Trojaner-Board - loadtbs - unbekanntes programm und firefox-erweiterung

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - loadtbs - unbekanntes programm und firefox-erweiterung (https://www.trojaner-board.de/118740-loadtbs-unbekanntes-programm-firefox-erweiterung.html)

loadtbs - unbekanntes programm und firefox-erweiterung

Hallo,

ich habe auf meinem notebook das programm "loadtbs" gefunden, ohne herstellerangabe. ebenso ein gleichnamiges firefox-addon. beides ließ sich entfernen. danach habe ich allerdings nochmal weiter gegoogelt und habe ein paar hinweise gefunden, dass loadtbs auch ein trojaner oder ähnliches sein könnte.
hier wurde das thema auch schonmal behandelt: http://www.trojaner-board.de/113104-...-programm.html

bitte um infos zum weiteren vorgehen.

danke!!

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Danke für die Antwort.
Habe beide Tools schon kurz nach meiner Frage laufen lassen, um zu sehen ob sie anschlagen. Haben sie nicht. Ist also alles ok?
Hier die Logs:

Malwarebytes

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.07.06.14
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

SH :: SH-VAIO [Administrator]
 

Schutz: Aktiviert
 

07.07.2012 00:15:30

mbam-log-2012-07-07 (00-15-30).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 442934

Laufzeit: 1 Stunde(n), 4 Minute(n), 52 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

ESET

Code:

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=c2ddc88c321d344dbc86e6e40c9ade31

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-07 04:01:28

# local_time=2012-07-07 06:01:28 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 587050 587050 0 0

# compatibility_mode=5893 16776574 100 94 22665012 93256788 0 0

# compatibility_mode=8192 67108863 100 0 23178 23178 0 0

# scanned=242835

# found=0

# cleaned=0

# scan_time=6750

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Danke! Hier das Log:

Code:

# AdwCleaner v1.701 - Logfile created 07/12/2012 at 12:54:21

# Updated 02/07/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : XX - XX-XXXX

# Running from : C:\Users\XX\Downloads\adwcleaner.exe

# Option [Search]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 
 

***** [Registry] *****
 
 

***** [Registre - GUID] *****
 
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v13.0.1 (de)
 

Profile name : default 

File : C:\Users\XX\AppData\Roaming\Mozilla\Firefox\Profiles\gjci9y9t.default\prefs.js
 

[OK] File is clean.
 

-\\ Opera v12.0.1467.0
 

File : C:\Users\XX\AppData\Roaming\Opera\Opera\operaprefs.ini
 

[OK] File is clean.
 

*************************
 

AdwCleaner[R1].txt - [810 octets] - [12/07/2012 12:54:21]
 

########## EOF - C:\AdwCleaner[R1].txt - [937 octets] ##########

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hier ist das Log:
OTL Logfile:

Code:

OTL logfile created on: 12.07.2012 18:18:25 - Run 1

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\XX\Downloads

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,92 Gb Total Physical Memory | 5,95 Gb Available Physical Memory | 75,19% Memory free

15,83 Gb Paging File | 13,26 Gb Available in Paging File | 83,75% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 225,10 Gb Total Space | 73,25 Gb Free Space | 32,54% Space Free | Partition Type: NTFS

Drive Z: | 225,10 Gb Total Space | 73,25 Gb Free Space | 32,54% Space Free | Partition Type: FAT32

 

Computer Name: XX-VAIO | User Name: XX | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.07.12 18:15:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\XX\Downloads\OTL.exe

PRC - [2012.07.02 17:42:16 | 000,296,672 | ---- | M] (Microsoft Corporation) -- C:\Users\XX\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

PRC - [2012.07.01 02:40:09 | 001,749,224 | ---- | M] (Klipfolio Inc.) -- C:\Program Files (x86)\Klipfolio\Klipfolio.exe

PRC - [2012.06.30 09:03:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012.06.30 09:02:51 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

PRC - [2012.06.30 09:02:48 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe

PRC - [2012.06.30 09:02:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.06.30 09:02:46 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe

PRC - [2012.06.30 09:02:46 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.06.22 16:40:04 | 001,288,264 | ---- | M] (Secomba GmbH) -- C:\Program Files (x86)\BoxCryptor\BoxCryptor.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.11.14 17:14:24 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

PRC - [2011.11.14 17:14:20 | 001,355,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

PRC - [2011.11.14 17:13:58 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

PRC - [2011.11.14 17:13:52 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2011.06.13 09:49:14 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

PRC - [2011.06.13 09:49:14 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

PRC - [2011.05.18 17:36:24 | 000,075,912 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe

PRC - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011.03.29 08:48:14 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2011.03.29 08:47:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2011.03.09 12:40:12 | 000,342,984 | ---- | M] () -- C:\Program Files (x86)\OneClickInternet\WTGService.exe

PRC - [2011.03.04 10:46:50 | 000,318,464 | ---- | M] (HUAWEI Technologies Co., Ltd.) -- C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe

PRC - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe

PRC - [2011.01.29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe

PRC - [2010.11.22 14:31:50 | 000,142,216 | ---- | M] () -- C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.07.02 12:19:57 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll

MOD - [2012.06.30 20:04:06 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll

MOD - [2012.06.30 20:03:58 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll

MOD - [2012.06.30 20:03:57 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll

MOD - [2012.06.30 20:03:52 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll

MOD - [2012.06.30 20:03:51 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll

MOD - [2012.06.30 20:03:48 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll

MOD - [2012.06.30 20:03:42 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll

MOD - [2012.06.30 20:00:49 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.07.12 14:30:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.07.03 11:25:01 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV - [2012.07.03 11:23:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012.06.30 09:03:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.06.30 09:02:51 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2012.06.30 09:02:48 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)

SRV - [2012.06.30 09:02:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.06.30 09:02:46 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)

SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.01.13 12:22:24 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)

SRV - [2012.01.13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)

SRV - [2012.01.12 14:15:08 | 000,960,152 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)

SRV - [2012.01.04 12:27:32 | 001,526,032 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2012.01.04 12:14:38 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV - [2012.01.04 12:13:06 | 000,844,560 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2011.12.12 03:40:36 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)

SRV - [2011.12.07 08:38:10 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2011.11.14 17:14:24 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2011.11.14 17:14:20 | 001,355,840 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)

SRV - [2011.11.14 17:13:58 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011.06.13 09:49:14 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

SRV - [2011.06.10 22:46:11 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)

SRV - [2011.05.18 17:36:24 | 000,075,912 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe -- (ActiveDelayDeviceService)

SRV - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)

SRV - [2011.04.28 13:17:10 | 000,552,584 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)

SRV - [2011.04.26 04:25:04 | 000,294,216 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Programme\TrueSuite\TrueSuite.Service.exe -- (FPLService)

SRV - [2011.03.29 08:48:14 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)

SRV - [2011.03.29 08:47:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)

SRV - [2011.03.09 12:40:12 | 000,342,984 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OneClickInternet\WTGService.exe -- (WTGService)

SRV - [2011.03.04 10:46:50 | 000,318,464 | ---- | M] (HUAWEI Technologies Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe -- (GobiQDLService)

SRV - [2011.03.02 17:03:14 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)

SRV - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)

SRV - [2010.11.22 14:31:50 | 000,142,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe -- (Securepoint VPN)

SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010.02.24 05:05:12 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)

SRV - [2010.02.24 05:05:02 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

 

 

IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.eu/vaioportal

IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data]

IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com [binary data]

IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sony.eu/vaioportal

IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\..\SearchScopes\{11A0E6F5-192B-4A8F-99D9-7F9BB6F78464}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363

IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\..\SearchScopes\{32413EC1-E16A-4117-B15D-22DB32122600}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices

IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\..\SearchScopes\{9E8F200A-E11C-49F7-B527-2E9813108658}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-21/4?satitle={searchTerms}

IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.30 09:00:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.29 14:09:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2012.06.30 09:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XX\AppData\Roaming\mozilla\Extensions

[2012.07.06 21:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XX\AppData\Roaming\mozilla\Firefox\Profiles\gjci9y9t.default\extensions

[2012.07.12 12:49:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.07.03 00:18:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012.07.12 12:49:38 | 000,000,000 | ---D | M] (TrueSuite Website Log On) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon_toolbar@truesuite.com

[2012.07.02 10:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\webstore@truesuite.com

[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Programme\TrueSuite\x86\TrueSuite.IEBHO.dll (AuthenTec Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.

O3 - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [VAIO Boot Manager] C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe (Sony Corporation)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3709107807-748031628-3402409794-1000..\Run: [Klipfolio] C:\Program Files (x86)\Klipfolio\Klipfolio.exe (Klipfolio Inc.)

O4 - HKU\S-1-5-21-3709107807-748031628-3402409794-1000..\Run: [SkyDrive] C:\Users\XX\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoxCryptor.lnk = C:\Program Files (x86)\BoxCryptor\BoxCryptor.exe (Secomba GmbH)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93188D7E-3597-4D3E-89DB-B9C7EF547B6F}: NameServer = 193.189.244.225 193.189.244.206

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE867034-C7C9-45D1-B058-F13B69BBBFD9}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Adobe_ID0ENQBO - hkey= - key= - C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: BDRegion - hkey= - key= - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)

MsConfig:64bit - StartUpReg: ClientAppLogon32 - hkey= - key= - C:\Programme\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)

MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

MsConfig:64bit - StartUpReg: IntelPAN - hkey= - key= - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)

MsConfig:64bit - StartUpReg: ISBMgr.exe - hkey= - key= - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

MsConfig:64bit - StartUpReg: RtHDVBg - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\XX\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: MCODS - Reg Error: Value error.

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CAD22CA4-4821-6193-A620-FEEE43C577A7} - Themes Setup

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

 

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.06 21:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.07.06 21:26:14 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Malwarebytes

[2012.07.06 21:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.07.06 21:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.07.06 21:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.07.05 19:33:08 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Windows Live

[2012.07.05 19:32:46 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\{7034B23C-5376-4172-B220-EFE40173EA06}

[2012.07.03 14:40:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012.07.03 12:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet

[2012.07.03 11:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM

[2012.07.03 11:27:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool

[2012.07.03 11:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe

[2012.07.03 11:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player

[2012.07.03 11:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS4

[2012.07.03 11:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared

[2012.07.03 00:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tor Browser

[2012.07.03 00:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012.07.03 00:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2012.07.03 00:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works

[2012.07.03 00:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2012.07.03 00:04:28 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2012.07.03 00:03:06 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2012.07.02 17:53:29 | 000,000,000 | R--D | C] -- C:\Users\XX\SkyDrive

[2012.07.02 17:42:24 | 000,000,000 | R--D | C] -- C:\Users\XX\fuerSkyDrive

[2012.07.02 17:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive

[2012.07.02 16:07:46 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2012.07.02 16:07:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL

[2012.07.02 16:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared

[2012.07.02 16:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark

[2012.07.02 16:06:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark

[2012.07.02 15:52:17 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\InstallShield

[2012.07.02 10:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in

[2012.07.02 10:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueSuite

[2012.07.01 02:40:10 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Klipfolio

[2012.07.01 02:40:10 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Klipfolio

[2012.07.01 02:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klipfolio

[2012.07.01 02:40:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Klipfolio

[2012.07.01 01:17:57 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Build.A.Gadget

[2012.06.30 16:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX880 series

[2012.06.30 16:45:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ

[2012.06.30 16:44:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJFAX

[2012.06.30 16:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities

[2012.06.30 16:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon

[2012.06.30 12:28:52 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\OneClickInternet

[2012.06.30 11:30:46 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Opera

[2012.06.30 11:30:46 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Opera

[2012.06.30 11:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera

[2012.06.30 09:17:12 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Adobe

[2012.06.30 09:14:37 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Mozilla

[2012.06.30 09:14:37 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Mozilla

[2012.06.30 09:04:55 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Avira

[2012.06.30 09:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.06.30 09:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.06.30 09:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2012.06.30 09:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012.06.30 09:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012.06.30 09:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012.06.30 08:59:42 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Adobe

