Spam-Mail, Trojaner?

Hilflose · 14.06.2013, 23:07

Hallo,Trojaner-Board,

ich war heute einfach dumm. Eine Freundin zeigte mir eine dieser "Inkasso-Spam-Mails" mit ZIP-Anhang, die sie in ihrem Postfach hatte.Weil sie sich nicht sicher war, ob das Ding doch echt ist, öffneten wir unvorsichtshalber auf meinem Rechner den ZIP-Anhang.

In dem ZIP-Ordner befanden sich keine weiteren Dateien, die man hätte anklicken können.

Erst dann kam auch uns Deppen das ganze seltsam vor und das große Googeln fing an. Tja, was soll ich sagen: leider hatte ich da ja schon diesen dummen ZIP-Ordner zum Öffnen angeklickt.

Ich finde den Ordner immer noch in der "Download-Liste". Und nun? (wie gesagt, in solcher Hinsicht bin ich leider sehr ahnungs- und hilflos und wahrscheinlich einer der größten Deppen,die ihr hier seit langem hattet) Habe so ein bisschen Angst vor den ganzen Trojanern, seit ich hier die Posts gelesen habe.

Mein Virenprogramm (McAfee) findet in seinem Systemscan nichts. Einfach die Datei löschen aus der Downloadliste wird ja nicht ausreichen, oder?

Ihr seht: ich würde echt Hilfe brauchen können, für die ich euch sehr dankbar wäre.

Viele Grüße,
eine Hilflose

cosinus · 15.06.2013, 01:47

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Hilflose · 15.06.2013, 19:46

Hallo,

danke für deine schnelle Hilfe.

Habe nur das hier von Malwarebytes.

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.15.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16614
Sarah :: SARAH-PC [Administrator]

Schutz: Aktiviert

15.06.2013 16:30:48
mbam-log-2013-06-15 (16-30-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 478132
Laufzeit: 2 Stunde(n), 20 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Bisher nichts, oder?

Muss/sollte ich jetzt noch was tun/beachten?

Nochmal danke für deine Hilfe,

Grüße von der Hilflosen

cosinus · 17.06.2013, 10:01

Warum bitte machst du einen neuen Scan mit Malwarebytes? Ich habe ausdrücklich erwähnt, dass du keine neuen Scans machen sondern nur schon vorhandene Logs posten solltest, falls es denn welche mit Funde gibt und v.a. wollte ich wissen ob ein Scanner bei dir jemals fündig wurde.

Hilflose · 17.06.2013, 16:33

Entschuldige, hatte ich einfach falsch gelesen. Tut mir leid.

Habe keine weiteren Funde und auch keine weitere Logs. Der Scanner wurde mal vor längerem fündig, das ist aber schon etwa sechs Monate her und ich habe leider auch nicht mehr im Kopf, was damals war. Jetzt gab es im Scanner nichts....

Grüße

cosinus · 18.06.2013, 08:50

Ok, das reicht mir so als Info

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Hilflose · 19.06.2013, 15:32

Hallo,

hier sind die Files. Hoffe, dass das stimmt.

Code:

ATTFilter

OTL Extras logfile created on: 19.06.2013 15:46:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sarah\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 38,76% Memory free
5,92 Gb Paging File | 3,61 Gb Available in Paging File | 60,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 218,32 Gb Free Space | 77,03% Space Free | Partition Type: NTFS
 
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{400FD602-900C-4DF1-B5DA-630578F042E2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E739FEA7-90BC-4B78-8B12-8E5F4A0550A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FA55E3-550D-468E-9EED-B8ED2BDF25BE}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{2948E702-35FB-4501-A412-5711555BFE96}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2A980839-BEDD-4864-A95E-C3CD3BEE491B}" = protocol=6 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3CD9A591-41ED-4A9B-94BA-B8DCB0FB03EB}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{472BCF19-7DE7-440C-873D-144489445887}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{596EA0BF-545F-4F41-A353-7A1170963D22}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{9BD1329E-8689-4A15-8716-0B5DBB56A724}" = dir=in | app=c:\itunes.exe | 
"{B110B5CF-2E24-417C-9E7F-22022ED7E5ED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B62166BD-BE5E-44C3-A6E5-BF102B14A88F}" = protocol=17 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C0B6ACFC-8DC8-4ACC-A217-D763B8D581CA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{CDEC2E17-E0AD-4D49-92F7-14F426CBCD93}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E2692FDE-686C-4F96-93E1-328D159A8023}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{F44FB94D-5696-4643-B7D3-53E6D9CE6716}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FD979364-6508-4B56-B3CB-0952EF020025}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Dell Touchpad
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1231D46E-3174-4F1F-859E-41DCB0D070D2}" = mediscript Hammerexamen
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{721147C5-8B40-11D5-B9FA-0050BA12ABB6}" = chemicus
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C8B34412-55B1-4ACC-8ED3-A7346B8A67B8}_is1" = TOPP Vorlagen-Druckstudio (3623)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E461E45A-2B48-42FA-90E1-6F36D85DF101}" = Bing Bar
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"Digital Editions" = Adobe Digital Editions
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"QuickTime" = QuickTime
"WildTangent dell Master Uninstall" = WildTangent-Spiele
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2515748003-3712374172-103790039-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.05.2013 20:26:08 | Computer Name = Sarah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11013
 
Error - 30.05.2013 20:26:08 | Computer Name = Sarah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11013
 
Error - 31.05.2013 00:29:55 | Computer Name = Sarah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 31.05.2013 00:29:55 | Computer Name = Sarah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14638057
 
Error - 31.05.2013 00:29:55 | Computer Name = Sarah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14638057
 
Error - 31.05.2013 11:38:08 | Computer Name = Sarah-PC | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: Der 
Remotename konnte nicht aufgelöst werden: 'wsvcdell.backup.com'     bei System.Net.HttpWebRequest.GetRequestStream(TransportContext&
 context)     bei System.Net.HttpWebRequest.GetRequestStream()     bei System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
 methodName, Object[] parameters)     bei Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
 req)     bei Swapdrive.Shared.ActivationWsvcs.GetInfo()
 
Error - 01.06.2013 15:19:50 | Computer Name = Sarah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.06.2013 15:22:14 | Computer Name = Sarah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1748
 
Error - 01.06.2013 15:22:14 | Computer Name = Sarah-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1748
 
Error - 15.06.2013 13:51:13 | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ Broadcom Wireless LAN Events ]
Error - 06.02.2013 01:56:34 | Computer Name = Sarah-PC | Source = WLAN-Tray | ID = 0
Description = 06:56:33, Wed, Feb 06, 13 Error - Unable to gain access to user store

 
[ System Events ]
Error - 06.05.2013 00:58:29 | Computer Name = Sarah-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 18.05.2013 12:06:56 | Computer Name = Sarah-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 18.05.2013 14:14:36 | Computer Name = Sarah-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?05.?2013 um 20:11:47 unerwartet heruntergefahren.
 
Error - 18.05.2013 21:00:59 | Computer Name = Sarah-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 19.05.2013 02:58:39 | Computer Name = Sarah-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?05.?2013 um 08:57:28 unerwartet heruntergefahren.
 
