probleme mit der internetverbindung

christian83 · 29.03.2012, 21:54

hab probleme mit der internetverbindung (startseite verändert bzw wird gar keine vebindung hergestellt )

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.23.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
lenovo :: LENOVO-PC [Administrator]

Schutz: Deaktiviert

23.03.2012 23:04:28
mbam-log-2012-03-23 (23-04-28).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 289949
Laufzeit: 16 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 13
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoodsApp.appCore.1 (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoodsApp.appCore (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\f (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoods.dskBnd.1 (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoods.dskBnd (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PDF Reader (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.FunMoods) -> Daten: Funmoods Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsApp.dll (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsEng.dll (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodssrv.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\uninstall.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\PDFReader\Uninstall\Uninstall.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\lenovo\Downloads\PDFReaderSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

seitdem hab ich das problem. wäre echt klasse wenn mir jemand helfen könnte. danke im voraus!
mfg christian

cosinus · 30.03.2012, 17:31

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

christian83 · 30.03.2012, 21:45

Hallo Arne, danke das du mir erneut hilfst.

Kann den browser nicht als admin starten. Hab mir den Müll auch mit dem admin Konto eingefangen

cosinus · 30.03.2012, 23:01

Und was soll da nicht gehen? Rechtsklick auf FF => als Admin ausführen

christian83 · 31.03.2012, 09:27

Gestern Abend gings nicht, bekam Meldungen wie z.B. "Can not get update. Is proxy configured" oder "Unexpected Error 2002". Habe
es
eben wieder versucht, oh wunder es klappte. Eset hat aber nichts gefunden. Im Google Browser wird immernoch Funmoods als Startseite angezeigt u die Verbindung hat sich auch nicht verbessert.Wie gehts weiter?

cosinus · 02.04.2012, 09:40

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

christian83 · 02.04.2012, 20:29

Code:

ATTFilter

OTL logfile created on: 02.04.2012 21:09:46 - Run 13
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\christian\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 4,58 Gb Available Physical Memory | 76,63% Memory free
11,96 Gb Paging File | 10,37 Gb Available in Paging File | 86,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906,34 Gb Total Space | 827,83 Gb Free Space | 91,34% Space Free | Partition Type: NTFS
Drive D: | 702,82 Mb Total Space | 675,87 Mb Free Space | 96,17% Space Free | Partition Type: UDF
Drive E: | 15,55 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: LENOVO-PC | User Name: lenovo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\christian\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe (Advanced Micro Devices, Inc.)
PRC - C:\Windows\jmesoft\JME_LOAD.exe ()
PRC - C:\Windows\jmesoft\hotkey.exe (Lenovo)
PRC - C:\Windows\jmesoft\Service.exe ()
PRC - C:\Programme\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Lenovo\Lenovo Brightness System\ddcHelperWraper.dll ()
MOD - C:\Programme\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll ()
MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dll ()
MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\VideoPlayer.dll ()
MOD - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Windows\jmesoft\VistaVolume.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (JME Keyboard) -- C:\Windows\jmesoft\Service.exe ()
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x64\Sandra.sys File not found
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ewusbmbb) -- C:\Windows\SysNative\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (e1cexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WinI2C-DDC) -- C:\Windows\SysNative\drivers\ddcdrv.sys (Nicomsoft Ltd.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WinI2C-DDC) -- C:\Windows\SysWOW64\drivers\ddcdrv.sys (Nicomsoft Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND
IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data]
IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 99 F3 71 AF 91 CE CC 01  [binary data]
IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LEND_de__464
IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND
IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data]
IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 20 03 0A 18 F7 CC 01  [binary data]
IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 03:23:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.03.04 04:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lenovo\AppData\Roaming\Mozilla\Extensions
[2012.03.24 08:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\extensions
[2012.03.24 13:08:05 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\extensions\ffxtlbr@funmoods.com
[2012.03.23 23:08:47 | 000,001,800 | ---- | M] () -- C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\searchplugins\funmoods.xml
[2012.03.04 04:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.18 03:23:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search (Enabled)
CHR - default_search_provider: search_url = hxxp://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2012.01.15 10:58:47 | 000,000,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo)
O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe ()
O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1475071530-2637788333-518923065-1001..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-1475071530-2637788333-518923065-1001..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1475071530-2637788333-518923065-1002..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\lenovo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\lenovo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\lenovo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\lenovo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACDB1B37-0C37-4216-A783-09D154660FE9}: NameServer = 212.23.115.148 212.23.97.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB83DF5F-F9AD-499A-A299-95C8071DDE3E}: NameServer = 212.23.115.148 212.23.97.3
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.09.19 03:12:34 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{67467fd0-408f-11e1-8d3c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{67467fd0-408f-11e1-8d3c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8514c23f-349f-11e1-a42f-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{8514c23f-349f-11e1-a42f-001e101f9843}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9fcf2571-333d-11e1-9a5e-c89cdc7604d6}\Shell - "" = AutoRun
O33 - MountPoints2\{9fcf2571-333d-11e1-9a5e-c89cdc7604d6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9fcf2580-333d-11e1-9a5e-c89cdc7604d6}\Shell - "" = AutoRun
O33 - MountPoints2\{9fcf2580-333d-11e1-9a5e-c89cdc7604d6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: mcui_exe - hkey= - key= -  File not found
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.26 23:01:47 | 000,000,000 | ---D | C] -- C:\music
[2012.03.23 23:10:43 | 000,000,000 | ---D | C] -- C:\Users\lenovo\AppData\Roaming\SumatraPDF
[2012.03.17 00:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.03.17 00:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.03.10 07:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2012.03.04 04:41:58 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2012.03.04 04:27:38 | 000,000,000 | ---D | C] -- C:\Users\lenovo\AppData\Roaming\Mozilla
[2012.03.04 04:27:38 | 000,000,000 | ---D | C] -- C:\Users\lenovo\AppData\Local\Mozilla
[2012.03.04 04:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011.10.22 01:25:37 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.02 20:56:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.04.02 20:40:27 | 000,028,112 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.02 20:40:27 | 000,028,112 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.02 20:40:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.02 20:37:34 | 001,506,546 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.04.02 20:37:34 | 000,656,472 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.04.02 20:37:34 | 000,618,354 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.04.02 20:37:34 | 000,130,986 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.04.02 20:37:34 | 000,107,376 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.04.02 20:35:17 | 000,122,567 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012.04.02 20:34:41 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.02 20:33:10 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2012.04.02 20:33:02 | 523,018,239 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.31 04:46:58 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.17 00:20:53 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.03.15 18:05:32 | 000,283,104 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.03.04 04:27:33 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.17 00:20:53 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.03.04 04:27:32 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.31 04:06:01 | 001,532,588 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.12.31 03:55:39 | 000,007,597 | ---- | C] () -- C:\Users\lenovo\AppData\Local\Resmon.ResmonCfg
[2011.10.22 01:55:06 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2011.10.22 01:55:06 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2011.10.22 01:01:43 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.07.15 04:44:54 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011.06.11 08:45:16 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011.02.12 21:35:47 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2012.01.12 16:58:11 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\DVDVideoSoft
[2012.02.11 20:50:20 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\LSoft Technologies
[2012.01.24 19:22:15 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\SoftGrid Client
[2012.02.06 18:30:08 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\WinPatrol
[2012.01.15 14:42:51 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\DVDVideoSoft
[2012.01.12 16:55:23 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.06 02:24:44 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\GlarySoft
[2012.01.24 09:06:50 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\SoftGrid Client
[2012.03.23 23:10:43 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\SumatraPDF
[2012.01.24 08:57:10 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\TP
[2012.02.05 19:53:51 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\WinPatrol
[2012.03.04 12:05:49 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.31 04:09:40 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\Adobe
[2011.12.24 20:06:47 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\ATI
[2011.12.31 12:43:02 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\CyberLink
[2012.01.15 14:42:51 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\DVDVideoSoft
[2012.01.12 16:55:23 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.06 02:24:44 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\GlarySoft
[2012.01.01 19:53:53 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\Google
[2011.12.24 20:04:15 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\Identities
[2011.12.31 04:09:40 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\Macromedia
[2011.12.31 15:57:48 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\Malwarebytes
[2011.02.15 12:41:29 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\Media Center Programs
[2012.02.13 18:42:00 | 000,000,000 | --SD | M] -- C:\Users\lenovo\AppData\Roaming\Microsoft
[2012.03.04 04:27:44 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\Mozilla
[2012.01.24 09:06:50 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\SoftGrid Client
[2012.03.23 23:10:43 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\SumatraPDF
[2012.01.29 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\SUPERAntiSpyware.com
[2012.01.24 08:57:10 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\TP
[2012.03.24 13:08:07 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\vlc
[2012.02.05 19:53:51 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\WinPatrol
[2012.01.07 16:19:26 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
[2012.01.08 07:15:44 | 000,458,608 | ---- | M] (McAfee Inc.) -- C:\MVTInstaller.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\lenovo\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120116T204809774251\internal_ide_channel\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\lenovo\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120119T195636948898\internal_ide_channel\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\lenovo\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120123T184238514081\internal_ide_channel\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\lenovo\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120124T110313659123\internal_ide_channel\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.10.22 01:39:06 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.10.22 01:39:06 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011.10.22 01:39:06 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.10.22 01:39:06 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.10.22 01:39:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.10.22 01:39:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011.10.22 01:39:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.10.22 01:39:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

