Hallo Trojaner-board Team!
Ich bin anscheinend Opfer des Polizei-Virus in der Österreich Version geworden. Webcam geht an und man bittet mich 100 EUR per Paysafe Card zu bezahlen. Habe schon ein wenig recherchiert und eine Systemwiederherstellung durchgeführt. Rechner funktioniert. Ich bin nicht sicher, ob ich jetzt schon sauber bin und hoffe auf eure Hilfe!
Anbei auch die Logs von OTL und Malwarebytes. Vielen DANK!!
LG

Hallo und

Zitat:

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00E9A35C-3EE1-43DB-9D01-981468F8BC96}: NameServer = 10.29.0.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04AF1787-79AF-4FCF-BF83-541F54B385F8}: DhcpNameServer = 10.0.0.138

Warum bitte eine Professional-Edition von Windows, brauchst du das als Heimanwender? Warum ein Subnetz aus dem 10er-Bereich?
Ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

Hallo Cosinus!
Bin Selbständiger, daher die Professional Version.
Das mit dem Subnetz verstehe ich leider nicht.
Viele Grüße!

Dann mal das hier lesen:

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:

3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.

Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

Gelesen und verstanden?`

Ja, verstanden! Habe leider keinen IT Support und Neuaufsetzen ist für den Moment zu aufwändig.

Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden?

Malwarebytes und/oder andere Virenscanner?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Hallo Cosinus!
Habe dir die Logs die ich habe gegeben (OTL und Malwarebytes). Habe auch einen Scan mit Avira gemacht - nichts gefunden.
lg

Zitat:

Habe auch einen Scan mit Avira gemacht - nichts gefunden.

Hm, ich fragte aber nicht nach Ergebnisse neuer Scans mit Avira - hat Avira in der Vergangenheit nun mal was gefunden oder nicht?

In den letzten Monaten nicht.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

• Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
  
  
• Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  
  
• Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
  
  
• Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
  
  
• Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
  
  
• Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Rootkitscan mit GMER

Bitte lade dir GMER herunter: (Dateiname zufällig)

• Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
• Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:

  WARNING !!!
  GMER has found system modification, which might have been caused by ROOTKIT activity.
  Do you want to fully scan your system ?
  

  Unbedingt auf "No" klicken.
• Entferne rechts den Haken bei: IAT/EAT und Show All
• Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
• Starte den Scan mit "Scan".
• Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

• Probiere alternativ den abgesicherten Modus.
• Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

• Starte bitte die mbar.exe.
• Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
• Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
• Klicke auf den CleanUp Button und erlaube den Neustart.
• Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
• Nach dem Neustart starte die mbar.exe erneut.
• Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Hallo Cosinus!
Hier die Logs!
GMER:

Code: Alles auswählenAufklappen

ATTFilter

MER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-17 10:34:50
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\KLEMEN~1\AppData\Local\Temp\pxldqpod.sys


---- System - GMER 2.1 ----

SSDT            91AE8DBE                                                                                         ZwCreateSection
SSDT            91AE8DC8                                                                                         ZwRequestWaitReplyPort
SSDT            91AE8DC3                                                                                         ZwSetContextThread
SSDT            91AE8DCD                                                                                         ZwSetSecurityObject
SSDT            91AE8DD2                                                                                         ZwSystemDebugControl
SSDT            91AE8D5F                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         8304CA09 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           830861F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              8308D34C 4 Bytes  [BE, 8D, AE, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                              8308D6A8 4 Bytes  [C8, 8D, AE, 91] {ENTER 0xae8d, 0x91}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                              8308D6EC 4 Bytes  [C3, 8D, AE, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                              8308D768 4 Bytes  [CD, 8D, AE, 91] {INT 0x8d; SCASB ; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1668                                                              8308D7BD 3 Bytes  [8D, AE, 91]
.text           ...                                                                                              
?               C:\Users\KLEMEN~1\AppData\Local\Temp\pxldqpod.sys                                                Das System kann den angegebenen Pfad nicht finden. !

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys

Device          \Driver\iaStor \Device\Dev_ffffffff8666c028                                                      C8426E36

AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys

---- Modules - GMER 2.1 ----

Module          (noname) (*** hidden *** )                                                                       C8400000-C85B5000 (1789952 bytes)                                                                                                                    

---- Threads - GMER 2.1 ----

Thread          SYSTEM [4:4508]                                                                                  C8420A7A

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38c74bbc                      
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38c74bbc (not active ControlSet)  

---- EOF - GMER 2.1 ----
         

MBAR

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.17.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
Karl :: BRAIN [administrator]

17.04.2013 11:21:23
mbar-log-2013-04-17 (11-21-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 34578
Time elapsed: 41 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Hallo Cosinus! Anbei die Logs:

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.8 (04.21.2013:2)
OS: Windows 7 Professional x86
Ran by Karl on 22.04.2013 at 23:14:10,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2504091



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Karl\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Karl\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Karl\appdata\locallow\vuze_remote"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\vuze_remote"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.04.2013 at 23:14:53,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.201 - Datei am 22/04/2013 um 23:25:02 erstellt
# Aktualisiert am 21/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Karl - BRAIN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Karl\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\K***\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\K***\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\K***\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\K***\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\K***\AppData\LocalLow\Vuze_Remote

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Vuze_Remote
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3BCA001E-6533-48A3-9B5B-011534D6F5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6679FD41-B3B0-4A38-914D-AD4F86B0DD86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Schlüssel Gelöscht : HKLM\Software\Vuze_Remote
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [3057 octets] - [22/04/2013 23:25:02]

########## EOF - C:\AdwCleaner[S1].txt - [3117 octets] ##########
         

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 22.04.2013 23:31:05 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Karl\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 63,19% Memory free
5,86 Gb Paging File | 4,61 Gb Available in Paging File | 78,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,90 Gb Total Space | 11,39 Gb Free Space | 4,03% Space Free | Partition Type: NTFS
 