Error - 23.05.2013 14:37:06 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 McAfee McShield erreicht.
 
Error - 23.05.2013 14:37:06 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee McShield" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 26.05.2013 13:58:38 | Computer Name = Sarah-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.05.2013 12:27:01 | Computer Name = Sarah-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 19.06.2013 09:39:17 | Computer Name = Sarah-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

Code:

ATTFilter

OTL logfile created on: 19.06.2013 15:46:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sarah\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 38,76% Memory free
5,92 Gb Paging File | 3,61 Gb Available in Paging File | 60,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 218,32 Gb Free Space | 77,03% Space Free | Partition Type: NTFS
 
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sarah\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\56765d6988c0fc573c31d3c6066fc704\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\d519ad447b93318e05cdc93d8fa49efa\System.Web.Services.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe (Microsoft Corporation.)
SRV - (mfevtp) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe (IDT, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3A95EA70-F4F1-49CA-9AA5-F34422733553}
IE:64bit: - HKLM\..\SearchScopes\{3A95EA70-F4F1-49CA-9AA5-F34422733553}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {BA1587AC-520D-4902-A95F-0CF68655A822}
IE - HKLM\..\SearchScopes\{BA1587AC-520D-4902-A95F-0CF68655A822}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2515748003-3712374172-103790039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-2515748003-3712374172-103790039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2515748003-3712374172-103790039-1000\..\SearchScopes,DefaultScope = {BA1587AC-520D-4902-A95F-0CF68655A822}
IE - HKU\S-1-5-21-2515748003-3712374172-103790039-1000\..\SearchScopes\{BA1587AC-520D-4902-A95F-0CF68655A822}: "URL" = hxxp://www.bing.com/search?FORM=BB07DF&PC=BB07&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2515748003-3712374172-103790039-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2515748003-3712374172-103790039-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.94.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.08.12 17:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2013.06.19 15:44:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\tkc8t76l.default\extensions
[2012.10.03 18:06:28 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\tkc8t76l.default\extensions\2020Player_IKEA@2020Technologies.com
[2013.05.23 21:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.23 21:41:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - Extension: YouTube = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2515748003-3712374172-103790039-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2515748003-3712374172-103790039-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2515748003-3712374172-103790039-1000..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://navigram.com/engine/v1026/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{169121B5-B4E6-4774-875F-6B05A30E7CF2}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.19 15:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UtilityChest_49EI
[2013.06.19 15:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013.06.15 20:48:16 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.15 20:48:15 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.15 16:29:21 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2013.06.15 16:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.15 16:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.15 16:29:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.15 16:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.15 16:28:41 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Programs
[2013.06.14 22:21:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.14 22:21:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.14 22:21:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.14 22:21:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.14 22:21:20 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.14 22:21:20 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.14 22:21:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.14 22:21:19 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.14 22:21:19 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.14 22:21:18 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.14 22:21:17 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.14 22:21:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.14 22:21:15 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.13 19:29:04 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.13 19:29:04 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.13 19:28:55 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.13 19:28:55 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.13 19:28:42 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.13 19:28:31 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.13 19:28:31 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.13 19:28:31 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.13 19:28:28 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.13 19:28:27 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.13 19:28:27 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.13 19:27:46 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.13 19:27:46 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.05.29 21:51:54 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\Abstracts
[2013.05.23 21:41:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.19 15:38:49 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.19 15:38:11 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.19 15:38:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.19 15:37:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.19 11:00:35 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.19 11:00:35 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.19 10:51:35 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.15 16:29:16 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.13 19:26:50 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.13 19:26:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.05 22:16:36 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.05 22:16:36 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.05 22:16:36 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.05 22:16:36 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.05 22:16:36 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.31 06:45:32 | 002,182,116 | ---- | M] () -- C:\Users\Sarah\Documents\ICD Nachsorge .pdf
 
========== Files Created - No Company Name ==========
 
[2013.06.15 16:29:16 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.31 06:45:28 | 002,182,116 | ---- | C] () -- C:\Users\Sarah\Documents\ICD Nachsorge .pdf
[2012.04.29 16:50:36 | 000,317,400 | ---- | C] () -- C:\Users\Sarah\ESC_CoreSyllabus.pdf
[2012.04.29 16:50:11 | 001,080,938 | ---- | C] () -- C:\Users\Sarah\esc-core-curriculum.pdf
[2012.04.29 00:58:26 | 000,105,654 | ---- | C] () -- C:\Users\Sarah\CurriculumPraxisHerzschrittmacherTherapie.pdf
[2012.04.10 21:02:42 | 000,209,956 | ---- | C] () -- C:\Users\Sarah\Anamnese_Thorax_06_final.pdf
[2011.05.07 10:56:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2007.03.12 18:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files (x86)\navigram_register.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Danke fürs Anschauen!

cosinus · 19.06.2013, 15:43

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Hilflose · 19.06.2013, 18:44

Hallo,

das hier sind die Logfiles...

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.19.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Sarah :: SARAH-PC [administrator]

19.06.2013 18:09:20
mbar-log-2013-06-19 (18-09-20).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 238120
Time elapsed: 30 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
c:\Users\Sarah\AppData\Local\Temp\DM\3kBaa1bJNfRcWCN\Zipper(1).exe (Adware.DomaIQ) -> Delete on reboot.
c:\Users\Sarah\AppData\Local\Temp\DM\8xnge61Nj2uRGII\Zipper(1).exe (Adware.DomaIQ) -> Delete on reboot.
c:\Users\Sarah\AppData\Local\Temp\DM\ax6FdsxMYT4RFd4\Zipper(1).exe (Adware.DomaIQ) -> Delete on reboot.
c:\Users\Sarah\AppData\Local\Temp\DM\dKbxzLT0g31UY8F\Zipper(1).exe (Adware.DomaIQ) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Und das ist der von "danach".

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.19.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Sarah :: SARAH-PC [administrator]

19.06.2013 19:00:13
mbar-log-2013-06-19 (19-00-13).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 238021
Time elapsed: 32 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Danke für die tolle Hilfe!

cosinus · 19.06.2013, 18:46

Ich vermisse das Log von GMER

Hilflose · 20.06.2013, 08:23

Hier ist es....

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-19 18:00:20
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.D005 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Sarah\AppData\Local\Temp\kgloypow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560  fffff800031f4000 45 bytes [00, 00, C5, 00, 4E, 74, 66, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607  fffff800031f402f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- EOF - GMER 2.1 ----

Danke!

cosinus · 20.06.2013, 08:31

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Hilflose · 20.06.2013, 11:53

Hallo,

nur kurz der Zwischenstand:
beim ersten Mal ist der Scan mit aswMBR tatsächlich abgebrochen wurden. Der mit der AVcan: none hat funktioniert mit diesem Logfile.

