

OTL logfile created on: 13.03.2013 06:29:47 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sarah\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 53,78% Memory free
5,73 Gb Paging File | 4,32 Gb Available in Paging File | 75,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 217,21 Gb Free Space | 76,64% Space Free | Partition Type: NTFS
 
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sarah\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Programme\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe (Trend Micro Inc.)
PRC - C:\Programme\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.)
PRC - C:\Programme\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.)
PRC - C:\Programme\Trend Micro\AMSP\coreFrameworkHost.exe (Trend Micro Inc.)
PRC - C:\Programme\Trend Micro\AMSP\AMSP_LogServer.exe (Trend Micro Inc.)
PRC - C:\Programme\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Programme\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Dell V310-V510 Series\ezprint.exe ()
PRC - C:\Programme\Dell V310-V510 Series\dleamon.exe ()
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\dleacoms.exe ( )
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - c:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Windows\System32\vcsFPService.exe (Validity Sensors, Inc.)
PRC - C:\Programme\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\983a2caab44b707fb07bd8fc3f4b33c3\Iris.Mapi.MessageStore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\419c7a4572948d54418ae60dabe58448\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\BusinessLayer\3d2e20e89c9d111acdcc71c350c4612d\BusinessLayer.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\f9d42d0461fd4657546f0ae92a9c33c2\Microsoft.Interop.Mapi.Impl.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMRes\1dfa1b438eabc155107b311ceb288163\BCMRes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\cedfc98e1e998c103a2a98298d40b11e\Microsoft.Office.Interop.Outlook.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\90fd9d4abde3027dfbba9d232653ba62\Microsoft.Interop.Mapi.PropTags.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\office\c032b45d3a3c912e41992c0a9c256e5f\office.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMCommon\61e9aced85acbfedcc48ad0460ab7712\BCMCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\9c4545edda852b85ded13f0adab94788\Microsoft.Interop.Mapi.Interfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Programme\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll ()
MOD - C:\Programme\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Windows\assembly\GAC_32\Microsoft.BusinessSolutions.eCRM.OutlookAddIn\3.0.0.0__31bf3856ad364e35\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.dll ()
MOD - C:\Windows\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\3.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Impl.dll ()
MOD - C:\Windows\assembly\GAC_32\BCMCommon\3.0.0.0__31bf3856ad364e35\BCMCommon.dll ()
MOD - C:\Programme\Dell V310-V510 Series\ezprint.exe ()
MOD - C:\Programme\Dell V310-V510 Series\dleamon.exe ()
MOD - C:\Programme\Dell V310-V510 Series\dleadrs.dll ()
MOD - C:\Programme\Dell V310-V510 Series\dleascw.dll ()
MOD - C:\Programme\Dell V310-V510 Series\DLEAcfg.dll ()
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Programme\Dell V310-V510 Series\epoemdll.dll ()
MOD - C:\Programme\Dell V310-V510 Series\epstring.dll ()
MOD - C:\Programme\Dell V310-V510 Series\epwizres.dll ()
MOD - C:\Programme\Dell V310-V510 Series\epwizard.dll ()
MOD - C:\Programme\Dell V310-V510 Series\customui.dll ()
MOD - C:\Programme\Dell V310-V510 Series\epfunct.dll ()
MOD - C:\Programme\Dell V310-V510 Series\eputil.dll ()
MOD - C:\Programme\Dell V310-V510 Series\imagutil.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\dleadatr.dll ()
MOD - C:\Windows\System32\DLEAsmr.dll ()
MOD - C:\Programme\Dell V310-V510 Series\iptk.dll ()
MOD - C:\Programme\Dell V310-V510 Series\dleacaps.dll ()
MOD - C:\Programme\Dell V310-V510 Series\dleacnv4.dll ()
MOD - C:\Programme\Dell V310-V510 Series\dleaptp.dll ()
MOD - C:\Programme\Microsoft Small Business\Business Contact Manager\de-DE\BCMRes.resources.dll ()
MOD - C:\Windows\System32\DLEAsm.dll ()
MOD - C:\Programme\Microsoft Small Business\Business Contact Manager\de-DE\Microsoft.Interop.Mapi.Interfaces.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (dlea_device) -- C:\Windows\System32\dleacoms.exe ( )
SRV - (dleaCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe ()
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\stacsv.exe (IDT, Inc.)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (btwdins) -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (vcsFPService) -- C:\Windows\System32\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (DpHost) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_41f81f5ce017c35c\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Sarah\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TMEBC) -- C:\Windows\System32\drivers\TMEBC32.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{5E4CF070-9B87-4FF2-9964-7A6A077DA5C3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-77484574-55448631-1565327884-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-77484574-55448631-1565327884-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-77484574-55448631-1565327884-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-77484574-55448631-1565327884-1003\..\SearchScopes\{1A3AC2AB-DE36-492A-A5D8-A899476D36FA}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-77484574-55448631-1565327884-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-77484574-55448631-1565327884-1003\..\SearchScopes\{77E952C0-E1D6-40CE-81E6-7ED99D53EAC5}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-77484574-55448631-1565327884-1003\..\SearchScopes\{CF5AB80C-DFAB-4A00-A52B-5541E27E95BF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=3CFC0EA1-B0E7-4CF6-84DB-5EBF9DD205FC&apn_sauid=C30B4EB4-6D30-4AC4-AAFB-C7DB27D03AE7
IE - HKU\S-1-5-21-77484574-55448631-1565327884-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-77484574-55448631-1565327884-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3767
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..network.proxy.http: "proxy.uni-hamburg.de"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Sarah\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2010.08.15 22:01:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012.12.23 22:49:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\tmbepff-7.5@trendmicro.com: C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\firefoxextension [2013.03.11 14:26:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012.12.23 22:49:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013.03.11 12:54:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2013.03.11 14:26:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.11 10:42:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.11 10:42:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2010.08.15 22:01:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.11 10:42:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.11 10:42:45 | 000,000,000 | ---D | M]
 
