Adserversplus.com wird in Internetexplorer angezeigt

Bene81 · 11.03.2013, 20:07

Hallo. Seit kurzem wird mir im Internetexplorer und im Firefox auf verschiedenen Seiten immer Bannerwerbung von der Seite Adserversplus.com angezeigt. Habe auch sofort nach dieser Seite gegoogelt und gelesen, dass das ein Virus ist. Könntet ihr mir helfen diesen Virus wieder Loszuwerden? Habe in anderen Foren gelesen und mit Spybot search & destroy nach viren gesucht und auch entfernt( war zu diesem Zeitpunkt noch nicht auf dieser Seite Sorry), jedoch ohne Erfolg. Danach war dann beim Firefox die Bannerwerbung weg, nur beim Internetexplorer ist sie noch immer da. Habe aber Leider auch keine Logs mehr von diesem scan.Wie muss ich jetzt weiter verfahren?

Danke schon mal im Voraus für eure Hilfe.

Anbei meine Logs gezippt, da diese zu gross waren.

cosinus · 13.03.2013, 12:49

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten

MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bene81 · 13.03.2013, 22:51

Hallo. Erstmal danke für deine Hilfe. Es ist natürlich klar dass ihr auch ein Privatleben habt, darum nur kein Stress.
Hier erst mal die Logs von Malwarebytes:

1. Scan

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.13.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
D-Schmidls :: D-SCHMIDLS-LAPI [administrator]

13.03.2013 21:52:18
mbar-log-2013-03-13 (21-52-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31414
Time elapsed: 8 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
c:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> Delete on reboot.
c:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> Delete on reboot.

(end)

2. Scan

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.13.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
D-Schmidls :: D-SCHMIDLS-LAPI [administrator]

13.03.2013 22:10:39
mbar-log-2013-03-13 (22-10-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31416
Time elapsed: 13 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

aswMBR hat bei mir mit einem Fehler abgebrochen, habe eine Screenshot gemacht, siehe Anhang.

Log TDSS Killer:

Code:

ATTFilter

22:30:31.0956 5248  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:30:32.0203 5248  ============================================================
22:30:32.0203 5248  Current date / time: 2013/03/13 22:30:32.0203
22:30:32.0203 5248  SystemInfo:
22:30:32.0203 5248  
22:30:32.0203 5248  OS Version: 6.1.7601 ServicePack: 1.0
22:30:32.0203 5248  Product type: Workstation
22:30:32.0204 5248  ComputerName: D-SCHMIDLS-LAPI
22:30:32.0204 5248  UserName: D-Schmidls
22:30:32.0204 5248  Windows directory: C:\Windows
22:30:32.0204 5248  System windows directory: C:\Windows
22:30:32.0204 5248  Running under WOW64
22:30:32.0204 5248  Processor architecture: Intel x64
22:30:32.0204 5248  Number of processors: 4
22:30:32.0204 5248  Page size: 0x1000
22:30:32.0204 5248  Boot type: Normal boot
22:30:32.0204 5248  ============================================================
22:30:32.0845 5248  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:30:32.0852 5248  ============================================================
22:30:32.0852 5248  \Device\Harddisk0\DR0:
22:30:32.0852 5248  MBR partitions:
22:30:32.0852 5248  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
22:30:32.0852 5248  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x6ECA1800
22:30:32.0852 5248  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6ED06000, BlocksNum 0x32F0000
22:30:32.0852 5248  ============================================================
22:30:32.0872 5248  C: <-> \Device\Harddisk0\DR0\Partition2
22:30:32.0923 5248  D: <-> \Device\Harddisk0\DR0\Partition3
22:30:32.0923 5248  ============================================================
22:30:32.0924 5248  Initialize success
22:30:32.0924 5248  ============================================================
22:30:47.0487 4864  ============================================================
22:30:47.0487 4864  Scan started
22:30:47.0487 4864  Mode: Manual; 
22:30:47.0487 4864  ============================================================
22:30:47.0758 4864  ================ Scan system memory ========================
22:30:47.0758 4864  System memory - ok
22:30:47.0759 4864  ================ Scan services =============================
22:30:47.0910 4864  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:30:47.0912 4864  1394ohci - ok
22:30:47.0938 4864  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:30:47.0941 4864  ACPI - ok
22:30:47.0982 4864  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:30:47.0983 4864  AcpiPmi - ok
22:30:48.0031 4864  [ 5E813B11629007309E4FC0F0FD2B7C30 ] ACPIVPC         C:\Windows\system32\DRIVERS\AcpiVpc.sys
22:30:48.0032 4864  ACPIVPC - ok
22:30:48.0208 4864  [ 3DAE5FF8F8651766155B05A14D317C83 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
22:30:48.0216 4864  AcrSch2Svc - ok
22:30:48.0318 4864  [ D22791FCF6AD10A5591C719C37457A24 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
22:30:48.0330 4864  Ad-Aware Service - ok
22:30:48.0450 4864  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:30:48.0451 4864  AdobeARMservice - ok
22:30:48.0584 4864  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:30:48.0586 4864  AdobeFlashPlayerUpdateSvc - ok
22:30:48.0676 4864  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:30:48.0681 4864  adp94xx - ok
22:30:48.0724 4864  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:30:48.0728 4864  adpahci - ok
22:30:48.0756 4864  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:30:48.0758 4864  adpu320 - ok
22:30:48.0793 4864  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:30:48.0795 4864  AeLookupSvc - ok
22:30:48.0847 4864  [ 1EE367DEC27E3CE00657F5BB71F5F7A7 ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
22:30:48.0850 4864  afcdp - ok
22:30:48.0932 4864  [ A5B21FF40D3742E20F5FED6594D292D4 ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
22:30:48.0950 4864  afcdpsrv - ok
22:30:49.0012 4864  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:30:49.0014 4864  AFD - ok
22:30:49.0057 4864  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:30:49.0057 4864  agp440 - ok
22:30:49.0083 4864  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:30:49.0084 4864  ALG - ok
22:30:49.0131 4864  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:30:49.0132 4864  aliide - ok
22:30:49.0139 4864  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:30:49.0140 4864  amdide - ok
22:30:49.0145 4864  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:30:49.0147 4864  AmdK8 - ok
22:30:49.0172 4864  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
22:30:49.0173 4864  AmdPPM - ok
22:30:49.0217 4864  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:30:49.0219 4864  amdsata - ok
22:30:49.0244 4864  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:30:49.0247 4864  amdsbs - ok
22:30:49.0264 4864  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:30:49.0265 4864  amdxata - ok
22:30:49.0289 4864  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:30:49.0290 4864  AppID - ok
22:30:49.0318 4864  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:30:49.0319 4864  AppIDSvc - ok
22:30:49.0336 4864  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
22:30:49.0337 4864  Appinfo - ok
22:30:49.0416 4864  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:30:49.0418 4864  Apple Mobile Device - ok
22:30:49.0424 4864  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
22:30:49.0426 4864  arc - ok
22:30:49.0447 4864  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:30:49.0449 4864  arcsas - ok
22:30:49.0499 4864  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:30:49.0500 4864  AsyncMac - ok
22:30:49.0552 4864  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:30:49.0553 4864  atapi - ok
22:30:49.0588 4864  [ 78B183A794A08978EA0A8D017054352B ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
22:30:49.0589 4864  AthBTPort - ok
22:30:49.0635 4864  [ 42EF52D591A53CBE43D82C6C96F50A59 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
22:30:49.0664 4864  AtherosSvc - ok
22:30:49.0754 4864  [ 6C496450404ABDC887E56DF462B34255 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
22:30:49.0768 4864  athr - ok
22:30:49.0830 4864  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:30:49.0833 4864  AudioEndpointBuilder - ok
22:30:49.0842 4864  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:30:49.0845 4864  AudioSrv - ok
22:30:49.0887 4864  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:30:49.0889 4864  AxInstSV - ok
22:30:49.0944 4864  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:30:49.0949 4864  b06bdrv - ok
22:30:49.0997 4864  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:30:50.0000 4864  b57nd60a - ok
22:30:50.0049 4864  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:30:50.0051 4864  BDESVC - ok
22:30:50.0085 4864  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:30:50.0086 4864  Beep - ok
22:30:50.0145 4864  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:30:50.0152 4864  BFE - ok
22:30:50.0202 4864  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
22:30:50.0211 4864  BITS - ok
22:30:50.0264 4864  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:30:50.0265 4864  blbdrive - ok
22:30:50.0342 4864  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:30:50.0347 4864  Bonjour Service - ok
22:30:50.0395 4864  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:30:50.0397 4864  bowser - ok
22:30:50.0423 4864  [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv         C:\Windows\system32\drivers\BPntDrv.sys
22:30:50.0424 4864  BPntDrv - ok
22:30:50.0445 4864  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:30:50.0446 4864  BrFiltLo - ok
22:30:50.0450 4864  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:30:50.0451 4864  BrFiltUp - ok
22:30:50.0474 4864  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
22:30:50.0476 4864  Browser - ok
22:30:50.0497 4864  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:30:50.0500 4864  Brserid - ok
22:30:50.0519 4864  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:30:50.0520 4864  BrSerWdm - ok
22:30:50.0525 4864  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:30:50.0526 4864  BrUsbMdm - ok
22:30:50.0540 4864  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:30:50.0541 4864  BrUsbSer - ok
22:30:50.0594 4864  [ EDEBD26DF631A78483707C3F7429027F ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
22:30:50.0598 4864  BTATH_A2DP - ok
22:30:50.0609 4864  [ 2F22177BFEA75326DC0C535D71985A4E ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
22:30:50.0611 4864  btath_avdt - ok
22:30:50.0665 4864  [ D438A33D568C76C24E8D7394981F42DC ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
22:30:50.0666 4864  BTATH_BUS - ok
22:30:50.0683 4864  [ 6EFA8C93009E0BE0886C2422C7D20BC5 ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
22:30:50.0685 4864  BTATH_HCRP - ok
22:30:50.0710 4864  [ 168506D0F0C8DF588F8A7E25C58A2DE6 ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
22:30:50.0711 4864  BTATH_LWFLT - ok
22:30:50.0735 4864  [ 7C8FB1D73BD279DD914CCA6ED0F4F62B ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
22:30:50.0739 4864  BTATH_RCP - ok
22:30:50.0785 4864  [ 58D67C18894F96E89C076150BB76AD40 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
22:30:50.0791 4864  BtFilter - ok
22:30:50.0856 4864  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
22:30:50.0857 4864  BthEnum - ok
22:30:50.0888 4864  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:30:50.0889 4864  BTHMODEM - ok
22:30:50.0941 4864  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:30:50.0943 4864  BthPan - ok
22:30:50.0967 4864  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
22:30:50.0973 4864  BTHPORT - ok
22:30:51.0024 4864  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:30:51.0025 4864  bthserv - ok
22:30:51.0041 4864  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
22:30:51.0042 4864  BTHUSB - ok
22:30:51.0091 4864  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:30:51.0092 4864  cdfs - ok
22:30:51.0147 4864  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:30:51.0149 4864  cdrom - ok
22:30:51.0216 4864  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:30:51.0218 4864  CertPropSvc - ok
22:30:51.0240 4864  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
22:30:51.0241 4864  circlass - ok
22:30:51.0291 4864  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:30:51.0296 4864  CLFS - ok
22:30:51.0403 4864  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:30:51.0405 4864  clr_optimization_v2.0.50727_32 - ok
22:30:51.0453 4864  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:30:51.0454 4864  clr_optimization_v2.0.50727_64 - ok
22:30:51.0521 4864  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:30:51.0523 4864  clr_optimization_v4.0.30319_32 - ok
22:30:51.0561 4864  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:30:51.0563 4864  clr_optimization_v4.0.30319_64 - ok
22:30:51.0618 4864  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
22:30:51.0619 4864  clwvd - ok
22:30:51.0669 4864  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:30:51.0670 4864  CmBatt - ok
22:30:51.0690 4864  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:30:51.0691 4864  cmdide - ok
22:30:51.0765 4864  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
22:30:51.0770 4864  CNG - ok
22:30:51.0865 4864  [ 9F6DE1995A188615CEEE908E750A34ED ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
22:30:51.0880 4864  CnxtHdAudService - ok
22:30:51.0924 4864  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:30:51.0925 4864  Compbatt - ok
22:30:51.0976 4864  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:30:51.0977 4864  CompositeBus - ok
22:30:52.0005 4864  COMSysApp - ok
22:30:52.0051 4864  [ 815F3180B5117E42E422188E9CCC89C6 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
22:30:52.0055 4864  cphs - ok
22:30:52.0079 4864  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:30:52.0080 4864  crcdisk - ok
22:30:52.0131 4864  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:30:52.0134 4864  CryptSvc - ok
22:30:52.0203 4864  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:30:52.0211 4864  cvhsvc - ok
22:30:52.0285 4864  [ F160B26B26BA4AFE8CECC12ED5AC231E ] CxAudMsg        C:\Windows\system32\CxAudMsg64.exe
22:30:52.0288 4864  CxAudMsg - ok
22:30:52.0342 4864  [ 56F4750B7F0CE969E43DE2A76DDA5A5F ] DamageGuard     C:\Windows\system32\DRIVERS\DamageGuardX64.sys
22:30:52.0344 4864  DamageGuard - ok
22:30:52.0417 4864  [ 75974DA59BA3D2E3DCE9386493A31F54 ] DamageGuardSvc  C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe
22:30:52.0423 4864  DamageGuardSvc - ok
22:30:52.0494 4864  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:30:52.0502 4864  DcomLaunch - ok
22:30:52.0567 4864  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:30:52.0570 4864  defragsvc - ok
22:30:52.0619 4864  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:30:52.0621 4864  DfsC - ok
22:30:52.0641 4864  [ 5014042B07FE6CBE0E6C737AA3F1EBFC ] dgFltr          C:\Windows\system32\drivers\dgFltrX64.sys
22:30:52.0642 4864  dgFltr - ok
22:30:52.0726 4864  [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
22:30:52.0728 4864  dg_ssudbus - ok
22:30:52.0780 4864  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:30:52.0783 4864  Dhcp - ok
22:30:52.0823 4864  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:30:52.0824 4864  discache - ok
22:30:52.0880 4864  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
22:30:52.0881 4864  Disk - ok
22:30:52.0931 4864  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:30:52.0934 4864  Dnscache - ok
22:30:52.0952 4864  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:30:52.0956 4864  dot3svc - ok
22:30:52.0970 4864  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:30:52.0973 4864  DPS - ok
22:30:53.0026 4864  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:30:53.0026 4864  drmkaud - ok
22:30:53.0063 4864  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:30:53.0072 4864  DXGKrnl - ok
22:30:53.0101 4864  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:30:53.0102 4864  EapHost - ok
22:30:53.0174 4864  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:30:53.0188 4864  ebdrv - ok
22:30:53.0205 4864  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:30:53.0206 4864  EFS - ok
22:30:53.0291 4864  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:30:53.0298 4864  ehRecvr - ok
22:30:53.0314 4864  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:30:53.0316 4864  ehSched - ok
22:30:53.0394 4864  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:30:53.0399 4864  elxstor - ok
22:30:53.0404 4864  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:30:53.0405 4864  ErrDev - ok
22:30:53.0472 4864  [ 4B18C33EEDD15BD2AAF99807D36555B3 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
22:30:53.0473 4864  ETD - ok
22:30:53.0501 4864  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:30:53.0506 4864  EventSystem - ok
22:30:53.0550 4864  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:30:53.0552 4864  exfat - ok
22:30:53.0570 4864  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:30:53.0572 4864  fastfat - ok
22:30:53.0626 4864  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:30:53.0633 4864  Fax - ok
22:30:53.0670 4864  [ 0BDD7984DB7AAFF6DFEFD11D82D473DB ] fbfmon          C:\Windows\system32\drivers\fbfmon.sys
22:30:53.0671 4864  fbfmon - ok
22:30:53.0676 4864  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
22:30:53.0677 4864  fdc - ok
22:30:53.0706 4864  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:30:53.0708 4864  fdPHost - ok
22:30:53.0754 4864  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:30:53.0756 4864  FDResPub - ok
22:30:53.0814 4864  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:30:53.0815 4864  FileInfo - ok
22:30:53.0828 4864  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:30:53.0829 4864  Filetrace - ok
22:30:53.0902 4864  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:30:53.0908 4864  FLEXnet Licensing Service - ok
22:30:53.0939 4864  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:30:53.0939 4864  flpydisk - ok
22:30:53.0958 4864  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:30:53.0961 4864  FltMgr - ok
22:30:54.0039 4864  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
22:30:54.0050 4864  FontCache - ok
22:30:54.0090 4864  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:30:54.0091 4864  FontCache3.0.0.0 - ok
22:30:54.0117 4864  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:30:54.0118 4864  FsDepends - ok
22:30:54.0164 4864  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
22:30:54.0165 4864  fssfltr - ok
22:30:54.0242 4864  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:30:54.0256 4864  fsssvc - ok
22:30:54.0278 4864  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:30:54.0279 4864  Fs_Rec - ok
22:30:54.0333 4864  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:30:54.0336 4864  fvevol - ok
22:30:54.0378 4864  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:30:54.0380 4864  gagp30kx - ok
22:30:54.0406 4864  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:30:54.0407 4864  GEARAspiWDM - ok
22:30:54.0493 4864  [ 14908F4F9005C29DE8F5587E271390EE ] gfibto          C:\Windows\system32\drivers\gfibto.sys
22:30:54.0494 4864  gfibto - ok
22:30:54.0532 4864  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:30:54.0540 4864  gpsvc - ok
22:30:54.0600 4864  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:30:54.0602 4864  gupdate - ok
22:30:54.0607 4864  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:30:54.0609 4864  gupdatem - ok
22:30:54.0626 4864  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:30:54.0627 4864  hcw85cir - ok
22:30:54.0648 4864  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:30:54.0653 4864  HdAudAddService - ok
22:30:54.0696 4864  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:30:54.0698 4864  HDAudBus - ok
22:30:54.0718 4864  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:30:54.0719 4864  HidBatt - ok
22:30:54.0736 4864  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:30:54.0737 4864  HidBth - ok
22:30:54.0761 4864  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:30:54.0762 4864  HidIr - ok
22:30:54.0793 4864  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
22:30:54.0795 4864  hidserv - ok
22:30:54.0836 4864  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:30:54.0837 4864  HidUsb - ok
22:30:54.0884 4864  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:30:54.0886 4864  hkmsvc - ok
22:30:54.0933 4864  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:30:54.0936 4864  HomeGroupListener - ok
22:30:54.0956 4864  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:30:54.0960 4864  HomeGroupProvider - ok
22:30:55.0007 4864  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:30:55.0009 4864  HpSAMD - ok
22:30:55.0054 4864  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:30:55.0060 4864  HTTP - ok
22:30:55.0075 4864  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:30:55.0076 4864  hwpolicy - ok
22:30:55.0145 4864  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:30:55.0147 4864  i8042prt - ok
22:30:55.0190 4864  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
22:30:55.0195 4864  iaStor - ok
22:30:55.0291 4864  [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:30:55.0292 4864  IAStorDataMgrSvc - ok
22:30:55.0347 4864  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:30:55.0351 4864  iaStorV - ok
22:30:55.0441 4864  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:30:55.0443 4864  IDriverT - ok
22:30:55.0489 4864  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:30:55.0497 4864  idsvc - ok
22:30:55.0622 4864  [ 348214F96642FD4FEF630DE021BA3540 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:30:55.0647 4864  igfx - ok
22:30:55.0711 4864  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:30:55.0712 4864  iirsp - ok
22:30:55.0755 4864  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:30:55.0763 4864  IKEEXT - ok
22:30:55.0818 4864  [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
22:30:55.0822 4864  IntcDAud - ok
22:30:55.0928 4864  [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
22:30:56.0741 4864  Intel(R) Capability Licensing Service Interface - ok
22:30:56.0777 4864  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:30:56.0778 4864  intelide - ok
22:30:56.0824 4864  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:30:56.0825 4864  intelppm - ok
22:30:56.0862 4864  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:30:56.0863 4864  IPBusEnum - ok
22:30:56.0867 4864  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:30:56.0869 4864  IpFilterDriver - ok
22:30:56.0950 4864  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:30:56.0957 4864  iphlpsvc - ok
22:30:56.0969 4864  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:30:56.0971 4864  IPMIDRV - ok
22:30:56.0977 4864  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:30:56.0979 4864  IPNAT - ok
22:30:57.0070 4864  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:30:57.0076 4864  iPod Service - ok
22:30:57.0125 4864  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:30:57.0126 4864  IRENUM - ok
22:30:57.0131 4864  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:30:57.0132 4864  isapnp - ok
22:30:57.0162 4864  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:30:57.0165 4864  iScsiPrt - ok
22:30:57.0219 4864  [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
22:30:57.0220 4864  iusb3hcs - ok
22:30:57.0253 4864  [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
22:30:57.0257 4864  iusb3hub - ok
22:30:57.0283 4864  [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
22:30:57.0290 4864  iusb3xhc - ok
22:30:57.0356 4864  [ 09CA717536671E0896E07D239EE6740F ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
22:30:57.0358 4864  jhi_service - ok
22:30:57.0414 4864  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:30:57.0415 4864  kbdclass - ok
22:30:57.0464 4864  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:30:57.0465 4864  kbdhid - ok
22:30:57.0487 4864  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:30:57.0489 4864  KeyIso - ok
22:30:57.0519 4864  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:30:57.0520 4864  KSecDD - ok
22:30:57.0540 4864  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:30:57.0542 4864  KSecPkg - ok
22:30:57.0555 4864  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:30:57.0556 4864  ksthunk - ok
22:30:57.0591 4864  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:30:57.0596 4864  KtmRm - ok
22:30:57.0645 4864  [ FC741259B7C22379EE83257D7CF91151 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
22:30:57.0647 4864  L1C - ok
22:30:57.0708 4864  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:30:57.0712 4864  LanmanServer - ok
22:30:57.0766 4864  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:30:57.0770 4864  LanmanWorkstation - ok
22:30:57.0787 4864  [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr          C:\Windows\system32\DRIVERS\LhdX64.sys
22:30:57.0788 4864  LHDmgr - ok
22:30:57.0847 4864  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:30:57.0849 4864  lltdio - ok
22:30:57.0884 4864  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:30:57.0888 4864  lltdsvc - ok
22:30:57.0940 4864  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:30:57.0942 4864  lmhosts - ok
22:30:58.0001 4864  [ A60D56228FF3EE7EC1A56A908924680E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:30:58.0005 4864  LMS - ok
22:30:58.0072 4864  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:30:58.0074 4864  LSI_FC - ok
22:30:58.0086 4864  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:30:58.0088 4864  LSI_SAS - ok
22:30:58.0094 4864  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:30:58.0096 4864  LSI_SAS2 - ok
22:30:58.0109 4864  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:30:58.0111 4864  LSI_SCSI - ok
22:30:58.0142 4864  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:30:58.0144 4864  luafv - ok
22:30:58.0198 4864  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:30:58.0200 4864  Mcx2Svc - ok
22:30:58.0206 4864  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:30:58.0207 4864  megasas - ok
22:30:58.0230 4864  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:30:58.0233 4864  MegaSR - ok
22:30:58.0283 4864  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
22:30:58.0284 4864  MEIx64 - ok
22:30:58.0374 4864  Microsoft SharePoint Workspace Audit Service - ok
22:30:58.0407 4864  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:30:58.0410 4864  MMCSS - ok
22:30:58.0428 4864  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:30:58.0429 4864  Modem - ok
22:30:58.0474 4864  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:30:58.0475 4864  monitor - ok
22:30:58.0514 4864  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:30:58.0516 4864  mouclass - ok
22:30:58.0560 4864  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:30:58.0561 4864  mouhid - ok
22:30:58.0605 4864  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:30:58.0607 4864  mountmgr - ok
22:30:58.0680 4864  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:30:58.0682 4864  MozillaMaintenance - ok
22:30:58.0716 4864  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
22:30:58.0719 4864  MpFilter - ok
22:30:58.0746 4864  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:30:58.0747 4864  mpio - ok
22:30:58.0764 4864  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:30:58.0765 4864  mpsdrv - ok
22:30:58.0801 4864  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:30:58.0809 4864  MpsSvc - ok
22:30:58.0816 4864  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:30:58.0817 4864  MRxDAV - ok
22:30:58.0854 4864  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:30:58.0857 4864  mrxsmb - ok
22:30:58.0869 4864  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:30:58.0872 4864  mrxsmb10 - ok
22:30:58.0889 4864  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:30:58.0891 4864  mrxsmb20 - ok
22:30:58.0908 4864  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:30:58.0909 4864  msahci - ok
22:30:58.0924 4864  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:30:58.0926 4864  msdsm - ok
22:30:58.0940 4864  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:30:58.0943 4864  MSDTC - ok
22:30:58.0991 4864  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:30:58.0992 4864  Msfs - ok
22:30:58.0998 4864  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:30:58.0999 4864  mshidkmdf - ok