Computer Name: BRAIN | User Name: Karl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015555E8-9B37-4092-BEDF-2054D24048D6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0A50D78E-AE20-408D-B2DA-49152EEEECCB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0F71C515-2D79-4577-874C-373B1A04BCDB}" = lport=21112 | protocol=6 | dir=in | name=trend micro client/server security agent listener | 
"{16EAB2C9-BCA2-4E2E-A36D-8DDF873D72EC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1A4AF475-01C9-4EEF-B8D2-24B8C730BD18}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{2364DB5E-405E-4859-B064-77454E89581D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{24DEE3DD-64B4-46E0-AA01-967E76463079}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{307FF7FE-4BF4-4977-A998-2659592C680C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{334F5D26-6ACC-4C32-BA41-AC15FBEBBDC4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4D1673A3-F6E5-4546-9924-AF202B1F3F09}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4D2D0B25-4B76-4605-AEC3-4B84A5FAB4D5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{52A5C6F5-A86F-426B-A822-B60D6DA91FA3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5AADDE90-EEC0-4B77-B677-101B43A0DBFB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5D313132-7C20-4F75-ADD5-92665AC09424}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{66CC22F2-914E-4FF7-961E-89980E86F021}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{69705B28-B405-49A2-BAF4-32BB8D72A4A0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6FDE4367-1CC5-46E0-B29B-092D48E3C201}" = rport=137 | protocol=17 | dir=out | app=system | 
"{830E2D81-9B3D-435B-9271-3279976713F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8311456D-2DF6-4D2B-81DA-373F06A0E0E6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{83DE1FA0-C95B-418F-AE6A-E9B4334D4F11}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8B4468F2-B586-45EC-934E-C2C70CFF8310}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A3077302-B4A7-4918-A725-5B9904BDB4EA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A65FC511-3EDD-4126-B82B-5643EA18CA25}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A8F12630-2DDF-4BC7-A8C9-DFCE7BBF7409}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BFA62C40-1862-4374-B2C2-204662BD6BA2}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update | 
"{C179483F-8745-4109-8C59-611B9F5620BF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CA42ECA4-E57A-4F82-BC55-69ABFA1BAA9F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CE2AF523-6797-43BC-821D-62F2D172D6EC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D4525247-2D95-4452-87E1-8FB8C065407E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EB2D612A-D0F2-4E97-B214-AC35798C3771}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EB737BE3-B62C-4BDE-BE65-928E703859C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EC28F2B0-3CBA-493E-9C2B-8FA6EC244504}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ED1BA402-18E9-4F9C-8533-93BFF02E1AA4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EF3F3134-1210-45E7-97DE-39344F96A7CA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F2050ACE-8D34-45DB-B85C-C66A4E7D8B65}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F6961AA6-7CC3-4A93-AA58-BBFE8D80F7D5}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0067CD80-6E49-4431-99A3-726F9234833D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{00E8A0A6-015E-4785-AF40-4951062427B9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{12C6F0C6-6D9B-467A-9F7B-EB79131CC92C}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe | 
"{1B6A39AB-93B3-4D1B-95C3-EB2F25326749}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{1E35BB2B-1CA3-43CB-9ACA-57032D300C06}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1F84E563-B200-409A-9D39-69A85BD2019D}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{24F81C74-28F8-4907-A39D-7E2B70107133}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2A78C518-DFAD-4DF5-A0DE-0035BEF4FE16}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe | 
"{372216BC-DDD8-4EAF-9E9E-CC63A4D89A2E}" = protocol=17 | dir=in | app=c:\users\klemens figlhuber\appdata\roaming\dropbox\bin\dropbox.exe | 
"{380B4775-0E33-4B5A-934A-FB9106EFCEC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3F1668A2-99DE-4DE8-8157-8481CD20A268}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{56C16969-F9A8-4AD8-917A-8A51544D99C0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{5941C7D4-5654-452F-B00F-65212BDBD46D}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{5979BA34-3D4E-4FE4-812A-C2EA821E4BCB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5BEAEA92-56CA-4E8C-AD65-6B8815D6F001}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5DA18455-97E6-4D14-A84A-2B5AD81A5BA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{61E32816-03E1-48D8-84BC-053B51493B32}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{6EEFCCF7-DA72-4922-BCB3-BB092C1A215C}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{75402464-521F-4357-AAD5-4A64CAF60519}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{78F71485-07BB-4B54-B21C-D3BD8EE2DC53}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7C15DB5A-258E-4E6E-A9B1-EAF513116296}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8BFEC8B9-CF92-4795-9073-BE91438B98DD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8DC551EC-6F03-4255-B8E0-274A220D287C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8F47C223-1551-4438-A503-F61ACC4B097A}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe | 
"{9CA60AD7-2A18-4E15-90A8-C29990CD12AF}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe | 
"{A2505A89-69AC-4A76-930D-7934C3A434CD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{A8034E1E-F2EC-4248-9BBD-ABD0EE14088F}" = protocol=6 | dir=in | app=c:\users\klemens figlhuber\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B0BFFE6A-0CD5-42B9-8BFA-6AA1CA0D2CD3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B9F7EE11-5151-4473-8DB3-FBCBF3DF4D97}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{BE905167-5BB4-41A4-A39B-18F1F326FBB3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{C418DE38-6699-4926-A2B6-E6EBB79956CF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{CBFB8AFD-EAA6-4119-A89E-1EFF4A337DDD}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{D8CC76A9-CD97-463B-87AF-FFCDC7365F34}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{DA9C4D8A-C6C3-4439-9CDE-79C40C87D8D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DDA0B820-AA22-4800-A6AA-F9CB51020896}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E5861CB2-E91B-497F-A31B-4ADD287A663A}" = protocol=6 | dir=out | app=system | 
"{EA85B136-A7B7-4BB0-9257-50A4D9281F8E}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{F23F3D10-4962-456F-A6AA-33C5125EBF9D}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | 
"{F37D8E79-EA9F-46DA-A3F0-21CDDFE8267C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F3F98AC9-9330-4A6B-B0FA-EB1730B0C1A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FE40D133-8F8D-43A6-BE99-43F6D18906D7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"TCP Query User{3ECCF886-AE41-49D4-8AA7-DE0B050CD363}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{70132F89-4774-49E7-B0B0-92F125310E4A}C:\users\klemens figlhuber\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\klemens figlhuber\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{8A3F1FD8-6EB6-4324-AB52-8239DDE0DB8A}C:\program files\raptr\raptr.exe" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe | 
"TCP Query User{98DF5F50-FBCA-4372-A12F-8E65270D9338}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{B825B696-1DD0-4C6A-98CC-0DF24081A553}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{F6BC8481-D197-4385-8FB6-6DC6A9AF0594}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{0988E572-F447-479E-9ACE-CA4CAEF71EFB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{129C8905-96EA-45F8-A1E9-47233520BDA9}C:\users\klemens figlhuber\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\klemens figlhuber\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{8A0C2138-5C40-4687-82EC-FD3ADC9596E0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{C449CFDC-5418-4FFD-9FB2-CB200DEFC229}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{D06E8F3F-1E46-4CBC-97A0-8E3C88E34061}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{FE097569-2A09-407E-AE91-D518274E1B3B}C:\program files\raptr\raptr.exe" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007C5268-FB1C-49B9-A5E7-37D66DE46B9C}" = Online Plug-in
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{2DE9C112-2482-4D27-AA90-1504DFD9F117}" = Citrix Authentication Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8AE086-030F-4EF4-B705-63F8130B043E}" = DigitalPersona Personal 4.01
"{4688EB75-28E2-4731-9BCB-55E624F7CD45}" = Dell Backup and Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EC50898-E24A-4C0C-A1F2-A71A8DBF291F}" = Citrix Receiver Inside
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9FCB6355-689E-4141-9714-3EEC2AE10292}" = Validity Sensors DDK
"{A0791198-3F0C-4FB4-870C-5734C4CB5F16}" = Citrix Receiver (USB)
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B48A3CE4-2F1E-45EF-841A-C0A3C407EB0F}" = Self-Service Plug-in
"{B4D8A5FE-83C9-44AB-88C7-9AB30EFE482A}" = Citrix Receiver(Aero)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7C7FA4B-40FF-4B4E-A566-1ABF8FAC38BB}" = Citrix Receiver (HDX Flash-Umleitung)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D777101F-1708-46ED-916E-3BE885F78F55}" = Citrix Receiver (DV)
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"Dell Support Center" = Dell Support Center
"Dell Webcam Central" = Dell Webcam Central
"DW WLAN Card Utility" = DW WLAN Card Utility
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Dell Touchpad
"TuneUpMedia" = TuneUp Companion 2.2.1
"VLC media player" = VLC media player 1.1.9
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== Last 20 Event Log Errors ==========
 
[ Cisco AnyConnect VPN Client Events ]
Error - 10.01.2013 04:40:55 | Computer Name = Brain | Source = vpnagent | ID = 67110872
Description = Failed Route change:  Action: AddRoute  Destination: 0.0.0.0  Netmask:
 0.0.0.0  Gateway: 137.208.0.1  Interface: 137.208.154.11  Metric: 1
 
Error - 10.01.2013 04:40:55 | Computer Name = Brain | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
 226 Invoked Function: AddRouteChange Return Code: -33095667 (0xFE07000D) Description:
 ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED 
 
Error - 10.01.2013 04:40:55 | Computer Name = Brain | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::AddRouteChange File: .\ChangeRouteHelper.cpp
Line:
 1295 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED 
 
Error - 10.01.2013 04:40:55 | Computer Name = Brain | Source = vpnagent | ID = 67110872
Description = Failed Route change:  Action: DelRoute  Destination: 10.17.255.255  Netmask:
 255.255.255.255  Gateway: 10.17.8.240  Interface: 10.17.8.240  Metric: 256
 
Error - 10.01.2013 04:40:55 | Computer Name = Brain | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
 245 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED 
 
Error - 10.01.2013 04:45:26 | Computer Name = Brain | Source = vpnagent | ID = 67108866
Description = Function: CCdtpProtocol::OnTimerExpired File: .\CdtpProtocol.cpp Line:
 795 Invoked Function: handleExpiredDPD Return Code: -31653877 (0xFE1D000B) Description:
 CDTPPROTOCOL_ERROR_NO_DPD_RESPONSE 
 
Error - 10.01.2013 04:45:26 | Computer Name = Brain | Source = vpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelStatusChange File: .\TunnelStateMgr.cpp
Line:
 1173 Invoked Function: ITunnelProtocol::OnTunnelStatusChange Return Code: -31653877
 (0xFE1D000B) Description: CDTPPROTOCOL_ERROR_NO_DPD_RESPONSE callback
 
Error - 10.01.2013 04:48:18 | Computer Name = Brain | Source = vpnagent | ID = 67108866
Description = Function: CCdtpProtocol::OnTimerExpired File: .\CdtpProtocol.cpp Line:
 795 Invoked Function: handleExpiredDPD Return Code: -31653877 (0xFE1D000B) Description:
 CDTPPROTOCOL_ERROR_NO_DPD_RESPONSE 
 
Error - 10.01.2013 04:48:18 | Computer Name = Brain | Source = vpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelStatusChange File: .\TunnelStateMgr.cpp
Line:
 1173 Invoked Function: ITunnelProtocol::OnTunnelStatusChange Return Code: -31653877
 (0xFE1D000B) Description: CDTPPROTOCOL_ERROR_NO_DPD_RESPONSE callback
 
Error - 10.01.2013 04:55:50 | Computer Name = Brain | Source = vpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\BrowserProxy.cpp Line:
 1040 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: Das System
 kann die angegebene Datei nicht finden.   
 
[ DigitalPersona Pro Events ]
Error - 24.08.2012 06:11:19 | Computer Name = ZukunftEinkauf | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
[ System Events ]
Error - 22.04.2013 17:19:17 | Computer Name = Brain | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 22.04.2013 23:31:05 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Karl\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 63,19% Memory free
5,86 Gb Paging File | 4,61 Gb Available in Paging File | 78,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,90 Gb Total Space | 11,39 Gb Free Space | 4,03% Space Free | Partition Type: NTFS
 