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-20 12:46:16
-----------------------------
12:46:16.855    OS Version: Windows x64 6.1.7601 Service Pack 1
12:46:16.855    Number of processors: 2 586 0x170A
12:46:16.871    ComputerName: SARAH-PC  UserName: Sarah
12:46:17.775    Initialize success
12:46:33.547    AVAST engine defs: 13061901
12:47:08.695    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:47:08.695    Disk 0 Vendor: ST932032 D005 Size: 305245MB BusType: 3
12:47:08.851    Disk 0 MBR read successfully
12:47:08.851    Disk 0 MBR scan
12:47:08.867    Disk 0 Windows VISTA default MBR code
12:47:08.867    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
12:47:08.898    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 81920
12:47:08.913    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       290204 MB offset 30801920
12:47:08.960    Disk 0 scanning C:\Windows\system32\drivers
12:47:25.622    Service scanning
12:47:57.836    Modules scanning
12:47:57.836    Disk 0 trace - called modules:
12:47:57.867    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
12:47:58.382    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031e25a0]
12:47:58.382    3 CLASSPNP.SYS[fffff88001aba43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e3a050]
12:47:58.398    Scan finished successfully
12:50:13.542    Disk 0 MBR has been saved successfully to "C:\Users\Sarah\Desktop\MBR.dat"
12:50:13.557    The log file has been saved successfully to "C:\Users\Sarah\Desktop\aswMBR.txt"

Jetzt muss ich dich leider einmal fragen:
Soll ich jetzt trotzdem gleich den TDSSKiller hinterher machen?

Danke für deine Geduld!

cosinus · 20.06.2013, 12:41

ja, jetzt den tdsskiller

Hilflose · 20.06.2013, 16:10

Hallo cosinus!

Hier sind die Ergebnisse des tdsskiller....

Code:

ATTFilter

17:05:15.0038 4448  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:05:17.0050 4448  ============================================================
17:05:17.0050 4448  Current date / time: 2013/06/20 17:05:17.0050
17:05:17.0050 4448  SystemInfo:
17:05:17.0050 4448  
17:05:17.0050 4448  OS Version: 6.1.7601 ServicePack: 1.0
17:05:17.0050 4448  Product type: Workstation
17:05:17.0050 4448  ComputerName: SARAH-PC
17:05:17.0050 4448  UserName: Sarah
17:05:17.0050 4448  Windows directory: C:\Windows
17:05:17.0050 4448  System windows directory: C:\Windows
17:05:17.0050 4448  Running under WOW64
17:05:17.0050 4448  Processor architecture: Intel x64
17:05:17.0050 4448  Number of processors: 2
17:05:17.0050 4448  Page size: 0x1000
17:05:17.0050 4448  Boot type: Normal boot
17:05:17.0050 4448  ============================================================
17:05:19.0421 4448  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:05:19.0453 4448  ============================================================
17:05:19.0453 4448  \Device\Harddisk0\DR0:
17:05:19.0453 4448  MBR partitions:
17:05:19.0453 4448  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
17:05:19.0453 4448  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
17:05:19.0453 4448  ============================================================
17:05:19.0499 4448  C: <-> \Device\Harddisk0\DR0\Partition2
17:05:19.0499 4448  ============================================================
17:05:19.0499 4448  Initialize success
17:05:19.0499 4448  ============================================================
17:05:28.0766 0252  ============================================================
17:05:28.0766 0252  Scan started
17:05:28.0766 0252  Mode: Manual; SigCheck; TDLFS; 
17:05:28.0766 0252  ============================================================
17:05:30.0139 0252  ================ Scan system memory ========================
17:05:30.0139 0252  System memory - ok
17:05:30.0139 0252  ================ Scan services =============================
17:05:30.0669 0252  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:05:30.0903 0252  1394ohci - ok
17:05:30.0950 0252  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:05:30.0981 0252  ACPI - ok
17:05:31.0012 0252  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:05:31.0121 0252  AcpiPmi - ok
17:05:31.0293 0252  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:05:31.0324 0252  AdobeARMservice - ok
17:05:31.0558 0252  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:05:31.0605 0252  AdobeFlashPlayerUpdateSvc - ok
17:05:31.0667 0252  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:05:31.0699 0252  adp94xx - ok
17:05:31.0933 0252  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:05:32.0011 0252  adpahci - ok
17:05:32.0042 0252  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:05:32.0073 0252  adpu320 - ok
17:05:32.0104 0252  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:05:32.0276 0252  AeLookupSvc - ok
17:05:32.0541 0252  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
17:05:32.0697 0252  AESTFilters - ok
17:05:32.0900 0252  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:05:32.0978 0252  AFD - ok
17:05:33.0025 0252  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:05:33.0040 0252  agp440 - ok
17:05:33.0087 0252  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:05:33.0165 0252  ALG - ok
17:05:33.0196 0252  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:05:33.0227 0252  aliide - ok
17:05:33.0274 0252  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:05:33.0305 0252  amdide - ok
17:05:33.0337 0252  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:05:33.0415 0252  AmdK8 - ok
17:05:33.0461 0252  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:05:33.0508 0252  AmdPPM - ok
17:05:33.0555 0252  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:05:33.0586 0252  amdsata - ok
17:05:33.0649 0252  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:05:33.0680 0252  amdsbs - ok
17:05:33.0711 0252  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:05:33.0742 0252  amdxata - ok
17:05:33.0805 0252  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:05:33.0976 0252  AppID - ok
17:05:34.0023 0252  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:05:34.0117 0252  AppIDSvc - ok
17:05:34.0179 0252  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
17:05:34.0257 0252  Appinfo - ok
17:05:34.0351 0252  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:05:34.0382 0252  Apple Mobile Device - ok
17:05:34.0475 0252  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:05:34.0507 0252  arc - ok
17:05:34.0522 0252  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:05:34.0538 0252  arcsas - ok
17:05:34.0569 0252  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:05:34.0647 0252  AsyncMac - ok
17:05:34.0741 0252  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:05:34.0772 0252  atapi - ok
17:05:34.0865 0252  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:05:34.0990 0252  AudioEndpointBuilder - ok
17:05:35.0099 0252  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:05:35.0162 0252  AudioSrv - ok
17:05:35.0255 0252  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:05:35.0365 0252  AxInstSV - ok
17:05:35.0427 0252  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
17:05:35.0489 0252  b06bdrv - ok
17:05:35.0521 0252  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:05:35.0567 0252  b57nd60a - ok
17:05:35.0723 0252  [ 4AA81E69A0A99035392880DBC953B1A1 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe
17:05:35.0755 0252  BBSvc - ok
17:05:35.0848 0252  [ 49CBA45AB82D25A6FFC4ECB3307BC9E7 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe
17:05:35.0879 0252  BBUpdate - ok
17:05:35.0926 0252  [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
17:05:35.0957 0252  BCM42RLY - ok
17:05:36.0191 0252  [ F4CD5F52850BF2C978DE178F256BA372 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
17:05:36.0254 0252  BCM43XX - ok
17:05:36.0347 0252  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:05:36.0410 0252  BDESVC - ok
17:05:36.0441 0252  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:05:36.0535 0252  Beep - ok
17:05:36.0628 0252  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:05:36.0706 0252  BFE - ok
17:05:36.0847 0252  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:05:36.0971 0252  BITS - ok
17:05:37.0034 0252  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:05:37.0081 0252  blbdrive - ok
17:05:37.0237 0252  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:05:37.0268 0252  Bonjour Service - ok
17:05:37.0330 0252  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:05:37.0393 0252  bowser - ok
17:05:37.0439 0252  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:05:37.0564 0252  BrFiltLo - ok
17:05:37.0595 0252  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:05:37.0611 0252  BrFiltUp - ok
17:05:37.0658 0252  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:05:37.0720 0252  Browser - ok
17:05:37.0798 0252  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:05:37.0892 0252  Brserid - ok
17:05:37.0923 0252  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:05:37.0970 0252  BrSerWdm - ok
17:05:38.0001 0252  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:05:38.0048 0252  BrUsbMdm - ok
17:05:38.0095 0252  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:05:38.0141 0252  BrUsbSer - ok
17:05:38.0173 0252  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:05:38.0219 0252  BTHMODEM - ok
17:05:38.0282 0252  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:05:38.0360 0252  bthserv - ok
17:05:38.0375 0252  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:05:38.0422 0252  cdfs - ok
17:05:38.0485 0252  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
17:05:38.0547 0252  cdrom - ok
17:05:38.0594 0252  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:05:38.0672 0252  CertPropSvc - ok
17:05:38.0750 0252  [ D2B3252AD4EB499C935A56467997AA3C ] cfwids          C:\Windows\system32\drivers\cfwids.sys
17:05:38.0765 0252  cfwids - ok
17:05:38.0828 0252  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:05:38.0859 0252  circlass - ok
17:05:38.0921 0252  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:05:38.0984 0252  CLFS - ok
17:05:39.0077 0252  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:05:39.0109 0252  clr_optimization_v2.0.50727_32 - ok
17:05:39.0296 0252  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:05:39.0327 0252  clr_optimization_v2.0.50727_64 - ok
17:05:39.0421 0252  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:05:39.0499 0252  clr_optimization_v4.0.30319_32 - ok
17:05:39.0545 0252  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:05:39.0561 0252  clr_optimization_v4.0.30319_64 - ok
17:05:39.0608 0252  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:05:39.0670 0252  CmBatt - ok
17:05:39.0717 0252  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:05:39.0748 0252  cmdide - ok
17:05:39.0826 0252  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
17:05:39.0889 0252  CNG - ok
17:05:39.0967 0252  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:05:39.0982 0252  Compbatt - ok
17:05:40.0029 0252  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:05:40.0091 0252  CompositeBus - ok
17:05:40.0107 0252  COMSysApp - ok
17:05:40.0123 0252  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:05:40.0138 0252  crcdisk - ok
17:05:40.0216 0252  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:05:40.0294 0252  CryptSvc - ok
17:05:40.0341 0252  [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
17:05:40.0419 0252  CtClsFlt - ok
17:05:40.0528 0252  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:05:40.0653 0252  DcomLaunch - ok
17:05:40.0715 0252  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:05:40.0793 0252  defragsvc - ok