22:30:59.0012 4864  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:30:59.0013 4864  msisadrv - ok
22:30:59.0070 4864  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:30:59.0073 4864  MSiSCSI - ok
22:30:59.0078 4864  msiserver - ok
22:30:59.0118 4864  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:30:59.0119 4864  MSKSSRV - ok
22:30:59.0204 4864  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:30:59.0205 4864  MsMpSvc - ok
22:30:59.0224 4864  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:30:59.0225 4864  MSPCLOCK - ok
22:30:59.0243 4864  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:30:59.0244 4864  MSPQM - ok
22:30:59.0260 4864  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:30:59.0264 4864  MsRPC - ok
22:30:59.0281 4864  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:30:59.0282 4864  mssmbios - ok
22:30:59.0313 4864  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:30:59.0314 4864  MSTEE - ok
22:30:59.0324 4864  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:30:59.0325 4864  MTConfig - ok
22:30:59.0355 4864  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:30:59.0357 4864  Mup - ok
22:30:59.0388 4864  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:30:59.0394 4864  napagent - ok
22:30:59.0451 4864  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:30:59.0455 4864  NativeWifiP - ok
22:30:59.0524 4864  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:30:59.0533 4864  NDIS - ok
22:30:59.0554 4864  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:30:59.0555 4864  NdisCap - ok
22:30:59.0601 4864  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:30:59.0602 4864  NdisTapi - ok
22:30:59.0644 4864  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:30:59.0645 4864  Ndisuio - ok
22:30:59.0662 4864  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:30:59.0664 4864  NdisWan - ok
22:30:59.0676 4864  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:30:59.0677 4864  NDProxy - ok
22:30:59.0712 4864  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:30:59.0713 4864  NetBIOS - ok
22:30:59.0727 4864  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:30:59.0729 4864  NetBT - ok
22:30:59.0772 4864  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:30:59.0774 4864  Netlogon - ok
22:30:59.0840 4864  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:30:59.0846 4864  Netman - ok
22:30:59.0864 4864  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:30:59.0869 4864  netprofm - ok
22:30:59.0892 4864  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:30:59.0894 4864  NetTcpPortSharing - ok
22:30:59.0933 4864  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:30:59.0934 4864  nfrd960 - ok
22:30:59.0966 4864  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:30:59.0968 4864  NisDrv - ok
22:30:59.0994 4864  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
22:30:59.0998 4864  NisSrv - ok
22:31:00.0080 4864  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:31:00.0084 4864  NlaSvc - ok
22:31:00.0116 4864  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:31:00.0118 4864  Npfs - ok
22:31:00.0185 4864  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:31:00.0188 4864  nsi - ok
22:31:00.0226 4864  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:31:00.0227 4864  nsiproxy - ok
22:31:00.0321 4864  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:31:00.0337 4864  Ntfs - ok
22:31:00.0391 4864  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:31:00.0392 4864  Null - ok
22:31:01.0188 4864  [ 2CCA18C2B3CF18201B0F6204A4BC5A52 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:31:01.0241 4864  nvlddmkm - ok
22:31:01.0270 4864  [ D70BC3FE775AAFB58FE353B5965657DF ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
22:31:01.0270 4864  nvpciflt - ok
22:31:01.0322 4864  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:31:01.0324 4864  nvraid - ok
22:31:01.0349 4864  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:31:01.0351 4864  nvstor - ok
22:31:01.0393 4864  [ 3ADFA793E3A5E465EA362E38C598ED71 ] nvsvc           C:\Windows\system32\nvvsvc.exe
22:31:01.0403 4864  nvsvc - ok
22:31:01.0494 4864  [ 3E186CE5CB2A95B7E5E15C3FBE681A34 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:31:01.0517 4864  nvUpdatusService - ok
22:31:01.0534 4864  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:31:01.0534 4864  nv_agp - ok
22:31:01.0579 4864  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:31:01.0581 4864  ohci1394 - ok
22:31:01.0627 4864  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:31:01.0629 4864  ose - ok
22:31:01.0788 4864  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:31:01.0811 4864  osppsvc - ok
22:31:01.0871 4864  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:31:01.0876 4864  p2pimsvc - ok
22:31:01.0897 4864  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:31:01.0904 4864  p2psvc - ok
22:31:01.0930 4864  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
22:31:01.0931 4864  Parport - ok
22:31:01.0957 4864  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:31:01.0958 4864  partmgr - ok
22:31:01.0970 4864  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:31:01.0973 4864  PcaSvc - ok
22:31:01.0989 4864  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:31:01.0991 4864  pci - ok
22:31:02.0006 4864  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:31:02.0007 4864  pciide - ok
22:31:02.0021 4864  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:31:02.0023 4864  pcmcia - ok
22:31:02.0038 4864  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:31:02.0039 4864  pcw - ok
22:31:02.0062 4864  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:31:02.0067 4864  PEAUTH - ok
22:31:02.0123 4864  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:31:02.0126 4864  PerfHost - ok
22:31:02.0180 4864  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:31:02.0194 4864  pla - ok
22:31:02.0254 4864  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:31:02.0260 4864  PlugPlay - ok
22:31:02.0281 4864  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:31:02.0283 4864  PNRPAutoReg - ok
22:31:02.0303 4864  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:31:02.0307 4864  PNRPsvc - ok
22:31:02.0347 4864  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:31:02.0352 4864  PolicyAgent - ok
22:31:02.0386 4864  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:31:02.0391 4864  Power - ok
22:31:02.0437 4864  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:31:02.0439 4864  PptpMiniport - ok
22:31:02.0455 4864  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
22:31:02.0456 4864  Processor - ok
22:31:02.0477 4864  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:31:02.0479 4864  ProfSvc - ok
22:31:02.0490 4864  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:31:02.0491 4864  ProtectedStorage - ok
22:31:02.0534 4864  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:31:02.0536 4864  Psched - ok
22:31:02.0592 4864  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:31:02.0606 4864  ql2300 - ok
22:31:02.0627 4864  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:31:02.0629 4864  ql40xx - ok
22:31:02.0661 4864  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:31:02.0665 4864  QWAVE - ok
22:31:02.0678 4864  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:31:02.0679 4864  QWAVEdrv - ok
22:31:02.0690 4864  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:31:02.0691 4864  RasAcd - ok
22:31:02.0746 4864  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:31:02.0747 4864  RasAgileVpn - ok
22:31:02.0765 4864  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:31:02.0769 4864  RasAuto - ok
22:31:02.0794 4864  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:31:02.0795 4864  Rasl2tp - ok
22:31:02.0816 4864  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:31:02.0820 4864  RasMan - ok
22:31:02.0856 4864  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:31:02.0857 4864  RasPppoe - ok
22:31:02.0872 4864  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:31:02.0873 4864  RasSstp - ok
22:31:02.0891 4864  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:31:02.0893 4864  rdbss - ok
22:31:02.0908 4864  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
22:31:02.0909 4864  rdpbus - ok
22:31:02.0958 4864  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:31:02.0959 4864  RDPCDD - ok
22:31:02.0980 4864  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:31:02.0981 4864  RDPENCDD - ok
22:31:03.0010 4864  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:31:03.0011 4864  RDPREFMP - ok
22:31:03.0052 4864  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:31:03.0055 4864  RDPWD - ok
22:31:03.0115 4864  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:31:03.0118 4864  rdyboost - ok
22:31:03.0185 4864  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:31:03.0188 4864  RemoteAccess - ok
22:31:03.0216 4864  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:31:03.0220 4864  RemoteRegistry - ok
22:31:03.0269 4864  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:31:03.0271 4864  RFCOMM - ok
22:31:03.0286 4864  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:31:03.0289 4864  RpcEptMapper - ok
22:31:03.0304 4864  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:31:03.0306 4864  RpcLocator - ok
22:31:03.0344 4864  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:31:03.0350 4864  RpcSs - ok
22:31:03.0403 4864  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:31:03.0405 4864  rspndr - ok
22:31:03.0478 4864  [ 88AB579F407A3D02918B8DCC4E6E34B3 ] RSUSBVSTOR      C:\Windows\system32\Drivers\RtsUVStor.sys
22:31:03.0482 4864  RSUSBVSTOR - ok
22:31:03.0500 4864  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:31:03.0502 4864  SamSs - ok
22:31:03.0637 4864  [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc         C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
22:31:03.0656 4864  SBAMSvc - ok
22:31:03.0706 4864  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:31:03.0706 4864  sbp2port - ok
22:31:03.0745 4864  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:31:03.0749 4864  SCardSvr - ok
22:31:03.0776 4864  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:31:03.0777 4864  scfilter - ok
22:31:03.0804 4864  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:31:03.0816 4864  Schedule - ok
22:31:03.0840 4864  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:31:03.0841 4864  SCPolicySvc - ok
22:31:03.0875 4864  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:31:03.0879 4864  SDRSVC - ok
22:31:03.0937 4864  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:31:03.0938 4864  secdrv - ok
22:31:03.0950 4864  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:31:03.0953 4864  seclogon - ok
22:31:03.0972 4864  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:31:03.0976 4864  SENS - ok
22:31:04.0022 4864  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:31:04.0025 4864  SensrSvc - ok
22:31:04.0036 4864  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:31:04.0037 4864  Serenum - ok
22:31:04.0051 4864  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
22:31:04.0053 4864  Serial - ok
22:31:04.0066 4864  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:31:04.0067 4864  sermouse - ok
22:31:04.0091 4864  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:31:04.0095 4864  SessionEnv - ok
22:31:04.0113 4864  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:31:04.0114 4864  sffdisk - ok
22:31:04.0122 4864  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:31:04.0123 4864  sffp_mmc - ok
22:31:04.0128 4864  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:31:04.0129 4864  sffp_sd - ok
22:31:04.0133 4864  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:31:04.0134 4864  sfloppy - ok
22:31:04.0211 4864  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
22:31:04.0218 4864  Sftfs - ok
22:31:04.0264 4864  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:31:04.0269 4864  sftlist - ok
22:31:04.0301 4864  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:31:04.0304 4864  Sftplay - ok
22:31:04.0318 4864  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:31:04.0319 4864  Sftredir - ok
22:31:04.0335 4864  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
22:31:04.0336 4864  Sftvol - ok
22:31:04.0348 4864  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:31:04.0351 4864  sftvsa - ok
22:31:04.0388 4864  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:31:04.0393 4864  SharedAccess - ok
22:31:04.0433 4864  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:31:04.0439 4864  ShellHWDetection - ok
22:31:04.0490 4864  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:31:04.0491 4864  SiSRaid2 - ok
22:31:04.0497 4864  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:31:04.0499 4864  SiSRaid4 - ok
22:31:04.0525 4864  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:31:04.0527 4864  Smb - ok
22:31:04.0568 4864  [ 27BA49F89468FDDAE6C2B311C53BCE3A ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
22:31:04.0570 4864  snapman - ok
22:31:04.0610 4864  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:31:04.0613 4864  SNMPTRAP - ok
22:31:04.0647 4864  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:31:04.0648 4864  spldr - ok
22:31:04.0691 4864  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:31:04.0698 4864  Spooler - ok
22:31:04.0780 4864  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:31:04.0801 4864  sppsvc - ok
22:31:04.0834 4864  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:31:04.0835 4864  sppuinotify - ok
22:31:04.0889 4864  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:31:04.0894 4864  srv - ok
22:31:04.0921 4864  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:31:04.0925 4864  srv2 - ok
22:31:04.0937 4864  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:31:04.0939 4864  srvnet - ok
22:31:04.0980 4864  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:31:04.0983 4864  SSDPSRV - ok
22:31:04.0990 4864  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:31:04.0993 4864  SstpSvc - ok
22:31:05.0041 4864  [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
22:31:05.0044 4864  ssudmdm - ok
22:31:05.0084 4864  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:31:05.0085 4864  stexstor - ok
22:31:05.0123 4864  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:31:05.0131 4864  stisvc - ok
22:31:05.0152 4864  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:31:05.0152 4864  swenum - ok
22:31:05.0227 4864  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:31:05.0232 4864  SwitchBoard - ok
22:31:05.0275 4864  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:31:05.0283 4864  swprv - ok
22:31:05.0354 4864  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:31:05.0372 4864  SysMain - ok
22:31:05.0403 4864  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:31:05.0405 4864  TabletInputService - ok
22:31:05.0426 4864  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:31:05.0429 4864  TapiSrv - ok
22:31:05.0448 4864  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:31:05.0450 4864  TBS - ok
22:31:05.0508 4864  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:31:05.0518 4864  Tcpip - ok
22:31:05.0560 4864  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:31:05.0570 4864  TCPIP6 - ok
22:31:05.0599 4864  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:31:05.0600 4864  tcpipreg - ok
22:31:05.0633 4864  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:31:05.0634 4864  TDPIPE - ok
22:31:05.0686 4864  [ BF7AC81DF6FBE09438D9DC7188178EA9 ] tdrpman258      C:\Windows\system32\DRIVERS\tdrpm258.sys
22:31:05.0700 4864  tdrpman258 - ok
22:31:05.0731 4864  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:31:05.0732 4864  TDTCP - ok
22:31:05.0750 4864  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:31:05.0752 4864  tdx - ok
22:31:05.0776 4864  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:31:05.0777 4864  TermDD - ok
22:31:05.0828 4864  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:31:05.0838 4864  TermService - ok
22:31:05.0864 4864  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:31:05.0867 4864  Themes - ok
22:31:05.0885 4864  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:31:05.0887 4864  THREADORDER - ok
22:31:05.0938 4864  [ 2C1CAF5563548A15515EAB07D2A069C6 ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
22:31:05.0947 4864  timounter - ok
22:31:05.0992 4864  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
22:31:05.0994 4864  TPM - ok
22:31:06.0017 4864  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:31:06.0020 4864  TrkWks - ok
22:31:06.0074 4864  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:31:06.0077 4864  TrustedInstaller - ok
22:31:06.0102 4864  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:31:06.0104 4864  tssecsrv - ok
22:31:06.0126 4864  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:31:06.0127 4864  TsUsbFlt - ok
22:31:06.0132 4864  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:31:06.0133 4864  TsUsbGD - ok
22:31:06.0180 4864  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:31:06.0182 4864  tunnel - ok
22:31:06.0207 4864  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:31:06.0209 4864  uagp35 - ok
22:31:06.0233 4864  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:31:06.0237 4864  udfs - ok
22:31:06.0281 4864  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:31:06.0284 4864  UI0Detect - ok
22:31:06.0303 4864  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:31:06.0305 4864  uliagpkx - ok
22:31:06.0345 4864  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:31:06.0346 4864  umbus - ok
22:31:06.0351 4864  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:31:06.0353 4864  UmPass - ok
22:31:06.0424 4864  [ A0153CC9D28568A10BDAEE5EC612CFC8 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:31:06.0428 4864  UNS - ok
22:31:06.0469 4864  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:31:06.0475 4864  upnphost - ok
22:31:06.0527 4864  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
22:31:06.0529 4864  USBAAPL64 - ok
22:31:06.0545 4864  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:31:06.0547 4864  usbccgp - ok
22:31:06.0587 4864  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:31:06.0589 4864  usbcir - ok
22:31:06.0602 4864  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:31:06.0604 4864  usbehci - ok
22:31:06.0648 4864  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:31:06.0652 4864  usbhub - ok
22:31:06.0664 4864  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:31:06.0665 4864  usbohci - ok
22:31:06.0712 4864  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:31:06.0713 4864  usbprint - ok
22:31:06.0765 4864  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:31:06.0766 4864  usbscan - ok
22:31:06.0808 4864  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:31:06.0809 4864  USBSTOR - ok
22:31:06.0822 4864  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:31:06.0823 4864  usbuhci - ok
22:31:06.0875 4864  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
22:31:06.0877 4864  usbvideo - ok
22:31:06.0903 4864  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:31:06.0906 4864  UxSms - ok
22:31:06.0917 4864  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:31:06.0919 4864  VaultSvc - ok
22:31:06.0967 4864  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:31:06.0969 4864  vdrvroot - ok
22:31:07.0010 4864  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:31:07.0017 4864  vds - ok
22:31:07.0045 4864  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:31:07.0046 4864  vga - ok
22:31:07.0056 4864  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:31:07.0058 4864  VgaSave - ok
22:31:07.0081 4864  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:31:07.0084 4864  vhdmp - ok
22:31:07.0088 4864  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:31:07.0089 4864  viaide - ok
22:31:07.0159 4864  [ BEEC7DB99737B083C62A84D1328571D2 ] vm332avs        C:\Windows\system32\Drivers\vm332avs.sys
22:31:07.0169 4864  vm332avs - ok
22:31:07.0197 4864  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:31:07.0198 4864  volmgr - ok
22:31:07.0215 4864  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:31:07.0217 4864  volmgrx - ok
22:31:07.0232 4864  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:31:07.0235 4864  volsnap - ok
22:31:07.0280 4864  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:31:07.0282 4864  vsmraid - ok
22:31:07.0338 4864  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:31:07.0355 4864  VSS - ok
22:31:07.0371 4864  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:31:07.0371 4864  vwifibus - ok
22:31:07.0406 4864  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:31:07.0407 4864  vwififlt - ok
22:31:07.0455 4864  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:31:07.0456 4864  vwifimp - ok
22:31:07.0518 4864  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:31:07.0524 4864  W32Time - ok
22:31:07.0561 4864  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:31:07.0562 4864  WacomPen - ok
22:31:07.0625 4864  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:31:07.0626 4864  WANARP - ok
22:31:07.0632 4864  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:31:07.0634 4864  Wanarpv6 - ok
22:31:07.0682 4864  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:31:07.0698 4864  wbengine - ok
22:31:07.0744 4864  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:31:07.0747 4864  WbioSrvc - ok
22:31:07.0764 4864  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:31:07.0768 4864  wcncsvc - ok
22:31:07.0776 4864  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:31:07.0778 4864  WcsPlugInService - ok
22:31:07.0801 4864  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
22:31:07.0802 4864  Wd - ok
22:31:07.0849 4864  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:31:07.0857 4864  Wdf01000 - ok
22:31:07.0884 4864  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:31:07.0888 4864  WdiServiceHost - ok
22:31:07.0893 4864  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:31:07.0898 4864  WdiSystemHost - ok
22:31:07.0910 4864  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:31:07.0913 4864  WebClient - ok
22:31:07.0933 4864  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:31:07.0937 4864  Wecsvc - ok
22:31:07.0953 4864  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:31:07.0955 4864  wercplsupport - ok
22:31:08.0014 4864  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:31:08.0018 4864  WerSvc - ok
22:31:08.0074 4864  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:31:08.0075 4864  WfpLwf - ok
22:31:08.0091 4864  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:31:08.0092 4864  WIMMount - ok
22:31:08.0115 4864  WinDefend - ok
22:31:08.0137 4864  WinHttpAutoProxySvc - ok
22:31:08.0196 4864  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:31:08.0199 4864  Winmgmt - ok
22:31:08.0265 4864  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:31:08.0280 4864  WinRM - ok
22:31:08.0350 4864  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:31:08.0351 4864  WinUsb - ok
22:31:08.0395 4864  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:31:08.0407 4864  Wlansvc - ok
22:31:08.0446 4864  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:31:08.0446 4864  wlcrasvc - ok
22:31:08.0512 4864  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:31:08.0533 4864  wlidsvc - ok
22:31:08.0583 4864  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:31:08.0584 4864  WmiAcpi - ok
22:31:08.0613 4864  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:31:08.0615 4864  wmiApSrv - ok
22:31:08.0672 4864  WMPNetworkSvc - ok
22:31:08.0698 4864  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:31:08.0701 4864  WPCSvc - ok
22:31:08.0713 4864  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:31:08.0717 4864  WPDBusEnum - ok
22:31:08.0732 4864  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:31:08.0733 4864  ws2ifsl - ok
22:31:08.0745 4864  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
22:31:08.0749 4864  wscsvc - ok
22:31:08.0753 4864  WSearch - ok
22:31:08.0781 4864  [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
22:31:08.0783 4864  wsvd - ok
22:31:08.0846 4864  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:31:08.0869 4864  wuauserv - ok
22:31:08.0893 4864  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:31:08.0894 4864  WudfPf - ok
22:31:08.0929 4864  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:31:08.0931 4864  WUDFRd - ok
22:31:08.0962 4864  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:31:08.0966 4864  wudfsvc - ok
22:31:08.0996 4864  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:31:09.0002 4864  WwanSvc - ok
22:31:09.0085 4864  [ D65B42FBF19C676AA01AE95EC62F7764 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
22:31:09.0127 4864  ZAtheros Bt&Wlan Coex Agent - ok
22:31:09.0138 4864  ================ Scan global ===============================
22:31:09.0163 4864  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:31:09.0189 4864  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:31:09.0197 4864  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:31:09.0231 4864  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:31:09.0259 4864  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:31:09.0265 4864  [Global] - ok
22:31:09.0265 4864  ================ Scan MBR ==================================
22:31:09.0276 4864  [ 5C2CB7AF1E932D2FCB6B43C72138EFB7 ] \Device\Harddisk0\DR0
22:31:09.0552 4864  \Device\Harddisk0\DR0 - ok
22:31:09.0552 4864  ================ Scan VBR ==================================
22:31:09.0554 4864  [ 55F94DED5CCC731226AEC0FAC1C6B494 ] \Device\Harddisk0\DR0\Partition1
22:31:09.0555 4864  \Device\Harddisk0\DR0\Partition1 - ok
22:31:09.0578 4864  [ 8E2993A44400A34FD073505215F264EA ] \Device\Harddisk0\DR0\Partition2
22:31:09.0579 4864  \Device\Harddisk0\DR0\Partition2 - ok
22:31:09.0609 4864  [ 5EF22A68AAE84C4AB4B041C595683805 ] \Device\Harddisk0\DR0\Partition3
22:31:09.0611 4864  \Device\Harddisk0\DR0\Partition3 - ok
22:31:09.0611 4864  ============================================================
22:31:09.0612 4864  Scan finished
22:31:09.0612 4864  ============================================================
22:31:09.0624 3004  Detected object count: 0
22:31:09.0624 3004  Actual detected object count: 0
22:31:47.0700 4660  Deinitialize success