[2012.06.30 08:59:17 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\ATI

[2012.06.30 08:59:17 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\ATI

[2012.06.30 08:59:00 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Intel Corporation

[2012.06.30 08:58:25 | 000,000,000 | R--D | C] -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012.06.30 08:58:25 | 000,000,000 | R--D | C] -- C:\Users\XX\Searches

[2012.06.30 08:58:25 | 000,000,000 | R--D | C] -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012.06.30 08:58:18 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Identities

[2012.06.30 08:58:16 | 000,000,000 | R--D | C] -- C:\Users\XX\Contacts

[2012.06.30 08:58:14 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\VirtualStore

[2012.06.30 08:57:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\VAIO Startup Setting Tool

[2012.06.30 08:57:53 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Sony Corporation

[2012.06.30 08:57:53 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012.06.30 08:57:47 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Intel

[2012.06.30 08:57:46 | 000,000,000 | --SD | C] -- C:\Users\XX\AppData\Roaming\Microsoft

[2012.06.30 08:57:46 | 000,000,000 | R--D | C] -- C:\Users\XX\Videos

[2012.06.30 08:57:46 | 000,000,000 | R--D | C] -- C:\Users\XX\Saved Games

[2012.06.30 08:57:46 | 000,000,000 | R--D | C] -- C:\Users\XX\Music

[2012.06.30 08:57:46 | 000,000,000 | R--D | C] -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012.06.30 08:57:46 | 000,000,000 | R--D | C] -- C:\Users\XX\Links

[2012.06.30 08:57:46 | 000,000,000 | R--D | C] -- C:\Users\XX\Favorites

[2012.06.30 08:57:46 | 000,000,000 | R--D | C] -- C:\Users\XX\Downloads

[2012.06.30 08:57:46 | 000,000,000 | R--D | C] -- C:\Users\XX\Desktop

[2012.06.30 08:57:46 | 000,000,000 | R--D | C] -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\Vorlagen

[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\AppData\Local\Verlauf

[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\AppData\Local\Temporary Internet Files

[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\Startmenü

[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\SendTo

[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\Recent

[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\Netzwerkumgebung

[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\Lokale Einstellungen

[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\Eigene Dateien

[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\Druckumgebung

[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\Cookies

[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\AppData\Local\Anwendungsdaten

[2012.06.30 08:57:46 | 000,000,000 | -HSD | C] -- C:\Users\XX\Anwendungsdaten

[2012.06.30 08:57:46 | 000,000,000 | -H-D | C] -- C:\Users\XX\AppData

[2012.06.30 08:57:46 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Temp

[2012.06.30 08:57:46 | 000,000,000 | ---D | C] -- C:\Users\XX\Roaming

[2012.06.30 08:57:46 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Microsoft

[2012.06.30 08:57:46 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Media Center Programs

[2012.06.30 08:57:46 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Macromedia

[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen

[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü

[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\Programme

[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten

[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos

[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik

[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder

[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen

[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente

[2012.06.30 08:57:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten

[2012.06.30 04:01:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2012.06.30 02:32:15 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\ElevatedDiagnostics

[2012.06.30 02:11:30 | 000,000,000 | ---D | C] -- C:\Users\XX\Documents\Meine empfangenen Dateien

[2012.06.30 01:45:41 | 000,000,000 | R--D | C] -- C:\Users\XX\Documents

[2012.06.29 23:18:35 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\.purple

[2012.06.29 23:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pidgin

[2012.06.29 21:47:37 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Securepoint SSL VPN

[2012.06.29 21:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Securepoint SSL VPN

[2012.06.29 21:46:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Securepoint SSL VPN

[2012.06.29 19:34:32 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\KeePass

[2012.06.29 19:22:37 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Spotify

[2012.06.29 19:22:16 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Spotify

[2012.06.29 19:01:33 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\convert

[2012.06.29 19:01:30 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\loadtbs

[2012.06.29 18:55:13 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\CD Art Display

[2012.06.29 18:55:12 | 000,094,208 | ---- | C] (MediaTexX) -- C:\Windows\SysWow64\wmpuice.dll

[2012.06.29 18:55:12 | 000,069,632 | ---- | C] (CD Art Display) -- C:\Windows\cadSSaver.scr

[2012.06.29 18:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD Art Display

[2012.06.29 18:55:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CD Art Display

[2012.06.29 18:32:49 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Scippleron

[2012.06.29 15:01:25 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Microsoft Help

[2012.06.29 15:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2012.06.29 15:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2012.06.29 14:43:54 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Download Manager

[2012.06.29 14:18:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2

[2012.06.29 14:10:04 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Roaming\Thunderbird

[2012.06.29 14:10:04 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Thunderbird

[2012.06.29 14:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird

[2012.06.29 14:00:56 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Secomba_GmbH

[2012.06.29 13:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BoxCryptor

[2012.06.29 13:59:15 | 000,223,760 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsNetRdr3.dll

[2012.06.29 13:59:15 | 000,158,224 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsMntNtf3.dll

[2012.06.29 13:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BoxCryptor

[2012.06.29 13:44:00 | 000,224,528 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll

[2012.06.29 13:44:00 | 000,183,568 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll

[2012.06.29 13:44:00 | 000,113,936 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll

[2012.06.29 13:44:00 | 000,068,880 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPEnhPS.dll

[2012.06.29 13:42:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care

[2012.06.29 13:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel

[2012.06.29 13:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless

[2012.06.29 13:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco

[2012.06.29 13:35:10 | 000,000,000 | ---D | C] -- C:\Users\XX\AppData\Local\Macromedia

[2012.06.29 13:29:18 | 000,000,000 | ---D | C] -- C:\Update

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.12 17:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.07.12 12:49:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.11 20:24:11 | 2081,275,903 | -HS- | M] () -- C:\hiberfil.sys

[2012.07.09 14:12:26 | 000,696,225 | ---- | M] () -- C:\Users\XX\Desktop\pdf.pdf

[2012.07.03 19:13:53 | 734,321,109 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012.07.02 16:07:46 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2012.07.01 16:54:09 | 000,002,080 | ---- | M] () -- C:\Users\XX\Desktop\Fortbildung.lnk

[2012.06.30 20:05:28 | 001,590,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.06.30 08:58:13 | 000,000,000 | RH-- | M] () -- C:\Windows\SysWow64\drivers\104D_Sony_VPCZ21A9E.mrk

[2012.06.30 08:56:26 | 000,055,513 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2012.06.30 02:44:15 | 000,002,857 | ---- | M] () -- C:\Users\XX\Desktop\Belkin J65.lnk

[2012.06.29 19:50:08 | 000,000,355 | ---- | M] () -- C:\Users\XX\Desktop\Computer.lnk

[2012.06.29 19:49:57 | 000,001,245 | ---- | M] () -- C:\Users\XX\Desktop\VSP.lnk

[2012.06.29 19:48:00 | 000,001,031 | ---- | M] () -- C:\Users\XX\Desktop\Bilder.lnk

[2012.06.29 19:47:52 | 000,001,014 | ---- | M] () -- C:\Users\XX\Desktop\Musik.lnk

[2012.06.29 19:47:44 | 000,001,042 | ---- | M] () -- C:\Users\XX\Desktop\Dokumente.lnk

[2012.06.29 19:47:35 | 000,000,512 | ---- | M] () -- C:\Users\XX\Desktop\Festplatte.lnk

[2012.06.29 13:59:16 | 000,001,097 | ---- | M] () -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoxCryptor.lnk

[2012.06.29 13:44:00 | 000,224,528 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll

[2012.06.29 13:44:00 | 000,183,568 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll

[2012.06.29 13:44:00 | 000,113,936 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll

[2012.06.29 13:44:00 | 000,068,880 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPEnhPS.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.07.09 14:12:26 | 000,696,225 | ---- | C] () -- C:\Users\XX\Desktop\pdf.pdf

[2012.07.03 14:40:17 | 734,321,109 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012.07.03 11:30:07 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk

[2012.07.02 17:42:24 | 000,002,129 | ---- | C] () -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

[2012.07.01 13:43:55 | 000,002,080 | ---- | C] () -- C:\Users\XX\Desktop\Fortbildung.lnk

[2012.06.30 11:30:44 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

[2012.06.30 09:00:57 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.06.30 08:58:47 | 000,001,405 | ---- | C] () -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2012.06.30 08:58:28 | 000,001,439 | ---- | C] () -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2012.06.30 08:58:13 | 000,000,000 | RH-- | C] () -- C:\Windows\SysWow64\drivers\104D_Sony_VPCZ21A9E.mrk

[2012.06.30 08:54:43 | 2081,275,903 | -HS- | C] () -- C:\hiberfil.sys

[2012.06.30 02:44:15 | 000,002,857 | ---- | C] () -- C:\Users\XX\Desktop\Belkin J65.lnk

[2012.06.29 23:18:05 | 000,000,991 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk

[2012.06.29 19:50:08 | 000,000,355 | ---- | C] () -- C:\Users\XX\Desktop\Computer.lnk

[2012.06.29 19:48:52 | 000,001,245 | ---- | C] () -- C:\Users\XX\Desktop\VSP.lnk

[2012.06.29 19:48:00 | 000,001,031 | ---- | C] () -- C:\Users\XX\Desktop\Bilder.lnk

[2012.06.29 19:47:52 | 000,001,014 | ---- | C] () -- C:\Users\XX\Desktop\Musik.lnk

[2012.06.29 19:47:44 | 000,001,042 | ---- | C] () -- C:\Users\XX\Desktop\Dokumente.lnk

[2012.06.29 19:47:35 | 000,000,512 | ---- | C] () -- C:\Users\XX\Desktop\Festplatte.lnk

[2012.06.29 19:22:36 | 000,001,738 | ---- | C] () -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

[2012.06.29 14:18:58 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk

[2012.06.29 14:09:59 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk

[2012.06.29 13:59:16 | 000,001,097 | ---- | C] () -- C:\Users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoxCryptor.lnk

[2012.06.29 13:42:43 | 000,001,814 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Unlimited.lnk

[2012.06.29 13:42:24 | 000,002,017 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk

[2012.06.29 13:31:12 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.06.29 13:30:11 | 000,001,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk

[2011.06.20 21:35:23 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011.06.20 21:35:20 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011.06.20 21:35:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011.06.20 21:35:13 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011.06.20 21:06:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011.06.20 21:05:28 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat

[2011.06.20 20:57:41 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

 
 ========== LOP Check ==========

 

[2012.07.11 10:48:02 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\.purple

[2012.06.29 18:55:13 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\CD Art Display

[2012.06.29 19:01:33 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\convert

[2012.07.12 18:18:14 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\KeePass

[2012.07.12 16:50:50 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Klipfolio

[2012.07.06 21:11:10 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\loadtbs

[2012.06.30 12:30:08 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\OneClickInternet

[2012.06.30 11:30:46 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Opera

[2012.06.29 21:48:46 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Securepoint SSL VPN

[2012.07.11 20:23:23 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Spotify

[2012.06.29 14:10:04 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Thunderbird

[2009.07.14 07:08:49 | 000,012,722 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.07.11 10:48:02 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\.purple

[2012.07.03 23:54:28 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Adobe

[2012.06.30 08:59:17 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\ATI

[2012.06.30 09:04:55 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Avira

[2012.06.29 18:55:13 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\CD Art Display

[2012.06.29 19:01:33 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\convert

[2012.07.03 00:00:50 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Download Manager

[2012.06.30 08:58:18 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Identities

[2012.07.02 15:52:17 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\InstallShield

[2012.06.30 08:57:47 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Intel

[2012.06.30 08:59:00 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Intel Corporation

[2012.07.12 18:18:14 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\KeePass

[2012.07.12 16:50:50 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Klipfolio

[2012.07.06 21:11:10 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\loadtbs

[2011.10.18 10:38:48 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Macromedia

[2012.07.06 21:26:14 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Malwarebytes

[2010.11.21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Media Center Programs

[2012.07.03 00:12:23 | 000,000,000 | --SD | M] -- C:\Users\XX\AppData\Roaming\Microsoft

[2012.06.30 09:14:42 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Mozilla

[2012.06.30 12:30:08 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\OneClickInternet

[2012.06.30 11:30:46 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Opera

[2012.06.29 21:48:46 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Securepoint SSL VPN

[2012.06.30 09:00:47 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Sony Corporation

[2012.07.11 20:23:23 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Spotify

[2012.06.29 14:10:04 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\Thunderbird

 
 < %APPDATA%\*.exe /s >

[2012.06.29 19:01:24 | 012,697,088 | ---- | M] () -- C:\Users\XX\AppData\Roaming\convert\convert.exe

[2012.06.29 19:01:25 | 000,660,480 | ---- | M] () -- C:\Users\XX\AppData\Roaming\loadtbs\uninstall.exe

[2011.10.18 10:38:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\XX\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2012.06.29 19:22:35 | 007,609,560 | ---- | M] (Spotify Ltd) -- C:\Users\XX\AppData\Roaming\Spotify\spotify.exe

[2012.06.29 19:22:35 | 000,114,392 | ---- | M] () -- C:\Users\XX\AppData\Roaming\Spotify\SpotifyLauncher.exe

[2012.06.29 19:22:35 | 001,192,664 | ---- | M] () -- C:\Users\XX\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys

[2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_08d71942172d4761\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.