[2010.04.28 19:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2013.03.11 14:16:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\p6pkdhxa.default\extensions
[2013.03.11 10:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.11 10:42:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.27 19:04:22 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.12.23 22:48:36 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012.07.02 12:50:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.15 10:45:44 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.02 12:50:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.02 12:50:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.02 12:50:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.02 12:50:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2013.03.12 18:37:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Dell Symbolleiste) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Programme\Dell Toolbar\toolband.dll ()
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Dell Symbolleiste) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Programme\Dell Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-77484574-55448631-1565327884-1003\..\Toolbar\ShellBrowser: (Dell Symbolleiste) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Programme\Dell Toolbar\toolband.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dleamon.exe] C:\Program Files\Dell V310-V510 Series\dleamon.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V310-V510 Series\ezprint.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-77484574-55448631-1565327884-1003..\Run: [HP Officejet 6700 (NET)] C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-77484574-55448631-1565327884-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-77484574-55448631-1565327884-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.15.2)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{586FE869-CC74-4879-89B4-E39E477604B7}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF80C3B0-D170-4BF9-9B94-105D9898B60F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Programme\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.13 06:26:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL(1).exe
[2013.03.13 06:12:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.13 06:10:49 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.13 06:10:23 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Sarah\Desktop\JRT.exe
[2013.03.12 18:48:10 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\Suche
[2013.03.12 18:39:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.12 18:39:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.12 18:39:02 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\temp
[2013.03.12 18:29:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.12 18:29:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.12 18:29:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.12 18:29:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.12 18:28:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.12 18:28:00 | 005,037,889 | R--- | C] (Swearware) -- C:\Users\Sarah\Desktop\ComboFix.exe
[2013.03.11 15:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.03.11 15:26:04 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.03.11 14:20:32 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2013.03.11 14:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.11 14:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.11 14:20:00 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.11 14:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.11 13:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.03.11 13:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.03.11 12:59:31 | 000,000,000 | ---D | C] -- C:\TMRescueDisk
[2013.03.11 12:55:06 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security
[2013.03.11 12:54:45 | 000,092,304 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2013.03.11 12:54:41 | 000,257,928 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2013.03.11 12:54:41 | 000,094,200 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys
[2013.03.11 12:54:41 | 000,075,624 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys
[2013.03.11 12:54:41 | 000,038,328 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\TMEBC32.sys
[2013.03.11 12:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013.03.11 12:50:26 | 078,143,200 | ---- | C] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe
[2013.03.11 10:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.06 19:35:58 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2013.03.06 19:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2013.02.27 12:38:01 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\HpUpdate
[2013.02.27 12:37:59 | 000,544,616 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\HPDiscoPM5C12.dll
[2013.02.27 12:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013.02.27 12:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013.02.27 12:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013.02.27 12:29:59 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.27 12:29:18 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.02.27 12:28:41 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\HP
[2013.02.20 11:35:17 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\Bilder
[2013.02.13 21:15:28 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.13 21:15:13 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.13 21:15:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.13 21:15:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.13 21:15:11 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.13 21:15:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.13 21:15:05 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.13 21:15:04 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.13 21:15:03 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.02.13 21:15:01 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.02.11 09:59:59 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.13 06:30:09 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 06:30:09 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 06:26:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL(1).exe
[2013.03.13 06:26:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.13 06:23:02 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.13 06:22:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.13 06:22:55 | 2307,928,064 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.13 06:19:02 | 000,597,667 | ---- | M] () -- C:\Users\Sarah\Desktop\adwcleaner.exe
[2013.03.13 06:10:23 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Sarah\Desktop\JRT.exe
[2013.03.13 06:07:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.12 18:37:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.12 18:28:20 | 005,037,889 | R--- | M] (Swearware) -- C:\Users\Sarah\Desktop\ComboFix.exe
[2013.03.11 18:16:22 | 291,148,445 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.11 14:13:36 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.03.11 13:33:43 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\defogger_reenable
[2013.03.11 12:55:10 | 000,001,497 | ---- | M] () -- C:\Users\Sarah\Desktop\Trend Micro Titanium Internet Security.lnk
[2013.03.11 12:54:07 | 000,000,059 | ---- | M] () -- C:\Windows\System32\SupportTool.exe.bat
[2013.03.11 12:52:30 | 078,143,200 | ---- | M] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe
[2013.03.11 12:39:10 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.11 12:39:10 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.11 12:28:06 | 000,000,036 | ---- | M] () -- C:\Users\Sarah\AppData\Local\housecall.guid.cache
[2013.02.27 12:45:19 | 000,726,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.27 12:45:19 | 000,677,412 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.27 12:45:19 | 000,158,674 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.27 12:45:19 | 000,128,886 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.27 12:37:59 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6700.lnk
[2013.02.27 12:37:58 | 000,002,118 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6700.lnk
[2013.02.27 12:37:58 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6700.lnk
[2013.02.27 12:29:56 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.02.27 12:29:56 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.02.27 12:29:56 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.27 12:29:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.27 12:29:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.27 12:29:56 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.27 12:29:13 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013.02.13 22:45:00 | 000,429,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.13 21:03:21 | 000,002,121 | ---- | M] () -- C:\Users\Sarah\AppData\Local\recently-used.xbel
[2013.02.12 16:46:01 | 000,260,197 | ---- | M] () -- C:\Users\Sarah\Documents\Forderungsanmeldung Hartmann.pdf
 