Hoffe du kannst mit den Logs etwas Anfangen. Danke nochmals

cosinus · 14.03.2013, 14:56

Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Zitat:

22:30:47.0487 4864 Scan started
22:30:47.0487 4864 Mode: Manual;

Bitte die Anleitungen genauer lesen, du hast den TDSS-Killer nämlich falsch eingestellt

Bene81 · 14.03.2013, 15:54

Sorry Link übersehen. So jetzt die beiden Logs.

aswMBR Log:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-14 15:39:55
-----------------------------
15:39:55.539    OS Version: Windows x64 6.1.7601 Service Pack 1
15:39:55.539    Number of processors: 4 586 0x3A09
15:39:55.539    ComputerName: D-SCHMIDLS-LAPI  UserName: D-Schmidls
15:39:58.478    Initialize success
15:40:11.928    AVAST engine defs: 13031301
15:41:12.525    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:41:12.529    Disk 0 Vendor: ST1000LM 2AR1 Size: 953869MB BusType: 3
15:41:12.599    Disk 0 MBR read successfully
15:41:12.602    Disk 0 MBR scan
15:41:12.609    Disk 0 unknown MBR code
15:41:12.774    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          200 MB offset 2048
15:41:12.935    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       907587 MB offset 411648
15:41:13.110    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        26080 MB offset 1859149824
15:41:13.194    Disk 0 Partition 4 00     12  Compaq diag NTFS        20001 MB offset 1912561664
15:41:13.334    Disk 0 scanning C:\Windows\system32\drivers
15:41:44.370    Service scanning
15:42:58.021    Modules scanning
15:42:58.034    Disk 0 trace - called modules:
15:42:58.065    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
15:42:58.072    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e22060]
15:42:58.079    3 CLASSPNP.SYS[fffff88001dcc43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007844050]
15:42:58.087    Scan finished successfully
15:44:15.574    Disk 0 MBR has been saved successfully to "C:\Users\D-Schmidls\Desktop\MBR.dat"
15:44:15.580    The log file has been saved successfully to "C:\Users\D-Schmidls\Desktop\aswMBR.txt"