O3 - HKU\S-1-5-21-3709107807-748031628-3402409794-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

[2012.07.06 21:11:10 | 000,000,000 | ---D | M] -- C:\Users\XX\AppData\Roaming\loadtbs

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Ok, habe den Fix ausgeführt.
Hier das Log:

Code:

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found.

Registry value HKEY_USERS\S-1-5-21-3709107807-748031628-3402409794-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

C:\Users\**\AppData\Roaming\loadtbs\html folder moved successfully.

C:\Users\**\AppData\Roaming\loadtbs folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56502 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: **

->Temp folder emptied: 171380382 bytes

->Temporary Internet Files folder emptied: 233384301 bytes

->Java cache emptied: 390311 bytes

->FireFox cache emptied: 609439962 bytes

->Opera cache emptied: 46431088 bytes

->Flash cache emptied: 58648 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 128559163 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 123833 bytes

RecycleBin emptied: 2251 bytes

 

Total Files Cleaned = 1.135,00 mb

 

 

[EMPTYFLA**]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Public

 

User: **

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.54.0 log created on 07132012_220619
 

Files\Folders moved on Reboot...

C:\Users\**\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

PendingFileRenameOperations files...

File C:\Users\**\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Ok, hier das Log:

Code:

23:09:43.0148 6788        TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35

23:09:45.0176 6788        ============================================================

23:09:45.0176 6788        Current date / time: 2012/07/13 23:09:45.0176

23:09:45.0176 6788        SystemInfo:

23:09:45.0176 6788        

23:09:45.0176 6788        OS Version: 6.1.7601 ServicePack: 1.0

23:09:45.0176 6788        Product type: Workstation

23:09:45.0176 6788        ComputerName: **-VAIO

23:09:45.0176 6788        UserName: **

23:09:45.0176 6788        Windows directory: C:\Windows

23:09:45.0176 6788        System windows directory: C:\Windows

23:09:45.0176 6788        Running under WOW64

23:09:45.0176 6788        Processor architecture: Intel x64

23:09:45.0176 6788        Number of processors: 4

23:09:45.0176 6788        Page size: 0x1000

23:09:45.0176 6788        Boot type: Normal boot

23:09:45.0176 6788        ============================================================

23:09:45.0566 6788        Drive \Device\Harddisk0\DR0 - Size: 0x3B9EC00000 (238.48 Gb), SectorSize: 0x200, Cylinders: 0x799B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:09:45.0581 6788        ============================================================

23:09:45.0581 6788        \Device\Harddisk0\DR0:

23:09:45.0581 6788        MBR partitions:

23:09:45.0581 6788        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A91800, BlocksNum 0x32000

23:09:45.0581 6788        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1AC3800, BlocksNum 0x1C232000

23:09:45.0581 6788        ============================================================

23:09:45.0581 6788        C: <-> \Device\Harddisk0\DR0\Partition1

23:09:45.0581 6788        ============================================================

23:09:45.0581 6788        Initialize success

23:09:45.0581 6788        ============================================================

23:09:55.0300 4232        ============================================================

23:09:55.0300 4232        Scan started

23:09:55.0300 4232        Mode: Manual; SigCheck; TDLFS; 

23:09:55.0300 4232        ============================================================

23:09:55.0908 4232        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

23:09:56.0018 4232        1394ohci - ok

23:09:56.0049 4232        ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

23:09:56.0096 4232        ACDaemon - ok

23:09:56.0142 4232        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

23:09:56.0189 4232        ACPI - ok

23:09:56.0189 4232        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

23:09:56.0236 4232        AcpiPmi - ok

23:09:56.0252 4232        ActiveDelayDeviceService (a0c6fa0574fd2a56082201fa721bca61) C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe

23:09:56.0283 4232        ActiveDelayDeviceService - ok

23:09:56.0298 4232        adfs            (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys

23:09:56.0314 4232        adfs - ok

23:09:56.0361 4232        Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

23:09:56.0392 4232        Adobe Version Cue CS4 - ok

23:09:56.0408 4232        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

23:09:56.0423 4232        AdobeARMservice - ok

23:09:56.0517 4232        AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

23:09:56.0548 4232        AdobeFlashPlayerUpdateSvc - ok

23:09:56.0610 4232        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

23:09:56.0657 4232        adp94xx - ok

23:09:56.0720 4232        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

23:09:56.0751 4232        adpahci - ok

23:09:56.0782 4232        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

23:09:56.0813 4232        adpu320 - ok

23:09:56.0829 4232        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

23:09:56.0922 4232        AeLookupSvc - ok

23:09:57.0000 4232        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

23:09:57.0047 4232        AFD - ok

23:09:57.0047 4232        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

23:09:57.0078 4232        agp440 - ok

23:09:57.0094 4232        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

23:09:57.0141 4232        ALG - ok

23:09:57.0141 4232        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

23:09:57.0172 4232        aliide - ok

23:09:57.0203 4232        AMD External Events Utility (60e410cbb927479aa762730c9031a6bd) C:\Windows\system32\atiesrxx.exe

23:09:57.0250 4232        AMD External Events Utility - ok

23:09:57.0250 4232        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

23:09:57.0281 4232        amdide - ok

23:09:57.0297 4232        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

23:09:57.0328 4232        AmdK8 - ok

23:09:57.0702 4232        amdkmdag        (8f3e65588cd16c4e26c366fda970917e) C:\Windows\system32\DRIVERS\atikmdag.sys

23:09:58.0046 4232        amdkmdag - ok

23:09:58.0108 4232        amdkmdap        (1b075adfe47632458e82df3220554710) C:\Windows\system32\DRIVERS\atikmpag.sys

23:09:58.0155 4232        amdkmdap - ok

23:09:58.0170 4232        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

23:09:58.0202 4232        AmdPPM - ok

23:09:58.0233 4232        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

23:09:58.0264 4232        amdsata - ok

23:09:58.0295 4232        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

23:09:58.0326 4232        amdsbs - ok

23:09:58.0326 4232        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

23:09:58.0358 4232        amdxata - ok

23:09:58.0389 4232        AMPPAL          (6d5225f0dd9eb4937a10ba05235fa6f1) C:\Windows\system32\DRIVERS\AMPPAL.sys

23:09:58.0420 4232        AMPPAL - ok

23:09:58.0436 4232        AMPPALP         (6d5225f0dd9eb4937a10ba05235fa6f1) C:\Windows\system32\DRIVERS\amppal.sys

23:09:58.0451 4232        AMPPALP - ok

23:09:58.0545 4232        AMPPALR3        (75130c273367f6aea472ba34f1d43b45) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

23:09:58.0592 4232        AMPPALR3 - ok

23:09:58.0701 4232        AntiVirFirewallService (6acc11e9d2f01c88251123d26c1c5489) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe

23:09:58.0748 4232        AntiVirFirewallService - ok

23:09:58.0810 4232        AntiVirMailService (b7fa28aefa586fb5a04876c7b31d03e6) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe

23:09:58.0841 4232        AntiVirMailService - ok

23:09:58.0857 4232        AntiVirSchedulerService (2e35310d600f4cc64624786a813a041e) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

23:09:58.0872 4232        AntiVirSchedulerService - ok

23:09:58.0888 4232        AntiVirService  (984102b9e2f6513008ed4e0c5ac4151d) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

23:09:58.0919 4232        AntiVirService - ok

23:09:58.0982 4232        AntiVirWebService (9bc7247fd7379307bcff92cf8eb64b87) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

23:09:59.0013 4232        AntiVirWebService - ok

23:09:59.0044 4232        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

23:09:59.0122 4232        AppID - ok

23:09:59.0138 4232        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

23:09:59.0231 4232        AppIDSvc - ok

23:09:59.0247 4232        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

23:09:59.0340 4232        Appinfo - ok

23:09:59.0372 4232        AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

23:09:59.0403 4232        AppMgmt - ok

23:09:59.0418 4232        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

23:09:59.0450 4232        arc - ok

23:09:59.0465 4232        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

23:09:59.0496 4232        arcsas - ok

23:09:59.0528 4232        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

23:09:59.0543 4232        aspnet_state - ok

23:09:59.0559 4232        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

23:09:59.0652 4232        AsyncMac - ok

23:09:59.0652 4232        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

23:09:59.0684 4232        atapi - ok

23:09:59.0808 4232        ATSwpWDF        (26970f26ebab7d5d1b795a3f9013cd80) C:\Windows\system32\DRIVERS\ATSwpWDF.sys

23:09:59.0855 4232        ATSwpWDF - ok

23:09:59.0949 4232        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

23:10:00.0058 4232        AudioEndpointBuilder - ok

23:10:00.0074 4232        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

23:10:00.0167 4232        AudioSrv - ok

23:10:00.0198 4232        avfwim          (f3a3859d006783a0e0d40e227e52c35c) C:\Windows\system32\DRIVERS\avfwim.sys

23:10:00.0214 4232        avfwim - ok

23:10:00.0245 4232        avfwot          (bc06315a7bdbcad0c7719d1c1306a4db) C:\Windows\system32\DRIVERS\avfwot.sys

23:10:00.0276 4232        avfwot - ok

23:10:00.0292 4232        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys

23:10:00.0308 4232        avgntflt - ok

23:10:00.0339 4232        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys

23:10:00.0370 4232        avipbb - ok

23:10:00.0370 4232        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

23:10:00.0401 4232        avkmgr - ok

23:10:00.0417 4232        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

23:10:00.0464 4232        AxInstSV - ok

23:10:00.0526 4232        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

23:10:00.0573 4232        b06bdrv - ok

23:10:00.0620 4232        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

23:10:00.0651 4232        b57nd60a - ok

23:10:00.0698 4232        BBSvc           (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

23:10:00.0729 4232        BBSvc - ok

23:10:00.0760 4232        BBUpdate        (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

23:10:00.0791 4232        BBUpdate - ok

23:10:00.0822 4232        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

23:10:00.0854 4232        BDESVC - ok

23:10:00.0869 4232        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

23:10:00.0947 4232        Beep - ok

23:10:01.0056 4232        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

23:10:01.0150 4232        BFE - ok

23:10:01.0275 4232        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

23:10:01.0384 4232        BITS - ok

23:10:01.0400 4232        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

23:10:01.0431 4232        blbdrive - ok

23:10:01.0556 4232        Bluetooth Device Monitor (2e251b39abea79351e5633e5a7c36be4) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

23:10:01.0602 4232        Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning

23:10:01.0602 4232        Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)

23:10:01.0758 4232        Bluetooth Media Service (1ec546f8b6222f1f984220c1324ea945) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

23:10:01.0821 4232        Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning

23:10:01.0821 4232        Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)