Computer Name: BRAIN | User Name: Karl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Karl\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Citrix\ICA Client\Receiver\Receiver.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
PRC - C:\Programme\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
PRC - C:\Programme\Dell\DW WLAN Card\BCMWLTRY.EXE (Dell Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Programme\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Windows\System32\vcsFPService.exe (Validity Sensors, Inc.)
PRC - C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe (Andrea Electronics Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - c:\Programme\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (RoxWatch12) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (vcsFPService) -- C:\Windows\System32\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe (IDT, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (UNS) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (btwdins) -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (DpHost) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Karl\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (Acceler) -- C:\Windows\System32\drivers\Accelern.sys (ST Microelectronics)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (stdcfltn) -- C:\Windows\System32\drivers\stdcfltn.sys (ST Microelectronics)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{5C8E1569-A8D9-414E-904E-E852D2DB830E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2270161121-1083704932-3148373137-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/
IE - HKU\S-1-5-21-2270161121-1083704932-3148373137-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKU\S-1-5-21-2270161121-1083704932-3148373137-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B 3D CF EE 71 3B CE 01  [binary data]
IE - HKU\S-1-5-21-2270161121-1083704932-3148373137-1004\..\SearchScopes,DefaultScope = {5C8E1569-A8D9-414E-904E-E852D2DB830E}
IE - HKU\S-1-5-21-2270161121-1083704932-3148373137-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2270161121-1083704932-3148373137-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2270161121-1083704932-3148373137-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2011.06.08 10:33:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2011.06.08 10:33:43 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2013.04.17 15:42:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (CtxIEInterceptorBHO Class) - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Programme\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
O2 - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - Startup: C:\Users\Klemens Figlhuber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2270161121-1083704932-3148373137-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2270161121-1083704932-3148373137-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://dwa.eurofoam.at/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.wu.ac.at/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Java Plug-in 1.7.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab (Java Plug-in 1.7.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00E9A35C-3EE1-43DB-9D01-981468F8BC96}: NameServer = 10.29.0.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04AF1787-79AF-4FCF-BF83-541F54B385F8}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Programme\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.22 23:14:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.22 23:13:36 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.22 23:12:20 | 000,535,747 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Karl\Desktop\JRT.exe
[2013.04.22 19:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013.04.17 15:56:46 | 000,000,000 | ---D | C] -- C:\Users\Karl\AppData\Local\Diagnostics
[2013.04.17 15:43:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.17 15:43:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.17 15:41:41 | 000,000,000 | ---D | C] -- C:\Users\Karl\AppData\Local\temp
[2013.04.17 15:31:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.17 15:31:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.17 15:31:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.17 15:31:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.17 15:29:31 | 005,054,659 | R--- | C] (Swearware) -- C:\Users\Karl\Desktop\ComboFix.exe
[2013.04.17 14:57:59 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Karl\Desktop\tdsskiller.exe
[2013.04.17 14:35:01 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Karl\Desktop\aswMBR.exe
[2013.04.17 10:36:34 | 000,000,000 | ---D | C] -- C:\Users\Karl\AppData\Roaming\WinRAR
[2013.04.11 11:49:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Karl\Desktop\OTL.exe
[2013.04.10 22:39:03 | 000,000,000 | ---D | C] -- C:\Users\Karl\AppData\Roaming\Macromedia
[2013.04.10 21:52:20 | 000,000,000 | ---D | C] -- C:\Users\Karl\AppData\Roaming\Avira
[2013.04.10 21:41:15 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 21:41:14 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.10 21:41:14 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.04.10 21:41:14 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 21:41:13 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 21:41:13 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 21:41:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.04.10 21:41:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.04.10 21:41:13 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.04.10 21:41:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.04.10 21:35:53 | 000,000,000 | ---D | C] -- C:\Users\Karl\AppData\Roaming\Malwarebytes
[2013.04.10 21:34:33 | 000,000,000 | ---D | C] -- C:\Users\Karl\AppData\Roaming\Macrovision
[2013.04.10 21:33:46 | 000,000,000 | ---D | C] -- C:\Users\Karl\AppData\Roaming\ICAClient
[2013.04.10 21:33:39 | 000,000,000 | ---D | C] -- C:\Users\Karl\AppData\Roaming\Creative
[2013.04.10 21:33:33 | 000,000,000 | ---D | C] -- C:\Users\Karl\AppData\Roaming\Roxio
[2013.04.10 21:33:32 | 000,000,000 | ---D | C] -- C:\Users\Karl\AppData\Roaming\DigitalPersona
[2013.04.10 21:33:32 | 000,000,000 | ---D | C] -- C:\Users\Karl\AppData\Local\DigitalPersona
[2013.04.10 21:33:32 | 000,000,000 | ---D | C] -- C:\Users\Karl\AppData\Local\Citrix
[2013.04.10 21:33:24 | 000,000,000 | R--D | C] -- C:\Users\Karl\Virtual Machines
[2013.04.10 21:33:24 | 000,000,000 | R--D | C] -- C:\Users\Karl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.04.10 21:33:24 | 000,000,000 | R--D | C] -- C:\Users\Karl\Searches
[2013.04.10 21:33:24 | 000,000,000 | R--D | C] -- C:\Users\Karl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.04.10 21:33:16 | 000,000,000 | ---D | C] -- C:\Users\Karl\AppData\Roaming\Identities
[2013.04.10 21:33:14 | 000,000,000 | R--D | C] -- C:\Users\Karl\Contacts
[2013.04.10 21:32:29 | 000,000,000 | ---D | C] -- C:\Users\Karl\AppData\Roaming\Adobe
[2013.04.10 21:32:26 | 000,000,000 | ---D | C] -- C:\Users\Karl\AppData\Local\VirtualStore
[2013.04.10 21:32:23 | 000,000,000 | --SD | C] -- C:\Users\Karl\AppData\Roaming\Microsoft
[2013.04.10 21:32:23 | 000,000,000 | R--D | C] -- C:\Users\Karl\Videos
[2013.04.10 21:32:23 | 000,000,000 | R--D | C] -- C:\Users\Karl\Saved Games
[2013.04.10 21:32:23 | 000,000,000 | R--D | C] -- C:\Users\Karl\Pictures
[2013.04.10 21:32:23 | 000,000,000 | R--D | C] -- C:\Users\Karl\Music
[2013.04.10 21:32:23 | 000,000,000 | R--D | C] -- C:\Users\Karl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.04.10 21:32:23 | 000,000,000 | R--D | C] -- C:\Users\Karl\Links
[2013.04.10 21:32:23 | 000,000,000 | R--D | C] -- C:\Users\Karl\Favorites
[2013.04.10 21:32:23 | 000,000,000 | R--D | C] -- C:\Users\Karl\Downloads
[2013.04.10 21:32:23 | 000,000,000 | R--D | C] -- C:\Users\Karl\Documents
[2013.04.10 21:32:23 | 000,000,000 | R--D | C] -- C:\Users\Karl\Desktop
[2013.04.10 21:32:23 | 000,000,000 | R--D | C] -- C:\Users\Karl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.04.10 21:32:23 | 000,000,000 | -HSD | C] -- C:\Users\Karl\Vorlagen
[2013.04.10 21:32:23 | 000,000,000 | -HSD | C] -- C:\Users\Karl\AppData\Local\Verlauf
[2013.04.10 21:32:23 | 000,000,000 | -HSD | C] -- C:\Users\Karl\AppData\Local\Temporary Internet Files
[2013.04.10 21:32:23 | 000,000,000 | -HSD | C] -- C:\Users\Karl\Startmenü
[2013.04.10 21:32:23 | 000,000,000 | -HSD | C] -- C:\Users\Karl\SendTo
[2013.04.10 21:32:23 | 000,000,000 | -HSD | C] -- C:\Users\Karl\Recent
[2013.04.10 21:32:23 | 000,000,000 | -HSD | C] -- C:\Users\Karl\Netzwerkumgebung
[2013.04.10 21:32:23 | 000,000,000 | -HSD | C] -- C:\Users\Karl\Lokale Einstellungen
[2013.04.10 21:32:23 | 000,000,000 | -HSD | C] -- C:\Users\Karl\Documents\Eigene Videos
[2013.04.10 21:32:23 | 000,000,000 | -HSD | C] -- C:\Users\Karl\Documents\Eigene Musik
[2013.04.10 21:32:23 | 000,000,000 | -HSD | C] -- C:\Users\Karl\Eigene Dateien
[2013.04.10 21:32:23 | 000,000,000 | -HSD | C] -- C:\Users\Karl\Documents\Eigene Bilder
[2013.04.10 21:32:23 | 000,000,000 | -HSD | C] -- C:\Users\Karl\Druckumgebung
[2013.04.10 21:32:23 | 000,000,000 | -HSD | C] -- C:\Users\Karl\Cookies
[2013.04.10 21:32:23 | 000,000,000 | -HSD | C] -- C:\Users\Karl\AppData\Local\Anwendungsdaten
[2013.04.10 21:32:23 | 000,000,000 | -HSD | C] -- C:\Users\Karl\Anwendungsdaten
[2013.04.10 21:32:23 | 000,000,000 | -H-D | C] -- C:\Users\Karl\AppData
[2013.04.10 21:32:23 | 000,000,000 | ---D | C] -- C:\Users\Karl\AppData\Local\Microsoft Help
[2013.04.10 21:32:23 | 000,000,000 | ---D | C] -- C:\Users\Karl\AppData\Local\Microsoft
[2013.04.10 21:32:23 | 000,000,000 | ---D | C] -- C:\Users\Karl\AppData\Roaming\Media Center Programs
[2013.04.10 20:26:39 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 20:26:32 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 20:26:32 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 20:26:31 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 20:26:10 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.10 20:26:10 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.02 17:48:12 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.04.02 17:48:12 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.04.02 17:48:12 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.04.02 17:48:12 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.04.02 17:48:12 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.04.02 17:48:12 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.04.02 17:48:12 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.04.02 17:48:12 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.02 17:48:12 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.04.02 17:48:12 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.04.02 17:48:12 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.04.02 17:48:12 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.04.02 17:48:12 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.04.02 17:48:12 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.04.02 17:48:12 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.02 17:48:12 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.04.02 17:48:12 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.04.02 17:48:12 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.04.02 17:48:12 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.04.02 17:48:12 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.04.02 17:48:12 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.04.02 17:48:12 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.04.02 17:48:12 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.04.02 17:48:12 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.04.02 17:48:11 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.02 17:48:11 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.24 02:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.22 23:33:54 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.22 23:33:54 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.22 23:30:00 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.04.22 23:26:46 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.22 23:26:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.22 23:26:25 | 2358,259,712 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.22 23:23:29 | 000,615,935 | ---- | M] () -- C:\Users\Karl\Desktop\adwcleaner.exe
[2013.04.22 23:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.22 23:15:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.22 23:12:20 | 000,535,747 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Karl\Desktop\JRT.exe
[2013.04.22 22:55:17 | 000,001,168 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2270161121-1083704932-3148373137-1000UA.job
[2013.04.22 19:48:43 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.22 19:48:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.22 11:40:06 | 000,000,853 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Password.lnk
[2013.04.22 11:39:47 | 000,667,288 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.22 11:39:47 | 000,627,794 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.22 11:39:47 | 000,134,376 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.22 11:39:47 | 000,110,662 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.22 09:14:16 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.04.19 08:55:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2270161121-1083704932-3148373137-1000Core.job
[2013.04.17 15:42:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.17 15:29:31 | 005,054,659 | R--- | M] (Swearware) -- C:\Users\Karl\Desktop\ComboFix.exe
[2013.04.17 14:58:15 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Karl\Desktop\tdsskiller.exe
[2013.04.17 14:57:14 | 000,000,512 | ---- | M] () -- C:\Users\Karl\Desktop\MBR.dat
[2013.04.17 14:39:10 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Karl\Desktop\aswMBR.exe
[2013.04.17 11:21:41 | 013,332,459 | ---- | M] () -- C:\Users\Karl\Desktop\mbar-1.05.0.1001.zip
[2013.04.17 10:12:01 | 000,377,856 | ---- | M] () -- C:\Users\Karl\Desktop\gmer_2.1.19163.exe
[2013.04.11 11:49:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Karl\Desktop\OTL.exe
[2013.04.10 21:44:15 | 000,464,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.02 17:48:12 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.04.02 17:48:12 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.04.02 17:48:12 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.04.02 17:48:12 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.04.02 17:48:12 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.04.02 17:48:12 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.04.02 17:48:12 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.04.02 17:48:12 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.02 17:48:12 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.04.02 17:48:12 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.04.02 17:48:12 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.04.02 17:48:12 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.04.02 17:48:12 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.04.02 17:48:12 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.04.02 17:48:12 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.02 17:48:12 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.04.02 17:48:12 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.04.02 17:48:12 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.04.02 17:48:12 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.04.02 17:48:12 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.04.02 17:48:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.04.02 17:48:12 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.04.02 17:48:12 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.04.02 17:48:12 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.04.02 17:48:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.04.02 17:48:11 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.02 17:48:11 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.31 14:42:58 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.31 14:42:58 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.31 14:42:58 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2013.04.22 23:23:29 | 000,615,935 | ---- | C] () -- C:\Users\Karl\Desktop\adwcleaner.exe
[2013.04.22 11:40:06 | 000,000,853 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Password.lnk
[2013.04.17 15:31:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.17 15:31:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.17 15:31:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.17 15:31:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.17 15:31:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.17 14:50:04 | 000,000,512 | ---- | C] () -- C:\Users\Karl\Desktop\MBR.dat
[2013.04.17 10:12:29 | 013,332,459 | ---- | C] () -- C:\Users\Karl\Desktop\mbar-1.05.0.1001.zip
[2013.04.17 10:12:01 | 000,377,856 | ---- | C] () -- C:\Users\Karl\Desktop\gmer_2.1.19163.exe
[2013.04.10 21:32:28 | 000,001,427 | ---- | C] () -- C:\Users\Karl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.04.02 17:48:12 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.02.18 15:20:18 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013.02.18 15:20:18 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.08.27 15:33:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.07.07 13:49:19 | 000,001,220 | ---- | C] () -- C:\Windows\ricdb.ini
[2011.06.07 09:44:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         

aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

• Starte die aswMBR.exe - (aswMBR.exe Anleitung)
  Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
  Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS-Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
• Drücke Start Scan
  
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
  TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
  Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bei aswMBR ist das Programm abgestürzt. Habe mit "None" wiederholt. anbei das log.

Code: Alles auswählenAufklappen

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-17 14:55:51
-----------------------------
14:55:51.087    OS Version: Windows 6.1.7601 Service Pack 1
14:55:51.087    Number of processors: 4 586 0x2505
14:55:51.087    ComputerName: BRAIN  UserName: Karl
14:55:52.335    Initialize success
14:56:00.447    AVAST engine defs: 13041700
14:56:04.113    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:56:04.113    Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
14:56:04.254    Disk 0 MBR read successfully
14:56:04.254    Disk 0 MBR scan
14:56:04.269    Disk 0 Windows VISTA default MBR code
14:56:04.269    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
14:56:04.300    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15514 MB offset 81920
14:56:04.300    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       289690 MB offset 31854592
14:56:04.316    Disk 0 scanning sectors +625139712
14:56:04.410    Disk 0 scanning C:\Windows\system32\drivers
14:56:20.197    Service scanning
14:56:48.121    Modules scanning
14:56:57.933    Disk 0 trace - called modules:
14:56:58.464    ntkrnlpa.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys halmacpi.dll iaStor.sys 
14:56:58.479    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x882039c8]
14:56:58.495    3 CLASSPNP.SYS[8b98459e] -> nt!IofCallDriver -> [0x88203020]
14:56:58.495    5 stdcfltn.sys[8bbf1896] -> nt!IofCallDriver -> [0x8664f950]
14:56:58.511    7 ACPI.sys[8b2a83d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86662028]
14:56:58.511    Scan finished successfully
14:57:14.345    Disk 0 MBR has been saved successfully to "C:\Users\Karl\Desktop\MBR.dat"
14:57:14.345    The log file has been saved successfully to "C:\Users\Karl\Desktop\aswMBR.txt"
         