TDSS-Killer Log:

Code:

ATTFilter

15:46:12.0528 1972  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:46:12.0742 1972  ============================================================
15:46:12.0742 1972  Current date / time: 2013/03/14 15:46:12.0742
15:46:12.0742 1972  SystemInfo:
15:46:12.0743 1972  
15:46:12.0743 1972  OS Version: 6.1.7601 ServicePack: 1.0
15:46:12.0743 1972  Product type: Workstation
15:46:12.0743 1972  ComputerName: D-SCHMIDLS-LAPI
15:46:12.0743 1972  UserName: D-Schmidls
15:46:12.0743 1972  Windows directory: C:\Windows
15:46:12.0743 1972  System windows directory: C:\Windows
15:46:12.0743 1972  Running under WOW64
15:46:12.0743 1972  Processor architecture: Intel x64
15:46:12.0743 1972  Number of processors: 4
15:46:12.0743 1972  Page size: 0x1000
15:46:12.0743 1972  Boot type: Normal boot
15:46:12.0743 1972  ============================================================
15:46:13.0519 1972  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:46:13.0527 1972  ============================================================
15:46:13.0528 1972  \Device\Harddisk0\DR0:
15:46:13.0537 1972  MBR partitions:
15:46:13.0537 1972  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
15:46:13.0537 1972  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x6ECA1800
15:46:13.0537 1972  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6ED06000, BlocksNum 0x32F0000
15:46:13.0538 1972  ============================================================
15:46:13.0567 1972  C: <-> \Device\Harddisk0\DR0\Partition2
15:46:13.0752 1972  D: <-> \Device\Harddisk0\DR0\Partition3
15:46:13.0752 1972  ============================================================
15:46:13.0753 1972  Initialize success
15:46:13.0753 1972  ============================================================
15:46:21.0258 4348  ============================================================
15:46:21.0258 4348  Scan started
15:46:21.0258 4348  Mode: Manual; SigCheck; TDLFS; 
15:46:21.0258 4348  ============================================================
15:46:21.0719 4348  ================ Scan system memory ========================
15:46:21.0719 4348  System memory - ok
15:46:21.0719 4348  ================ Scan services =============================
15:46:21.0893 4348  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:46:21.0990 4348  1394ohci - ok
15:46:22.0054 4348  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:46:22.0081 4348  ACPI - ok
15:46:22.0121 4348  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:46:22.0177 4348  AcpiPmi - ok
15:46:22.0248 4348  [ 5E813B11629007309E4FC0F0FD2B7C30 ] ACPIVPC         C:\Windows\system32\DRIVERS\AcpiVpc.sys
15:46:22.0268 4348  ACPIVPC - ok
15:46:22.0424 4348  [ 3DAE5FF8F8651766155B05A14D317C83 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
15:46:22.0457 4348  AcrSch2Svc - ok
15:46:22.0557 4348  [ D22791FCF6AD10A5591C719C37457A24 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
15:46:22.0602 4348  Ad-Aware Service - ok
15:46:22.0711 4348  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:46:22.0727 4348  AdobeARMservice - ok
15:46:22.0833 4348  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:46:22.0858 4348  AdobeFlashPlayerUpdateSvc - ok
15:46:22.0937 4348  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:46:22.0969 4348  adp94xx - ok
15:46:23.0019 4348  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:46:23.0045 4348  adpahci - ok
15:46:23.0084 4348  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:46:23.0104 4348  adpu320 - ok
15:46:23.0143 4348  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:46:23.0288 4348  AeLookupSvc - ok
15:46:23.0330 4348  [ 1EE367DEC27E3CE00657F5BB71F5F7A7 ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
15:46:23.0348 4348  afcdp - ok
15:46:23.0426 4348  [ A5B21FF40D3742E20F5FED6594D292D4 ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
15:46:23.0485 4348  afcdpsrv - ok
15:46:23.0541 4348  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:46:23.0616 4348  AFD - ok
15:46:23.0662 4348  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:46:23.0680 4348  agp440 - ok
15:46:23.0700 4348  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:46:23.0759 4348  ALG - ok
15:46:23.0814 4348  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:46:23.0830 4348  aliide - ok
15:46:23.0835 4348  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:46:23.0851 4348  amdide - ok
15:46:23.0857 4348  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:46:23.0891 4348  AmdK8 - ok
15:46:23.0910 4348  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:46:23.0958 4348  AmdPPM - ok
15:46:23.0999 4348  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:46:24.0018 4348  amdsata - ok
15:46:24.0049 4348  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:46:24.0070 4348  amdsbs - ok
15:46:24.0080 4348  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:46:24.0096 4348  amdxata - ok
15:46:24.0128 4348  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:46:24.0282 4348  AppID - ok
15:46:24.0300 4348  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:46:24.0378 4348  AppIDSvc - ok
15:46:24.0439 4348  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
15:46:24.0508 4348  Appinfo - ok
15:46:24.0587 4348  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:46:24.0602 4348  Apple Mobile Device - ok
15:46:24.0638 4348  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
15:46:24.0656 4348  arc - ok
15:46:24.0676 4348  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:46:24.0693 4348  arcsas - ok
15:46:24.0737 4348  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:46:24.0820 4348  AsyncMac - ok
15:46:24.0855 4348  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:46:24.0872 4348  atapi - ok
15:46:24.0914 4348  [ 78B183A794A08978EA0A8D017054352B ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
15:46:24.0926 4348  AthBTPort - ok
15:46:24.0994 4348  [ 42EF52D591A53CBE43D82C6C96F50A59 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
15:46:25.0032 4348  AtherosSvc - ok
15:46:25.0137 4348  [ 6C496450404ABDC887E56DF462B34255 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
15:46:25.0240 4348  athr - ok
15:46:25.0303 4348  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:46:25.0377 4348  AudioEndpointBuilder - ok
15:46:25.0391 4348  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:46:25.0449 4348  AudioSrv - ok
15:46:25.0490 4348  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:46:25.0546 4348  AxInstSV - ok
15:46:25.0603 4348  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:46:25.0653 4348  b06bdrv - ok
15:46:25.0700 4348  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:46:25.0750 4348  b57nd60a - ok
15:46:25.0808 4348  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:46:25.0852 4348  BDESVC - ok
15:46:25.0899 4348  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:46:25.0973 4348  Beep - ok
15:46:26.0049 4348  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:46:26.0125 4348  BFE - ok
15:46:26.0161 4348  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:46:26.0251 4348  BITS - ok
15:46:26.0289 4348  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:46:26.0321 4348  blbdrive - ok
15:46:26.0390 4348  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:46:26.0413 4348  Bonjour Service - ok
15:46:26.0465 4348  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:46:26.0515 4348  bowser - ok
15:46:26.0538 4348  [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv         C:\Windows\system32\drivers\BPntDrv.sys
15:46:26.0551 4348  BPntDrv - ok
15:46:26.0604 4348  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:46:26.0637 4348  BrFiltLo - ok
15:46:26.0642 4348  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:46:26.0664 4348  BrFiltUp - ok
15:46:26.0700 4348  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:46:26.0731 4348  Browser - ok
15:46:26.0756 4348  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:46:26.0802 4348  Brserid - ok
15:46:26.0822 4348  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:46:26.0858 4348  BrSerWdm - ok
15:46:26.0877 4348  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:46:26.0921 4348  BrUsbMdm - ok
15:46:26.0943 4348  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:46:26.0974 4348  BrUsbSer - ok
15:46:27.0030 4348  [ EDEBD26DF631A78483707C3F7429027F ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
15:46:27.0050 4348  BTATH_A2DP - ok
15:46:27.0068 4348  [ 2F22177BFEA75326DC0C535D71985A4E ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
15:46:27.0082 4348  btath_avdt - ok
15:46:27.0134 4348  [ D438A33D568C76C24E8D7394981F42DC ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
15:46:27.0147 4348  BTATH_BUS - ok
15:46:27.0163 4348  [ 6EFA8C93009E0BE0886C2422C7D20BC5 ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
15:46:27.0179 4348  BTATH_HCRP - ok
15:46:27.0190 4348  [ 168506D0F0C8DF588F8A7E25C58A2DE6 ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
15:46:27.0203 4348  BTATH_LWFLT - ok
15:46:27.0216 4348  [ 7C8FB1D73BD279DD914CCA6ED0F4F62B ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
15:46:27.0233 4348  BTATH_RCP - ok
15:46:27.0288 4348  [ 58D67C18894F96E89C076150BB76AD40 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
15:46:27.0312 4348  BtFilter - ok
15:46:27.0370 4348  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
15:46:27.0406 4348  BthEnum - ok
15:46:27.0446 4348  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:46:27.0487 4348  BTHMODEM - ok
15:46:27.0533 4348  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:46:27.0575 4348  BthPan - ok
15:46:27.0603 4348  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
15:46:27.0647 4348  BTHPORT - ok
15:46:27.0693 4348  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:46:27.0747 4348  bthserv - ok
15:46:27.0754 4348  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
15:46:27.0785 4348  BTHUSB - ok
15:46:27.0837 4348  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:46:27.0907 4348  cdfs - ok
15:46:27.0961 4348  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:46:27.0996 4348  cdrom - ok
15:46:28.0052 4348  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:46:28.0134 4348  CertPropSvc - ok
15:46:28.0175 4348  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
15:46:28.0235 4348  circlass - ok
15:46:28.0282 4348  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:46:28.0308 4348  CLFS - ok
15:46:28.0405 4348  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:46:28.0423 4348  clr_optimization_v2.0.50727_32 - ok
15:46:28.0466 4348  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:46:28.0482 4348  clr_optimization_v2.0.50727_64 - ok
15:46:28.0545 4348  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:46:28.0562 4348  clr_optimization_v4.0.30319_32 - ok
15:46:28.0596 4348  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:46:28.0613 4348  clr_optimization_v4.0.30319_64 - ok
15:46:28.0664 4348  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
15:46:28.0678 4348  clwvd - ok
15:46:28.0738 4348  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:46:28.0774 4348  CmBatt - ok
15:46:28.0792 4348  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:46:28.0808 4348  cmdide - ok
15:46:28.0878 4348  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
15:46:28.0914 4348  CNG - ok
15:46:29.0000 4348  [ 9F6DE1995A188615CEEE908E750A34ED ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
15:46:29.0048 4348  CnxtHdAudService - ok
15:46:29.0103 4348  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:46:29.0119 4348  Compbatt - ok
15:46:29.0200 4348  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:46:29.0236 4348  CompositeBus - ok
15:46:29.0262 4348  COMSysApp - ok
15:46:29.0308 4348  [ 815F3180B5117E42E422188E9CCC89C6 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
15:46:29.0332 4348  cphs - ok
15:46:29.0347 4348  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:46:29.0362 4348  crcdisk - ok
15:46:29.0400 4348  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:46:29.0461 4348  CryptSvc - ok
15:46:29.0537 4348  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:46:29.0575 4348  cvhsvc - ok
15:46:29.0664 4348  [ F160B26B26BA4AFE8CECC12ED5AC231E ] CxAudMsg        C:\Windows\system32\CxAudMsg64.exe
15:46:30.0024 4348  CxAudMsg - ok
15:46:30.0120 4348  [ 56F4750B7F0CE969E43DE2A76DDA5A5F ] DamageGuard     C:\Windows\system32\DRIVERS\DamageGuardX64.sys
15:46:30.0141 4348  DamageGuard - ok
15:46:30.0206 4348  [ 75974DA59BA3D2E3DCE9386493A31F54 ] DamageGuardSvc  C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe
15:46:30.0235 4348  DamageGuardSvc - ok
15:46:30.0306 4348  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:46:30.0383 4348  DcomLaunch - ok
15:46:30.0423 4348  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:46:30.0495 4348  defragsvc - ok
15:46:30.0530 4348  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:46:30.0593 4348  DfsC - ok
15:46:30.0630 4348  [ 5014042B07FE6CBE0E6C737AA3F1EBFC ] dgFltr          C:\Windows\system32\drivers\dgFltrX64.sys
15:46:30.0643 4348  dgFltr - ok
15:46:30.0716 4348  [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
15:46:30.0732 4348  dg_ssudbus - ok
15:46:30.0780 4348  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:46:30.0832 4348  Dhcp - ok
15:46:30.0856 4348  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:46:30.0917 4348  discache - ok
15:46:30.0969 4348  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
15:46:31.0006 4348  Disk - ok
15:46:31.0042 4348  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:46:31.0094 4348  Dnscache - ok
15:46:31.0130 4348  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:46:31.0201 4348  dot3svc - ok
15:46:31.0226 4348  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:46:31.0282 4348  DPS - ok
15:46:31.0347 4348  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:46:31.0383 4348  drmkaud - ok
15:46:31.0417 4348  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:46:31.0453 4348  DXGKrnl - ok
15:46:31.0490 4348  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:46:31.0559 4348  EapHost - ok
15:46:31.0640 4348  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:46:31.0743 4348  ebdrv - ok
15:46:31.0771 4348  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:46:31.0841 4348  EFS - ok
15:46:31.0902 4348  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:46:31.0970 4348  ehRecvr - ok
15:46:31.0991 4348  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:46:32.0014 4348  ehSched - ok
15:46:32.0094 4348  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:46:32.0124 4348  elxstor - ok
15:46:32.0129 4348  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:46:32.0165 4348  ErrDev - ok
15:46:32.0238 4348  [ 4B18C33EEDD15BD2AAF99807D36555B3 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
15:46:32.0258 4348  ETD - ok
15:46:32.0300 4348  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:46:32.0370 4348  EventSystem - ok
15:46:32.0426 4348  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:46:32.0479 4348  exfat - ok
15:46:32.0490 4348  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:46:32.0543 4348  fastfat - ok
15:46:32.0591 4348  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:46:32.0656 4348  Fax - ok
15:46:32.0702 4348  [ 0BDD7984DB7AAFF6DFEFD11D82D473DB ] fbfmon          C:\Windows\system32\drivers\fbfmon.sys
15:46:32.0715 4348  fbfmon - ok
15:46:32.0730 4348  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
15:46:32.0767 4348  fdc - ok
15:46:32.0816 4348  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:46:32.0885 4348  fdPHost - ok
15:46:32.0930 4348  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:46:33.0007 4348  FDResPub - ok
15:46:33.0034 4348  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:46:33.0051 4348  FileInfo - ok
15:46:33.0059 4348  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:46:33.0123 4348  Filetrace - ok
15:46:33.0211 4348  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:46:33.0242 4348  FLEXnet Licensing Service - ok
15:46:33.0281 4348  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:46:33.0302 4348  flpydisk - ok
15:46:33.0323 4348  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:46:33.0345 4348  FltMgr - ok
15:46:33.0426 4348  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
15:46:33.0489 4348  FontCache - ok
15:46:33.0554 4348  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:46:33.0570 4348  FontCache3.0.0.0 - ok
15:46:33.0592 4348  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:46:33.0608 4348  FsDepends - ok
15:46:33.0673 4348  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
15:46:33.0687 4348  fssfltr - ok
15:46:33.0762 4348  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:46:33.0814 4348  fsssvc - ok
15:46:33.0843 4348  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:46:33.0856 4348  Fs_Rec - ok
15:46:33.0920 4348  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:46:33.0946 4348  fvevol - ok
15:46:33.0987 4348  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:46:34.0003 4348  gagp30kx - ok
15:46:34.0026 4348  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:46:34.0038 4348  GEARAspiWDM - ok
15:46:34.0113 4348  [ 14908F4F9005C29DE8F5587E271390EE ] gfibto          C:\Windows\system32\drivers\gfibto.sys
15:46:34.0127 4348  gfibto - ok
15:46:34.0174 4348  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:46:34.0240 4348  gpsvc - ok
15:46:34.0297 4348  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:46:34.0319 4348  gupdate - ok
15:46:34.0324 4348  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:46:34.0334 4348  gupdatem - ok
15:46:34.0357 4348  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:46:34.0407 4348  hcw85cir - ok
15:46:34.0457 4348  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:46:34.0494 4348  HdAudAddService - ok
15:46:34.0538 4348  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:46:34.0581 4348  HDAudBus - ok
15:46:34.0604 4348  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:46:34.0643 4348  HidBatt - ok
15:46:34.0666 4348  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:46:34.0701 4348  HidBth - ok
15:46:34.0707 4348  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:46:34.0730 4348  HidIr - ok
15:46:34.0757 4348  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:46:34.0809 4348  hidserv - ok
15:46:34.0855 4348  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:46:34.0874 4348  HidUsb - ok
15:46:34.0892 4348  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:46:34.0952 4348  hkmsvc - ok
15:46:34.0974 4348  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:46:35.0006 4348  HomeGroupListener - ok
15:46:35.0031 4348  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:46:35.0069 4348  HomeGroupProvider - ok
15:46:35.0115 4348  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:46:35.0132 4348  HpSAMD - ok
15:46:35.0161 4348  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:46:35.0221 4348  HTTP - ok
15:46:35.0238 4348  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:46:35.0246 4348  hwpolicy - ok
15:46:35.0297 4348  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:46:35.0307 4348  i8042prt - ok
15:46:35.0339 4348  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:46:35.0351 4348  iaStor - ok
15:46:35.0443 4348  [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:46:35.0457 4348  IAStorDataMgrSvc - ok
15:46:35.0510 4348  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:46:35.0537 4348  iaStorV - ok
15:46:35.0649 4348  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:46:35.0659 4348  IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:46:35.0659 4348  IDriverT - detected UnsignedFile.Multi.Generic (1)
15:46:35.0707 4348  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:46:35.0743 4348  idsvc - ok
15:46:35.0866 4348  [ 348214F96642FD4FEF630DE021BA3540 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:46:36.0049 4348  igfx - ok
15:46:36.0107 4348  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:46:36.0124 4348  iirsp - ok
15:46:36.0173 4348  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:46:36.0251 4348  IKEEXT - ok
15:46:36.0303 4348  [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
15:46:36.0360 4348  IntcDAud - ok
15:46:36.0469 4348  [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
15:46:37.0437 4348  Intel(R) Capability Licensing Service Interface - ok
15:46:37.0462 4348  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:46:37.0469 4348  intelide - ok
15:46:37.0520 4348  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:46:37.0553 4348  intelppm - ok
15:46:37.0591 4348  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:46:37.0665 4348  IPBusEnum - ok
15:46:37.0668 4348  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:46:37.0703 4348  IpFilterDriver - ok
15:46:37.0744 4348  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:46:37.0793 4348  iphlpsvc - ok
15:46:37.0809 4348  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:46:37.0841 4348  IPMIDRV - ok
15:46:37.0847 4348  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:46:37.0906 4348  IPNAT - ok
15:46:37.0999 4348  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:46:38.0028 4348  iPod Service - ok
15:46:38.0076 4348  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:46:38.0118 4348  IRENUM - ok
15:46:38.0133 4348  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:46:38.0148 4348  isapnp - ok
15:46:38.0191 4348  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:46:38.0231 4348  iScsiPrt - ok
15:46:38.0281 4348  [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
15:46:38.0294 4348  iusb3hcs - ok
15:46:38.0337 4348  [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
15:46:38.0358 4348  iusb3hub - ok
15:46:38.0389 4348  [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
15:46:38.0433 4348  iusb3xhc - ok
15:46:38.0506 4348  [ 09CA717536671E0896E07D239EE6740F ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
15:46:38.0525 4348  jhi_service - ok
15:46:38.0553 4348  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:46:38.0569 4348  kbdclass - ok
15:46:38.0614 4348  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:46:38.0667 4348  kbdhid - ok
15:46:38.0682 4348  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:46:38.0701 4348  KeyIso - ok
15:46:38.0725 4348  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:46:38.0742 4348  KSecDD - ok
15:46:38.0757 4348  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:46:38.0776 4348  KSecPkg - ok
15:46:38.0794 4348  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:46:38.0861 4348  ksthunk - ok
15:46:38.0896 4348  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:46:38.0957 4348  KtmRm - ok
15:46:39.0018 4348  [ FC741259B7C22379EE83257D7CF91151 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
15:46:39.0033 4348  L1C - ok
15:46:39.0102 4348  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:46:39.0170 4348  LanmanServer - ok
15:46:39.0205 4348  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:46:39.0277 4348  LanmanWorkstation - ok
15:46:39.0304 4348  [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr          C:\Windows\system32\DRIVERS\LhdX64.sys
15:46:39.0317 4348  LHDmgr - ok
15:46:39.0375 4348  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:46:39.0441 4348  lltdio - ok
15:46:39.0478 4348  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:46:39.0539 4348  lltdsvc - ok
15:46:39.0567 4348  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:46:39.0634 4348  lmhosts - ok
15:46:39.0695 4348  [ A60D56228FF3EE7EC1A56A908924680E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:46:39.0716 4348  LMS - ok
15:46:39.0777 4348  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:46:39.0796 4348  LSI_FC - ok
15:46:39.0814 4348  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:46:39.0831 4348  LSI_SAS - ok
15:46:39.0836 4348  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:46:39.0850 4348  LSI_SAS2 - ok
15:46:39.0859 4348  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:46:39.0869 4348  LSI_SCSI - ok
15:46:39.0925 4348  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:46:39.0991 4348  luafv - ok
15:46:40.0025 4348  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:46:40.0064 4348  Mcx2Svc - ok
15:46:40.0069 4348  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:46:40.0086 4348  megasas - ok
15:46:40.0124 4348  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:46:40.0149 4348  MegaSR - ok
15:46:40.0199 4348  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
15:46:40.0213 4348  MEIx64 - ok
15:46:40.0301 4348  Microsoft SharePoint Workspace Audit Service - ok
15:46:40.0334 4348  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:46:40.0407 4348  MMCSS - ok
15:46:40.0422 4348  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:46:40.0491 4348  Modem - ok
15:46:40.0534 4348  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:46:40.0568 4348  monitor - ok
15:46:40.0608 4348  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:46:40.0624 4348  mouclass - ok
15:46:40.0665 4348  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:46:40.0684 4348  mouhid - ok
15:46:40.0732 4348  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:46:40.0751 4348  mountmgr - ok
15:46:40.0829 4348  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:46:40.0846 4348  MozillaMaintenance - ok
15:46:40.0920 4348  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
15:46:40.0946 4348  MpFilter - ok
15:46:40.0972 4348  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:46:40.0992 4348  mpio - ok
15:46:41.0012 4348  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:46:41.0066 4348  mpsdrv - ok
15:46:41.0105 4348  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:46:41.0160 4348  MpsSvc - ok
15:46:41.0164 4348  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:46:41.0194 4348  MRxDAV - ok
15:46:41.0225 4348  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:46:41.0275 4348  mrxsmb - ok
15:46:41.0295 4348  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:46:41.0319 4348  mrxsmb10 - ok
15:46:41.0338 4348  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:46:41.0357 4348  mrxsmb20 - ok
15:46:41.0368 4348  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:46:41.0383 4348  msahci - ok
15:46:41.0406 4348  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:46:41.0424 4348  msdsm - ok
15:46:41.0444 4348  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:46:41.0484 4348  MSDTC - ok
15:46:41.0528 4348  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:46:41.0598 4348  Msfs - ok
15:46:41.0613 4348  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:46:41.0682 4348  mshidkmdf - ok
15:46:41.0704 4348  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:46:41.0719 4348  msisadrv - ok