23:10:01.0868 4232        Bluetooth OBEX Service (adb9c79ccbef779d56a9ac931f9c8df0) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

23:10:01.0914 4232        Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning

23:10:01.0914 4232        Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)

23:10:01.0946 4232        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

23:10:01.0961 4232        bowser - ok

23:10:01.0977 4232        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

23:10:02.0008 4232        BrFiltLo - ok

23:10:02.0024 4232        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

23:10:02.0070 4232        BrFiltUp - ok

23:10:02.0086 4232        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

23:10:02.0180 4232        Browser - ok

23:10:02.0226 4232        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

23:10:02.0258 4232        Brserid - ok

23:10:02.0273 4232        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

23:10:02.0304 4232        BrSerWdm - ok

23:10:02.0320 4232        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

23:10:02.0367 4232        BrUsbMdm - ok

23:10:02.0367 4232        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

23:10:02.0398 4232        BrUsbSer - ok

23:10:02.0414 4232        BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

23:10:02.0460 4232        BthEnum - ok

23:10:02.0476 4232        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

23:10:02.0507 4232        BTHMODEM - ok

23:10:02.0538 4232        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

23:10:02.0570 4232        BthPan - ok

23:10:02.0648 4232        BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

23:10:02.0694 4232        BTHPORT - ok

23:10:02.0710 4232        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

23:10:02.0804 4232        bthserv - ok

23:10:02.0819 4232        BTHSSecurityMgr (68389d0aa570bd089fdf7802abbc0b8c) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

23:10:02.0850 4232        BTHSSecurityMgr - ok

23:10:02.0866 4232        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

23:10:02.0897 4232        BTHUSB - ok

23:10:02.0897 4232        btmaudio        (274e47bd9c1367bdbfa9df10c2e6c544) C:\Windows\system32\drivers\btmaud.sys

23:10:02.0928 4232        btmaudio - ok

23:10:02.0944 4232        btmaux          (76a1340adb32798d18394aa424d584e2) C:\Windows\system32\DRIVERS\btmaux.sys

23:10:02.0975 4232        btmaux - ok

23:10:03.0022 4232        btmhsf          (40c6fec49d1cc4d112368a2bcd2bcbb7) C:\Windows\system32\DRIVERS\btmhsf.sys

23:10:03.0053 4232        btmhsf - ok

23:10:03.0100 4232        cbfs3           (384e156a681cda71b4febb0e48be57a7) C:\Windows\system32\drivers\cbfs3.sys

23:10:03.0147 4232        cbfs3 - ok

23:10:03.0162 4232        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

23:10:03.0256 4232        cdfs - ok

23:10:03.0287 4232        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

23:10:03.0318 4232        cdrom - ok

23:10:03.0334 4232        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

23:10:03.0428 4232        CertPropSvc - ok

23:10:03.0443 4232        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

23:10:03.0474 4232        circlass - ok

23:10:03.0537 4232        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

23:10:03.0568 4232        CLFS - ok

23:10:03.0615 4232        CLKMSVC10_9EC60124 (4642b5a3e0d2e61d08163de95fc5b949) C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe

23:10:03.0646 4232        CLKMSVC10_9EC60124 - ok

23:10:03.0662 4232        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:10:03.0693 4232        clr_optimization_v2.0.50727_32 - ok

23:10:03.0708 4232        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:10:03.0740 4232        clr_optimization_v2.0.50727_64 - ok

23:10:03.0786 4232        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:10:03.0818 4232        clr_optimization_v4.0.30319_32 - ok

23:10:03.0849 4232        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:10:03.0880 4232        clr_optimization_v4.0.30319_64 - ok

23:10:03.0896 4232        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

23:10:03.0927 4232        CmBatt - ok

23:10:03.0927 4232        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

23:10:03.0958 4232        cmdide - ok

23:10:04.0020 4232        CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

23:10:04.0083 4232        CNG - ok

23:10:04.0083 4232        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

23:10:04.0114 4232        Compbatt - ok

23:10:04.0130 4232        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

23:10:04.0161 4232        CompositeBus - ok

23:10:04.0161 4232        COMSysApp - ok

23:10:04.0176 4232        cpuz130 - ok

23:10:04.0192 4232        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

23:10:04.0223 4232        crcdisk - ok

23:10:04.0254 4232        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

23:10:04.0286 4232        CryptSvc - ok

23:10:04.0364 4232        CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

23:10:04.0395 4232        CSC - ok

23:10:04.0488 4232        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

23:10:04.0551 4232        CscService - ok

23:10:04.0613 4232        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

23:10:04.0722 4232        DcomLaunch - ok

23:10:04.0769 4232        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

23:10:04.0863 4232        defragsvc - ok

23:10:04.0894 4232        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

23:10:04.0972 4232        DfsC - ok

23:10:05.0019 4232        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

23:10:05.0097 4232        Dhcp - ok

23:10:05.0112 4232        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

23:10:05.0190 4232        discache - ok

23:10:05.0206 4232        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

23:10:05.0222 4232        Disk - ok

23:10:05.0237 4232        dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

23:10:05.0268 4232        dmvsc - ok

23:10:05.0284 4232        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

23:10:05.0315 4232        Dnscache - ok

23:10:05.0362 4232        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

23:10:05.0440 4232        dot3svc - ok

23:10:05.0456 4232        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

23:10:05.0534 4232        DPS - ok

23:10:05.0549 4232        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

23:10:05.0580 4232        drmkaud - ok

23:10:05.0705 4232        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

23:10:05.0752 4232        DXGKrnl - ok

23:10:05.0783 4232        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

23:10:05.0877 4232        EapHost - ok

23:10:06.0111 4232        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

23:10:06.0236 4232        ebdrv - ok

23:10:06.0251 4232        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

23:10:06.0282 4232        EFS - ok

23:10:06.0376 4232        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

23:10:06.0438 4232        ehRecvr - ok

23:10:06.0454 4232        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

23:10:06.0501 4232        ehSched - ok

23:10:06.0563 4232        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

23:10:06.0610 4232        elxstor - ok

23:10:06.0610 4232        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

23:10:06.0657 4232        ErrDev - ok

23:10:06.0704 4232        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

23:10:06.0813 4232        EventSystem - ok

23:10:07.0016 4232        EvtEng          (88894171b312b829150cc7b25202d70a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

23:10:07.0109 4232        EvtEng - ok

23:10:07.0125 4232        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

23:10:07.0218 4232        exfat - ok

23:10:07.0234 4232        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

23:10:07.0343 4232        fastfat - ok

23:10:07.0421 4232        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

23:10:07.0484 4232        Fax - ok

23:10:07.0484 4232        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

23:10:07.0515 4232        fdc - ok

23:10:07.0530 4232        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

23:10:07.0624 4232        fdPHost - ok

23:10:07.0640 4232        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

23:10:07.0718 4232        FDResPub - ok

23:10:07.0733 4232        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

23:10:07.0764 4232        FileInfo - ok

23:10:07.0780 4232        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

23:10:07.0874 4232        Filetrace - ok

23:10:07.0967 4232        FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

23:10:08.0014 4232        FLEXnet Licensing Service - ok

23:10:08.0154 4232        FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

23:10:08.0217 4232        FLEXnet Licensing Service 64 - ok

23:10:08.0232 4232        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

23:10:08.0264 4232        flpydisk - ok

23:10:08.0310 4232        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

23:10:08.0342 4232        FltMgr - ok

23:10:08.0498 4232        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

23:10:08.0560 4232        FontCache - ok

23:10:08.0576 4232        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:10:08.0591 4232        FontCache3.0.0.0 - ok

23:10:08.0638 4232        FPLService      (8f46017c1442e25b2bed0377a4733ec1) C:\Program Files\TrueSuite\TrueSuite.Service.exe

23:10:08.0669 4232        FPLService - ok

23:10:08.0700 4232        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

23:10:08.0732 4232        FsDepends - ok

23:10:08.0732 4232        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

23:10:08.0763 4232        Fs_Rec - ok

23:10:08.0810 4232        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

23:10:08.0841 4232        fvevol - ok

23:10:08.0856 4232        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

23:10:08.0888 4232        gagp30kx - ok

23:10:08.0888 4232        gobi3kfilter    (9495607c14f345e9632b3e1c12cea7b0) C:\Windows\system32\DRIVERS\gobi3kfilter.sys

23:10:08.0919 4232        gobi3kfilter - ok

23:10:08.0981 4232        gobi3kmbb       (4cfac59c1203a3dba7c3dcfcdd503860) C:\Windows\system32\DRIVERS\gobi3kmbb.sys

23:10:09.0012 4232        gobi3kmbb - ok

23:10:09.0044 4232        gobi3kserial    (dbb405772f1c21cb7ed51593bad5880d) C:\Windows\system32\DRIVERS\gobi3kserial.sys

23:10:09.0075 4232        gobi3kserial - ok

23:10:09.0122 4232        GobiQDLService  (1808b4a32a781f152db731f1581aa81c) C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe

23:10:09.0137 4232        GobiQDLService ( UnsignedFile.Multi.Generic ) - warning

23:10:09.0137 4232        GobiQDLService - detected UnsignedFile.Multi.Generic (1)

23:10:09.0246 4232        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

23:10:09.0356 4232        gpsvc - ok

23:10:09.0371 4232        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

23:10:09.0402 4232        hcw85cir - ok

23:10:09.0449 4232        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

23:10:09.0496 4232        HdAudAddService - ok

23:10:09.0512 4232        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

23:10:09.0558 4232        HDAudBus - ok

23:10:09.0558 4232        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

23:10:09.0590 4232        HidBatt - ok

23:10:09.0605 4232        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

23:10:09.0652 4232        HidBth - ok

23:10:09.0668 4232        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

23:10:09.0699 4232        HidIr - ok

23:10:09.0714 4232        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

23:10:09.0792 4232        hidserv - ok

23:10:09.0808 4232        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

23:10:09.0839 4232        HidUsb - ok

23:10:09.0855 4232        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

23:10:09.0948 4232        hkmsvc - ok

23:10:09.0995 4232        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

23:10:10.0026 4232        HomeGroupListener - ok

23:10:10.0058 4232        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

23:10:10.0089 4232        HomeGroupProvider - ok

23:10:10.0104 4232        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

23:10:10.0136 4232        HpSAMD - ok

23:10:10.0229 4232        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

23:10:10.0338 4232        HTTP - ok

23:10:10.0354 4232        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

23:10:10.0370 4232        hwpolicy - ok

23:10:10.0401 4232        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

23:10:10.0432 4232        i8042prt - ok

23:10:10.0494 4232        iaStor          (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\drivers\iaStor.sys

23:10:10.0541 4232        iaStor - ok

23:10:10.0541 4232        IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

23:10:10.0557 4232        IAStorDataMgrSvc - ok

23:10:10.0619 4232        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

23:10:10.0666 4232        iaStorV - ok

23:10:10.0682 4232        iBtFltCoex      (fc47f5cf561bf0fd897efd1a9604dccf) C:\Windows\system32\DRIVERS\iBtFltCoex.sys

23:10:10.0697 4232        iBtFltCoex - ok

23:10:10.0916 4232        IconMan_R       (3cc7b3bb1a9ea201a040883edfaa67a0) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

23:10:11.0040 4232        IconMan_R - ok

23:10:11.0181 4232        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:10:11.0228 4232        idsvc - ok

23:10:11.0243 4232        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

23:10:11.0274 4232        iirsp - ok

23:10:11.0399 4232        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

23:10:11.0508 4232        IKEEXT - ok

23:10:11.0742 4232        IntcAzAudAddService (1b491f385ee96f9d9ee4cb430c8cd29e) C:\Windows\system32\drivers\RTKVHD64.sys

23:10:11.0867 4232        IntcAzAudAddService - ok

23:10:11.0930 4232        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

23:10:11.0961 4232        IntcDAud - ok

23:10:11.0961 4232        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

23:10:11.0992 4232        intelide - ok

23:10:12.0429 4232        intelkmd        (370c2a8629b30f910f740387795ddc6f) C:\Windows\system32\DRIVERS\igdpmd64.sys