========== Files Created - No Company Name ==========
 
[2013.03.13 06:19:01 | 000,597,667 | ---- | C] () -- C:\Users\Sarah\Desktop\adwcleaner.exe
[2013.03.12 18:29:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.12 18:29:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.12 18:29:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.12 18:29:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.12 18:29:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.11 13:33:43 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\defogger_reenable
[2013.03.11 12:55:05 | 000,001,497 | ---- | C] () -- C:\Users\Sarah\Desktop\Trend Micro Titanium Internet Security.lnk
[2013.03.11 12:54:07 | 000,000,059 | ---- | C] () -- C:\Windows\System32\SupportTool.exe.bat
[2013.03.11 12:28:06 | 000,000,036 | ---- | C] () -- C:\Users\Sarah\AppData\Local\housecall.guid.cache
[2013.02.27 12:38:09 | 000,000,934 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2013.02.27 12:37:59 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6700.lnk
[2013.02.27 12:37:58 | 000,002,118 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6700.lnk
[2013.02.27 12:37:58 | 000,001,832 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6700.lnk
[2013.02.27 12:29:13 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.02.13 21:03:21 | 000,002,121 | ---- | C] () -- C:\Users\Sarah\AppData\Local\recently-used.xbel
[2013.02.12 16:45:59 | 000,260,197 | ---- | C] () -- C:\Users\Sarah\Documents\Forderungsanmeldung Hartmann.pdf
[2012.07.17 16:15:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.08.19 15:35:25 | 000,007,605 | ---- | C] () -- C:\Users\Sarah\AppData\Local\Resmon.ResmonCfg
[2011.07.14 22:14:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\StartupItems
[2011.07.14 22:14:09 | 000,000,268 | RH-- | C] () -- C:\Users\Sarah\AppData\Roaming\Speech Enhancer
[2011.07.14 22:14:09 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011.07.14 22:14:09 | 000,000,012 | RH-- | C] () -- C:\ProgramData\SupportPrinters
[2011.07.14 22:10:18 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Standard
[2011.07.14 22:10:18 | 000,000,268 | RH-- | C] () -- C:\Users\Sarah\AppData\Roaming\Spacious
[2011.07.14 22:10:18 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011.07.14 22:10:18 | 000,000,012 | RH-- | C] () -- C:\ProgramData\String Comparison
[2010.08.02 21:54:29 | 000,011,776 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.30 09:09:19 | 000,008,292 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.10.12 21:45:11 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Amazon
[2010.04.28 19:06:47 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DigitalPersona
[2013.03.13 06:23:15 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Dropbox
[2011.07.14 22:26:40 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Nikon
 