17:05:40.0871 0252  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:05:40.0949 0252  DfsC - ok
17:05:40.0996 0252  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:05:41.0074 0252  Dhcp - ok
17:05:41.0121 0252  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:05:41.0199 0252  discache - ok
17:05:41.0246 0252  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:05:41.0261 0252  Disk - ok
17:05:41.0293 0252  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:05:41.0355 0252  Dnscache - ok
17:05:41.0464 0252  [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
17:05:41.0589 0252  DockLoginService ( UnsignedFile.Multi.Generic ) - warning
17:05:41.0589 0252  DockLoginService - detected UnsignedFile.Multi.Generic (1)
17:05:41.0651 0252  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:05:41.0729 0252  dot3svc - ok
17:05:41.0776 0252  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:05:41.0823 0252  DPS - ok
17:05:41.0885 0252  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:05:41.0917 0252  drmkaud - ok
17:05:42.0088 0252  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:05:42.0182 0252  DXGKrnl - ok
17:05:42.0229 0252  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:05:42.0322 0252  EapHost - ok
17:05:42.0572 0252  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
17:05:42.0743 0252  ebdrv - ok
17:05:42.0790 0252  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:05:42.0868 0252  EFS - ok
17:05:43.0055 0252  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:05:43.0227 0252  ehRecvr - ok
17:05:43.0258 0252  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:05:43.0305 0252  ehSched - ok
17:05:43.0399 0252  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:05:43.0445 0252  elxstor - ok
17:05:43.0477 0252  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:05:43.0508 0252  ErrDev - ok
17:05:43.0570 0252  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:05:43.0648 0252  EventSystem - ok
17:05:43.0742 0252  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:05:43.0835 0252  exfat - ok
17:05:43.0867 0252  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:05:43.0976 0252  fastfat - ok
17:05:44.0038 0252  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:05:44.0147 0252  Fax - ok
17:05:44.0147 0252  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:05:44.0194 0252  fdc - ok
17:05:44.0225 0252  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:05:44.0303 0252  fdPHost - ok
17:05:44.0319 0252  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:05:44.0397 0252  FDResPub - ok
17:05:44.0444 0252  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:05:44.0475 0252  FileInfo - ok
17:05:44.0506 0252  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:05:44.0584 0252  Filetrace - ok
17:05:44.0615 0252  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:05:44.0662 0252  flpydisk - ok
17:05:44.0709 0252  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:05:44.0771 0252  FltMgr - ok
17:05:44.0990 0252  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
17:05:45.0052 0252  FontCache - ok
17:05:45.0130 0252  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:05:45.0224 0252  FontCache3.0.0.0 - ok
17:05:45.0255 0252  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:05:45.0286 0252  FsDepends - ok
17:05:45.0317 0252  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:05:45.0349 0252  Fs_Rec - ok
17:05:45.0427 0252  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:05:45.0458 0252  fvevol - ok
17:05:45.0505 0252  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:05:45.0536 0252  gagp30kx - ok
17:05:45.0661 0252  [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
17:05:45.0692 0252  GameConsoleService - ok
17:05:45.0817 0252  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:05:45.0832 0252  GEARAspiWDM - ok
17:05:45.0957 0252  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:05:46.0113 0252  gpsvc - ok
17:05:46.0253 0252  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:05:46.0285 0252  gupdate - ok
17:05:46.0331 0252  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:05:46.0363 0252  gupdatem - ok
17:05:46.0425 0252  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:05:46.0456 0252  gusvc - ok
17:05:46.0487 0252  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:05:46.0565 0252  hcw85cir - ok
17:05:46.0612 0252  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:05:46.0659 0252  HDAudBus - ok
17:05:46.0721 0252  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:05:46.0768 0252  HidBatt - ok
17:05:46.0799 0252  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:05:46.0831 0252  HidBth - ok
17:05:46.0831 0252  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:05:46.0846 0252  HidIr - ok
17:05:46.0893 0252  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:05:46.0971 0252  hidserv - ok
17:05:47.0049 0252  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
17:05:47.0080 0252  HidUsb - ok
17:05:47.0127 0252  [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
17:05:47.0158 0252  HipShieldK - ok
17:05:47.0205 0252  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:05:47.0283 0252  hkmsvc - ok
17:05:47.0330 0252  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:05:47.0455 0252  HomeGroupListener - ok
17:05:47.0501 0252  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:05:47.0548 0252  HomeGroupProvider - ok
17:05:47.0595 0252  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:05:47.0626 0252  HpSAMD - ok
17:05:47.0720 0252  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:05:47.0813 0252  HTTP - ok
17:05:47.0845 0252  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:05:47.0876 0252  hwpolicy - ok
17:05:47.0954 0252  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:05:47.0985 0252  i8042prt - ok
17:05:48.0125 0252  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
17:05:48.0157 0252  IAANTMON - ok
17:05:48.0250 0252  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
17:05:48.0281 0252  iaStor - ok
17:05:48.0328 0252  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:05:48.0375 0252  iaStorV - ok
17:05:48.0437 0252  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:05:48.0484 0252  idsvc - ok
17:05:49.0015 0252  [ 44A4CFDF95DEC95CFE8A5C111A2CBF71 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:05:49.0155 0252  igfx - ok
17:05:49.0202 0252  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:05:49.0233 0252  iirsp - ok
17:05:49.0405 0252  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:05:49.0483 0252  IKEEXT - ok
17:05:49.0498 0252  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:05:49.0514 0252  intelide - ok
17:05:49.0561 0252  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:05:49.0623 0252  intelppm - ok
17:05:49.0670 0252  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:05:49.0732 0252  IPBusEnum - ok
17:05:49.0763 0252  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:05:49.0857 0252  IpFilterDriver - ok
17:05:49.0919 0252  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:05:49.0997 0252  iphlpsvc - ok
17:05:50.0029 0252  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:05:50.0075 0252  IPMIDRV - ok
17:05:50.0122 0252  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:05:50.0185 0252  IPNAT - ok
17:05:50.0325 0252  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:05:50.0356 0252  iPod Service - ok
17:05:50.0434 0252  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:05:50.0543 0252  IRENUM - ok
17:05:50.0575 0252  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:05:50.0590 0252  isapnp - ok
17:05:50.0653 0252  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:05:50.0684 0252  iScsiPrt - ok
17:05:50.0731 0252  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
17:05:50.0762 0252  kbdclass - ok
17:05:50.0793 0252  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:05:50.0840 0252  kbdhid - ok
17:05:50.0855 0252  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:05:50.0871 0252  KeyIso - ok
17:05:50.0918 0252  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:05:50.0949 0252  KSecDD - ok
17:05:50.0996 0252  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:05:51.0027 0252  KSecPkg - ok
17:05:51.0074 0252  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:05:51.0167 0252  ksthunk - ok
17:05:51.0199 0252  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:05:51.0277 0252  KtmRm - ok
17:05:51.0339 0252  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:05:51.0448 0252  LanmanServer - ok
17:05:51.0511 0252  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:05:51.0573 0252  LanmanWorkstation - ok
17:05:51.0620 0252  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:05:51.0682 0252  lltdio - ok
17:05:51.0776 0252  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:05:51.0854 0252  lltdsvc - ok
17:05:51.0885 0252  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:05:51.0932 0252  lmhosts - ok
17:05:51.0979 0252  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:05:52.0010 0252  LSI_FC - ok
17:05:52.0057 0252  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:05:52.0088 0252  LSI_SAS - ok
17:05:52.0103 0252  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:05:52.0119 0252  LSI_SAS2 - ok
17:05:52.0150 0252  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:05:52.0166 0252  LSI_SCSI - ok
17:05:52.0181 0252  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:05:52.0259 0252  luafv - ok
17:05:52.0337 0252  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:05:52.0353 0252  MBAMProtector - ok
17:05:52.0462 0252  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:05:52.0509 0252  MBAMScheduler - ok
17:05:52.0587 0252  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:05:52.0603 0252  MBAMService - ok
17:05:52.0868 0252  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:05:52.0899 0252  McMPFSvc - ok