23:10:12.0850 4232        intelkmd - ok

23:10:12.0897 4232        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

23:10:12.0912 4232        intelppm - ok

23:10:12.0944 4232        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

23:10:13.0037 4232        IPBusEnum - ok

23:10:13.0053 4232        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:10:13.0131 4232        IpFilterDriver - ok

23:10:13.0224 4232        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

23:10:13.0318 4232        iphlpsvc - ok

23:10:13.0334 4232        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

23:10:13.0365 4232        IPMIDRV - ok

23:10:13.0380 4232        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

23:10:13.0474 4232        IPNAT - ok

23:10:13.0490 4232        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

23:10:13.0536 4232        IRENUM - ok

23:10:13.0536 4232        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

23:10:13.0568 4232        isapnp - ok

23:10:13.0599 4232        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

23:10:13.0646 4232        iScsiPrt - ok

23:10:13.0646 4232        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

23:10:13.0677 4232        kbdclass - ok

23:10:13.0692 4232        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

23:10:13.0724 4232        kbdhid - ok

23:10:13.0724 4232        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:10:13.0755 4232        KeyIso - ok

23:10:13.0770 4232        KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

23:10:13.0802 4232        KSecDD - ok

23:10:13.0817 4232        KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

23:10:13.0848 4232        KSecPkg - ok

23:10:13.0864 4232        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

23:10:13.0942 4232        ksthunk - ok

23:10:14.0004 4232        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

23:10:14.0098 4232        KtmRm - ok

23:10:14.0145 4232        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

23:10:14.0238 4232        LanmanServer - ok

23:10:14.0254 4232        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

23:10:14.0348 4232        LanmanWorkstation - ok

23:10:14.0379 4232        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

23:10:14.0457 4232        lltdio - ok

23:10:14.0504 4232        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

23:10:14.0597 4232        lltdsvc - ok

23:10:14.0613 4232        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

23:10:14.0706 4232        lmhosts - ok

23:10:14.0769 4232        LMS             (e7859ba062db5e23c6dd34ad66b09f50) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

23:10:14.0800 4232        LMS - ok

23:10:14.0831 4232        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

23:10:14.0862 4232        LSI_FC - ok

23:10:14.0878 4232        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

23:10:14.0909 4232        LSI_SAS - ok

23:10:14.0925 4232        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

23:10:14.0940 4232        LSI_SAS2 - ok

23:10:14.0972 4232        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

23:10:15.0003 4232        LSI_SCSI - ok

23:10:15.0018 4232        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

23:10:15.0112 4232        luafv - ok

23:10:15.0112 4232        MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

23:10:15.0143 4232        MBAMProtector - ok

23:10:15.0221 4232        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

23:10:15.0268 4232        MBAMService - ok

23:10:15.0284 4232        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

23:10:15.0330 4232        Mcx2Svc - ok

23:10:15.0330 4232        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

23:10:15.0362 4232        megasas - ok

23:10:15.0408 4232        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

23:10:15.0440 4232        MegaSR - ok

23:10:15.0455 4232        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

23:10:15.0471 4232        MEIx64 - ok

23:10:15.0486 4232        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

23:10:15.0580 4232        MMCSS - ok

23:10:15.0596 4232        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

23:10:15.0689 4232        Modem - ok

23:10:15.0689 4232        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

23:10:15.0736 4232        monitor - ok

23:10:15.0752 4232        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

23:10:15.0767 4232        mouclass - ok

23:10:15.0783 4232        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

23:10:15.0814 4232        mouhid - ok

23:10:15.0830 4232        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

23:10:15.0861 4232        mountmgr - ok

23:10:15.0876 4232        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

23:10:15.0908 4232        MozillaMaintenance - ok

23:10:15.0939 4232        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

23:10:15.0970 4232        mpio - ok

23:10:15.0986 4232        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

23:10:16.0064 4232        mpsdrv - ok

23:10:16.0173 4232        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

23:10:16.0282 4232        MpsSvc - ok

23:10:16.0313 4232        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

23:10:16.0360 4232        MRxDAV - ok

23:10:16.0376 4232        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:10:16.0407 4232        mrxsmb - ok

23:10:16.0454 4232        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:10:16.0485 4232        mrxsmb10 - ok

23:10:16.0500 4232        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:10:16.0532 4232        mrxsmb20 - ok

23:10:16.0547 4232        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

23:10:16.0563 4232        msahci - ok

23:10:16.0594 4232        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

23:10:16.0625 4232        msdsm - ok

23:10:16.0641 4232        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

23:10:16.0688 4232        MSDTC - ok

23:10:16.0688 4232        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

23:10:16.0781 4232        Msfs - ok

23:10:16.0797 4232        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

23:10:16.0890 4232        mshidkmdf - ok

23:10:16.0890 4232        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

23:10:16.0922 4232        msisadrv - ok

23:10:16.0937 4232        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

23:10:17.0031 4232        MSiSCSI - ok

23:10:17.0046 4232        msiserver - ok

23:10:17.0046 4232        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

23:10:17.0140 4232        MSKSSRV - ok

23:10:17.0156 4232        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

23:10:17.0234 4232        MSPCLOCK - ok

23:10:17.0249 4232        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

23:10:17.0343 4232        MSPQM - ok

23:10:17.0374 4232        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

23:10:17.0421 4232        MsRPC - ok

23:10:17.0436 4232        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

23:10:17.0452 4232        mssmbios - ok

23:10:17.0468 4232        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

23:10:17.0561 4232        MSTEE - ok

23:10:17.0561 4232        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

23:10:17.0592 4232        MTConfig - ok

23:10:17.0608 4232        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

23:10:17.0639 4232        Mup - ok

23:10:17.0670 4232        mv61xx          (c40050b9eaf862edb166571b7a030e80) C:\Windows\system32\drivers\mv61xx.sys

23:10:17.0686 4232        mv61xx - ok

23:10:17.0748 4232        MyWiFiDHCPDNS   (c00f9a366c3cfa2f18ca7835e15e4c95) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

23:10:17.0780 4232        MyWiFiDHCPDNS - ok

23:10:17.0842 4232        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

23:10:17.0936 4232        napagent - ok

23:10:17.0982 4232        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

23:10:18.0029 4232        NativeWifiP - ok

23:10:18.0170 4232        NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

23:10:18.0232 4232        NDIS - ok

23:10:18.0248 4232        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

23:10:18.0341 4232        NdisCap - ok

23:10:18.0341 4232        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

23:10:18.0435 4232        NdisTapi - ok

23:10:18.0450 4232        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

23:10:18.0528 4232        Ndisuio - ok

23:10:18.0560 4232        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

23:10:18.0653 4232        NdisWan - ok

23:10:18.0669 4232        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

23:10:18.0747 4232        NDProxy - ok

23:10:18.0762 4232        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

23:10:18.0856 4232        NetBIOS - ok

23:10:18.0903 4232        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

23:10:18.0996 4232        NetBT - ok

23:10:18.0996 4232        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:10:19.0028 4232        Netlogon - ok

23:10:19.0090 4232        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

23:10:19.0184 4232        Netman - ok

23:10:19.0230 4232        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:10:19.0262 4232        NetMsmqActivator - ok

23:10:19.0262 4232        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:10:19.0293 4232        NetPipeActivator - ok

23:10:19.0355 4232        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

23:10:19.0449 4232        netprofm - ok

23:10:19.0464 4232        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:10:19.0496 4232        NetTcpActivator - ok

23:10:19.0496 4232        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:10:19.0527 4232        NetTcpPortSharing - ok

23:10:19.0901 4232        NETwNs64        (b25fe0fa523579b6fa327311a579866e) C:\Windows\system32\DRIVERS\NETwNs64.sys

23:10:20.0198 4232        NETwNs64 - ok

23:10:20.0229 4232        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

23:10:20.0260 4232        nfrd960 - ok

23:10:20.0307 4232        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

23:10:20.0400 4232        NlaSvc - ok

23:10:20.0416 4232        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

23:10:20.0510 4232        Npfs - ok

23:10:20.0525 4232        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

23:10:20.0603 4232        nsi - ok

23:10:20.0619 4232        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

23:10:20.0712 4232        nsiproxy - ok

23:10:20.0915 4232        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

23:10:21.0009 4232        Ntfs - ok

23:10:21.0024 4232        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

23:10:21.0118 4232        Null - ok

23:10:21.0134 4232        nusb3hub        (b227e75ad10a142dd326b4cc8d73a6d9) C:\Windows\system32\DRIVERS\nusb3hub.sys

23:10:21.0165 4232        nusb3hub - ok

23:10:21.0196 4232        nusb3xhc        (55959db860e4e484681586824d09e52c) C:\Windows\system32\DRIVERS\nusb3xhc.sys

23:10:21.0227 4232        nusb3xhc - ok

23:10:21.0258 4232        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

23:10:21.0274 4232        nvraid - ok

23:10:21.0305 4232        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

23:10:21.0336 4232        nvstor - ok

23:10:21.0368 4232        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

23:10:21.0399 4232        nv_agp - ok

23:10:21.0461 4232        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

23:10:21.0492 4232        odserv - ok

23:10:21.0508 4232        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

23:10:21.0539 4232        ohci1394 - ok

23:10:21.0555 4232        ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:10:21.0586 4232        ose - ok

23:10:21.0633 4232        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

23:10:21.0680 4232        p2pimsvc - ok

23:10:21.0726 4232        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

23:10:21.0773 4232        p2psvc - ok

23:10:21.0789 4232        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

23:10:21.0820 4232        Parport - ok

23:10:21.0836 4232        partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

23:10:21.0867 4232        partmgr - ok

23:10:21.0898 4232        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

23:10:21.0945 4232        PcaSvc - ok

23:10:21.0976 4232        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

23:10:22.0007 4232        pci - ok

23:10:22.0007 4232        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

23:10:22.0038 4232        pciide - ok

23:10:22.0085 4232        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

23:10:22.0116 4232        pcmcia - ok

23:10:22.0132 4232        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

23:10:22.0148 4232        pcw - ok

23:10:22.0241 4232        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

23:10:22.0350 4232        PEAUTH - ok

23:10:22.0506 4232        PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

23:10:22.0569 4232        PeerDistSvc - ok

23:10:22.0647 4232        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

23:10:22.0678 4232        PerfHost - ok

23:10:22.0881 4232        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

23:10:23.0006 4232        pla - ok

23:10:23.0084 4232        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

23:10:23.0115 4232        PlugPlay - ok

23:10:23.0130 4232        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

23:10:23.0162 4232        PNRPAutoReg - ok

23:10:23.0177 4232        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

23:10:23.0208 4232        PNRPsvc - ok

23:10:23.0286 4232        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

23:10:23.0380 4232        PolicyAgent - ok

23:10:23.0427 4232        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

23:10:23.0520 4232        Power - ok

23:10:23.0536 4232        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

23:10:23.0630 4232        PptpMiniport - ok

23:10:23.0645 4232        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

23:10:23.0676 4232        Processor - ok

23:10:23.0708 4232        ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

23:10:23.0739 4232        ProfSvc - ok

23:10:23.0754 4232        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:10:23.0786 4232        ProtectedStorage - ok

23:10:23.0801 4232        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

23:10:23.0895 4232        Psched - ok

23:10:23.0910 4232        PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

23:10:23.0926 4232        PxHlpa64 - ok

23:10:24.0113 4232        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

23:10:24.0207 4232        ql2300 - ok

23:10:24.0238 4232        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

23:10:24.0269 4232        ql40xx - ok

23:10:24.0300 4232        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

23:10:24.0347 4232        QWAVE - ok

23:10:24.0363 4232        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

23:10:24.0410 4232        QWAVEdrv - ok

23:10:24.0410 4232        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

23:10:24.0503 4232        RasAcd - ok

23:10:24.0519 4232        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

23:10:24.0612 4232        RasAgileVpn - ok

23:10:24.0628 4232        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

23:10:24.0722 4232        RasAuto - ok

23:10:24.0737 4232        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:10:24.0831 4232        Rasl2tp - ok