15:46:41.0785 4348  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:46:41.0863 4348  MSiSCSI - ok
15:46:41.0867 4348  msiserver - ok
15:46:41.0910 4348  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:46:41.0978 4348  MSKSSRV - ok
15:46:42.0063 4348  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:46:42.0082 4348  MsMpSvc - ok
15:46:42.0105 4348  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:46:42.0176 4348  MSPCLOCK - ok
15:46:42.0191 4348  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:46:42.0256 4348  MSPQM - ok
15:46:42.0274 4348  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:46:42.0298 4348  MsRPC - ok
15:46:42.0318 4348  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:46:42.0334 4348  mssmbios - ok
15:46:42.0349 4348  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:46:42.0418 4348  MSTEE - ok
15:46:42.0438 4348  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:46:42.0449 4348  MTConfig - ok
15:46:42.0480 4348  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:46:42.0494 4348  Mup - ok
15:46:42.0524 4348  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:46:42.0600 4348  napagent - ok
15:46:42.0665 4348  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:46:42.0717 4348  NativeWifiP - ok
15:46:42.0782 4348  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:46:42.0820 4348  NDIS - ok
15:46:42.0868 4348  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:46:42.0915 4348  NdisCap - ok
15:46:42.0959 4348  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:46:43.0009 4348  NdisTapi - ok
15:46:43.0057 4348  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:46:43.0133 4348  Ndisuio - ok
15:46:43.0153 4348  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:46:43.0218 4348  NdisWan - ok
15:46:43.0233 4348  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:46:43.0280 4348  NDProxy - ok
15:46:43.0314 4348  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:46:43.0384 4348  NetBIOS - ok
15:46:43.0406 4348  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:46:43.0457 4348  NetBT - ok
15:46:43.0529 4348  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:46:43.0549 4348  Netlogon - ok
15:46:43.0610 4348  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:46:43.0687 4348  Netman - ok
15:46:43.0722 4348  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:46:43.0798 4348  netprofm - ok
15:46:43.0829 4348  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:46:43.0845 4348  NetTcpPortSharing - ok
15:46:43.0902 4348  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:46:43.0919 4348  nfrd960 - ok
15:46:43.0957 4348  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:46:43.0978 4348  NisDrv - ok
15:46:44.0008 4348  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
15:46:44.0036 4348  NisSrv - ok
15:46:44.0093 4348  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:46:44.0138 4348  NlaSvc - ok
15:46:44.0163 4348  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:46:44.0216 4348  Npfs - ok
15:46:44.0243 4348  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:46:44.0313 4348  nsi - ok
15:46:44.0329 4348  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:46:44.0399 4348  nsiproxy - ok
15:46:44.0443 4348  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:46:44.0498 4348  Ntfs - ok
15:46:44.0527 4348  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:46:44.0589 4348  Null - ok
15:46:44.0897 4348  [ 2CCA18C2B3CF18201B0F6204A4BC5A52 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:46:45.0071 4348  nvlddmkm - ok
15:46:45.0117 4348  [ D70BC3FE775AAFB58FE353B5965657DF ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
15:46:45.0129 4348  nvpciflt - ok
15:46:45.0158 4348  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:46:45.0177 4348  nvraid - ok
15:46:45.0196 4348  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:46:45.0214 4348  nvstor - ok
15:46:45.0251 4348  [ 3ADFA793E3A5E465EA362E38C598ED71 ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:46:45.0286 4348  nvsvc - ok
15:46:45.0374 4348  [ 3E186CE5CB2A95B7E5E15C3FBE681A34 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:46:45.0440 4348  nvUpdatusService - ok
15:46:45.0481 4348  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:46:45.0491 4348  nv_agp - ok
15:46:45.0537 4348  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:46:45.0567 4348  ohci1394 - ok
15:46:45.0619 4348  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:46:45.0637 4348  ose - ok
15:46:45.0793 4348  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:46:45.0925 4348  osppsvc - ok
15:46:45.0984 4348  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:46:46.0051 4348  p2pimsvc - ok
15:46:46.0077 4348  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:46:46.0103 4348  p2psvc - ok
15:46:46.0132 4348  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
15:46:46.0150 4348  Parport - ok
15:46:46.0181 4348  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:46:46.0196 4348  partmgr - ok
15:46:46.0217 4348  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:46:46.0253 4348  PcaSvc - ok
15:46:46.0280 4348  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:46:46.0298 4348  pci - ok
15:46:46.0308 4348  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:46:46.0322 4348  pciide - ok
15:46:46.0334 4348  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:46:46.0352 4348  pcmcia - ok
15:46:46.0373 4348  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:46:46.0387 4348  pcw - ok
15:46:46.0409 4348  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:46:46.0479 4348  PEAUTH - ok
15:46:46.0536 4348  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:46:46.0574 4348  PerfHost - ok
15:46:46.0638 4348  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:46:46.0734 4348  pla - ok
15:46:46.0789 4348  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:46:46.0853 4348  PlugPlay - ok
15:46:46.0871 4348  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:46:46.0909 4348  PNRPAutoReg - ok
15:46:46.0938 4348  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:46:46.0961 4348  PNRPsvc - ok
15:46:46.0993 4348  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:46:47.0075 4348  PolicyAgent - ok
15:46:47.0110 4348  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:46:47.0173 4348  Power - ok
15:46:47.0227 4348  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:46:47.0297 4348  PptpMiniport - ok
15:46:47.0312 4348  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
15:46:47.0349 4348  Processor - ok
15:46:47.0378 4348  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:46:47.0434 4348  ProfSvc - ok
15:46:47.0446 4348  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:46:47.0465 4348  ProtectedStorage - ok
15:46:47.0514 4348  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:46:47.0583 4348  Psched - ok
15:46:47.0627 4348  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:46:47.0680 4348  ql2300 - ok
15:46:47.0705 4348  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:46:47.0722 4348  ql40xx - ok
15:46:47.0751 4348  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:46:47.0782 4348  QWAVE - ok
15:46:47.0801 4348  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:46:47.0841 4348  QWAVEdrv - ok
15:46:47.0857 4348  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:46:47.0910 4348  RasAcd - ok
15:46:47.0957 4348  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:46:48.0009 4348  RasAgileVpn - ok
15:46:48.0019 4348  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:46:48.0070 4348  RasAuto - ok
15:46:48.0093 4348  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:46:48.0160 4348  Rasl2tp - ok
15:46:48.0194 4348  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:46:48.0253 4348  RasMan - ok
15:46:48.0267 4348  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:46:48.0334 4348  RasPppoe - ok
15:46:48.0371 4348  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:46:48.0426 4348  RasSstp - ok
15:46:48.0445 4348  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:46:48.0481 4348  rdbss - ok
15:46:48.0496 4348  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
15:46:48.0510 4348  rdpbus - ok
15:46:48.0523 4348  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:46:48.0565 4348  RDPCDD - ok
15:46:48.0601 4348  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:46:48.0686 4348  RDPENCDD - ok
15:46:48.0709 4348  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:46:48.0747 4348  RDPREFMP - ok
15:46:48.0806 4348  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:46:48.0860 4348  RDPWD - ok
15:46:48.0914 4348  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:46:48.0935 4348  rdyboost - ok
15:46:49.0005 4348  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:46:49.0082 4348  RemoteAccess - ok
15:46:49.0114 4348  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:46:49.0188 4348  RemoteRegistry - ok
15:46:49.0233 4348  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:46:49.0269 4348  RFCOMM - ok
15:46:49.0295 4348  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:46:49.0362 4348  RpcEptMapper - ok
15:46:49.0380 4348  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:46:49.0418 4348  RpcLocator - ok
15:46:49.0453 4348  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:46:49.0514 4348  RpcSs - ok
15:46:49.0568 4348  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:46:49.0625 4348  rspndr - ok
15:46:49.0698 4348  [ 88AB579F407A3D02918B8DCC4E6E34B3 ] RSUSBVSTOR      C:\Windows\system32\Drivers\RtsUVStor.sys
15:46:49.0718 4348  RSUSBVSTOR - ok
15:46:49.0731 4348  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:46:49.0751 4348  SamSs - ok
15:46:49.0890 4348  [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc         C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
15:46:50.0008 4348  SBAMSvc - ok
15:46:50.0059 4348  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:46:50.0077 4348  sbp2port - ok
15:46:50.0109 4348  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:46:50.0181 4348  SCardSvr - ok
15:46:50.0206 4348  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:46:50.0274 4348  scfilter - ok
15:46:50.0335 4348  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:46:50.0424 4348  Schedule - ok
15:46:50.0449 4348  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:46:50.0499 4348  SCPolicySvc - ok
15:46:50.0526 4348  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:46:50.0575 4348  SDRSVC - ok
15:46:50.0634 4348  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:46:50.0699 4348  secdrv - ok
15:46:50.0714 4348  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:46:50.0765 4348  seclogon - ok
15:46:50.0780 4348  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:46:50.0830 4348  SENS - ok
15:46:50.0863 4348  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:46:50.0913 4348  SensrSvc - ok
15:46:50.0933 4348  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:46:50.0949 4348  Serenum - ok
15:46:50.0992 4348  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
15:46:51.0032 4348  Serial - ok
15:46:51.0052 4348  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:46:51.0091 4348  sermouse - ok
15:46:51.0121 4348  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:46:51.0194 4348  SessionEnv - ok
15:46:51.0209 4348  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:46:51.0231 4348  sffdisk - ok
15:46:51.0241 4348  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:46:51.0275 4348  sffp_mmc - ok
15:46:51.0280 4348  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:46:51.0313 4348  sffp_sd - ok
15:46:51.0318 4348  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:46:51.0348 4348  sfloppy - ok
15:46:51.0418 4348  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
15:46:51.0448 4348  Sftfs - ok
15:46:51.0494 4348  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:46:51.0521 4348  sftlist - ok
15:46:51.0553 4348  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:46:51.0571 4348  Sftplay - ok
15:46:51.0581 4348  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:46:51.0594 4348  Sftredir - ok
15:46:51.0608 4348  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
15:46:51.0621 4348  Sftvol - ok
15:46:51.0633 4348  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:46:51.0652 4348  sftvsa - ok
15:46:51.0684 4348  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:46:51.0763 4348  SharedAccess - ok
15:46:51.0795 4348  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:46:51.0870 4348  ShellHWDetection - ok
15:46:51.0919 4348  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:46:51.0934 4348  SiSRaid2 - ok
15:46:51.0940 4348  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:46:51.0956 4348  SiSRaid4 - ok
15:46:51.0976 4348  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:46:52.0031 4348  Smb - ok
15:46:52.0075 4348  [ 27BA49F89468FDDAE6C2B311C53BCE3A ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
15:46:52.0094 4348  snapman - ok
15:46:52.0139 4348  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:46:52.0163 4348  SNMPTRAP - ok
15:46:52.0198 4348  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:46:52.0213 4348  spldr - ok
15:46:52.0253 4348  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:46:52.0295 4348  Spooler - ok
15:46:52.0374 4348  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:46:52.0446 4348  sppsvc - ok
15:46:52.0474 4348  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:46:52.0499 4348  sppuinotify - ok
15:46:52.0540 4348  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:46:52.0600 4348  srv - ok
15:46:52.0628 4348  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:46:52.0664 4348  srv2 - ok
15:46:52.0688 4348  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:46:52.0706 4348  srvnet - ok
15:46:52.0764 4348  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:46:52.0822 4348  SSDPSRV - ok
15:46:52.0841 4348  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:46:52.0893 4348  SstpSvc - ok
15:46:52.0936 4348  [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
15:46:52.0956 4348  ssudmdm - ok
15:46:52.0990 4348  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:46:53.0007 4348  stexstor - ok
15:46:53.0040 4348  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:46:53.0078 4348  stisvc - ok
15:46:53.0091 4348  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:46:53.0106 4348  swenum - ok
15:46:53.0233 4348  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:46:53.0259 4348  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
15:46:53.0259 4348  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
15:46:53.0292 4348  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:46:53.0353 4348  swprv - ok
15:46:53.0392 4348  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:46:53.0460 4348  SysMain - ok
15:46:53.0487 4348  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:46:53.0527 4348  TabletInputService - ok
15:46:53.0555 4348  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:46:53.0613 4348  TapiSrv - ok
15:46:53.0631 4348  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:46:53.0669 4348  TBS - ok
15:46:53.0732 4348  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:46:53.0795 4348  Tcpip - ok
15:46:53.0853 4348  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:46:53.0900 4348  TCPIP6 - ok
15:46:53.0927 4348  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:46:53.0938 4348  tcpipreg - ok
15:46:53.0961 4348  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:46:54.0001 4348  TDPIPE - ok
15:46:54.0047 4348  [ BF7AC81DF6FBE09438D9DC7188178EA9 ] tdrpman258      C:\Windows\system32\DRIVERS\tdrpm258.sys
15:46:54.0094 4348  tdrpman258 - ok
15:46:54.0125 4348  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:46:54.0141 4348  TDTCP - ok
15:46:54.0167 4348  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:46:54.0238 4348  tdx - ok
15:46:54.0259 4348  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:46:54.0275 4348  TermDD - ok
15:46:54.0322 4348  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:46:54.0380 4348  TermService - ok
15:46:54.0402 4348  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:46:54.0419 4348  Themes - ok
15:46:54.0434 4348  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:46:54.0466 4348  THREADORDER - ok
15:46:54.0543 4348  [ 2C1CAF5563548A15515EAB07D2A069C6 ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
15:46:54.0581 4348  timounter - ok
15:46:54.0619 4348  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
15:46:54.0658 4348  TPM - ok
15:46:54.0688 4348  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:46:54.0756 4348  TrkWks - ok
15:46:54.0802 4348  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:46:54.0859 4348  TrustedInstaller - ok
15:46:54.0874 4348  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:46:54.0945 4348  tssecsrv - ok
15:46:54.0964 4348  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:46:54.0997 4348  TsUsbFlt - ok
15:46:55.0002 4348  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:46:55.0030 4348  TsUsbGD - ok
15:46:55.0073 4348  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:46:55.0127 4348  tunnel - ok
15:46:55.0145 4348  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:46:55.0162 4348  uagp35 - ok
15:46:55.0182 4348  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:46:55.0243 4348  udfs - ok
15:46:55.0274 4348  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:46:55.0298 4348  UI0Detect - ok
15:46:55.0341 4348  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:46:55.0358 4348  uliagpkx - ok
15:46:55.0416 4348  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:46:55.0456 4348  umbus - ok
15:46:55.0460 4348  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:46:55.0487 4348  UmPass - ok
15:46:55.0562 4348  [ A0153CC9D28568A10BDAEE5EC612CFC8 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:46:55.0585 4348  UNS - ok
15:46:55.0617 4348  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:46:55.0687 4348  upnphost - ok
15:46:55.0731 4348  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:46:55.0757 4348  USBAAPL64 - ok
15:46:55.0782 4348  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:46:55.0833 4348  usbccgp - ok
15:46:55.0846 4348  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:46:55.0868 4348  usbcir - ok
15:46:55.0884 4348  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:46:55.0914 4348  usbehci - ok
15:46:55.0952 4348  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:46:55.0988 4348  usbhub - ok
15:46:56.0012 4348  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:46:56.0045 4348  usbohci - ok
15:46:56.0093 4348  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:46:56.0130 4348  usbprint - ok
15:46:56.0180 4348  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:46:56.0204 4348  usbscan - ok
15:46:56.0222 4348  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:46:56.0272 4348  USBSTOR - ok
15:46:56.0292 4348  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:46:56.0327 4348  usbuhci - ok
15:46:56.0378 4348  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
15:46:56.0406 4348  usbvideo - ok
15:46:56.0439 4348  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:46:56.0505 4348  UxSms - ok
15:46:56.0520 4348  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:46:56.0539 4348  VaultSvc - ok
15:46:56.0582 4348  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:46:56.0597 4348  vdrvroot - ok
15:46:56.0635 4348  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:46:56.0712 4348  vds - ok
15:46:56.0736 4348  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:46:56.0759 4348  vga - ok
15:46:56.0771 4348  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:46:56.0832 4348  VgaSave - ok
15:46:56.0850 4348  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:46:56.0863 4348  vhdmp - ok
15:46:56.0866 4348  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:46:56.0875 4348  viaide - ok
15:46:56.0940 4348  [ BEEC7DB99737B083C62A84D1328571D2 ] vm332avs        C:\Windows\system32\Drivers\vm332avs.sys
15:46:56.0973 4348  vm332avs - ok
15:46:57.0000 4348  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:46:57.0015 4348  volmgr - ok
15:46:57.0041 4348  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:46:57.0062 4348  volmgrx - ok
15:46:57.0080 4348  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:46:57.0100 4348  volsnap - ok
15:46:57.0149 4348  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:46:57.0169 4348  vsmraid - ok
15:46:57.0219 4348  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:46:57.0312 4348  VSS - ok
15:46:57.0329 4348  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:46:57.0364 4348  vwifibus - ok
15:46:57.0397 4348  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:46:57.0441 4348  vwififlt - ok
15:46:57.0480 4348  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:46:57.0505 4348  vwifimp - ok
15:46:57.0565 4348  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:46:57.0617 4348  W32Time - ok
15:46:57.0652 4348  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:46:57.0686 4348  WacomPen - ok
15:46:57.0738 4348  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:46:57.0803 4348  WANARP - ok
15:46:57.0809 4348  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:46:57.0854 4348  Wanarpv6 - ok
15:46:57.0893 4348  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:46:57.0962 4348  wbengine - ok
15:46:58.0002 4348  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:46:58.0034 4348  WbioSrvc - ok
15:46:58.0055 4348  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:46:58.0101 4348  wcncsvc - ok
15:46:58.0122 4348  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:46:58.0174 4348  WcsPlugInService - ok
15:46:58.0203 4348  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
15:46:58.0220 4348  Wd - ok
15:46:58.0262 4348  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:46:58.0298 4348  Wdf01000 - ok
15:46:58.0319 4348  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:46:58.0414 4348  WdiServiceHost - ok
15:46:58.0419 4348  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:46:58.0447 4348  WdiSystemHost - ok
15:46:58.0468 4348  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:46:58.0510 4348  WebClient - ok
15:46:58.0536 4348  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:46:58.0611 4348  Wecsvc - ok
15:46:58.0632 4348  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:46:58.0687 4348  wercplsupport - ok
15:46:58.0749 4348  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:46:58.0801 4348  WerSvc - ok
15:46:58.0853 4348  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:46:58.0932 4348  WfpLwf - ok
15:46:58.0948 4348  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:46:58.0963 4348  WIMMount - ok
15:46:58.0983 4348  WinDefend - ok
15:46:59.0016 4348  WinHttpAutoProxySvc - ok
15:46:59.0075 4348  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:46:59.0135 4348  Winmgmt - ok
15:46:59.0198 4348  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:46:59.0290 4348  WinRM - ok
15:46:59.0362 4348  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:46:59.0401 4348  WinUsb - ok
15:46:59.0451 4348  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:46:59.0504 4348  Wlansvc - ok
15:46:59.0547 4348  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:46:59.0561 4348  wlcrasvc - ok
15:46:59.0624 4348  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:46:59.0695 4348  wlidsvc - ok
15:46:59.0750 4348  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:46:59.0779 4348  WmiAcpi - ok
15:46:59.0813 4348  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:46:59.0857 4348  wmiApSrv - ok
15:46:59.0906 4348  WMPNetworkSvc - ok
15:46:59.0932 4348  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:46:59.0961 4348  WPCSvc - ok
15:46:59.0980 4348  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:47:00.0005 4348  WPDBusEnum - ok
15:47:00.0021 4348  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:47:00.0073 4348  ws2ifsl - ok
15:47:00.0090 4348  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:47:00.0137 4348  wscsvc - ok
15:47:00.0141 4348  WSearch - ok
15:47:00.0170 4348  [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
15:47:00.0185 4348  wsvd - ok
15:47:00.0247 4348  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:47:00.0318 4348  wuauserv - ok
15:47:00.0349 4348  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:47:00.0392 4348  WudfPf - ok
15:47:00.0440 4348  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:47:00.0473 4348  WUDFRd - ok
15:47:00.0506 4348  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:47:00.0543 4348  wudfsvc - ok
15:47:00.0574 4348  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:47:00.0609 4348  WwanSvc - ok
15:47:00.0685 4348  [ D65B42FBF19C676AA01AE95EC62F7764 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
15:47:00.0738 4348  ZAtheros Bt&Wlan Coex Agent - ok
15:47:00.0766 4348  ================ Scan global ===============================
15:47:00.0797 4348  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:47:00.0823 4348  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:47:00.0834 4348  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:47:00.0864 4348  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:47:00.0892 4348  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:47:00.0898 4348  [Global] - ok
15:47:00.0899 4348  ================ Scan MBR ==================================
15:47:00.0909 4348  [ 5C2CB7AF1E932D2FCB6B43C72138EFB7 ] \Device\Harddisk0\DR0
15:47:01.0315 4348  \Device\Harddisk0\DR0 - ok
15:47:01.0316 4348  ================ Scan VBR ==================================
15:47:01.0319 4348  [ 55F94DED5CCC731226AEC0FAC1C6B494 ] \Device\Harddisk0\DR0\Partition1
15:47:01.0322 4348  \Device\Harddisk0\DR0\Partition1 - ok
15:47:01.0356 4348  [ 8E2993A44400A34FD073505215F264EA ] \Device\Harddisk0\DR0\Partition2
15:47:01.0359 4348  \Device\Harddisk0\DR0\Partition2 - ok
15:47:01.0387 4348  [ 5EF22A68AAE84C4AB4B041C595683805 ] \Device\Harddisk0\DR0\Partition3
15:47:01.0389 4348  \Device\Harddisk0\DR0\Partition3 - ok
15:47:01.0390 4348  ============================================================
15:47:01.0390 4348  Scan finished
15:47:01.0390 4348  ============================================================
15:47:01.0402 6000  Detected object count: 2
15:47:01.0402 6000  Actual detected object count: 2
15:47:47.0641 6000  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:47:47.0641 6000  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:47:47.0642 6000  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
15:47:47.0642 6000  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:47:56.0519 3352  Deinitialize success