17:05:52.0915 0252  [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:05:52.0930 0252  mcmscsvc - ok
17:05:52.0946 0252  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:05:52.0961 0252  McNaiAnn - ok
17:05:52.0977 0252  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:05:52.0993 0252  McNASvc - ok
17:05:53.0211 0252  [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS           C:\Program Files\mcafee\VirusScan\mcods.exe
17:05:53.0227 0252  McODS - ok
17:05:53.0258 0252  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:05:53.0273 0252  McOobeSv - ok
17:05:53.0289 0252  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:05:53.0305 0252  McProxy - ok
17:05:53.0445 0252  [ 21F81090A00932C5E96700EDF2977582 ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:05:53.0476 0252  McShield - ok
17:05:53.0523 0252  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:05:53.0570 0252  Mcx2Svc - ok
17:05:53.0648 0252  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:05:53.0679 0252  megasas - ok
17:05:53.0710 0252  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:05:53.0726 0252  MegaSR - ok
17:05:53.0773 0252  [ B1720E97FABBDF7D30B36DAF19C3DEE8 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
17:05:53.0804 0252  mfeapfk - ok
17:05:53.0866 0252  [ 113F1534B80D65DFDCA660F19967A3B7 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
17:05:53.0897 0252  mfeavfk - ok
17:05:53.0944 0252  mfeavfk01 - ok
17:05:54.0007 0252  [ C4F521310E40327BBC8E8E71DA344F48 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:05:54.0022 0252  mfefire - ok
17:05:54.0085 0252  [ CECC9841D036EE008091825272D91331 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
17:05:54.0163 0252  mfefirek - ok
17:05:54.0287 0252  [ EF0F85EDBDF6C0AB467E88E0CEE2B346 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
17:05:54.0350 0252  mfehidk - ok
17:05:54.0381 0252  [ 6E3A46BF6CBB80450CC24F80FE03ED5A ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
17:05:54.0412 0252  mferkdet - ok
17:05:54.0459 0252  [ 341BFCAA3A55C08E8C9ECB1654ACA905 ] mfevtp          C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
17:05:54.0553 0252  mfevtp - ok
17:05:54.0615 0252  [ 2802D09F1B6ED502237539563F3C4992 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
17:05:54.0646 0252  mfewfpk - ok
17:05:54.0724 0252  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:05:54.0802 0252  MMCSS - ok
17:05:54.0833 0252  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:05:54.0911 0252  Modem - ok
17:05:54.0943 0252  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:05:54.0974 0252  monitor - ok
17:05:55.0005 0252  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
17:05:55.0021 0252  mouclass - ok
17:05:55.0067 0252  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:05:55.0114 0252  mouhid - ok
17:05:55.0161 0252  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:05:55.0177 0252  mountmgr - ok
17:05:55.0255 0252  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:05:55.0286 0252  MozillaMaintenance - ok
17:05:55.0317 0252  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:05:55.0364 0252  mpio - ok
17:05:55.0395 0252  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:05:55.0442 0252  mpsdrv - ok
17:05:55.0567 0252  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:05:55.0629 0252  MpsSvc - ok
17:05:55.0660 0252  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:05:55.0707 0252  MRxDAV - ok
17:05:55.0801 0252  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:05:55.0879 0252  mrxsmb - ok
17:05:55.0941 0252  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:05:55.0972 0252  mrxsmb10 - ok
17:05:56.0003 0252  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:05:56.0035 0252  mrxsmb20 - ok
17:05:56.0066 0252  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:05:56.0097 0252  msahci - ok
17:05:56.0113 0252  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:05:56.0144 0252  msdsm - ok
17:05:56.0159 0252  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:05:56.0206 0252  MSDTC - ok
17:05:56.0269 0252  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:05:56.0315 0252  Msfs - ok
17:05:56.0347 0252  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:05:56.0409 0252  mshidkmdf - ok
17:05:56.0440 0252  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:05:56.0456 0252  msisadrv - ok
17:05:56.0518 0252  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:05:56.0596 0252  MSiSCSI - ok
17:05:56.0612 0252  msiserver - ok
17:05:56.0674 0252  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:05:56.0737 0252  MSKSSRV - ok
17:05:56.0768 0252  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:05:56.0830 0252  MSPCLOCK - ok
17:05:56.0846 0252  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:05:56.0908 0252  MSPQM - ok
17:05:56.0939 0252  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:05:56.0986 0252  MsRPC - ok
17:05:57.0033 0252  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:05:57.0064 0252  mssmbios - ok
17:05:57.0111 0252  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:05:57.0173 0252  MSTEE - ok
17:05:57.0189 0252  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:05:57.0251 0252  MTConfig - ok
17:05:57.0314 0252  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:05:57.0345 0252  Mup - ok
17:05:57.0423 0252  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:05:57.0517 0252  napagent - ok
17:05:57.0579 0252  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:05:57.0626 0252  NativeWifiP - ok
17:05:57.0953 0252  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:05:58.0031 0252  NDIS - ok
17:05:58.0125 0252  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:05:58.0203 0252  NdisCap - ok
17:05:58.0234 0252  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:05:58.0312 0252  NdisTapi - ok
17:05:58.0343 0252  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:05:58.0453 0252  Ndisuio - ok
17:05:58.0499 0252  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:05:58.0593 0252  NdisWan - ok
17:05:58.0640 0252  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:05:58.0749 0252  NDProxy - ok
17:05:58.0811 0252  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:05:58.0889 0252  NetBIOS - ok
17:05:58.0952 0252  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:05:59.0030 0252  NetBT - ok
17:05:59.0045 0252  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:05:59.0061 0252  Netlogon - ok
17:05:59.0139 0252  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:05:59.0217 0252  Netman - ok
17:05:59.0233 0252  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:05:59.0311 0252  netprofm - ok
17:05:59.0342 0252  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:05:59.0373 0252  NetTcpPortSharing - ok
17:05:59.0420 0252  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:05:59.0451 0252  nfrd960 - ok
17:05:59.0482 0252  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:05:59.0529 0252  NlaSvc - ok
17:05:59.0560 0252  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:05:59.0607 0252  Npfs - ok
17:05:59.0654 0252  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:05:59.0732 0252  nsi - ok
17:05:59.0747 0252  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:05:59.0826 0252  nsiproxy - ok
17:06:00.0044 0252  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:06:00.0216 0252  Ntfs - ok
17:06:00.0247 0252  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:06:00.0325 0252  Null - ok
17:06:00.0387 0252  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:06:00.0403 0252  nvraid - ok
17:06:00.0403 0252  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:06:00.0481 0252  nvstor - ok
17:06:00.0481 0252  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:06:00.0512 0252  nv_agp - ok
17:06:00.0528 0252  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:06:00.0574 0252  ohci1394 - ok
17:06:00.0637 0252  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:06:00.0668 0252  ose - ok
17:06:01.0011 0252  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:06:01.0245 0252  osppsvc - ok
17:06:01.0308 0252  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:06:01.0386 0252  p2pimsvc - ok
17:06:01.0401 0252  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:06:01.0448 0252  p2psvc - ok
17:06:01.0495 0252  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:06:01.0542 0252  Parport - ok
17:06:01.0573 0252  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:06:01.0604 0252  partmgr - ok
17:06:01.0651 0252  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:06:01.0713 0252  PcaSvc - ok
17:06:01.0744 0252  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:06:01.0776 0252  pci - ok
17:06:01.0822 0252  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:06:01.0838 0252  pciide - ok
17:06:01.0885 0252  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:06:01.0916 0252  pcmcia - ok
17:06:01.0947 0252  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:06:01.0963 0252  pcw - ok
17:06:01.0978 0252  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:06:02.0072 0252  PEAUTH - ok
17:06:02.0166 0252  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:06:02.0212 0252  PerfHost - ok
17:06:02.0290 0252  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:06:02.0384 0252  pla - ok
17:06:02.0462 0252  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:06:02.0540 0252  PlugPlay - ok
17:06:02.0602 0252  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:06:02.0649 0252  PNRPAutoReg - ok
17:06:02.0727 0252  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:06:02.0774 0252  PNRPsvc - ok
17:06:02.0899 0252  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:06:02.0992 0252  PolicyAgent - ok
17:06:03.0070 0252  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:06:03.0164 0252  Power - ok
17:06:03.0226 0252  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:06:03.0273 0252  PptpMiniport - ok