23:10:24.0893 4232        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

23:10:24.0987 4232        RasMan - ok

23:10:25.0018 4232        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

23:10:25.0112 4232        RasPppoe - ok

23:10:25.0127 4232        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

23:10:25.0205 4232        RasSstp - ok

23:10:25.0252 4232        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

23:10:25.0346 4232        rdbss - ok

23:10:25.0361 4232        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

23:10:25.0392 4232        rdpbus - ok

23:10:25.0408 4232        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:10:25.0486 4232        RDPCDD - ok

23:10:25.0517 4232        RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

23:10:25.0548 4232        RDPDR - ok

23:10:25.0564 4232        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

23:10:25.0642 4232        RDPENCDD - ok

23:10:25.0658 4232        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

23:10:25.0751 4232        RDPREFMP - ok

23:10:25.0782 4232        RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

23:10:25.0814 4232        RDPWD - ok

23:10:25.0845 4232        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

23:10:25.0876 4232        rdyboost - ok

23:10:25.0985 4232        RegSrvc         (79b2095737f44d9573de9850d3571c37) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

23:10:26.0048 4232        RegSrvc - ok

23:10:26.0063 4232        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

23:10:26.0157 4232        RemoteAccess - ok

23:10:26.0188 4232        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

23:10:26.0282 4232        RemoteRegistry - ok

23:10:26.0313 4232        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

23:10:26.0344 4232        RFCOMM - ok

23:10:26.0391 4232        Roxio UPnP Renderer 10 (65226131770b22ef24fb869ad821de47) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

23:10:26.0422 4232        Roxio UPnP Renderer 10 - ok

23:10:26.0484 4232        Roxio Upnp Server 10 (2a3d24e83e5f63bf4a0220fdd23457cb) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe

23:10:26.0516 4232        Roxio Upnp Server 10 - ok

23:10:26.0531 4232        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

23:10:26.0625 4232        RpcEptMapper - ok

23:10:26.0625 4232        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

23:10:26.0672 4232        RpcLocator - ok

23:10:26.0734 4232        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

23:10:26.0828 4232        RpcSs - ok

23:10:26.0890 4232        RSPCIESTOR      (ebbfa2b4e317af86e93fec4c04d7a9b3) C:\Windows\system32\DRIVERS\RtsPStor.sys

23:10:26.0921 4232        RSPCIESTOR - ok

23:10:26.0937 4232        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

23:10:27.0030 4232        rspndr - ok

23:10:27.0077 4232        RTHDMIAzAudService (c618475866f6a7129f64a55961c1bb8b) C:\Windows\system32\drivers\RtHDMIVX.sys

23:10:27.0108 4232        RTHDMIAzAudService - ok

23:10:27.0140 4232        RtkAudioService (40d3496d401e5852c9a4d856d20b5475) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

23:10:27.0155 4232        RtkAudioService - ok

23:10:27.0218 4232        RTL8167         (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys

23:10:27.0249 4232        RTL8167 - ok

23:10:27.0264 4232        s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

23:10:27.0296 4232        s3cap - ok

23:10:27.0311 4232        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:10:27.0342 4232        SamSs - ok

23:10:27.0342 4232        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

23:10:27.0374 4232        sbp2port - ok

23:10:27.0405 4232        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

23:10:27.0498 4232        SCardSvr - ok

23:10:27.0514 4232        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

23:10:27.0592 4232        scfilter - ok

23:10:27.0748 4232        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

23:10:27.0873 4232        Schedule - ok

23:10:27.0888 4232        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

23:10:27.0966 4232        SCPolicySvc - ok

23:10:27.0998 4232        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

23:10:28.0044 4232        SDRSVC - ok

23:10:28.0044 4232        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

23:10:28.0138 4232        secdrv - ok

23:10:28.0154 4232        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

23:10:28.0232 4232        seclogon - ok

23:10:28.0263 4232        Securepoint VPN (74509c9c64f531d96865c7cdb7e3df5a) C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe

23:10:28.0278 4232        Securepoint VPN - ok

23:10:28.0294 4232        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

23:10:28.0388 4232        SENS - ok

23:10:28.0403 4232        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

23:10:28.0434 4232        SensrSvc - ok

23:10:28.0450 4232        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

23:10:28.0481 4232        Serenum - ok

23:10:28.0481 4232        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

23:10:28.0512 4232        Serial - ok

23:10:28.0528 4232        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

23:10:28.0559 4232        sermouse - ok

23:10:28.0590 4232        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

23:10:28.0684 4232        SessionEnv - ok

23:10:28.0684 4232        SFEP            (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys

23:10:28.0715 4232        SFEP - ok

23:10:28.0715 4232        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

23:10:28.0762 4232        sffdisk - ok

23:10:28.0762 4232        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

23:10:28.0809 4232        sffp_mmc - ok

23:10:28.0809 4232        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

23:10:28.0840 4232        sffp_sd - ok

23:10:28.0856 4232        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

23:10:28.0887 4232        sfloppy - ok

23:10:28.0934 4232        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

23:10:29.0027 4232        SharedAccess - ok

23:10:29.0090 4232        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

23:10:29.0183 4232        ShellHWDetection - ok

23:10:29.0199 4232        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

23:10:29.0230 4232        SiSRaid2 - ok

23:10:29.0230 4232        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

23:10:29.0261 4232        SiSRaid4 - ok

23:10:29.0277 4232        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

23:10:29.0370 4232        Smb - ok

23:10:29.0386 4232        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

23:10:29.0417 4232        SNMPTRAP - ok

23:10:29.0433 4232        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

23:10:29.0448 4232        spldr - ok

23:10:29.0526 4232        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

23:10:29.0636 4232        Spooler - ok

23:10:30.0057 4232        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

23:10:30.0244 4232        sppsvc - ok

23:10:30.0291 4232        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

23:10:30.0384 4232        sppuinotify - ok

23:10:30.0447 4232        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

23:10:30.0494 4232        srv - ok

23:10:30.0556 4232        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

23:10:30.0587 4232        srv2 - ok

23:10:30.0618 4232        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

23:10:30.0650 4232        srvnet - ok

23:10:30.0681 4232        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

23:10:30.0774 4232        SSDPSRV - ok

23:10:30.0790 4232        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

23:10:30.0884 4232        SstpSvc - ok

23:10:30.0899 4232        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

23:10:30.0915 4232        stexstor - ok

23:10:31.0008 4232        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

23:10:31.0071 4232        stisvc - ok

23:10:31.0086 4232        storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

23:10:31.0118 4232        storflt - ok

23:10:31.0133 4232        StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

23:10:31.0164 4232        StorSvc - ok

23:10:31.0164 4232        storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

23:10:31.0196 4232        storvsc - ok

23:10:31.0196 4232        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

23:10:31.0227 4232        swenum - ok

23:10:31.0305 4232        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

23:10:31.0414 4232        swprv - ok

23:10:31.0476 4232        SynTP           (d6efc1aeb1f6cec033c004b936679330) C:\Windows\system32\DRIVERS\SynTP.sys

23:10:31.0508 4232        SynTP - ok

23:10:31.0742 4232        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

23:10:31.0835 4232        SysMain - ok

23:10:31.0866 4232        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

23:10:31.0913 4232        TabletInputService - ok

23:10:31.0913 4232        tap0901         (bcd6a90d6fd757ce9c29ddc850f7f231) C:\Windows\system32\DRIVERS\tap0901.sys

23:10:31.0944 4232        tap0901 - ok

23:10:31.0991 4232        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

23:10:32.0085 4232        TapiSrv - ok

23:10:32.0100 4232        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

23:10:32.0194 4232        TBS - ok

23:10:32.0397 4232        Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

23:10:32.0522 4232        Tcpip - ok

23:10:32.0600 4232        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

23:10:32.0693 4232        TCPIP6 - ok

23:10:32.0724 4232        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

23:10:32.0802 4232        tcpipreg - ok

23:10:32.0818 4232        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

23:10:32.0834 4232        TDPIPE - ok

23:10:32.0849 4232        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

23:10:32.0865 4232        TDTCP - ok

23:10:32.0896 4232        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

23:10:32.0958 4232        tdx - ok

23:10:32.0974 4232        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

23:10:33.0005 4232        TermDD - ok

23:10:33.0083 4232        TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

23:10:33.0177 4232        TermService - ok

23:10:33.0192 4232        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

23:10:33.0224 4232        Themes - ok

23:10:33.0255 4232        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

23:10:33.0333 4232        THREADORDER - ok

23:10:33.0348 4232        TPM             (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys

23:10:33.0380 4232        TPM - ok

23:10:33.0411 4232        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

23:10:33.0504 4232        TrkWks - ok

23:10:33.0536 4232        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

23:10:33.0629 4232        TrustedInstaller - ok

23:10:33.0645 4232        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:10:33.0723 4232        tssecsrv - ok

23:10:33.0738 4232        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

23:10:33.0770 4232        TsUsbFlt - ok

23:10:33.0785 4232        TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

23:10:33.0801 4232        TsUsbGD - ok

23:10:33.0832 4232        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

23:10:33.0926 4232        tunnel - ok

23:10:33.0941 4232        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

23:10:33.0972 4232        uagp35 - ok

23:10:34.0019 4232        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

23:10:34.0113 4232        udfs - ok

23:10:34.0128 4232        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

23:10:34.0175 4232        UI0Detect - ok

23:10:34.0175 4232        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

23:10:34.0206 4232        uliagpkx - ok

23:10:34.0222 4232        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

23:10:34.0253 4232        umbus - ok

23:10:34.0253 4232        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

23:10:34.0284 4232        UmPass - ok

23:10:34.0316 4232        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

23:10:34.0362 4232        UmRdpService - ok

23:10:34.0690 4232        UNS             (e91f8afbd7fb96c94b266579d6bfa77a) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

23:10:34.0815 4232        UNS - ok

23:10:34.0893 4232        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

23:10:34.0986 4232        upnphost - ok

23:10:35.0018 4232        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

23:10:35.0049 4232        usbccgp - ok

23:10:35.0064 4232        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

23:10:35.0096 4232        usbcir - ok

23:10:35.0111 4232        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

23:10:35.0142 4232        usbehci - ok

23:10:35.0189 4232        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys

23:10:35.0236 4232        usbhub - ok

23:10:35.0236 4232        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

23:10:35.0267 4232        usbohci - ok

23:10:35.0283 4232        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

23:10:35.0314 4232        usbprint - ok

23:10:35.0330 4232        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:10:35.0376 4232        USBSTOR - ok

23:10:35.0376 4232        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

23:10:35.0408 4232        usbuhci - ok

23:10:35.0439 4232        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

23:10:35.0470 4232        usbvideo - ok

23:10:35.0486 4232        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

23:10:35.0579 4232        UxSms - ok

23:10:35.0595 4232        VAIO Event Service (dcb1f83ad167d16d263ce57c94e9eedf) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

23:10:35.0626 4232        VAIO Event Service - ok

23:10:35.0704 4232        VAIO Power Management (a0ae3b86395b5038a4af988826a20430) C:\Program Files\Sony\VAIO Power Management\SPMService.exe

23:10:35.0766 4232        VAIO Power Management - ok

23:10:35.0766 4232        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:10:35.0798 4232        VaultSvc - ok

23:10:35.0813 4232        VCService       (d347d3abe070aa09c22fc37121555d52) C:\Program Files\Sony\VAIO Care\VCService.exe

23:10:35.0829 4232        VCService - ok

23:10:35.0844 4232        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

23:10:35.0876 4232        vdrvroot - ok

23:10:35.0938 4232        vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

23:10:36.0047 4232        vds - ok

23:10:36.0063 4232        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

23:10:36.0094 4232        vga - ok

23:10:36.0110 4232        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

23:10:36.0188 4232        VgaSave - ok

23:10:36.0234 4232        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

23:10:36.0250 4232        vhdmp - ok

23:10:36.0266 4232        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

23:10:36.0281 4232        viaide - ok

23:10:36.0312 4232        vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

23:10:36.0344 4232        vmbus - ok

23:10:36.0359 4232        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

23:10:36.0375 4232        VMBusHID - ok

23:10:36.0390 4232        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

23:10:36.0406 4232        volmgr - ok

23:10:36.0468 4232        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

23:10:36.0515 4232        volmgrx - ok

23:10:36.0562 4232        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

23:10:36.0593 4232        volsnap - ok

23:10:36.0624 4232        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

23:10:36.0656 4232        vsmraid - ok

23:10:36.0780 4232        VSNService      (b9547dbc7db6ef5e3149e3e7165a5ca6) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