Hoffe es passt jetzt so.

cosinus · 14.03.2013, 16:14

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bene81 · 14.03.2013, 18:11

Hier ist die Combofix Log:

Code:

ATTFilter

ComboFix 13-03-14.02 - D-Schmidls 14.03.2013  17:56:55.1.4 - x64
ausgeführt von:: c:\users\D-Schmidls\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\muzapp.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-14 bis 2013-03-14  ))))))))))))))))))))))))))))))
.
.
2013-03-13 22:04 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-13 22:04 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-13 21:07 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8050E8AB-DC7D-43F6-9218-B562B0728463}\mpengine.dll
2013-03-13 20:42 . 2013-03-13 20:42	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-13 20:13 . 2013-03-13 20:13	--------	d-----w-	c:\program files\Microsoft Silverlight
2013-03-13 20:13 . 2013-03-13 20:13	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2013-03-12 18:30 . 2013-03-12 18:30	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2013-03-12 18:30 . 2013-03-12 18:30	--------	d-----w-	c:\windows\system32\wbem\en-US
2013-03-12 18:22 . 2012-11-28 08:39	972264	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C30D0FA-08BA-4D09-9B8B-65BA1795BF63}\gapaengine.dll
2013-03-12 18:22 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-11 19:03 . 2013-03-11 19:03	--------	d-----w-	c:\program files (x86)\7-Zip
2013-03-10 18:59 . 2013-03-10 18:59	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-09 21:43 . 2013-02-17 00:40	28672	----a-w-	c:\windows\system32\IEUDINIT.EXE
2013-03-09 15:41 . 2013-03-10 17:52	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-03-09 11:56 . 2013-03-09 12:12	--------	d-----w-	c:\programdata\Ad-Aware Antivirus
2013-03-09 08:56 . 2013-03-09 08:56	--------	d-----w-	c:\programdata\Lavasoft
2013-03-09 08:56 . 2013-03-09 11:56	--------	d-----w-	c:\program files (x86)\Ad-Aware Antivirus
2013-03-09 08:56 . 2013-03-09 08:56	--------	d-----w-	c:\users\D-Schmidls\AppData\Local\adawarebp
2013-03-09 08:56 . 2013-03-09 08:56	--------	d-----w-	c:\programdata\Ad-Aware Browsing Protection
2013-03-09 08:56 . 2013-03-09 08:56	--------	d-----w-	c:\program files (x86)\Toolbar Cleaner
2013-03-09 08:54 . 2013-03-09 08:54	47496	----a-w-	c:\windows\system32\sbbd.exe
2013-03-09 08:54 . 2013-03-09 08:54	14456	----a-w-	c:\windows\system32\drivers\gfibto.sys
2013-03-09 08:54 . 2013-03-09 08:54	--------	d-----w-	c:\users\D-Schmidls\AppData\Roaming\LavasoftStatistics
2013-03-09 08:54 . 2013-03-09 16:39	--------	d-----w-	c:\users\D-Schmidls\AppData\Roaming\Ad-Aware Antivirus
2013-03-09 08:49 . 2013-03-09 08:49	--------	d-----w-	c:\users\D-Schmidls\AppData\Local\Programs
2013-03-08 11:20 . 2013-03-08 13:49	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2013-03-06 10:49 . 2013-03-06 21:14	--------	d-----w-	c:\program files (x86)\LyricSearch
2013-02-25 21:18 . 2013-02-25 21:18	--------	d-----w-	c:\windows\SysWow64\searchplugins
2013-02-25 21:18 . 2013-02-25 21:18	--------	d-----w-	c:\windows\SysWow64\Extensions
2013-02-22 15:29 . 2013-02-22 15:29	2719456	----a-w-	c:\windows\system32\auto_reactivate.exe
2013-02-22 15:29 . 2013-02-22 15:29	--------	d-----r-	C:\bootwiz
2013-02-22 14:51 . 2013-03-09 11:55	--------	d-----w-	c:\program files (x86)\Windows Codec Pack
2013-02-15 22:31 . 2013-02-15 22:31	186432	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 22:03 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-14 22:03 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 22:03 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 22:03 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-14 22:03 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-14 22:03 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-14 22:03 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-14 22:03 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-14 22:03 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-14 22:03 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-14 22:03 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-14 22:03 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 20:15 . 2012-10-05 09:01	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-03-12 21:16 . 2012-10-04 20:09	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 21:16 . 2012-10-04 20:09	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-10 18:59 . 2012-10-05 08:42	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-10 18:59 . 2012-10-05 08:42	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-13 20:13	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 20:13	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 20:13	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 20:13	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 20:13	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 20:13	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2010-11-21 03:27	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-20 14:59 . 2013-01-20 14:59	230320	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2012-08-30 21:03	130008	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-02-14 22:03	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-25 20:15 . 2012-12-25 20:15	57344	----a-r-	c:\users\D-Schmidls\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-12-25 20:14 . 2012-12-25 20:14	106496	----a-w-	c:\windows\SysWow64\ATL71.DLL
2012-12-18 09:06 . 2012-10-07 18:02	4659712	----a-w-	c:\windows\SysWow64\Redemption.dll
2012-12-18 09:06 . 2012-12-18 09:06	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2012-12-18 09:06 . 2012-12-18 09:06	330240	----a-w-	c:\windows\MASetupCaller.dll
2012-12-18 09:06 . 2012-12-18 09:06	30568	----a-w-	c:\windows\MusiccityDownload.exe
2012-12-18 09:06 . 2013-01-07 08:56	821824	----a-w-	c:\windows\SysWow64\dgderapi.dll
2012-12-16 17:11 . 2012-12-21 18:09	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 18:09	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 18:09	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 18:09	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3DFC1C2B-3ECE-439D-8A9D-5C56C56E4C8A}]
2013-03-04 19:16	109568	----a-w-	c:\program files (x86)\LyricSearch\lfind.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-20 507744]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2011-12-09 548864]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2012-01-26 4351712]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-07-17 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"LockKey"="c:\program files (x86)\LockKey\LockKey.exe" [2011-08-25 337776]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-20 74752]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-10-31 5140952]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0auto_reactivate \\?\Volume{fc4c4d14-d01f-11e1-95ee-806e6f6e6963}\bootwiz\asrm.bin
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-11-15 313960]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 DamageGuard;DamageGuard;c:\windows\system32\DRIVERS\DamageGuardX64.sys [2012-02-10 217392]
R4 DamageGuardSvc;Lenovo Instant Reset Service;c:\program files\Lenovo\Instant Reset\DamageGuardSvc.exe [2012-03-26 572976]
R4 dgFltr;dgFltr;c:\windows\system32\drivers\dgFltrX64.sys [2011-12-13 23648]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2012-07-17 57952]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-03-09 14456]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 16152]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-07-17 39008]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-01 28992]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2012-10-25 1477728]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2012-07-17 13408]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-02-21 1236336]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-10-25 2480048]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-04-28 119424]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-28 161560]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-28 363800]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-04-28 163456]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-07-17 30816]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-10-25 251488]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-04-28 36480]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-04-28 341120]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-04-28 111232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-04-28 30848]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-04-28 168064]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-04-28 68736]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-04-28 281472]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-04-28 550528]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-01-15 208168]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 788760]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-03-02 104048]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [2012-02-06 958800]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 44947729
*Deregistered* - 44947729
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-04 21:16]
.
2013-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-11 20:54]
.
2013-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-11 20:54]
.
2013-03-14 c:\windows\Tasks\Lyrics Search Update.job
- c:\program files (x86)\LyricSearch\LyricSearchUp.exe [2013-03-04 19:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-14 22:52	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-14 22:52	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-14 22:52	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-14 22:52	463952	----a-w-	c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-07-17 15:50	1508192	----a-w-	c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-12-15 564352]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\btvstack.exe" [2012-04-28 1022592]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\athbttray.exe" [2012-04-28 801920]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-07-17 8079408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-07-17 6202416]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-07-17 206176]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-10-31 362032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\D-Schmidls\AppData\Roaming\Mozilla\Firefox\Profiles\pm89ecoo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/|https://de-de.facebook.com/
FF - ExtSQL: 2013-03-06 22:14; lrcsearch@bjornet.net; c:\program files (x86)\LyricSearch\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-AutoLoader - c:\users\D-SCHM~1\AppData\Local\Temp\Traymonitor.exe
Wow6432Node-HKLM-Run-SearchProtection - c:\programdata\Search Protection\_run.bat
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-adawaretb - c:\program files (x86)\adawaretb\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-14  18:03:49
ComboFix-quarantined-files.txt  2013-03-14 17:03
.
Vor Suchlauf: 14 Verzeichnis(se), 675.396.988.928 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 675.237.883.904 Bytes frei
.
- - End Of File - - FBD6E69C2BBAC0CCDA354DA4D7894400

Hoffe das passt so

cosinus · 14.03.2013, 22:12

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Bene81 · 15.03.2013, 18:20

So jetzt die 4 Logs.