========== Purity Check ==========
 
 

< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 13.03.2013 06:29:47 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sarah\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 53,78% Memory free
5,73 Gb Paging File | 4,32 Gb Available in Paging File | 75,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 217,21 Gb Free Space | 76,64% Space Free | Partition Type: NTFS
 
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-77484574-55448631-1565327884-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BAC49A-4636-446C-BDEA-E21599AF122F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{06CAC697-C442-4745-8D57-95F90FA4E493}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{0D8132D0-D8CB-4973-BE7E-D42AE203B5C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0E890DEA-7664-4120-A148-5C5D05E4DD07}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{19B6649C-0671-4BC8-B213-90AAC88CDD6A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{492AD358-A6B5-4BB2-8380-FAE771A2C2AB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{49E1959A-ED4B-4CDB-A449-F2FDE1077DD1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{72095706-0DB2-4726-954D-88DF1A32C994}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{74837395-6145-4688-8998-C77E302F400E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7B614B2A-FBA1-4F48-A70C-DEFB2480904F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{884382E4-16DC-4A0D-8FCA-24B7453240F1}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{93E74EF0-E81E-4269-886A-400A7CEE03EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9D2C3487-A295-411A-B0A4-2F36A954252B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9EB8F932-D768-4A1C-8245-0C7A3CF52FBA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A235E216-CEBF-45E3-B605-A28EE40F0E0D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A2EFCEC2-6168-4A7E-96F5-E77CDA0E35FD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A3664657-8D8C-4437-9EC3-31A1B9B196D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A835B24D-4CCA-4CB5-B465-15C0B1EBC6FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AA317361-5120-4E1B-A22A-B059F44DD7F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B89DC144-0CBB-4135-A45C-1C64C2EA8BCF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BB4D0F43-062F-42D0-A949-DE5512509455}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C1A2F3F6-E693-487A-9DD2-B6997C1925AB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C469FFBF-5C2A-471F-8E96-8144A92BAFF1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D2FC0E20-F974-4CCF-B03F-D71D33C3C52C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D888D396-64BE-41E5-8BB2-39C4F944B210}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D8F23A7E-51C5-4481-B728-DC9346A6825E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DD997047-0645-4ADF-B9FD-C53FCC5C6167}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E316C17F-CBDF-42F5-85A1-D56916EE1BA9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E3348137-4F01-41BA-95C6-AF4EFB291ACD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F29D9357-2EA5-49DE-9730-CBE3F2520C8A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F4BA3EE6-03B3-40BC-90CD-D26C416C3C40}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F998D8CB-09C4-4F48-A508-8F532D143F98}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FBCB4819-961F-43F9-92C4-6CFF499BB002}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FD6D5C5E-8D95-4A22-8A49-BDF648099801}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BA26FE4-6E3C-42B2-9B0E-F7B01B2172CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{13B54E47-F66D-4B18-922E-F568C242A242}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{26AF5AC2-B211-4968-AB5A-C04AE0F781E7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{2A1990E9-CA0F-46E1-9415-F30F8B8695F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2D1E6860-BB85-4B17-9683-877A0692BC14}" = dir=in | app=c:\windows\system32\dleacoms.exe | 
"{3793C510-B3C6-49F4-A527-0AD477C569EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{37C5A56A-DA00-40A9-B97A-22AB4B927D86}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3F0ABA0B-F4E6-4599-9FB2-48E5B065986F}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe | 