23:10:36.0874 4232        VSNService - ok

23:10:37.0061 4232        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

23:10:37.0202 4232        VSS - ok

23:10:37.0373 4232        VUAgent         (fb4a1695d2d74f9c92ca5e84795cdbe1) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

23:10:37.0436 4232        VUAgent - ok

23:10:37.0467 4232        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

23:10:37.0514 4232        vwifibus - ok

23:10:37.0529 4232        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

23:10:37.0560 4232        vwififlt - ok

23:10:37.0576 4232        vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

23:10:37.0607 4232        vwifimp - ok

23:10:37.0623 4232        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

23:10:37.0701 4232        W32Time - ok

23:10:37.0716 4232        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

23:10:37.0748 4232        WacomPen - ok

23:10:37.0763 4232        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:10:37.0857 4232        WANARP - ok

23:10:37.0857 4232        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:10:37.0950 4232        Wanarpv6 - ok

23:10:38.0013 4232        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

23:10:38.0091 4232        wbengine - ok

23:10:38.0122 4232        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

23:10:38.0169 4232        WbioSrvc - ok

23:10:38.0184 4232        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

23:10:38.0247 4232        wcncsvc - ok

23:10:38.0247 4232        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

23:10:38.0294 4232        WcsPlugInService - ok

23:10:38.0294 4232        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

23:10:38.0325 4232        Wd - ok

23:10:38.0418 4232        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

23:10:38.0465 4232        Wdf01000 - ok

23:10:38.0465 4232        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

23:10:38.0543 4232        WdiServiceHost - ok

23:10:38.0559 4232        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

23:10:38.0606 4232        WdiSystemHost - ok

23:10:38.0621 4232        wdkmd           (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys

23:10:38.0637 4232        wdkmd - ok

23:10:38.0652 4232        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

23:10:38.0715 4232        WebClient - ok

23:10:38.0730 4232        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

23:10:38.0824 4232        Wecsvc - ok

23:10:38.0840 4232        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

23:10:38.0933 4232        wercplsupport - ok

23:10:38.0949 4232        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

23:10:39.0042 4232        WerSvc - ok

23:10:39.0058 4232        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

23:10:39.0136 4232        WfpLwf - ok

23:10:39.0152 4232        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

23:10:39.0183 4232        WIMMount - ok

23:10:39.0183 4232        WinDefend - ok

23:10:39.0198 4232        WinHttpAutoProxySvc - ok

23:10:39.0261 4232        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

23:10:39.0354 4232        Winmgmt - ok

23:10:39.0620 4232        WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

23:10:39.0760 4232        WinRM - ok

23:10:39.0900 4232        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

23:10:39.0978 4232        Wlansvc - ok

23:10:39.0994 4232        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

23:10:40.0010 4232        wlcrasvc - ok

23:10:40.0244 4232        wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

23:10:40.0353 4232        wlidsvc - ok

23:10:40.0368 4232        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

23:10:40.0400 4232        WmiAcpi - ok

23:10:40.0446 4232        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

23:10:40.0478 4232        wmiApSrv - ok

23:10:40.0478 4232        WMPNetworkSvc - ok

23:10:40.0493 4232        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

23:10:40.0524 4232        WPCSvc - ok

23:10:40.0556 4232        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

23:10:40.0587 4232        WPDBusEnum - ok

23:10:40.0602 4232        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

23:10:40.0680 4232        ws2ifsl - ok

23:10:40.0712 4232        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

23:10:40.0758 4232        wscsvc - ok

23:10:40.0758 4232        WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

23:10:40.0805 4232        WSDPrintDevice - ok

23:10:40.0805 4232        WSDScan         (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys

23:10:40.0852 4232        WSDScan - ok

23:10:40.0852 4232        WSearch - ok

23:10:40.0914 4232        WTGService      (205025f9793e4db64d939a526cd42bee) C:\Program Files (x86)\OneClickInternet\WTGService.exe

23:10:40.0946 4232        WTGService - ok

23:10:41.0148 4232        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

23:10:41.0289 4232        wuauserv - ok

23:10:41.0320 4232        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

23:10:41.0398 4232        WudfPf - ok

23:10:41.0429 4232        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:10:41.0523 4232        WUDFRd - ok

23:10:41.0554 4232        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

23:10:41.0632 4232        wudfsvc - ok

23:10:41.0679 4232        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

23:10:41.0726 4232        WwanSvc - ok

23:10:41.0772 4232        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

23:10:41.0882 4232        \Device\Harddisk0\DR0 - ok

23:10:41.0897 4232        Boot (0x1200)   (9874043b9785a7af60e9227bfdd44321) \Device\Harddisk0\DR0\Partition0

23:10:41.0897 4232        \Device\Harddisk0\DR0\Partition0 - ok

23:10:41.0897 4232        Boot (0x1200)   (383d232ee8f2e8f5d5268621ad8b4dc2) \Device\Harddisk0\DR0\Partition1

23:10:41.0897 4232        \Device\Harddisk0\DR0\Partition1 - ok

23:10:41.0913 4232        ============================================================

23:10:41.0913 4232        Scan finished

23:10:41.0913 4232        ============================================================

23:10:41.0928 1408        Detected object count: 4

23:10:41.0928 1408        Actual detected object count: 4

23:10:59.0744 1408        Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user

23:10:59.0744 1408        Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:10:59.0744 1408        Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user

23:10:59.0744 1408        Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:10:59.0759 1408        Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user

23:10:59.0759 1408        Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:10:59.0759 1408        GobiQDLService ( UnsignedFile.Multi.Generic ) - skipped by user

23:10:59.0759 1408        GobiQDLService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Musste ab und an das Touchpad antippen, weil das Notebook sonst in den Ruhezustand gegangen wäre...
[code]
Combofix Logfile:

Code:

ComboFix 12-07-13.03 - ** 14.07.2012   0:36.1.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8108.6018 [GMT 2:00]

ausgeführt von:: c:\users\**\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

.

c:\windows\SysWow64\Drivers\atapi.sys . . . ist infiziert!!

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-06-13 bis 2012-07-13  ))))))))))))))))))))))))))))))

.

.

2012-07-13 20:06 . 2012-07-13 20:06        --------        d-----w-        C:\_OTL

2012-07-11 18:07 . 2012-06-12 03:08        3148800        ----a-w-        c:\windows\system32\win32k.sys

2012-07-11 18:01 . 2012-06-02 11:57        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2012-07-11 18:01 . 2012-06-02 08:16        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2012-07-11 05:16 . 2012-06-06 06:06        2004480        ----a-w-        c:\windows\system32\msxml6.dll

2012-07-07 07:24 . 2010-02-23 08:16        294912        ----a-w-        c:\windows\system32\browserchoice.exe

2012-07-06 19:42 . 2012-07-06 19:42        --------        d-----w-        c:\program files (x86)\ESET

2012-07-06 19:26 . 2012-07-06 19:26        --------        d-----w-        c:\programdata\Malwarebytes

2012-07-06 19:26 . 2012-07-06 19:26        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-06 19:26 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-07-03 10:02 . 2012-07-03 10:06        --------        d-----w-        c:\programdata\FLEXnet

2012-07-03 09:43 . 2012-07-03 09:43        --------        d-----w-        c:\programdata\ALM

2012-07-03 09:35 . 2008-04-07 03:38        24416        ----a-r-        c:\windows\system32\AdobePDFUI.dll

2012-07-03 09:27 . 2012-07-03 09:27        --------        d-----w-        c:\windows\SysWow64\spool

2012-07-03 09:27 . 2012-07-03 09:27        --------        d-----w-        c:\program files (x86)\Adobe Media Player

2012-07-03 09:25 . 2012-07-03 09:25        --------        d-----w-        c:\program files\Common Files\Macrovision Shared

2012-07-03 09:25 . 2012-07-03 09:48        --------        d-----w-        c:\program files\Common Files\Adobe

2012-07-03 09:23 . 2012-07-03 09:23        --------        d-----w-        c:\program files (x86)\Common Files\Macrovision Shared

2012-07-02 22:30 . 2012-06-09 08:28        --------        d-----w-        c:\program files (x86)\Tor Browser

2012-07-02 22:18 . 2012-07-02 22:18        --------        d-----w-        c:\program files (x86)\Common Files\Java

2012-07-02 22:18 . 2012-07-02 22:18        476936        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll

2012-07-02 22:04 . 2012-07-03 10:27        --------        d-----w-        c:\program files (x86)\Microsoft Works

2012-07-02 22:04 . 2012-07-02 22:04        --------        d-----w-        c:\windows\PCHEALTH

2012-07-02 22:03 . 2012-07-02 22:03        --------        d-----r-        C:\MSOCache

2012-07-02 15:42 . 2012-07-02 15:42        --------        d-----w-        c:\programdata\Microsoft SkyDrive

2012-07-02 14:07 . 2012-07-02 14:07        466456        ----a-w-        c:\windows\system32\wrap_oal.dll

2012-07-02 14:07 . 2012-07-02 14:07        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll

2012-07-02 14:07 . 2012-07-02 14:07        122904        ----a-w-        c:\windows\system32\OpenAL32.dll

2012-07-02 14:07 . 2012-07-02 14:07        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll

2012-07-02 14:07 . 2012-07-02 14:07        --------        d-----w-        c:\program files (x86)\OpenAL

2012-07-02 14:07 . 2012-07-02 14:07        --------        d-----w-        c:\program files (x86)\Common Files\Futuremark Shared

2012-07-02 14:06 . 2012-07-02 14:06        --------        d-----w-        c:\program files (x86)\Futuremark

2012-07-02 08:04 . 2012-07-02 08:37        --------        d-----w-        c:\programdata\TrueSuite

2012-07-02 08:03 . 2012-07-02 08:04        --------        d-----w-        c:\program files\TrueSuite

2012-07-02 08:03 . 2012-07-02 08:03        --------        d-----w-        c:\windows\system32\wocaffe

2012-07-01 00:40 . 2012-07-01 00:40        --------        d-----w-        c:\program files (x86)\Klipfolio

2012-06-30 18:08 . 2011-04-28 03:55        552960        ----a-w-        c:\windows\system32\drivers\bthport.sys

2012-06-30 18:08 . 2011-04-28 03:54        80384        ----a-w-        c:\windows\system32\drivers\BTHUSB.SYS

2012-06-30 14:45 . 2012-06-30 14:45        --------        d--h--w-        c:\windows\system32\CanonIJ Uninstaller Information

2012-06-30 14:45 . 2012-06-30 14:45        --------        d--h--w-        c:\programdata\CanonBJ

2012-06-30 14:45 . 2010-10-18 03:00        88576        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\CNMPPAN.DLL

2012-06-30 14:45 . 2010-10-18 03:00        29696        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\CNMPDAN.DLL

2012-06-30 14:44 . 2012-06-30 14:44        --------        d--h--w-        c:\programdata\CanonIJFAX

2012-06-30 14:44 . 2010-11-12 03:00        302080        ----a-w-        c:\windows\system32\CNCALAN.DLL

2012-06-30 14:44 . 2010-10-18 03:00        374784        ----a-w-        c:\windows\system32\CNMLMAN.DLL

2012-06-30 14:42 . 2012-06-30 14:42        --------        d-----w-        c:\program files\Canon

2012-06-30 14:42 . 2012-06-30 14:42        --------        d-----w-        c:\program files (x86)\Canon

2012-06-30 09:30 . 2012-06-30 09:30        --------        d-----w-        c:\program files (x86)\Opera