Danach TDSS Killer

Code: Alles auswählenAufklappen

ATTFilter

14:58:17.0560 4460  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:58:19.0572 4460  ============================================================
14:58:19.0572 4460  Current date / time: 2013/04/17 14:58:19.0572
14:58:19.0572 4460  SystemInfo:
14:58:19.0572 4460  
14:58:19.0572 4460  OS Version: 6.1.7601 ServicePack: 1.0
14:58:19.0572 4460  Product type: Workstation
14:58:19.0572 4460  ComputerName: BRAIN
14:58:19.0572 4460  UserName: Karl
14:58:19.0572 4460  Windows directory: C:\Windows
14:58:19.0572 4460  System windows directory: C:\Windows
14:58:19.0572 4460  Processor architecture: Intel x86
14:58:19.0572 4460  Number of processors: 4
14:58:19.0572 4460  Page size: 0x1000
14:58:19.0572 4460  Boot type: Normal boot
14:58:19.0572 4460  ============================================================
14:58:19.0931 4460  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:58:19.0931 4460  ============================================================
14:58:19.0931 4460  \Device\Harddisk0\DR0:
14:58:19.0931 4460  MBR partitions:
14:58:19.0931 4460  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1E4D000
14:58:19.0931 4460  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E61000, BlocksNum 0x235CD000
14:58:19.0931 4460  ============================================================
14:58:19.0962 4460  C: <-> \Device\Harddisk0\DR0\Partition2
14:58:19.0962 4460  ============================================================
14:58:19.0962 4460  Initialize success
14:58:19.0962 4460  ============================================================
14:59:59.0492 4616  ============================================================
14:59:59.0492 4616  Scan started
14:59:59.0492 4616  Mode: Manual; SigCheck; TDLFS; 
14:59:59.0492 4616  ============================================================
14:59:59.0648 4616  ================ Scan system memory ========================
14:59:59.0648 4616  System memory - ok
14:59:59.0648 4616  ================ Scan services =============================
14:59:59.0851 4616  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:59:59.0945 4616  1394ohci - ok
15:00:00.0007 4616  [ C351EB0DEB102D7EC67CDDEE6513DDF5 ] Acceler         C:\Windows\system32\DRIVERS\Accelern.sys
15:00:00.0038 4616  Acceler - ok
15:00:00.0101 4616  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:00:00.0132 4616  ACPI - ok
15:00:00.0163 4616  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:00:00.0210 4616  AcpiPmi - ok
15:00:00.0350 4616  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:00:00.0381 4616  AdobeARMservice - ok
15:00:00.0506 4616  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:00:00.0537 4616  AdobeFlashPlayerUpdateSvc - ok
15:00:00.0615 4616  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:00:00.0631 4616  adp94xx - ok
15:00:00.0647 4616  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:00:00.0662 4616  adpahci - ok
15:00:00.0693 4616  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:00:00.0693 4616  adpu320 - ok
15:00:00.0725 4616  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:00:00.0787 4616  AeLookupSvc - ok
15:00:00.0927 4616  [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
15:00:00.0974 4616  AESTFilters - ok
15:00:01.0021 4616  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
15:00:01.0068 4616  AFD - ok
15:00:01.0099 4616  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
15:00:01.0130 4616  agp440 - ok
15:00:01.0177 4616  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
15:00:01.0208 4616  aic78xx - ok
15:00:01.0255 4616  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
15:00:01.0286 4616  ALG - ok
15:00:01.0333 4616  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:00:01.0349 4616  aliide - ok
15:00:01.0395 4616  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:00:01.0411 4616  amdagp - ok
15:00:01.0442 4616  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:00:01.0458 4616  amdide - ok
15:00:01.0458 4616  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:00:01.0505 4616  AmdK8 - ok
15:00:01.0536 4616  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:00:01.0583 4616  AmdPPM - ok
15:00:01.0629 4616  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:00:01.0645 4616  amdsata - ok
15:00:01.0661 4616  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:00:01.0676 4616  amdsbs - ok
15:00:01.0692 4616  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:00:01.0707 4616  amdxata - ok
15:00:01.0817 4616  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:00:01.0832 4616  AntiVirSchedulerService - ok
15:00:01.0910 4616  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:00:01.0926 4616  AntiVirService - ok
15:00:01.0988 4616  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
15:00:02.0019 4616  AppID - ok
15:00:02.0019 4616  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:00:02.0066 4616  AppIDSvc - ok
15:00:02.0113 4616  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
15:00:02.0191 4616  Appinfo - ok
15:00:02.0253 4616  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:00:02.0331 4616  AppMgmt - ok
15:00:02.0347 4616  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:00:02.0363 4616  arc - ok
15:00:02.0409 4616  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:00:02.0441 4616  arcsas - ok
15:00:02.0487 4616  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:00:02.0550 4616  AsyncMac - ok
15:00:02.0643 4616  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
15:00:02.0659 4616  atapi - ok
15:00:02.0706 4616  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:00:02.0768 4616  AudioEndpointBuilder - ok
15:00:02.0784 4616  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:00:02.0831 4616  Audiosrv - ok
15:00:02.0893 4616  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:00:02.0909 4616  avgntflt - ok
15:00:02.0955 4616  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:00:02.0971 4616  avipbb - ok
15:00:03.0049 4616  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:00:03.0065 4616  avkmgr - ok
15:00:03.0111 4616  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:00:03.0189 4616  AxInstSV - ok
15:00:03.0252 4616  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
15:00:03.0299 4616  b06bdrv - ok
15:00:03.0314 4616  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
15:00:03.0330 4616  b57nd60x - ok
15:00:03.0361 4616  [ 94F2DC372163D520D7B1DAD78AE40B5E ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
15:00:03.0377 4616  BCM42RLY - ok
15:00:03.0455 4616  [ F689C5965CEFAD780A2948546703BD5D ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
15:00:03.0533 4616  BCM43XX - ok
15:00:03.0611 4616  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:00:03.0673 4616  BDESVC - ok
15:00:03.0704 4616  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:00:03.0767 4616  Beep - ok
15:00:03.0798 4616  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
15:00:03.0876 4616  BFE - ok
15:00:03.0923 4616  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
15:00:04.0001 4616  BITS - ok
15:00:04.0016 4616  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:00:04.0063 4616  blbdrive - ok
15:00:04.0125 4616  [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:00:04.0157 4616  Bonjour Service - ok
15:00:04.0188 4616  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:00:04.0219 4616  bowser - ok
15:00:04.0235 4616  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:00:04.0281 4616  BrFiltLo - ok
15:00:04.0313 4616  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:00:04.0359 4616  BrFiltUp - ok
15:00:04.0391 4616  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:00:04.0453 4616  BridgeMP - ok
15:00:04.0515 4616  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
15:00:04.0578 4616  Browser - ok
15:00:04.0609 4616  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:00:04.0640 4616  Brserid - ok
15:00:04.0656 4616  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:00:04.0687 4616  BrSerWdm - ok
15:00:04.0703 4616  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:00:04.0734 4616  BrUsbMdm - ok
15:00:04.0765 4616  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:00:04.0781 4616  BrUsbSer - ok
15:00:04.0843 4616  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
15:00:04.0921 4616  BthEnum - ok
15:00:04.0952 4616  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:00:04.0983 4616  BTHMODEM - ok
15:00:05.0030 4616  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:00:05.0061 4616  BthPan - ok
15:00:05.0077 4616  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
15:00:05.0139 4616  BTHPORT - ok
15:00:05.0202 4616  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
15:00:05.0264 4616  bthserv - ok
15:00:05.0295 4616  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
15:00:05.0311 4616  BTHUSB - ok
15:00:05.0358 4616  [ 7E826BE3B3558208D5C9B00034E51BE5 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
15:00:05.0373 4616  btwaudio - ok
15:00:05.0373 4616  [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
15:00:05.0389 4616  btwavdt - ok
15:00:05.0483 4616  [ 45F36763576B8AE91E809337DC7CE4E6 ] btwdins         c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:00:05.0514 4616  btwdins - ok
15:00:05.0529 4616  [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
15:00:05.0545 4616  btwl2cap - ok
15:00:05.0545 4616  [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
15:00:05.0561 4616  btwrchid - ok
15:00:05.0607 4616  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:00:05.0670 4616  cdfs - ok
15:00:05.0717 4616  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:00:05.0763 4616  cdrom - ok
15:00:05.0810 4616  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:00:05.0873 4616  CertPropSvc - ok
15:00:05.0904 4616  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:00:05.0935 4616  circlass - ok
15:00:05.0951 4616  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
15:00:05.0966 4616  CLFS - ok
15:00:06.0060 4616  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:00:06.0091 4616  clr_optimization_v2.0.50727_32 - ok
15:00:06.0185 4616  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:00:06.0216 4616  clr_optimization_v4.0.30319_32 - ok
15:00:06.0216 4616  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:00:06.0231 4616  CmBatt - ok
15:00:06.0263 4616  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:00:06.0263 4616  cmdide - ok
15:00:06.0309 4616  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
15:00:06.0356 4616  CNG - ok
15:00:06.0356 4616  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:00:06.0372 4616  Compbatt - ok
15:00:06.0434 4616  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:00:06.0481 4616  CompositeBus - ok
15:00:06.0481 4616  COMSysApp - ok
15:00:06.0512 4616  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:00:06.0528 4616  crcdisk - ok
15:00:06.0606 4616  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:00:06.0684 4616  CryptSvc - ok
15:00:06.0731 4616  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
15:00:06.0762 4616  CSC - ok
15:00:06.0824 4616  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
15:00:06.0840 4616  CscService - ok
15:00:06.0902 4616  [ 0F538DF1673E5216F3BAACB6911D9D0F ] CtAudDrv        C:\Windows\system32\Drivers\CtAudDrv.sys
15:00:06.0933 4616  CtAudDrv - ok
15:00:06.0980 4616  [ CEBA8413F9B2C73A4E9E16DBD127DC25 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
15:00:07.0011 4616  CtClsFlt - ok
15:00:07.0074 4616  [ FFC5377AA2C1A3F5B18F359F661E76C8 ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
15:00:07.0089 4616  ctxusbm - ok
15:00:07.0105 4616  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:00:07.0136 4616  DcomLaunch - ok
15:00:07.0167 4616  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:00:07.0230 4616  defragsvc - ok
15:00:07.0308 4616  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:00:07.0370 4616  DfsC - ok
15:00:07.0417 4616  [ 649705E3DAE598BC0F957BACBF9A2BD5 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
15:00:07.0448 4616  dg_ssudbus - ok
15:00:07.0495 4616  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:00:07.0557 4616  Dhcp - ok
15:00:07.0573 4616  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
15:00:07.0651 4616  discache - ok
15:00:07.0698 4616  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:00:07.0713 4616  Disk - ok
15:00:07.0745 4616  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:00:07.0776 4616  Dnscache - ok
15:00:07.0838 4616  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:00:07.0901 4616  dot3svc - ok
15:00:07.0963 4616  [ 0C23BF4CDDBECBACA8659A96C359E0DD ] DpHost          C:\Program Files\DigitalPersona\Bin\DpHostW.exe
15:00:08.0010 4616  DpHost ( UnsignedFile.Multi.Generic ) - warning
15:00:08.0010 4616  DpHost - detected UnsignedFile.Multi.Generic (1)
15:00:08.0041 4616  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
15:00:08.0119 4616  DPS - ok
15:00:08.0150 4616  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:00:08.0197 4616  drmkaud - ok
15:00:08.0244 4616  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:00:08.0275 4616  DXGKrnl - ok
15:00:08.0306 4616  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
15:00:08.0384 4616  EapHost - ok
15:00:08.0478 4616  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
15:00:08.0571 4616  ebdrv - ok
15:00:08.0618 4616  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
15:00:08.0681 4616  EFS - ok
15:00:08.0727 4616  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:00:08.0852 4616  ehRecvr - ok
15:00:08.0883 4616  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