"{4DE28A1C-427F-484F-8334-D53C8643D683}" = protocol=17 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6086116C-8D40-4AC4-AF0C-683F6538914A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{68FA6417-9601-490B-86B3-DE27692B4DF9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{72977768-DC72-4201-8129-3094C3D899A7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{7410C962-8EBB-450F-8470-5BC32058D47E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{876D21A5-5C6C-47DC-858E-6E1EC68F6CD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C523F2B-52EF-44DA-80E9-C725B428E7F0}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{91CBC189-A64E-4E17-94ED-47622025EB52}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{93A6270C-1EAB-4748-AABA-C6EDB6DBB8FE}" = protocol=6 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9D65FE11-2768-42ED-8DD9-44637E79308E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9FD02B26-61FD-4286-B838-C08A9CE8B66F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B26DEB9E-B765-41D9-96B6-2F8BC3E0413C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BBB404E9-2909-46C4-9D0E-1713E14B5C6D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C7D7976D-1AD7-4720-A2ED-B9F44CC39E54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8B87552-8878-4A90-AAF1-62C279908581}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C9D87D0D-7FB4-42A7-9735-8D1260BE0C9E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{CD7CB51A-3042-46A4-9545-B30C527535C3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D9E40E86-21AA-47DA-878A-5B4AC0D4DE60}" = protocol=6 | dir=out | app=system | 
"{DDCDA1FE-156E-4D10-BC4B-902C94865360}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{E15BB724-6AF9-4065-97AD-B84FB3C49D87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E3BD83A7-FF2D-4B82-BABC-0D9192E99DED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E77EB7B7-F9E8-447F-B7E3-DD868E794AC9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E7FEC422-5142-4041-94BF-003B794DBA6E}" = dir=in | app=c:\windows\system32\dleacoms.exe | 
"{F14D2902-8F47-4810-B496-9A6A9DCD6460}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F5004788-CA0C-4BE2-BBE2-9759D2774D4B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F853AFEC-58EE-4AED-8A28-4E5012524F75}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\devicesetup.exe | 
"{FBC3029E-F484-483D-8D53-29557E7E5213}" = dir=in | app=c:\windows\system32\dleacoms.exe | 
"TCP Query User{5A33A240-C378-4787-B1EC-9F965D17EFD2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{8617C662-E146-4152-A6E3-3C23753A3E90}C:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{C3C1060F-DE79-408B-A6A4-E5EC12A53EAA}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{EBBB75A4-DCAA-4765-A6F9-CE72D75EDEAE}C:\windows\system32\netcapiconfig.exe" = protocol=6 | dir=in | app=c:\windows\system32\netcapiconfig.exe | 
"TCP Query User{FE88CED5-B19A-4613-A22D-796FF2E13C92}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{188E1F8D-5D88-4AEB-93FC-3DB6FAE7369A}C:\windows\system32\netcapiconfig.exe" = protocol=17 | dir=in | app=c:\windows\system32\netcapiconfig.exe | 
"UDP Query User{39CC5C0E-D2D0-4C98-9218-E7C18A8BB2A1}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{42047657-504E-4609-B010-8546DC7035BD}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{85C6964E-376E-40C9-B0D2-59CD8507A5CF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{BCBFAEA7-A18D-4E13-B900-D9D96D969258}C:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Symbolleiste
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8AE086-030F-4EF4-B705-63F8130B043E}" = DigitalPersona Personal 4.01
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}" = HP Officejet 6700 Hilfe
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54F5197C-9A19-4BCF-98A1-514C5A832D84}" = Dell Backup and Recovery Manager
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62A20ECA-920E-4052-BF77-88C78DD20FAA}" = Validity Sensors DDK
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87B2E9C6-8AC1-43EF-9072-DB2EF0A49680}" = HP Officejet 6700 - Grundlegende Software für das Gerät
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BAAE49C1-2844-4614-BCB9-1485569E344D}" = pdfforge Toolbar v6.9
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C861921A-E002-498F-9800-153CCBABB9C9}" = 32 Bit HP CIO Components Installer
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F1C6C824-FF4F-4CD6-9B25-E40F750FC2E8}" = funkwerk Eumex 401 WIN-Tools V1.00
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Dell V310-V510 Series" = Dell V310-V510 Series
"Dell Webcam Central" = Dell Webcam Central
"DW WLAN Card" = DW WLAN Card
"EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.0
"Human Design Windows_is1" = Human Design Windows
"InstallShield_{F1C6C824-FF4F-4CD6-9B25-E40F750FC2E8}" = funkwerk Eumex 401 WIN-Tools V1.00
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"RealPlayer 16.0" = RealPlayer
"SynTPDeinstKey" = Dell Touchpad
"TVWiz" = Intel(R) TV Wizard
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-77484574-55448631-1565327884-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"pdfsam" = pdfsam
 
========== Last 20 Event Log Errors ==========
 
[ Cisco AnyConnect VPN Client Events ]
Error - 11.03.2013 11:00:28 | Computer Name = Sarah-PC | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 385 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE 
 
Error - 11.03.2013 11:00:34 | Computer Name = Sarah-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 5: The user is logging off the system.
 