2012-06-30 07:04 . 2012-06-30 07:03        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2012-06-30 07:04 . 2012-06-30 07:03        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-06-30 07:04 . 2012-06-30 07:03        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-06-30 07:04 . 2012-06-30 07:03        139360        ----a-w-        c:\windows\system32\drivers\avfwot.sys

2012-06-30 07:04 . 2012-06-30 07:03        114128        ----a-w-        c:\windows\system32\drivers\avfwim.sys

2012-06-30 07:04 . 2012-06-30 07:04        --------        d-----w-        c:\programdata\Avira

2012-06-30 07:04 . 2012-06-30 07:04        --------        d-----w-        c:\program files (x86)\Avira

2012-06-30 07:00 . 2012-06-30 07:00        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service

2012-06-30 06:59 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll

2012-06-30 06:59 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll

2012-06-30 06:59 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys

2012-06-30 02:01 . 2012-06-30 02:01        --------        d-----w-        c:\program files (x86)\MSXML 4.0

2012-06-30 01:41 . 2012-06-30 01:41        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help

2012-06-30 01:29 . 2012-03-01 06:46        23408        ----a-w-        c:\windows\system32\drivers\fs_rec.sys

2012-06-30 01:29 . 2012-03-01 06:33        81408        ----a-w-        c:\windows\system32\imagehlp.dll

2012-06-30 01:29 . 2012-03-01 05:33        159232        ----a-w-        c:\windows\SysWow64\imagehlp.dll

2012-06-30 01:29 . 2012-03-01 06:38        220672        ----a-w-        c:\windows\system32\wintrust.dll

2012-06-30 01:29 . 2012-03-01 06:28        5120        ----a-w-        c:\windows\system32\wmi.dll

2012-06-30 01:29 . 2012-03-01 05:37        172544        ----a-w-        c:\windows\SysWow64\wintrust.dll

2012-06-30 01:29 . 2012-03-01 05:29        5120        ----a-w-        c:\windows\SysWow64\wmi.dll

2012-06-30 01:08 . 2011-10-01 05:45        886784        ----a-w-        c:\program files\Common Files\System\wab32.dll

2012-06-30 01:07 . 2011-07-16 05:37        421888        ----a-w-        c:\windows\system32\KernelBase.dll

2012-06-29 21:17 . 2012-06-29 21:18        --------        d-----w-        c:\program files (x86)\Pidgin

2012-06-29 19:46 . 2012-06-29 19:46        --------        d-----w-        c:\program files (x86)\Securepoint SSL VPN

2012-06-29 16:55 . 2009-09-05 18:28        69632        ----a-w-        c:\windows\cadSSaver.scr

2012-06-29 16:55 . 2003-01-27 12:27        94208        ----a-w-        c:\windows\SysWow64\wmpuice.dll

2012-06-29 16:55 . 2012-06-29 16:55        --------        d-----w-        c:\program files (x86)\CD Art Display

2012-06-29 13:01 . 2012-07-11 18:07        --------        d-----w-        c:\programdata\Microsoft Help

2012-06-29 12:18 . 2012-06-29 12:18        --------        d-----w-        c:\program files (x86)\KeePass Password Safe 2

2012-06-29 12:09 . 2012-06-29 12:09        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird

2012-06-29 11:59 . 2012-06-07 09:24        352144        ----a-w-        c:\windows\system32\drivers\cbfs3.sys

2012-06-29 11:59 . 2012-06-07 09:24        223760        ----a-w-        c:\windows\SysWow64\CbFsNetRdr3.dll

2012-06-29 11:59 . 2012-06-07 09:24        190480        ----a-w-        c:\windows\system32\CbFsMntNtf3.dll

2012-06-29 11:59 . 2012-06-07 09:24        158224        ----a-w-        c:\windows\SysWow64\CbFsMntNtf3.dll

2012-06-29 11:59 . 2012-06-07 09:24        141328        ----a-w-        c:\windows\system32\CbFsNetRdr3.dll

2012-06-29 11:59 . 2012-06-29 11:59        --------        d-----w-        c:\program files (x86)\BoxCryptor

2012-06-29 11:44 . 2012-06-29 11:44        68880        ----a-w-        c:\windows\SysWow64\SynTPEnhPS.dll

2012-06-29 11:44 . 2012-06-29 11:44        422160        ----a-w-        c:\windows\system32\SynCOM.dll

2012-06-29 11:44 . 2012-06-29 11:44        421136        ----a-w-        c:\windows\system32\drivers\SynTP.sys

2012-06-29 11:44 . 2012-06-29 11:44        280336        ----a-w-        c:\windows\system32\SynCtrl.dll

2012-06-29 11:44 . 2012-06-29 11:44        229648        ----a-w-        c:\windows\system32\SynTPAPI.dll

2012-06-29 11:44 . 2012-06-29 11:44        224528        ----a-w-        c:\windows\SysWow64\SynCtrl.dll

2012-06-29 11:44 . 2012-06-29 11:44        183568        ----a-w-        c:\windows\SysWow64\SynCOM.dll

2012-06-29 11:44 . 2012-06-29 11:44        150800        ----a-w-        c:\windows\system32\SynTPCo9.dll

2012-06-29 11:44 . 2012-06-29 11:44        113936        ----a-w-        c:\windows\SysWow64\SynTPCOM.dll

2012-06-29 11:44 . 2012-06-29 11:44        1048576        ----a-w-        c:\windows\system32\syndata.bin

2012-06-29 11:40 . 2012-06-29 11:40        --------        d-----w-        c:\programdata\Intel

2012-06-29 11:39 . 2012-06-29 11:39        --------        d-----w-        c:\program files (x86)\Cisco

2012-06-29 11:39 . 2012-01-03 02:21        9888872        ----a-w-        c:\windows\SysWow64\RtsPStorIcon.dll

2012-06-29 11:31 . 2012-07-12 12:30        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-29 11:31 . 2012-07-12 12:30        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-29 11:31 . 2012-06-29 11:31        --------        d-----w-        c:\windows\system32\Macromed

2012-06-29 11:29 . 2012-07-13 14:15        --------        d-----w-        C:\Update

2012-06-29 11:25 . 2012-06-29 11:25        --------        d-----w-        c:\windows\system32\appmgmt

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-02 22:18 . 2011-10-18 08:29        472840        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-06-30 06:58 . 2010-06-24 09:33        19736        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-05-23 11:57 . 2012-05-23 11:57        14696        ----a-w-        c:\windows\system32\drivers\mv61xxmm.sys

2012-05-23 11:57 . 2012-05-23 11:57        183144        ----a-w-        c:\windows\system32\drivers\mv61xx.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-07-12 20:29        220632        ----a-w-        c:\users\**\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-07-12 20:29        220632        ----a-w-        c:\users\**\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-07-12 20:29        220632        ----a-w-        c:\users\**\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]

@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"

[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]

2012-06-07 09:24        158224        ----a-w-        c:\windows\SysWOW64\CbFsMntNtf3.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Klipfolio"="c:\program files (x86)\Klipfolio\Klipfolio.exe" [2012-07-01 1749224]

"SkyDrive"="c:\users\**\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-07-12 238552]

"Spotify Web Helper"="c:\users\**\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-29 1192664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"VAIO Boot Manager"="c:\program files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [2011-05-18 2101896]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-06-30 348624]

"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

BoxCryptor.lnk - c:\program files (x86)\BoxCryptor\BoxCryptor.exe [2012-6-22 1288264]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-11-14 921664]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-11-14 995392]

R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/10/18 10:39;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-03-02 240112]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2010-02-24 362992]

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2011-12-12 195072]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-11-14 1355840]

R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-11-14 51712]

R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-11-14 84480]

R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 327168]

R3 cpuz130;cpuz130;c:\users\**\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-07-03 1038088]

R3 gobi3kfilter;Qualcomm Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\DRIVERS\gobi3kfilter.sys [2010-12-13 34304]

R3 gobi3kmbb;Qualcomm Gobi 3000 USB-NDIS 6.20 miniport;c:\windows\system32\DRIVERS\gobi3kmbb.sys [2010-12-14 399360]

R3 gobi3kserial;Qualcomm Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\gobi3kserial.sys [2010-12-13 233984]

R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-01-04 340240]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2010-02-24 313840]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2012-05-23 183144]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-06-30 139360]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-06-30 27760]

S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-06-07 352144]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 ActiveDelayDeviceService;ActiveDelayDeviceService;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [2011-05-18 75912]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-31 203776]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-12 661504]

S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-06-30 619472]

S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-06-30 375760]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-06-30 86224]

S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-06-30 465360]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-13 135952]

S2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe [2011-04-26 294216]

S2 GobiQDLService;Qualcomm Gobi Anywhere Download Service;c:\program files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe [2011-03-04 318464]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-07 2429544]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-06-10 199272]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 Securepoint VPN;Securepoint VPN;c:\program files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe [2010-11-22 142216]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-03-29 2656280]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-04-28 552584]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-01-12 960152]

S2 WTGService;WTGService;c:\program files (x86)\OneClickInternet\WTGService.exe [2011-03-09 342984]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-31 9259520]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-31 307712]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-12-12 195072]

S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2011-01-27 894240]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-06-30 114128]

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-05-31 317440]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-05-31 12262624]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2011-03-29 56344]

S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-12-12 8616448]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-10-25 96768]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-10-25 213504]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-01-03 340072]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-21 425064]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-04-08 42392]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 44561361

*NewlyCreated* - MV61XX

*Deregistered* - 44561361

*Deregistered* - CLKMDRV10_9EC60124

.

Inhalt des "geplante Tasks" Ordners

.

2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 12:30]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-07-12 20:29        244688        ----a-w-        c:\users\**\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-07-12 20:29        244688        ----a-w-        c:\users\**\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-07-12 20:29        244688        ----a-w-        c:\users\**\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]

@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"

[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]

2012-06-07 09:24        190480        ----a-w-        c:\windows\System32\CbFsMntNtf3.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-31 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-31 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-31 418840]

"vncutil"="c:\program files\Realtek\Audio\HDA\vncutil64.exe" [2011-06-10 562792]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-10 11817576]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-11-14 10358784]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]

"ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 421192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.sony.eu/vaioportal

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: An vorhandenes PDF anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{93188D7E-3597-4D3E-89DB-B9C7EF547B6F}: NameServer = 193.189.244.225 193.189.244.206

FF - ProfilePath - c:\users\**\AppData\Roaming\Mozilla\Firefox\Profiles\gjci9y9t.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-07-14  00:52:35

ComboFix-quarantined-files.txt  2012-07-13 22:52

.

Vor Suchlauf: 13 Verzeichnis(se), 78.740.590.592 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 78.935.879.680 Bytes frei

.

- - End Of File - - F0BA083952D9CBDCA018B9FAC5E60F64

--- --- ---

Hey nochmals, hatte gerade Zeit und habe wegen des ComboFix-Logs mit Systemlook gemäß Board-Anleitung nach atapi.sys gesucht. Hier das Ergebnis, vielleicht hilft das ja ;)

Code:

SystemLook 30.07.11 by jpshortstuff

Log created at 10:48 on 14/07/2012 by SH

Administrator - Elevation successful
 

========== filefind ==========
 

Searching for "atapi.sys"

C:\Windows\erdnt\cache64\atapi.sys        --a---- 24128 bytes        [22:49 13/07/2012]        [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C

C:\Windows\System32\drivers\atapi.sys        --a---- 24128 bytes        [23:19 13/07/2009]        [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys        --a---- 24128 bytes        [23:19 13/07/2009]        [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C

C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys        --a---- 24128 bytes        [23:19 13/07/2009]        [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
 

-= EOF =-

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

FCopy::

C:\Windows\erdnt\cache64\atapi.sys | C:\Windows\SysWow64\Drivers\atapi.sys
 

Filelook::

C:\Windows\SysWow64\Drivers\atapi.sys

C:\Windows\erdnt\cache64\atapi.sys

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Ok, hier kommt das Log. Dazu sollte ich erwähnen, dass ich heute Vormittag "Samsung Kies" installiert habe.