15:00:08.0930 4616  ehSched - ok
15:00:08.0946 4616  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:00:08.0961 4616  elxstor - ok
15:00:09.0024 4616  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:00:09.0071 4616  ErrDev - ok
15:00:09.0117 4616  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
15:00:09.0180 4616  EventSystem - ok
15:00:09.0227 4616  [ 01FD440C181C2E2F993CCF7B677701E8 ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
15:00:09.0289 4616  ewusbnet - ok
15:00:09.0305 4616  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
15:00:09.0367 4616  exfat - ok
15:00:09.0383 4616  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:00:09.0445 4616  fastfat - ok
15:00:09.0507 4616  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
15:00:09.0585 4616  Fax - ok
15:00:09.0601 4616  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:00:09.0648 4616  fdc - ok
15:00:09.0663 4616  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
15:00:09.0726 4616  fdPHost - ok
15:00:09.0741 4616  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
15:00:09.0819 4616  FDResPub - ok
15:00:09.0851 4616  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:00:09.0866 4616  FileInfo - ok
15:00:09.0882 4616  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:00:09.0944 4616  Filetrace - ok
15:00:09.0960 4616  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:00:10.0007 4616  flpydisk - ok
15:00:10.0038 4616  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:00:10.0053 4616  FltMgr - ok
15:00:10.0116 4616  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
15:00:10.0178 4616  FontCache - ok
15:00:10.0225 4616  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:00:10.0241 4616  FontCache3.0.0.0 - ok
15:00:10.0272 4616  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:00:10.0287 4616  FsDepends - ok
15:00:10.0334 4616  [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk     C:\Windows\system32\FsUsbExDisk.SYS
15:00:10.0365 4616  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
15:00:10.0365 4616  FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
15:00:10.0428 4616  [ 0796C1E47ADB9825269E64B9DAB4E741 ] FsUsbExService  C:\Windows\system32\FsUsbExService.Exe
15:00:10.0443 4616  FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
15:00:10.0443 4616  FsUsbExService - detected UnsignedFile.Multi.Generic (1)
15:00:10.0490 4616  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:00:10.0506 4616  Fs_Rec - ok
15:00:10.0568 4616  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:00:10.0599 4616  fvevol - ok
15:00:10.0631 4616  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:00:10.0662 4616  gagp30kx - ok
15:00:10.0709 4616  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:00:10.0755 4616  gpsvc - ok
15:00:10.0865 4616  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:00:10.0880 4616  gupdate - ok
15:00:10.0896 4616  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:00:10.0911 4616  gupdatem - ok
15:00:10.0927 4616  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:00:10.0989 4616  hcw85cir - ok
15:00:11.0036 4616  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:00:11.0083 4616  HDAudBus - ok
15:00:11.0130 4616  [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
15:00:11.0161 4616  HECI - ok
15:00:11.0192 4616  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:00:11.0208 4616  HidBatt - ok
15:00:11.0239 4616  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:00:11.0286 4616  HidBth - ok
15:00:11.0317 4616  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:00:11.0348 4616  HidIr - ok
15:00:11.0379 4616  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
15:00:11.0442 4616  hidserv - ok
15:00:11.0489 4616  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:00:11.0535 4616  HidUsb - ok
15:00:11.0567 4616  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:00:11.0645 4616  hkmsvc - ok
15:00:11.0691 4616  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:00:11.0723 4616  HomeGroupListener - ok
15:00:11.0769 4616  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:00:11.0816 4616  HomeGroupProvider - ok
15:00:11.0847 4616  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:00:11.0863 4616  HpSAMD - ok
15:00:11.0925 4616  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:00:11.0972 4616  HTTP - ok
15:00:12.0050 4616  [ 988C0A49F09D75D3341CB419141793C1 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:00:12.0081 4616  hwdatacard - ok
15:00:12.0128 4616  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:00:12.0159 4616  hwpolicy - ok
15:00:12.0222 4616  [ AC6B4AABF92867584445D0C435B9248F ] hwusbdev        C:\Windows\system32\DRIVERS\ewusbdev.sys
15:00:12.0284 4616  hwusbdev - ok
15:00:12.0347 4616  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:00:12.0393 4616  i8042prt - ok
15:00:12.0440 4616  [ 26541A068572F650A2FA490726FE81BE ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:00:12.0456 4616  iaStor - ok
15:00:12.0534 4616  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:00:12.0549 4616  iaStorV - ok
15:00:12.0627 4616  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:00:12.0721 4616  idsvc - ok
15:00:12.0877 4616  [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
15:00:13.0080 4616  igfx - ok
15:00:13.0111 4616  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:00:13.0127 4616  iirsp - ok
15:00:13.0189 4616  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:00:13.0267 4616  IKEEXT - ok
15:00:13.0298 4616  [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
15:00:13.0329 4616  Impcd - ok
15:00:13.0376 4616  [ 07D73EC613B1D3F177B914DC7F5E879B ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
15:00:13.0392 4616  IntcDAud - ok
15:00:13.0407 4616  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:00:13.0423 4616  intelide - ok
15:00:13.0454 4616  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:00:13.0501 4616  intelppm - ok
15:00:13.0548 4616  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:00:13.0595 4616  IPBusEnum - ok
15:00:13.0595 4616  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:00:13.0657 4616  IpFilterDriver - ok
15:00:13.0704 4616  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:00:13.0751 4616  iphlpsvc - ok
15:00:13.0782 4616  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:00:13.0829 4616  IPMIDRV - ok
15:00:13.0844 4616  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:00:13.0922 4616  IPNAT - ok
15:00:13.0953 4616  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:00:13.0985 4616  IRENUM - ok
15:00:14.0000 4616  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:00:14.0016 4616  isapnp - ok
15:00:14.0031 4616  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:00:14.0063 4616  iScsiPrt - ok
15:00:14.0109 4616  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:00:14.0125 4616  kbdclass - ok
15:00:14.0172 4616  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:00:14.0203 4616  kbdhid - ok
15:00:14.0234 4616  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
15:00:14.0265 4616  KeyIso - ok
15:00:14.0312 4616  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:00:14.0328 4616  KSecDD - ok
15:00:14.0390 4616  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:00:14.0406 4616  KSecPkg - ok
15:00:14.0437 4616  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:00:14.0499 4616  KtmRm - ok
15:00:14.0577 4616  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:00:14.0624 4616  LanmanServer - ok
15:00:14.0671 4616  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:00:14.0733 4616  LanmanWorkstation - ok
15:00:14.0780 4616  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:00:14.0858 4616  lltdio - ok
15:00:14.0905 4616  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:00:14.0967 4616  lltdsvc - ok
15:00:14.0999 4616  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:00:15.0030 4616  lmhosts - ok
15:00:15.0108 4616  [ 5460828F8951D310B42B442877603B8D ] LMS             C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:00:15.0139 4616  LMS - ok
15:00:15.0201 4616  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:00:15.0217 4616  LSI_FC - ok
15:00:15.0217 4616  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:00:15.0248 4616  LSI_SAS - ok
15:00:15.0248 4616  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:00:15.0264 4616  LSI_SAS2 - ok
15:00:15.0279 4616  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:00:15.0295 4616  LSI_SCSI - ok
15:00:15.0342 4616  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
15:00:15.0404 4616  luafv - ok
15:00:15.0451 4616  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:00:15.0467 4616  Mcx2Svc - ok
15:00:15.0498 4616  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:00:15.0498 4616  megasas - ok
15:00:15.0513 4616  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:00:15.0529 4616  MegaSR - ok
15:00:15.0638 4616  Microsoft SharePoint Workspace Audit Service - ok
15:00:15.0669 4616  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
15:00:15.0732 4616  MMCSS - ok
15:00:15.0747 4616  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
15:00:15.0794 4616  Modem - ok
15:00:15.0825 4616  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:00:15.0872 4616  monitor - ok
15:00:15.0903 4616  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:00:15.0935 4616  mouclass - ok
15:00:15.0981 4616  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:00:16.0028 4616  mouhid - ok
15:00:16.0059 4616  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:00:16.0075 4616  mountmgr - ok
15:00:16.0106 4616  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:00:16.0137 4616  mpio - ok
15:00:16.0153 4616  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:00:16.0200 4616  mpsdrv - ok
15:00:16.0247 4616  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:00:16.0325 4616  MpsSvc - ok
15:00:16.0356 4616  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:00:16.0387 4616  MRxDAV - ok
15:00:16.0434 4616  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:00:16.0496 4616  mrxsmb - ok
15:00:16.0527 4616  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:00:16.0574 4616  mrxsmb10 - ok
15:00:16.0605 4616  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:00:16.0621 4616  mrxsmb20 - ok
15:00:16.0637 4616  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
15:00:16.0652 4616  msahci - ok
15:00:16.0683 4616  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:00:16.0699 4616  msdsm - ok
15:00:16.0730 4616  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
15:00:16.0761 4616  MSDTC - ok
15:00:16.0808 4616  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:00:16.0839 4616  Msfs - ok
15:00:16.0855 4616  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:00:16.0917 4616  mshidkmdf - ok
15:00:16.0964 4616  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:00:16.0980 4616  msisadrv - ok
15:00:17.0042 4616  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:00:17.0105 4616  MSiSCSI - ok
15:00:17.0105 4616  msiserver - ok
15:00:17.0136 4616  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:00:17.0167 4616  MSKSSRV - ok
15:00:17.0167 4616  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:00:17.0229 4616  MSPCLOCK - ok
15:00:17.0245 4616  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:00:17.0292 4616  MSPQM - ok
15:00:17.0307 4616  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:00:17.0307 4616  MsRPC - ok
15:00:17.0339 4616  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:00:17.0354 4616  mssmbios - ok
15:00:17.0354 4616  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:00:17.0385 4616  MSTEE - ok
15:00:17.0401 4616  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:00:17.0417 4616  MTConfig - ok
15:00:17.0417 4616  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:00:17.0432 4616  Mup - ok
15:00:17.0495 4616  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
15:00:17.0557 4616  napagent - ok
15:00:17.0604 4616  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:00:17.0619 4616  NativeWifiP - ok
15:00:17.0666 4616  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:00:17.0713 4616  NDIS - ok
15:00:17.0729 4616  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:00:17.0760 4616  NdisCap - ok
15:00:17.0775 4616  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:00:17.0807 4616  NdisTapi - ok
15:00:17.0853 4616  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:00:17.0885 4616  Ndisuio - ok
15:00:17.0947 4616  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:00:18.0009 4616  NdisWan - ok
15:00:18.0025 4616  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:00:18.0087 4616  NDProxy - ok
15:00:18.0119 4616  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:00:18.0181 4616  NetBIOS - ok
15:00:18.0228 4616  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:00:18.0259 4616  NetBT - ok
15:00:18.0275 4616  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
15:00:18.0290 4616  Netlogon - ok
15:00:18.0353 4616  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
15:00:18.0431 4616  Netman - ok
15:00:18.0462 4616  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
15:00:18.0524 4616  netprofm - ok
15:00:18.0540 4616  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:00:18.0571 4616  NetTcpPortSharing - ok
15:00:18.0618 4616  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:00:18.0633 4616  nfrd960 - ok
15:00:18.0680 4616  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:00:18.0727 4616  NlaSvc - ok
15:00:18.0758 4616  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:00:18.0789 4616  Npfs - ok