17:06:03.0289 0252  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:06:03.0336 0252  Processor - ok
17:06:03.0382 0252  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:06:03.0445 0252  ProfSvc - ok
17:06:03.0460 0252  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:06:03.0476 0252  ProtectedStorage - ok
17:06:03.0523 0252  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:06:03.0570 0252  Psched - ok
17:06:03.0632 0252  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
17:06:03.0710 0252  PxHlpa64 - ok
17:06:03.0819 0252  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:06:03.0913 0252  ql2300 - ok
17:06:03.0928 0252  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:06:03.0960 0252  ql40xx - ok
17:06:03.0991 0252  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:06:04.0053 0252  QWAVE - ok
17:06:04.0069 0252  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:06:04.0100 0252  QWAVEdrv - ok
17:06:04.0116 0252  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:06:04.0178 0252  RasAcd - ok
17:06:04.0240 0252  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:06:04.0287 0252  RasAgileVpn - ok
17:06:04.0334 0252  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:06:04.0396 0252  RasAuto - ok
17:06:04.0443 0252  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:06:04.0521 0252  Rasl2tp - ok
17:06:04.0568 0252  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:06:04.0646 0252  RasMan - ok
17:06:04.0708 0252  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:06:04.0786 0252  RasPppoe - ok
17:06:04.0818 0252  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:06:04.0896 0252  RasSstp - ok
17:06:04.0942 0252  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:06:05.0020 0252  rdbss - ok
17:06:05.0052 0252  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:06:05.0083 0252  rdpbus - ok
17:06:05.0098 0252  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:06:05.0176 0252  RDPCDD - ok
17:06:05.0208 0252  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:06:05.0286 0252  RDPENCDD - ok
17:06:05.0317 0252  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:06:05.0395 0252  RDPREFMP - ok
17:06:05.0442 0252  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:06:05.0504 0252  RDPWD - ok
17:06:05.0566 0252  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:06:05.0598 0252  rdyboost - ok
17:06:05.0644 0252  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:06:05.0722 0252  RemoteAccess - ok
17:06:05.0754 0252  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:06:05.0832 0252  RemoteRegistry - ok
17:06:05.0863 0252  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:06:05.0941 0252  RpcEptMapper - ok
17:06:05.0972 0252  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:06:06.0019 0252  RpcLocator - ok
17:06:06.0081 0252  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:06:06.0128 0252  RpcSs - ok
17:06:06.0175 0252  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:06:06.0237 0252  rspndr - ok
17:06:06.0284 0252  [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
17:06:06.0331 0252  RSUSBSTOR - ok
17:06:06.0362 0252  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:06:06.0378 0252  SamSs - ok
17:06:06.0409 0252  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:06:06.0440 0252  sbp2port - ok
17:06:06.0487 0252  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:06:06.0534 0252  SCardSvr - ok
17:06:06.0565 0252  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:06:06.0643 0252  scfilter - ok
17:06:06.0721 0252  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:06:06.0830 0252  Schedule - ok
17:06:06.0892 0252  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:06:06.0955 0252  SCPolicySvc - ok
17:06:06.0970 0252  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:06:07.0033 0252  SDRSVC - ok
17:06:07.0064 0252  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:06:07.0158 0252  secdrv - ok
17:06:07.0189 0252  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:06:07.0236 0252  seclogon - ok
17:06:07.0282 0252  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:06:07.0376 0252  SENS - ok
17:06:07.0407 0252  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:06:07.0470 0252  SensrSvc - ok
17:06:07.0485 0252  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:06:07.0501 0252  Serenum - ok
17:06:07.0548 0252  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:06:07.0579 0252  Serial - ok
17:06:07.0610 0252  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:06:07.0641 0252  sermouse - ok
17:06:07.0719 0252  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:06:07.0797 0252  SessionEnv - ok
17:06:07.0828 0252  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:06:07.0891 0252  sffdisk - ok
17:06:07.0906 0252  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:06:07.0969 0252  sffp_mmc - ok
17:06:07.0984 0252  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:06:08.0031 0252  sffp_sd - ok
17:06:08.0094 0252  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:06:08.0125 0252  sfloppy - ok
17:06:08.0203 0252  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:06:08.0296 0252  SharedAccess - ok
17:06:08.0343 0252  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:06:08.0437 0252  ShellHWDetection - ok
17:06:08.0515 0252  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:06:08.0530 0252  SiSRaid2 - ok
17:06:08.0562 0252  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:06:08.0577 0252  SiSRaid4 - ok
17:06:08.0640 0252  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:06:08.0671 0252  SkypeUpdate - ok
17:06:08.0718 0252  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:06:08.0780 0252  Smb - ok
17:06:08.0842 0252  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:06:08.0905 0252  SNMPTRAP - ok
17:06:08.0920 0252  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:06:08.0936 0252  spldr - ok
17:06:09.0014 0252  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
17:06:09.0108 0252  Spooler - ok
17:06:09.0342 0252  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:06:09.0529 0252  sppsvc - ok
17:06:09.0622 0252  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:06:09.0732 0252  sppuinotify - ok
17:06:09.0841 0252  [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
17:06:09.0872 0252  sprtsvc_DellSupportCenter - ok
17:06:09.0950 0252  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:06:10.0028 0252  srv - ok
17:06:10.0090 0252  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:06:10.0200 0252  srv2 - ok
17:06:10.0231 0252  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:06:10.0278 0252  srvnet - ok
17:06:10.0340 0252  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:06:10.0402 0252  SSDPSRV - ok
17:06:10.0418 0252  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:06:10.0465 0252  SstpSvc - ok
17:06:10.0605 0252  [ 5697FB5DCF36ADA09C153378E88AE6AD ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
17:06:10.0652 0252  STacSV - ok
17:06:10.0714 0252  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:06:10.0730 0252  stexstor - ok
17:06:10.0777 0252  [ F3F6C17F70EBA268CDBE4F9704E3EAC5 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
17:06:10.0824 0252  STHDA - ok
17:06:10.0917 0252  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:06:10.0980 0252  stisvc - ok
17:06:11.0026 0252  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:06:11.0058 0252  swenum - ok
17:06:11.0104 0252  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:06:11.0182 0252  swprv - ok
17:06:11.0260 0252  [ 3178B56219E0E4FB5F95299E49B83B44 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:06:11.0354 0252  SynTP - ok
17:06:11.0557 0252  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:06:11.0682 0252  SysMain - ok
17:06:11.0760 0252  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:06:11.0806 0252  TabletInputService - ok
17:06:11.0822 0252  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:06:11.0884 0252  TapiSrv - ok
17:06:11.0916 0252  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:06:11.0978 0252  TBS - ok
17:06:12.0134 0252  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:06:12.0243 0252  Tcpip - ok
17:06:12.0306 0252  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:06:12.0352 0252  TCPIP6 - ok
17:06:12.0415 0252  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:06:12.0446 0252  tcpipreg - ok
17:06:12.0493 0252  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:06:12.0540 0252  TDPIPE - ok
17:06:12.0602 0252  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:06:12.0696 0252  TDTCP - ok
17:06:12.0727 0252  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:06:12.0805 0252  tdx - ok
17:06:12.0852 0252  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:06:12.0883 0252  TermDD - ok
17:06:12.0914 0252  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:06:12.0961 0252  TermService - ok
17:06:13.0023 0252  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:06:13.0086 0252  Themes - ok
17:06:13.0117 0252  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:06:13.0179 0252  THREADORDER - ok
17:06:13.0242 0252  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:06:13.0320 0252  TrkWks - ok
17:06:13.0382 0252  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:06:13.0460 0252  TrustedInstaller - ok
17:06:13.0538 0252  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:06:13.0585 0252  tssecsrv - ok
17:06:13.0663 0252  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:06:13.0725 0252  TsUsbFlt - ok
17:06:13.0788 0252  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:06:13.0866 0252  tunnel - ok
17:06:13.0897 0252  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:06:13.0928 0252  uagp35 - ok
17:06:14.0037 0252  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:06:14.0146 0252  udfs - ok