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by D-Schmidls on 15.03.2013 at 17:05:56,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\D-Schmidls\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\D-Schmidls\appdata\local\adawarebp"



~~~ FireFox

Emptied folder: C:\Users\D-Schmidls\AppData\Roaming\mozilla\firefox\profiles\pm89ecoo.default\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.03.2013 at 17:11:31,76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

# AdwCleaner v2.114 - Datei am 15/03/2013 um 17:11:58 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : D-Schmidls - D-SCHMIDLS-LAPI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\D-Schmidls\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\D-Schmidls\AppData\Roaming\Mozilla\Firefox\Profiles\pm89ecoo.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [969 octets] - [10/03/2013 13:13:04]
AdwCleaner[S1].txt - [1030 octets] - [10/03/2013 13:13:25]
AdwCleaner[S2].txt - [1100 octets] - [15/03/2013 17:11:58]

########## EOF - C:\AdwCleaner[S2].txt - [1160 octets] ##########

Code:

ATTFilter

OTL logfile created on: 15.03.2013 17:55:01 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\D-Schmidls\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,89 Gb Available Physical Memory | 74,51% Memory free
15,81 Gb Paging File | 13,67 Gb Available in Paging File | 86,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 886,32 Gb Total Space | 627,33 Gb Free Space | 70,78% Space Free | Partition Type: NTFS
Drive D: | 25,47 Gb Total Space | 19,11 Gb Free Space | 75,04% Space Free | Partition Type: NTFS
 
Computer Name: D-SCHMIDLS-LAPI | User Name: D-Schmidls | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\D-Schmidls\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\PROGRA~2\AD-AWA~1\AdAware.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\LockKey\LockKey.exe ( )
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (DamageGuardSvc) -- C:\Programme\Lenovo\Instant Reset\DamageGuardSvc.exe (Lenovo (Beijing) Limited)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (DamageGuard) -- C:\Windows\SysNative\drivers\DamageGuardX64.sys (Lenovo)
DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (dgFltr) -- C:\Windows\SysNative\drivers\dgfltrX64.sys (Lenovo)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1213549982-270914157-679369173-1000\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1213549982-270914157-679369173-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1213549982-270914157-679369173-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1213549982-270914157-679369173-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1213549982-270914157-679369173-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE504
IE - HKU\S-1-5-21-1213549982-270914157-679369173-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1213549982-270914157-679369173-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1213549982-270914157-679369173-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKU\S-1-5-21-1213549982-270914157-679369173-501\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data]
IE - HKU\S-1-5-21-1213549982-270914157-679369173-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKU\S-1-5-21-1213549982-270914157-679369173-501\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-1213549982-270914157-679369173-501\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1213549982-270914157-679369173-501\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
IE - HKU\S-1-5-21-1213549982-270914157-679369173-501\..\SearchScopes\{8202BF11-39F6-469B-958F-D96CBAEF1348}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=DB13BE57-7D51-4A99-A09F-1D7E2BE1A34C&apn_sauid=C1A8466A-5B22-4E77-A5B2-048A8D493823
IE - HKU\S-1-5-21-1213549982-270914157-679369173-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/|https://de-de.facebook.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 22:20:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcsearch@bjornet.net: C:\Program Files (x86)\LyricSearch\FF\ [2013.03.06 22:14:06 | 000,000,000 | ---D | M]
 
[2013.03.09 22:21:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D-Schmidls\AppData\Roaming\Mozilla\Extensions
[2013.03.09 22:20:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.14 18:02:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121022193939.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lyrics Search) - {3DFC1C2B-3ECE-439D-8A9D-5C56C56E4C8A} - C:\Program Files (x86)\LyricSearch\lfind.dll (Bjornet Industries)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121022193939.dll File not found
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1213549982-270914157-679369173-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1213549982-270914157-679369173-501\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\athbttray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\btvstack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [LockKey] C:\Program Files (x86)\LockKey\LockKey.exe ( )
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1213549982-270914157-679369173-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-1213549982-270914157-679369173-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1213549982-270914157-679369173-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1213549982-270914157-679369173-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1213549982-270914157-679369173-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1213549982-270914157-679369173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1213549982-270914157-679369173-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1213549982-270914157-679369173-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1213549982-270914157-679369173-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1213549982-270914157-679369173-501\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1213549982-270914157-679369173-1001\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8327B0E9-F345-42D9-A9F7-4CAD6ABA5D50}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{fc4c4d14-d01f-11e1-95ee-806e6f6e6963}\bootwiz\asrm.bin)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.15 17:52:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\D-Schmidls\Desktop\OTL.exe
[2013.03.15 17:16:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.03.15 17:16:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.03.15 17:14:18 | 000,000,000 | ---D | C] -- C:\Users\D-Schmidls\AppData\Local\adawarebp
[2013.03.15 17:05:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.15 17:05:51 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.15 17:01:24 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\D-Schmidls\Desktop\JRT.exe
[2013.03.15 16:56:22 | 000,000,000 | ---D | C] -- C:\Users\D-Schmidls\Desktop\Virus
[2013.03.15 16:54:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.14 18:03:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.14 17:55:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.14 17:55:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.14 17:55:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.14 17:55:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.14 17:55:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.13 21:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.13 21:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.13 21:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.13 21:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.12 19:14:12 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.03.12 19:14:11 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.12 19:14:11 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.12 19:14:11 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.12 19:14:11 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.12 19:14:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.12 19:14:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.12 19:14:11 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.12 19:14:11 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2013.03.12 19:14:11 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.12 19:14:11 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.12 19:14:11 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.03.12 19:14:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.12 19:14:11 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.03.12 19:14:11 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2013.03.12 19:14:11 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.12 19:14:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.12 19:14:11 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.03.12 19:14:11 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.12 19:14:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.12 19:14:10 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2013.03.12 19:14:10 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2013.03.12 19:14:10 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.12 19:14:10 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.12 19:14:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.12 19:14:10 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.12 19:14:10 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2013.03.12 19:14:10 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.03.12 19:14:10 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.12 19:14:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.12 19:14:10 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.12 19:14:10 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.12 19:14:10 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.12 19:14:09 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.12 19:14:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.12 19:14:09 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2013.03.12 19:14:09 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.12 19:14:09 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.12 19:14:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.12 19:14:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2013.03.12 19:14:09 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2013.03.12 19:14:09 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.12 19:14:09 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.12 19:14:09 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.12 19:14:09 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2013.03.12 19:14:09 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.03.12 19:14:09 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.12 19:14:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.12 19:14:09 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.12 19:14:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.12 19:14:09 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.12 19:14:09 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.12 19:14:08 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.12 19:14:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.12 19:14:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.12 19:14:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.12 19:14:08 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.12 19:14:08 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.12 19:14:08 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.12 19:14:08 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.12 19:14:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.12 19:14:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.12 19:14:08 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.12 19:14:08 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.12 19:14:08 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.12 19:14:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.12 19:14:08 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.03.12 19:14:08 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.03.12 19:14:08 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.12 19:14:08 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.12 19:14:08 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.03.12 19:14:08 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.11 20:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.03.11 20:03:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.03.10 19:59:41 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.10 19:59:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.10 19:59:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.10 19:59:35 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.09 22:43:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013.03.09 22:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.03.09 16:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.03.09 12:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.03.09 10:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.09 09:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013.03.09 09:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013.03.09 09:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013.03.09 09:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013.03.09 09:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013.03.09 09:54:19 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013.03.09 09:54:19 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.03.09 09:54:18 | 000,000,000 | ---D | C] -- C:\Users\D-Schmidls\AppData\Roaming\LavasoftStatistics
[2013.03.09 09:54:03 | 000,000,000 | ---D | C] -- C:\Users\D-Schmidls\AppData\Roaming\Ad-Aware Antivirus
[2013.03.09 09:49:22 | 000,000,000 | ---D | C] -- C:\Users\D-Schmidls\Documents\Anti-Malware
[2013.03.09 09:49:16 | 000,000,000 | ---D | C] -- C:\Users\D-Schmidls\AppData\Local\Programs
[2013.03.08 12:20:08 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.03.06 11:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricSearch
[2013.03.05 22:20:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.02.28 21:58:50 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.28 21:58:50 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.28 21:58:50 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.28 21:58:50 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.28 21:58:47 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.28 21:58:47 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.28 21:58:39 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 21:58:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 21:58:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.28 21:58:38 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.28 21:58:38 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.28 21:58:38 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.28 21:58:38 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.28 21:58:38 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 21:58:38 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.28 21:58:38 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 21:58:38 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.28 21:58:36 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.28 21:58:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 21:58:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 21:58:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.28 21:58:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 21:58:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.28 21:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 21:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.28 21:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 21:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.28 21:58:35 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.28 21:58:35 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.28 21:58:34 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.28 21:58:34 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.28 21:58:34 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.28 21:58:34 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.28 21:58:34 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.28 21:58:33 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.28 21:58:33 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.28 21:58:33 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.28 21:58:33 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.28 21:58:33 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.02.28 21:58:32 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.28 21:58:32 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.25 22:18:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.02.25 22:18:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.02.22 16:29:42 | 002,719,456 | ---- | C] (Acronis) -- C:\Windows\SysNative\auto_reactivate.exe
[2013.02.22 16:29:23 | 000,000,000 | R--D | C] -- C:\bootwiz
[2013.02.22 15:51:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Codec Pack
[2013.02.14 23:03:58 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.14 23:03:57 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.14 23:03:55 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.14 23:03:47 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.14 23:03:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.14 23:03:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.14 23:03:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.14 23:03:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.14 23:03:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.14 23:03:44 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.15 17:52:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\D-Schmidls\Desktop\OTL.exe
[2013.03.15 17:31:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.15 17:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.15 17:20:50 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.15 17:20:50 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.15 17:14:28 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.03.15 17:13:48 | 000,149,694 | ---- | M] () -- C:\Windows\SysNative\fastboot.set
[2013.03.15 17:13:32 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\Lyrics Search Update.job
[2013.03.15 17:13:25 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.15 17:13:08 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2013.03.15 17:12:57 | 2070,691,839 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.15 17:01:57 | 000,597,667 | ---- | M] () -- C:\Users\D-Schmidls\Desktop\adwcleaner.exe
[2013.03.15 17:01:29 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\D-Schmidls\Desktop\JRT.exe
[2013.03.14 18:02:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.14 17:40:00 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.14 17:40:00 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.14 17:40:00 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.14 17:40:00 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.14 17:40:00 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.12 22:16:59 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.12 22:16:59 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.12 19:14:12 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.03.12 19:14:11 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.12 19:14:11 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.12 19:14:11 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.12 19:14:11 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.12 19:14:11 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.12 19:14:11 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.12 19:14:11 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.12 19:14:11 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.12 19:14:11 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2013.03.12 19:14:11 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.12 19:14:11 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.12 19:14:11 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.03.12 19:14:11 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.12 19:14:11 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.03.12 19:14:11 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2013.03.12 19:14:11 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.12 19:14:11 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.12 19:14:11 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.12 19:14:11 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.03.12 19:14:11 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.12 19:14:10 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2013.03.12 19:14:10 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2013.03.12 19:14:10 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.12 19:14:10 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.12 19:14:10 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.12 19:14:10 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.12 19:14:10 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2013.03.12 19:14:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.03.12 19:14:10 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.12 19:14:10 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.12 19:14:10 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.12 19:14:10 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.12 19:14:10 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.12 19:14:09 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.12 19:14:09 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.12 19:14:09 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2013.03.12 19:14:09 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.12 19:14:09 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.12 19:14:09 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.12 19:14:09 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.12 19:14:09 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2013.03.12 19:14:09 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2013.03.12 19:14:09 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.12 19:14:09 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.12 19:14:09 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.12 19:14:09 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2013.03.12 19:14:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.03.12 19:14:09 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.12 19:14:09 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.12 19:14:09 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.12 19:14:09 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.12 19:14:09 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.12 19:14:09 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.12 19:14:08 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.12 19:14:08 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.12 19:14:08 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.12 19:14:08 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.12 19:14:08 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.12 19:14:08 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.12 19:14:08 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.12 19:14:08 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.12 19:14:08 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.12 19:14:08 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.12 19:14:08 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.12 19:14:08 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.12 19:14:08 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.12 19:14:08 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.03.12 19:14:08 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.03.12 19:14:08 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.12 19:14:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.12 19:14:08 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.12 19:14:08 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.03.12 19:14:08 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.11 19:36:54 | 1520,791,731 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.11 18:32:44 | 000,000,000 | ---- | M] () -- C:\Users\D-Schmidls\defogger_reenable
[2013.03.10 19:59:32 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.10 19:59:30 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.10 19:59:30 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.10 19:59:30 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.10 19:59:29 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.03.10 19:59:29 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.09 22:20:59 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.09 10:35:29 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.09 09:54:18 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013.03.09 09:54:18 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.02.24 22:24:22 | 000,001,129 | ---- | M] () -- C:\Users\D-Schmidls\Desktop\Cyberlink Power2Go.lnk
[2013.02.23 13:55:22 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.23 13:51:57 | 000,000,306 | RHS- | M] () -- C:\Users\D-Schmidls\ntuser.pol
[2013.02.22 16:29:42 | 002,719,456 | ---- | M] (Acronis) -- C:\Windows\SysNative\auto_reactivate.exe
[2013.02.18 11:00:34 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2013.02.18 10:39:17 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.17 01:40:40 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013.02.15 18:23:35 | 005,016,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.03.15 17:01:51 | 000,597,667 | ---- | C] () -- C:\Users\D-Schmidls\Desktop\adwcleaner.exe
[2013.03.14 17:55:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.14 17:55:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.14 17:55:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.14 17:55:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.14 17:55:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.12 19:14:11 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.12 19:14:08 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.11 18:32:44 | 000,000,000 | ---- | C] () -- C:\Users\D-Schmidls\defogger_reenable
[2013.03.10 13:29:55 | 000,001,450 | ---- | C] () -- C:\Users\D-Schmidls\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.03.10 13:29:55 | 000,001,416 | ---- | C] () -- C:\Users\D-Schmidls\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.03.09 22:20:59 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.09 22:20:59 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.09 10:35:29 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.09 09:56:40 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.03.06 22:14:12 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\Lyrics Search Update.job
[2013.02.23 13:51:57 | 000,000,306 | RHS- | C] () -- C:\Users\D-Schmidls\ntuser.pol
[2013.02.18 11:00:34 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2013.01.06 17:09:38 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2012.12.25 21:14:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Soundtrack
[2012.12.25 21:14:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sounds
[2012.12.25 21:14:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sound Effects
[2012.12.25 21:14:17 | 000,000,268 | RH-- | C] () -- C:\Users\D-Schmidls\AppData\Roaming\Smooth Strings
[2012.12.25 21:14:17 | 000,000,268 | RH-- | C] () -- C:\Users\D-Schmidls\AppData\Roaming\SingleFiles
[2012.12.25 21:14:17 | 000,000,268 | RH-- | C] () -- C:\Users\D-Schmidls\AppData\Roaming\Services
[2012.12.25 21:14:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012.12.25 21:14:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012.12.25 21:14:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012.12.18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.11.18 22:03:52 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\PTQL5F.DLL
[2012.10.04 17:31:58 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.04 17:22:34 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat
[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.07.17 16:50:15 | 002,086,240 | ---- | C] () -- C:\Windows\SysWow64\LenovoVeriface.Interface.dll
[2012.07.17 16:50:15 | 001,500,512 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll
[2012.07.17 16:50:15 | 001,171,456 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll
[2012.07.17 16:50:15 | 000,472,416 | ---- | C] () -- C:\Windows\SysWow64\Lenovo.VerifaceStub.dll
[2012.07.17 16:50:08 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll
[2012.07.17 16:36:44 | 000,001,779 | ---- | C] () -- C:\Windows\vm332Rmv.ini
[2012.07.17 16:36:44 | 000,001,779 | ---- | C] () -- C:\Windows\SysWow64\vm332Rmv.ini
[2012.05.16 06:26:34 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.05.16 06:26:21 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 15.03.2013 17:55:01 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\D-Schmidls\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,89 Gb Available Physical Memory | 74,51% Memory free
15,81 Gb Paging File | 13,67 Gb Available in Paging File | 86,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 886,32 Gb Total Space | 627,33 Gb Free Space | 70,78% Space Free | Partition Type: NTFS
Drive D: | 25,47 Gb Total Space | 19,11 Gb Free Space | 75,04% Space Free | Partition Type: NTFS
 
Computer Name: D-SCHMIDLS-LAPI | User Name: D-Schmidls | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1213549982-270914157-679369173-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F8F446-36C2-4E26-A891-CC33310EB125}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{05B5F676-7A09-4E90-9F92-9508E2D97788}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{05CDCB9F-56BD-45CF-B34E-89B3908AFE24}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0997D113-7401-458E-97C6-9938E1E5984E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{16049E13-C70E-4279-8963-EDC154956A3F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{17D5B0B4-3FF2-4420-9DEF-3D3D37145BB7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{19D59952-0143-4D40-9AFA-6672131A7DD3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1A89297B-336D-48EA-8A47-9EFA6021AA95}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{1CACE2FB-474F-4252-8D69-933DF9DD2F9E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3570DE8C-75C8-4BFC-B39C-E912F05DCCB6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{42586ED7-376B-4B00-ACCF-17094FDDCE8F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4B1DF91A-EE72-4783-B7CB-5C217950B717}" = lport=445 | protocol=6 | dir=in | app=system | 
"{558119DD-BF56-425B-B8DF-626AAC03D68D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{57D44D10-FEE4-466D-8E20-2B8BD83C8D4B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5B5A27B1-70A8-4AE3-9248-7E43BF0DEA15}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7DACB433-2C8F-4B1A-8D3A-7CD7F1D5B009}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{803C2A7D-CA39-42F8-8204-928071776C99}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{83A3A290-0BB6-4ED8-B29A-6D7FF439B5E9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{916AE26F-30E0-4152-9082-BD2D2D75D02A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9DC6D665-D932-46F0-99CD-D895CB2DD216}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B1D276F1-5AE7-4009-A516-1165570B9DB9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BFA91A8D-1FBC-4F67-95BF-8061DE67C6B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C6A604F8-5C96-4CB0-8EE0-F494886D0025}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D3845253-E1A9-457A-B931-9859F5857297}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D4E65D18-D4B6-44C6-AAF0-A706CB47974F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DC95DBBB-A604-445A-B2AA-1119642AC88A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{FC1A3F98-FCA9-4EE7-BAE7-419FEA453487}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0064D9E8-4DD3-4747-A28E-7B3FF755DA7B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{00D699FB-EB20-4F42-8662-40BF7AC40A4E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0A4AE35B-9063-41D3-8419-63E6AAAA3A82}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0E47178A-031E-4FA2-8A46-D5FE92BEA825}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1D44F85B-150D-48E5-A25A-AE4A39F5744A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{23017204-3DF7-40E8-AA9F-AB6FBDB059A7}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{243906DB-2FD4-4A81-9542-6C453262909E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{26C945CC-5F2F-4A6B-AEC7-EFDA4E904965}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{2B726D94-0111-4620-841F-A803A00E0ED0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3A9FDBB7-96DA-4997-BDB8-9142C34E5C6C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3D270D70-DD67-4881-B8C5-911AE201CAC8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{439FCF7B-C282-4208-8717-05AC6DB9882D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5137AECA-DC24-4B6F-AF0C-1DBA3EA680FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{538ED384-8E5E-44DF-BE54-A7EE8FD092E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{56AD6342-62C2-4CA8-B7A7-0B92847F51C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6864DF45-1EBE-4CE3-8C2F-6D85920CA73C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{6BB589A3-3AA4-4D54-AAE3-129DE24BBB34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6CB18272-7A6C-4D99-A223-B202E5FE8A1A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{72AEF06B-9B3D-4E40-881B-F3A94B2BF237}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{74044301-2020-4533-B589-227C5C38B915}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8359104F-CCAC-4289-9A2C-782CD10AB61A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{894F7D74-DE21-4152-8FF3-258D0A686AB3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{94046D40-4890-43E3-BB27-FCE0487FE44B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9A57F817-DC67-437E-A2C3-66DDA429BFF2}" = protocol=6 | dir=out | app=system | 
"{A824A1A3-B6F6-485B-A049-EA5CCC9D4B11}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{ACDBE093-8279-4FD1-A201-01990C6ECDAB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{B67F3342-C9B5-487B-8F47-8AFB30E026D0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C743C085-4E0D-4975-9AE7-C57F5C51F64E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C8069B20-8074-49E5-9745-114B26907F51}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C982E5A3-4FB5-46A1-A3AB-356F5EEC5305}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CB7D0D07-2F5E-429B-896C-9961FE8B5F87}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{D3B1CC32-DD8A-421A-8CC9-A94D7FCE292A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{DFCCF904-FBC1-45DB-901C-2E3C663E78A5}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{E3C9AB6C-D31A-41CF-8C10-9E3A8C37F11E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{E55A0473-0807-4C34-9F7F-EDA1A421FD9D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{E9230883-A7E2-4431-B18C-51CFDBD14B71}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{EAD5CC59-F063-4DEC-8DAA-58A0F8B0002C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FA53F298-E030-4F7B-9133-0869A2A86ED9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FB388D3C-6C3E-4282-BB3E-4DED52F157C8}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{FBCC84BE-4A9F-464A-A82E-1D95638B899B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{8A90FB93-765B-48C0-9986-462BFD18FDF2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{8CEB230D-F030-4A22-8926-AACFE8678993}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{F2B5BEC5-165F-45EB-8C91-439B7EC5447F}C:\program files\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files\calibre2\calibre.exe | 
"UDP Query User{5FBC1FE0-882F-451A-80FB-65C36CD06F93}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{8D98328D-E090-4785-8432-F94D6EB4183A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{D5406CAA-312F-4BA1-885B-A6EC47D13A6A}C:\program files\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files\calibre2\calibre.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{2329D187-A58A-4395-8B6E-791A312667AF}" = Lenovo Solution Center
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{79C211A9-80D7-4E2A-A847-55BCC8F2ADCF}" = calibre 64bit
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = Lenovo pointing device
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C547A-1A94-4D8F-B94F-7063B8C09244}" = JEMAKO Office Manager Premium
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE7832F-D842-4C1F-B910-E99790416EDA}" = Brother P-touch Editor Etikettenvorlagen - Feier [DEU]
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0FB0C4D9-73BB-4D1A-8483-5D0BD53FACC0}" = Ad-Aware Antivirus
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN Client Installation Program
"{2B540B0C-8AC4-42BE-A597-FDD1A788A0F5}" = Brother P-touch Editor Etikettenvorlagen - Event-Planung [DEU]
"{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3ED68C80-4FDC-450D-8878-2FF15E140A53}" = Brother P-touch Editor Etikettenvorlagen - Gebäude-Anlage [DEU]
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42036760-2DA4-43C4-A48A-9F90A0F1FA0E}" = Brother P-touch Update Software
"{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1" = 1.5
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5EFFE155-E75B-4816-82BB-67C76A7E2C09}" = Brother P-touch Editor Etikettenvorlagen - Paketversand [DEU]
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A2B148A-5D96-40D2-8450-692713BB7457}" = Advanced PDF Password Recovery
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CEBCCA3-0F3F-4B1C-B0E9-4E6E14546651}" = Brother P-touch Editor Etikettenvorlagen - Warnung [DEU]
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8129CEF2-D636-4A9C-94EC-E80772A310A4}" = Brother P-touch Editor Etikettenvorlagen - Umwelt-Recycling [DEU]
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{984196DF-62D0-427E-B894-A3EDCB4224E2}}_is1" = FOTOParadies
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A242CAB2-870C-4AC9-8AFE-34379D9383CD}" = Brother QL-Series Software User's Guide
"{A6D793AA-7DE7-44C4-A920-5926EDA6A74B}" = Brother P-touch Editor Etikettenvorlagen - Sport-Vorbereitung [DEU]
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2023017-DEE4-44F7-8A71-CA6084BF534C}" = Brother P-touch Address Book 1.1
"{B6D72A3F-B3C9-4C2E-B98C-A22F06529B8C}" = Brother P-touch Editor Etikettenvorlagen - Geburtstag [DEU]
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF776DAE-575D-4E1B-A436-158549FD65E4}" = Brother P-touch Editor Etikettenvorlagen - Einzelhandel [DEU]
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E500DF84-3A0A-4989-93C2-D33B935008C1}" = Inhaltsmanager-Assistent für PlayStation(R)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"7-Zip" = 7-Zip 9.20
"adawaretb" = Ad-Aware Security Add-on
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Audacity_is1" = Audacity 2.0.2
"Biet-O-Matic v2.14.12" = Biet-O-Matic v2.14.12
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"dm-Fotowelt" = dm-Fotowelt
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A242CAB2-870C-4AC9-8AFE-34379D9383CD}" = Brother QL-Series Software User's Guide
"InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"lrcsearch@bjornet.net" = Lyrics Search
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"Streamripper" = Streamripper (Remove only)
"SugarSync" = SugarSync Manager
"VeriFace" = VeriFace
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"Windows Codec Pack1.0" = Windows Codec Pack
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1213549982-270914157-679369173-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1213549982-270914157-679369173-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.03.2013 12:14:47 | Computer Name = D-Schmidls-Lapi | Source = WinMgmt | ID = 10
Description = 
 
 
< End of report >

Danke

cosinus · 15.03.2013, 19:50

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bene81 · 15.03.2013, 23:28

So logs sind fertig, leider ein Fund.

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.15.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
D-Schmidls :: D-SCHMIDLS-LAPI [administrator]

15.03.2013 21:42:45
mbar-log-2013-03-15 (21-42-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31484
Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0b528c0fec293d419517321d0ee30126
# engine=13399
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-15 10:22:15
# local_time=2013-03-15 11:22:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 11931219 115015985 0 0
# scanned=191286
# found=1
# cleaned=0
# scan_time=5182
sh=C94604B6D427C88AEB480062AE635F28F9D3886F ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.IW trojan" ac=I fn="C:\Users\D-Schmidls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\45d3cbe0-395c43f3"

So das wars. Gute Nacht

cosinus · 15.03.2013, 23:52

Ist nur ein Rest im Cache. Bitte mit TFC leeren

TFC - Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Bene81 · 16.03.2013, 22:03

Durchgeführt, jedoch wird der Banner noch immer angezeigt, siehe Anhang.
Was kann man noch machen???
Danke, danke , danke.

cosinus · 17.03.2013, 16:08

Hm, nur im IE ist das so? Setz den bitte mal komplett zurück siehe => Zurücksetzen von Internet Explorer-Einstellungen in Internet Explorer 9

Bene81 · 17.03.2013, 19:40

Hallo. Ja genau nur beim Internet Explorer. Zurückgesetzt hab ich schon, jedoch ohne Erfolg. Was nun???

Danke

17.03.2013, 16:08	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Adserversplus.com wird in Internetexplorer angezeigt Hm, nur im IE ist das so? Setz den bitte mal komplett zurück siehe => Zurücksetzen von Internet Explorer-Einstellungen in Internet Explorer 9 __________________ Logfiles bitte immer in CODE-Tags posten

Adserversplus.com wird in Internetexplorer angezeigt

Log-Analyse und Auswertung: Adserversplus.com wird in Internetexplorer angezeigt