15:00:18.0805 4616  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
15:00:18.0821 4616  nsi - ok
15:00:18.0836 4616  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:00:18.0852 4616  nsiproxy - ok
15:00:18.0914 4616  [ 9CDAEBE5160B9AF02AE17C62BDB6C4B5 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:00:18.0961 4616  Ntfs - ok
15:00:18.0977 4616  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
15:00:19.0023 4616  Null - ok
15:00:19.0055 4616  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:00:19.0086 4616  nvraid - ok
15:00:19.0133 4616  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:00:19.0164 4616  nvstor - ok
15:00:19.0211 4616  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:00:19.0226 4616  nv_agp - ok
15:00:19.0273 4616  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:00:19.0335 4616  ohci1394 - ok
15:00:19.0429 4616  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:00:19.0445 4616  ose - ok
15:00:19.0601 4616  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:00:19.0803 4616  osppsvc - ok
15:00:19.0866 4616  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:00:19.0928 4616  p2pimsvc - ok
15:00:19.0991 4616  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:00:20.0037 4616  p2psvc - ok
15:00:20.0069 4616  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:00:20.0100 4616  Parport - ok
15:00:20.0147 4616  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:00:20.0162 4616  partmgr - ok
15:00:20.0178 4616  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
15:00:20.0209 4616  Parvdm - ok
15:00:20.0240 4616  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:00:20.0271 4616  PcaSvc - ok
15:00:20.0381 4616  [ 92FDDBED716BF5C3CB766101563CFCE5 ] PCDSRVC{E9D79540-57D5953E-06020101}_0 c:\program files\dell support center\pcdsrvc.pkms
15:00:20.0396 4616  PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
15:00:20.0427 4616  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
15:00:20.0443 4616  pci - ok
15:00:20.0490 4616  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
15:00:20.0505 4616  pciide - ok
15:00:20.0568 4616  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:00:20.0583 4616  pcmcia - ok
15:00:20.0599 4616  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
15:00:20.0615 4616  pcw - ok
15:00:20.0677 4616  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:00:20.0708 4616  PEAUTH - ok
15:00:20.0739 4616  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:00:20.0817 4616  PeerDistSvc - ok
15:00:20.0911 4616  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
15:00:21.0005 4616  pla - ok
15:00:21.0051 4616  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:00:21.0067 4616  PlugPlay - ok
15:00:21.0098 4616  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:00:21.0129 4616  PNRPAutoReg - ok
15:00:21.0176 4616  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:00:21.0192 4616  PNRPsvc - ok
15:00:21.0239 4616  [ 7D7A9C17D5455203DEA11E5EF886CC59 ] Point32         C:\Windows\system32\DRIVERS\point32.sys
15:00:21.0270 4616  Point32 - ok
15:00:21.0285 4616  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:00:21.0332 4616  PolicyAgent - ok
15:00:21.0379 4616  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
15:00:21.0426 4616  Power - ok
15:00:21.0441 4616  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:00:21.0473 4616  PptpMiniport - ok
15:00:21.0473 4616  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:00:21.0488 4616  Processor - ok
15:00:21.0535 4616  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
15:00:21.0597 4616  ProfSvc - ok
15:00:21.0613 4616  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:00:21.0629 4616  ProtectedStorage - ok
15:00:21.0691 4616  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:00:21.0722 4616  Psched - ok
15:00:21.0738 4616  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
15:00:21.0753 4616  PxHelp20 - ok
15:00:21.0785 4616  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:00:21.0847 4616  ql2300 - ok
15:00:21.0863 4616  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:00:21.0878 4616  ql40xx - ok
15:00:21.0909 4616  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
15:00:21.0956 4616  QWAVE - ok
15:00:21.0987 4616  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:00:22.0019 4616  QWAVEdrv - ok
15:00:22.0034 4616  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:00:22.0112 4616  RasAcd - ok
15:00:22.0143 4616  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:00:22.0175 4616  RasAgileVpn - ok
15:00:22.0190 4616  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
15:00:22.0221 4616  RasAuto - ok
15:00:22.0237 4616  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:00:22.0299 4616  Rasl2tp - ok
15:00:22.0346 4616  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
15:00:22.0409 4616  RasMan - ok
15:00:22.0440 4616  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:00:22.0471 4616  RasPppoe - ok
15:00:22.0471 4616  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:00:22.0518 4616  RasSstp - ok
15:00:22.0565 4616  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:00:22.0627 4616  rdbss - ok
15:00:22.0643 4616  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:00:22.0658 4616  rdpbus - ok
15:00:22.0705 4616  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:00:22.0783 4616  RDPCDD - ok
15:00:22.0814 4616  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:00:22.0877 4616  RDPDR - ok
15:00:22.0908 4616  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:00:22.0986 4616  RDPENCDD - ok
15:00:23.0001 4616  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:00:23.0048 4616  RDPREFMP - ok
15:00:23.0095 4616  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:00:23.0157 4616  RDPWD - ok
15:00:23.0189 4616  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:00:23.0220 4616  rdyboost - ok
15:00:23.0251 4616  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:00:23.0329 4616  RemoteAccess - ok
15:00:23.0360 4616  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:00:23.0407 4616  RemoteRegistry - ok
15:00:23.0454 4616  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:00:23.0469 4616  RFCOMM - ok
15:00:23.0516 4616  [ 0F6756EF8BDA6DFA7BE50465C83132BB ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
15:00:23.0579 4616  RimUsb - ok
15:00:23.0735 4616  [ BDDC447AB46625A54619808575D5CB46 ] RoxMediaDB12OEM C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
15:00:23.0781 4616  RoxMediaDB12OEM - ok
15:00:23.0859 4616  [ CE203243ADF512540249DF9C264F12DD ] RoxWatch12      C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
15:00:23.0891 4616  RoxWatch12 - ok
15:00:23.0937 4616  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:00:23.0984 4616  RpcEptMapper - ok
15:00:24.0031 4616  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
15:00:24.0062 4616  RpcLocator - ok
15:00:24.0078 4616  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
15:00:24.0109 4616  RpcSs - ok
15:00:24.0125 4616  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:00:24.0187 4616  rspndr - ok
15:00:24.0218 4616  [ 31D45ECA63884FF5F7AECC50F7D1BAE0 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
15:00:24.0281 4616  RSUSBSTOR - ok
15:00:24.0343 4616  [ 80B66A4181F782884A815E69D0AFA743 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
15:00:24.0374 4616  RTL8167 - ok
15:00:24.0390 4616  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:00:24.0452 4616  s3cap - ok
15:00:24.0468 4616  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
15:00:24.0483 4616  SamSs - ok
15:00:24.0546 4616  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:00:24.0561 4616  sbp2port - ok
15:00:24.0577 4616  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:00:24.0639 4616  SCardSvr - ok
15:00:24.0671 4616  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:00:24.0702 4616  scfilter - ok
15:00:24.0764 4616  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
15:00:24.0842 4616  Schedule - ok
15:00:24.0873 4616  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:00:24.0920 4616  SCPolicySvc - ok
15:00:24.0967 4616  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:00:25.0045 4616  SDRSVC - ok
15:00:25.0092 4616  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:00:25.0154 4616  secdrv - ok
15:00:25.0185 4616  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
15:00:25.0232 4616  seclogon - ok
15:00:25.0279 4616  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
15:00:25.0295 4616  SENS - ok
15:00:25.0326 4616  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:00:25.0388 4616  SensrSvc - ok
15:00:25.0404 4616  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:00:25.0435 4616  Serenum - ok
15:00:25.0466 4616  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:00:25.0482 4616  Serial - ok
15:00:25.0529 4616  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:00:25.0575 4616  sermouse - ok
15:00:25.0622 4616  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:00:25.0685 4616  SessionEnv - ok
15:00:25.0716 4616  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:00:25.0778 4616  sffdisk - ok
15:00:25.0794 4616  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:00:25.0809 4616  sffp_mmc - ok
15:00:25.0825 4616  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:00:25.0856 4616  sffp_sd - ok
15:00:25.0887 4616  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:00:25.0934 4616  sfloppy - ok
15:00:25.0965 4616  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:00:26.0043 4616  SharedAccess - ok
15:00:26.0075 4616  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:00:26.0137 4616  ShellHWDetection - ok
15:00:26.0168 4616  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:00:26.0184 4616  sisagp - ok
15:00:26.0231 4616  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:00:26.0246 4616  SiSRaid2 - ok
15:00:26.0262 4616  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:00:26.0277 4616  SiSRaid4 - ok
15:00:26.0355 4616  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
15:00:26.0418 4616  SkypeUpdate - ok
15:00:26.0465 4616  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:00:26.0511 4616  Smb - ok
15:00:26.0574 4616  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:00:26.0605 4616  SNMPTRAP - ok
15:00:26.0621 4616  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:00:26.0621 4616  spldr - ok
15:00:26.0667 4616  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
15:00:26.0745 4616  Spooler - ok
15:00:26.0839 4616  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
15:00:26.0948 4616  sppsvc - ok
15:00:26.0995 4616  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:00:27.0057 4616  sppuinotify - ok
15:00:27.0089 4616  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:00:27.0120 4616  srv - ok
15:00:27.0135 4616  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:00:27.0182 4616  srv2 - ok
15:00:27.0198 4616  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:00:27.0245 4616  srvnet - ok
15:00:27.0291 4616  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
15:00:27.0354 4616  ssadbus - ok
15:00:27.0401 4616  [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:00:27.0432 4616  ssadmdfl - ok
15:00:27.0463 4616  [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
15:00:27.0510 4616  ssadmdm - ok
15:00:27.0525 4616  [ 069351A1D7D291013177A90AE6EDCCBC ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
15:00:27.0541 4616  sscdbus - ok
15:00:27.0572 4616  [ 1C925BE223A5C0F9F469252292A48DF6 ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:00:27.0588 4616  sscdmdfl - ok
15:00:27.0635 4616  [ AE3E77AE0FBDB07EB1AC3FED74A0695E ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
15:00:27.0650 4616  sscdmdm - ok
15:00:27.0681 4616  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:00:27.0759 4616  SSDPSRV - ok
15:00:27.0791 4616  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
15:00:27.0806 4616  ssmdrv - ok
15:00:27.0822 4616  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:00:27.0869 4616  SstpSvc - ok
15:00:27.0915 4616  [ 6D82CB78DE57A073E95431F3486B1B27 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
15:00:27.0931 4616  ssudmdm - ok
15:00:28.0056 4616  [ FBAA145C28074C853529050914D405C6 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
15:00:28.0103 4616  STacSV - ok
15:00:28.0134 4616  [ 1E72739A30A0D3E3FC95EBB07F83912D ] stdcfltn        C:\Windows\system32\DRIVERS\stdcfltn.sys
15:00:28.0149 4616  stdcfltn - ok
15:00:28.0181 4616  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:00:28.0196 4616  stexstor - ok
15:00:28.0259 4616  [ 06CBB271F42EF70FB6EF372C491BA9AA ] STHDA           C:\Windows\system32\DRIVERS\stwrt.sys
15:00:28.0274 4616  STHDA - ok
15:00:28.0321 4616  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
15:00:28.0383 4616  StiSvc - ok
15:00:28.0430 4616  [ 9E182DD94496550A22A392CC1A8E0F52 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:00:28.0461 4616  stllssvr - ok
15:00:28.0493 4616  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:00:28.0508 4616  storflt - ok
15:00:28.0539 4616  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
15:00:28.0586 4616  StorSvc - ok
15:00:28.0602 4616  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:00:28.0617 4616  storvsc - ok
15:00:28.0633 4616  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:00:28.0649 4616  swenum - ok
15:00:28.0680 4616  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
15:00:28.0727 4616  swprv - ok
15:00:28.0773 4616  [ CF196A45FD61118C95585489FAD5B2AA ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
15:00:28.0805 4616  SynTP - ok
15:00:28.0851 4616  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