Error - 11.03.2013 11:00:34 | Computer Name = Sarah-PC | Source = vpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\BrowserProxy.cpp Line:
 1040 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: Das System
 kann die angegebene Datei nicht finden.   
 
Error - 11.03.2013 12:21:43 | Computer Name = Sarah-PC | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  
 
Error - 11.03.2013 13:16:26 | Computer Name = SARAH-PC | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  
 
Error - 12.03.2013 02:27:53 | Computer Name = Sarah-PC | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  
 
Error - 12.03.2013 11:53:49 | Computer Name = Sarah-PC | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  
 
Error - 12.03.2013 13:42:27 | Computer Name = Sarah-PC | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  
 
Error - 13.03.2013 01:16:11 | Computer Name = Sarah-PC | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  
 
Error - 13.03.2013 01:22:58 | Computer Name = Sarah-PC | Source = vpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 31 Invoked Function: CVCMSSaxParser Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  
 
[ System Events ]
Error - 13.03.2013 01:16:12 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 dleaCATSCustConnectService erreicht.
 
Error - 13.03.2013 01:16:12 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "dleaCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 13.03.2013 01:22:59 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 dleaCATSCustConnectService erreicht.
 
Error - 13.03.2013 01:22:59 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "dleaCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >

cosinus · 13.03.2013, 10:52

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-77484574-55448631-1565327884-1003\..\SearchScopes\{CF5AB80C-DFAB-4A00-A52B-5541E27E95BF}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=3CFC0EA1-B0E7-4CF6-84DB-5EBF9DD205FC&apn_sauid=C30B4EB4-6D30-4AC4-AAFB-C7DB27D03AE7
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.6
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Chisar · 13.03.2013, 16:05

OTL die zweite:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-77484574-55448631-1565327884-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CF5AB80C-DFAB-4A00-A52B-5541E27E95BF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF5AB80C-DFAB-4A00-A52B-5541E27E95BF}\ not found.
Prefs.js: pdfforge@mybrowserbar.com:4.6 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.6 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Sarah\Desktop\cmd.bat deleted successfully.
C:\Users\Sarah\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Sarah
->Temp folder emptied: 56144 bytes
->Temporary Internet Files folder emptied: 588766969 bytes
->Java cache emptied: 28669864 bytes
->FireFox cache emptied: 73735450 bytes
->Apple Safari cache emptied: 11582464 bytes
->Flash cache emptied: 47940 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7848 bytes
RecycleBin emptied: 120 bytes
 
Total Files Cleaned = 670,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 03132013_155757

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 13.03.2013, 16:13

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Chisar · 13.03.2013, 21:34

Malwarebytes ergab

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.13.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Sarah :: SARAH-PC [Administrator]

Schutz: Deaktiviert

13.03.2013 16:32:54
mbam-log-2013-03-13 (16-32-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 215863
Laufzeit: 4 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Nachdem der ESET Online Scanner nach 2 Stunden endlich fertig war, spuckt er leider keinen logfile aus (vielleicht weil er keinen Befall feststellen konnte????)

Sag mir bitte, dass das Scannen ein Ende hat, denn ich bin am Ende.
Aber eine Frage bleibt. Wie sicher kann ich sein, dass mein System wirklich sauber ist???? Ich denke vor allem daran, wenn ich Online Banking machen will (was ich momentan natürlich vermeide).

11.03.2013, 22:03	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trend Micro Titanium Internet Security 2012 lässt sich nicht mehr starten - Verdacht auf Malware Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. __________________ Logfiles bitte immer in CODE-Tags posten

Trend Micro Titanium Internet Security 2012 lässt sich nicht mehr starten - Verdacht auf Malware

Plagegeister aller Art und deren Bekämpfung: Trend Micro Titanium Internet Security 2012 lässt sich nicht mehr starten - Verdacht auf Malware