17:06:14.0178 0252  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:06:14.0224 0252  UI0Detect - ok
17:06:14.0256 0252  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:06:14.0287 0252  uliagpkx - ok
17:06:14.0334 0252  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
17:06:14.0380 0252  umbus - ok
17:06:14.0412 0252  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:06:14.0458 0252  UmPass - ok
17:06:14.0521 0252  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:06:14.0614 0252  upnphost - ok
17:06:14.0661 0252  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
17:06:14.0724 0252  USBAAPL64 - ok
17:06:14.0817 0252  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:06:14.0880 0252  usbccgp - ok
17:06:14.0942 0252  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:06:14.0989 0252  usbcir - ok
17:06:15.0036 0252  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:06:15.0082 0252  usbehci - ok
17:06:15.0129 0252  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:06:15.0176 0252  usbhub - ok
17:06:15.0207 0252  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:06:15.0238 0252  usbohci - ok
17:06:15.0301 0252  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:06:15.0348 0252  usbprint - ok
17:06:15.0379 0252  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:06:15.0410 0252  usbscan - ok
17:06:15.0410 0252  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:06:15.0488 0252  USBSTOR - ok
17:06:15.0535 0252  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:06:15.0582 0252  usbuhci - ok
17:06:15.0613 0252  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
17:06:15.0644 0252  usbvideo - ok
17:06:15.0675 0252  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:06:15.0738 0252  UxSms - ok
17:06:15.0769 0252  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:06:15.0800 0252  VaultSvc - ok
17:06:15.0816 0252  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:06:15.0847 0252  vdrvroot - ok
17:06:15.0940 0252  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:06:16.0018 0252  vds - ok
17:06:16.0050 0252  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:06:16.0096 0252  vga - ok
17:06:16.0112 0252  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:06:16.0174 0252  VgaSave - ok
17:06:16.0206 0252  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:06:16.0284 0252  vhdmp - ok
17:06:16.0330 0252  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:06:16.0362 0252  viaide - ok
17:06:16.0393 0252  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:06:16.0408 0252  volmgr - ok
17:06:16.0455 0252  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:06:16.0486 0252  volmgrx - ok
17:06:16.0518 0252  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:06:16.0533 0252  volsnap - ok
17:06:16.0580 0252  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:06:16.0627 0252  vsmraid - ok
17:06:16.0752 0252  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:06:16.0876 0252  VSS - ok
17:06:16.0908 0252  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:06:16.0939 0252  vwifibus - ok
17:06:16.0970 0252  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:06:16.0986 0252  vwififlt - ok
17:06:17.0032 0252  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
17:06:17.0048 0252  vwifimp - ok
17:06:17.0110 0252  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:06:17.0173 0252  W32Time - ok
17:06:17.0204 0252  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:06:17.0251 0252  WacomPen - ok
17:06:17.0313 0252  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:06:17.0391 0252  WANARP - ok
17:06:17.0407 0252  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:06:17.0454 0252  Wanarpv6 - ok
17:06:17.0547 0252  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:06:17.0750 0252  WatAdminSvc - ok
17:06:17.0968 0252  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:06:18.0093 0252  wbengine - ok
17:06:18.0140 0252  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:06:18.0187 0252  WbioSrvc - ok
17:06:18.0249 0252  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:06:18.0343 0252  wcncsvc - ok
17:06:18.0374 0252  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:06:18.0421 0252  WcsPlugInService - ok
17:06:18.0452 0252  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:06:18.0483 0252  Wd - ok
17:06:18.0592 0252  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:06:18.0670 0252  Wdf01000 - ok
17:06:18.0686 0252  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:06:18.0967 0252  WdiServiceHost - ok
17:06:18.0967 0252  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:06:18.0998 0252  WdiSystemHost - ok
17:06:19.0060 0252  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:06:19.0138 0252  WebClient - ok
17:06:19.0201 0252  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:06:19.0294 0252  Wecsvc - ok
17:06:19.0310 0252  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:06:19.0357 0252  wercplsupport - ok
17:06:19.0372 0252  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:06:19.0450 0252  WerSvc - ok
17:06:19.0497 0252  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:06:19.0544 0252  WfpLwf - ok
17:06:19.0575 0252  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:06:19.0591 0252  WIMMount - ok
17:06:19.0606 0252  WinDefend - ok
17:06:19.0669 0252  WinHttpAutoProxySvc - ok
17:06:19.0762 0252  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:06:19.0794 0252  Winmgmt - ok
17:06:20.0074 0252  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:06:20.0168 0252  WinRM - ok
17:06:20.0262 0252  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:06:20.0293 0252  WinUsb - ok
17:06:20.0340 0252  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:06:20.0449 0252  Wlansvc - ok
17:06:20.0574 0252  [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc        C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
17:06:20.0605 0252  wltrysvc ( UnsignedFile.Multi.Generic ) - warning
17:06:20.0605 0252  wltrysvc - detected UnsignedFile.Multi.Generic (1)
17:06:20.0668 0252  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:06:20.0715 0252  WmiAcpi - ok
17:06:20.0809 0252  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:06:20.0855 0252  wmiApSrv - ok
17:06:20.0933 0252  WMPNetworkSvc - ok
17:06:20.0996 0252  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:06:21.0043 0252  WPCSvc - ok
17:06:21.0105 0252  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:06:21.0152 0252  WPDBusEnum - ok
17:06:21.0183 0252  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:06:21.0261 0252  ws2ifsl - ok
17:06:21.0323 0252  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:06:21.0386 0252  wscsvc - ok
17:06:21.0401 0252  WSearch - ok
17:06:21.0495 0252  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:06:21.0589 0252  wuauserv - ok
17:06:21.0620 0252  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:06:21.0730 0252  WudfPf - ok
17:06:21.0761 0252  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:06:21.0808 0252  WUDFRd - ok
17:06:21.0855 0252  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:06:21.0902 0252  wudfsvc - ok
17:06:21.0948 0252  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:06:22.0026 0252  WwanSvc - ok
17:06:22.0089 0252  [ 79D9CE9614C955DD31AA2556B4014662 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
17:06:22.0151 0252  yukonw7 - ok
17:06:22.0167 0252  ================ Scan global ===============================
17:06:22.0214 0252  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:06:22.0245 0252  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:06:22.0260 0252  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:06:22.0292 0252  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:06:22.0338 0252  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:06:22.0354 0252  [Global] - ok
17:06:22.0354 0252  ================ Scan MBR ==================================
17:06:22.0370 0252  [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
17:06:23.0649 0252  \Device\Harddisk0\DR0 - ok
17:06:23.0649 0252  ================ Scan VBR ==================================
17:06:23.0696 0252  [ 808C5A2241094939BFF81D134E307A1A ] \Device\Harddisk0\DR0\Partition1
17:06:23.0696 0252  \Device\Harddisk0\DR0\Partition1 - ok
17:06:23.0711 0252  [ B20C526A1DAF068EFBC9AD6808FBED02 ] \Device\Harddisk0\DR0\Partition2
17:06:23.0711 0252  \Device\Harddisk0\DR0\Partition2 - ok
17:06:23.0711 0252  ============================================================
17:06:23.0711 0252  Scan finished
17:06:23.0711 0252  ============================================================
17:06:23.0727 8936  Detected object count: 2
17:06:23.0727 8936  Actual detected object count: 2
17:07:17.0642 8936  DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
17:07:17.0642 8936  DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:07:17.0652 8936  wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:07:17.0652 8936  wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

Grüße von der Hilflosen

17.06.2013, 10:01	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Spam-Mail, Trojaner? Warum bitte machst du einen neuen Scan mit Malwarebytes? Ich habe ausdrücklich erwähnt, dass du keine neuen Scans machen sondern nur schon vorhandene Logs posten solltest, falls es denn welche mit Funde gibt und v.a. wollte ich wissen ob ein Scanner bei dir jemals fündig wurde. __________________ Logfiles bitte immer in CODE-Tags posten

19.06.2013, 18:46	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Spam-Mail, Trojaner? Ich vermisse das Log von GMER __________________ Logfiles bitte immer in CODE-Tags posten

20.06.2013, 12:41	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Spam-Mail, Trojaner? ja, jetzt den tdsskiller __________________ Logfiles bitte immer in CODE-Tags posten

Spam-Mail, Trojaner?

Plagegeister aller Art und deren Bekämpfung: Spam-Mail, Trojaner?