15:00:28.0898 4616  SysMain - ok
15:00:28.0961 4616  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:00:28.0992 4616  TabletInputService - ok
15:00:29.0039 4616  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:00:29.0070 4616  TapiSrv - ok
15:00:29.0085 4616  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
15:00:29.0132 4616  TBS - ok
15:00:29.0179 4616  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:00:29.0241 4616  Tcpip - ok
15:00:29.0304 4616  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:00:29.0351 4616  TCPIP6 - ok
15:00:29.0397 4616  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:00:29.0444 4616  tcpipreg - ok
15:00:29.0491 4616  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:00:29.0553 4616  TDPIPE - ok
15:00:29.0600 4616  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:00:29.0647 4616  TDTCP - ok
15:00:29.0678 4616  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:00:29.0741 4616  tdx - ok
15:00:29.0772 4616  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:00:29.0787 4616  TermDD - ok
15:00:29.0834 4616  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
15:00:29.0897 4616  TermService - ok
15:00:29.0928 4616  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
15:00:29.0943 4616  Themes - ok
15:00:29.0959 4616  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
15:00:30.0006 4616  THREADORDER - ok
15:00:30.0053 4616  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
15:00:30.0115 4616  TrkWks - ok
15:00:30.0209 4616  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:00:30.0240 4616  TrustedInstaller - ok
15:00:30.0287 4616  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:00:30.0349 4616  tssecsrv - ok
15:00:30.0380 4616  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:00:30.0427 4616  TsUsbFlt - ok
15:00:30.0474 4616  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:00:30.0552 4616  tunnel - ok
15:00:30.0583 4616  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:00:30.0614 4616  uagp35 - ok
15:00:30.0645 4616  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:00:30.0723 4616  udfs - ok
15:00:30.0739 4616  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:00:30.0786 4616  UI0Detect - ok
15:00:30.0801 4616  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:00:30.0817 4616  uliagpkx - ok
15:00:30.0864 4616  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:00:30.0895 4616  umbus - ok
15:00:30.0911 4616  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:00:30.0942 4616  UmPass - ok
15:00:30.0973 4616  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:00:31.0004 4616  UmRdpService - ok
15:00:31.0129 4616  [ 9E89C2D6945389270DE067CE51FF7425 ] UNS             C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:00:31.0223 4616  UNS - ok
15:00:31.0238 4616  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
15:00:31.0301 4616  upnphost - ok
15:00:31.0347 4616  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
15:00:31.0347 4616  USBAAPL ( UnsignedFile.Multi.Generic ) - warning
15:00:31.0347 4616  USBAAPL - detected UnsignedFile.Multi.Generic (1)
15:00:31.0379 4616  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:00:31.0394 4616  usbccgp - ok
15:00:31.0425 4616  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:00:31.0472 4616  usbcir - ok
15:00:31.0503 4616  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:00:31.0519 4616  usbehci - ok
15:00:31.0566 4616  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:00:31.0597 4616  usbhub - ok
15:00:31.0613 4616  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:00:31.0644 4616  usbohci - ok
15:00:31.0675 4616  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:00:31.0675 4616  usbprint - ok
15:00:31.0706 4616  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:00:31.0769 4616  USBSTOR - ok
15:00:31.0784 4616  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:00:31.0800 4616  usbuhci - ok
15:00:31.0847 4616  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:00:31.0878 4616  usbvideo - ok
15:00:31.0893 4616  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
15:00:31.0956 4616  UxSms - ok
15:00:31.0987 4616  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
15:00:32.0003 4616  VaultSvc - ok
15:00:32.0049 4616  [ F44970C4137B57A5D5BD632B46113366 ] vcsFPService    C:\Windows\system32\vcsFPService.exe
15:00:32.0112 4616  vcsFPService - ok
15:00:32.0174 4616  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:00:32.0190 4616  vdrvroot - ok
15:00:32.0237 4616  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
15:00:32.0283 4616  vds - ok
15:00:32.0330 4616  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:00:32.0377 4616  vga - ok
15:00:32.0393 4616  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:00:32.0439 4616  VgaSave - ok
15:00:32.0471 4616  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:00:32.0471 4616  vhdmp - ok
15:00:32.0502 4616  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:00:32.0517 4616  viaagp - ok
15:00:32.0533 4616  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
15:00:32.0580 4616  ViaC7 - ok
15:00:32.0595 4616  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
15:00:32.0611 4616  viaide - ok
15:00:32.0627 4616  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:00:32.0642 4616  vmbus - ok
15:00:32.0658 4616  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:00:32.0673 4616  VMBusHID - ok
15:00:32.0689 4616  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:00:32.0720 4616  volmgr - ok
15:00:32.0736 4616  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:00:32.0751 4616  volmgrx - ok
15:00:32.0767 4616  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:00:32.0783 4616  volsnap - ok
15:00:32.0829 4616  [ B26536ADD1D748CDA104D856C979AE79 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
15:00:32.0845 4616  vpcbus - ok
15:00:32.0907 4616  [ A0F7E923A6261760130F22B85DF9040E ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
15:00:32.0939 4616  vpcnfltr - ok
15:00:32.0985 4616  [ 5F4B55E91CE7E2523C9E1E0ECE858869 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
15:00:33.0032 4616  vpcusb - ok
15:00:33.0079 4616  [ B487191FE18D6863381A1AC55482469A ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
15:00:33.0095 4616  vpcvmm - ok
15:00:33.0235 4616  [ 5EA22CB6B100212837A97F281EDB3C47 ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
15:00:33.0266 4616  vpnagent - ok
15:00:33.0313 4616  [ E1F2333A88EC4A5C8EA6BE357323B72D ] vpnva           C:\Windows\system32\DRIVERS\vpnva.sys
15:00:33.0329 4616  vpnva - ok
15:00:33.0329 4616  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:00:33.0344 4616  vsmraid - ok
15:00:33.0407 4616  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
15:00:33.0485 4616  VSS - ok
15:00:33.0516 4616  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:00:33.0563 4616  vwifibus - ok
15:00:33.0594 4616  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:00:33.0625 4616  vwififlt - ok
15:00:33.0672 4616  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:00:33.0703 4616  vwifimp - ok
15:00:33.0719 4616  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
15:00:33.0765 4616  W32Time - ok
15:00:33.0781 4616  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:00:33.0828 4616  WacomPen - ok
15:00:33.0859 4616  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:00:33.0906 4616  WANARP - ok
15:00:33.0906 4616  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:00:33.0937 4616  Wanarpv6 - ok
15:00:34.0031 4616  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:00:34.0171 4616  WatAdminSvc - ok
15:00:34.0249 4616  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
15:00:34.0343 4616  wbengine - ok
15:00:34.0389 4616  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:00:34.0421 4616  WbioSrvc - ok
15:00:34.0483 4616  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:00:34.0514 4616  wcncsvc - ok
15:00:34.0545 4616  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:00:34.0592 4616  WcsPlugInService - ok
15:00:34.0608 4616  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:00:34.0623 4616  Wd - ok
15:00:34.0670 4616  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:00:34.0717 4616  Wdf01000 - ok
15:00:34.0717 4616  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:00:34.0764 4616  WdiServiceHost - ok
15:00:34.0779 4616  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:00:34.0795 4616  WdiSystemHost - ok
15:00:34.0842 4616  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
15:00:34.0889 4616  WebClient - ok
15:00:34.0904 4616  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:00:34.0951 4616  Wecsvc - ok
15:00:34.0967 4616  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:00:34.0998 4616  wercplsupport - ok
15:00:35.0045 4616  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:00:35.0107 4616  WerSvc - ok
15:00:35.0138 4616  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:00:35.0169 4616  WfpLwf - ok
15:00:35.0185 4616  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:00:35.0201 4616  WIMMount - ok
15:00:35.0263 4616  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:00:35.0325 4616  WinDefend - ok
15:00:35.0325 4616  WinHttpAutoProxySvc - ok
15:00:35.0388 4616  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:00:35.0466 4616  Winmgmt - ok
15:00:35.0513 4616  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
15:00:35.0622 4616  WinRM - ok
15:00:35.0669 4616  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
15:00:35.0684 4616  WinUSB - ok
15:00:35.0715 4616  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:00:35.0762 4616  Wlansvc - ok
15:00:35.0840 4616  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:00:35.0856 4616  wlcrasvc - ok
15:00:35.0965 4616  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:00:36.0043 4616  wlidsvc - ok
15:00:36.0074 4616  [ 7FFF34AE69DFB80F7B190ABA31E00610 ] wltrysvc        C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
15:00:36.0105 4616  wltrysvc ( UnsignedFile.Multi.Generic ) - warning
15:00:36.0105 4616  wltrysvc - detected UnsignedFile.Multi.Generic (1)
15:00:36.0137 4616  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:00:36.0183 4616  WmiAcpi - ok
15:00:36.0215 4616  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:00:36.0230 4616  wmiApSrv - ok
15:00:36.0355 4616  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:00:36.0449 4616  WMPNetworkSvc - ok
15:00:36.0464 4616  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:00:36.0495 4616  WPCSvc - ok
15:00:36.0558 4616  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:00:36.0605 4616  WPDBusEnum - ok
15:00:36.0636 4616  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:00:36.0698 4616  ws2ifsl - ok
15:00:36.0729 4616  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
15:00:36.0761 4616  wscsvc - ok
15:00:36.0807 4616  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
15:00:36.0854 4616  WSDPrintDevice - ok
15:00:36.0870 4616  WSearch - ok
15:00:36.0948 4616  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:00:36.0995 4616  wuauserv - ok
15:00:37.0057 4616  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:00:37.0088 4616  WudfPf - ok
15:00:37.0135 4616  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:00:37.0182 4616  WUDFRd - ok
15:00:37.0213 4616  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:00:37.0229 4616  wudfsvc - ok
15:00:37.0244 4616  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:00:37.0307 4616  WwanSvc - ok
15:00:37.0353 4616  ================ Scan global ===============================
15:00:37.0385 4616  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:00:37.0431 4616  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:00:37.0447 4616  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:00:37.0478 4616  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:00:37.0509 4616  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:00:37.0509 4616  [Global] - ok
15:00:37.0509 4616  ================ Scan MBR ==================================
15:00:37.0525 4616  [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
15:00:37.0931 4616  \Device\Harddisk0\DR0 - ok
15:00:37.0931 4616  ================ Scan VBR ==================================
15:00:37.0946 4616  [ 713041B54039B2F6FBF045C624E466D4 ] \Device\Harddisk0\DR0\Partition1
15:00:37.0946 4616  \Device\Harddisk0\DR0\Partition1 - ok
15:00:37.0977 4616  [ 3A746B2427D790569E9D84BD3446CEEE ] \Device\Harddisk0\DR0\Partition2
15:00:37.0977 4616  \Device\Harddisk0\DR0\Partition2 - ok
15:00:37.0977 4616  ============================================================
15:00:37.0977 4616  Scan finished
15:00:37.0977 4616  ============================================================
15:00:37.0993 2864  Detected object count: 5
15:00:37.0993 2864  Actual detected object count: 5
15:01:24.0372 2864  DpHost ( UnsignedFile.Multi.Generic ) - skipped by user
15:01:24.0372 2864  DpHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:01:24.0372 2864  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
15:01:24.0372 2864  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:01:24.0372 2864  FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
15:01:24.0372 2864  FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:01:24.0372 2864  USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
15:01:24.0372 2864  USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:01:24.0388 2864  wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:01:24.0388 2864  wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:02:20.0698 1928  Deinitialize success
         

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.