Danke das du dir die Zeit nimmst

cosinus · 03.04.2012, 14:00

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
CHR - default_search_provider: search_url = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
[2012.03.24 13:08:05 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\extensions\ffxtlbr@funmoods.com
[2012.03.23 23:08:47 | 000,001,800 | ---- | M] () -- C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\searchplugins\funmoods.xml
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\S-1-5-21-1475071530-2637788333-518923065-1002..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O33 - MountPoints2\{67467fd0-408f-11e1-8d3c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{67467fd0-408f-11e1-8d3c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8514c23f-349f-11e1-a42f-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{8514c23f-349f-11e1-a42f-001e101f9843}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9fcf2571-333d-11e1-9a5e-c89cdc7604d6}\Shell - "" = AutoRun
O33 - MountPoints2\{9fcf2571-333d-11e1-9a5e-c89cdc7604d6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9fcf2580-333d-11e1-9a5e-c89cdc7604d6}\Shell - "" = AutoRun
O33 - MountPoints2\{9fcf2580-333d-11e1-9a5e-c89cdc7604d6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

christian83 · 03.04.2012, 17:28

So hier der Log bitte:

Code:

ATTFilter

All processes killed
========== OTL ==========
Unable to fix default_search_provider items.
C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs folder moved successfully.
C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\extensions\ffxtlbr@funmoods.com\content\imgs folder moved successfully.
C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\extensions\ffxtlbr@funmoods.com\content folder moved successfully.
C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\extensions\ffxtlbr@funmoods.com folder moved successfully.
C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\searchplugins\funmoods.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1475071530-2637788333-518923065-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1475071530-2637788333-518923065-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1475071530-2637788333-518923065-1002\Software\Microsoft\Windows\CurrentVersion\Run\\SandboxieControl deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67467fd0-408f-11e1-8d3c-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67467fd0-408f-11e1-8d3c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67467fd0-408f-11e1-8d3c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67467fd0-408f-11e1-8d3c-806e6f6e6963}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8514c23f-349f-11e1-a42f-001e101f9843}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8514c23f-349f-11e1-a42f-001e101f9843}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8514c23f-349f-11e1-a42f-001e101f9843}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8514c23f-349f-11e1-a42f-001e101f9843}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fcf2571-333d-11e1-9a5e-c89cdc7604d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9fcf2571-333d-11e1-9a5e-c89cdc7604d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fcf2571-333d-11e1-9a5e-c89cdc7604d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9fcf2571-333d-11e1-9a5e-c89cdc7604d6}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fcf2580-333d-11e1-9a5e-c89cdc7604d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9fcf2580-333d-11e1-9a5e-c89cdc7604d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fcf2580-333d-11e1-9a5e-c89cdc7604d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9fcf2580-333d-11e1-9a5e-c89cdc7604d6}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
ADS C:\ProgramData\Temp:5C321E34 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: christian
->Temp folder emptied: 604797 bytes
->Temporary Internet Files folder emptied: 1223121 bytes
->FireFox cache emptied: 195845406 bytes
->Google Chrome cache emptied: 102678346 bytes
->Flash cache emptied: 2416 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: lenovo
->Temp folder emptied: 561 bytes
->Temporary Internet Files folder emptied: 124763 bytes
->FireFox cache emptied: 50422629 bytes
->Google Chrome cache emptied: 10649793 bytes
->Flash cache emptied: 470 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 445857 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 345,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: christian
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: lenovo
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04032012_173407

Files\Folders moved on Reboot...
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. C:\Users\christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Users\lenovo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 03.04.2012, 19:13

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

christian83 · 03.04.2012, 20:51

Hier der Log bitte:

Code:

ATTFilter

21:22:18.0219 5584	TDSS rootkit removing tool 2.7.25.0 Apr  3 2012 13:42:32
21:22:18.0225 5584	============================================================
21:22:18.0225 5584	Current date / time: 2012/04/03 21:22:18.0225
21:22:18.0225 5584	SystemInfo:
21:22:18.0225 5584	
21:22:18.0225 5584	OS Version: 6.1.7601 ServicePack: 1.0
21:22:18.0225 5584	Product type: Workstation
21:22:18.0225 5584	ComputerName: LENOVO-PC
21:22:18.0225 5584	UserName: lenovo
21:22:18.0225 5584	Windows directory: C:\windows
21:22:18.0225 5584	System windows directory: C:\windows
21:22:18.0225 5584	Running under WOW64
21:22:18.0225 5584	Processor architecture: Intel x64
21:22:18.0225 5584	Number of processors: 4
21:22:18.0225 5584	Page size: 0x1000
21:22:18.0225 5584	Boot type: Normal boot
21:22:18.0225 5584	============================================================
21:22:19.0197 5584	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:22:19.0208 5584	\Device\Harddisk0\DR0:
21:22:19.0208 5584	MBR used
21:22:19.0208 5584	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:22:19.0208 5584	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x714AE800
21:22:19.0217 5584	Initialize success
21:22:19.0217 5584	============================================================
21:23:46.0481 4184	============================================================
21:23:46.0481 4184	Scan started
21:23:46.0481 4184	Mode: Manual; SigCheck; TDLFS; 
21:23:46.0481 4184	============================================================
21:23:46.0680 4184	!SASCORE        (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:23:46.0727 4184	!SASCORE - ok
21:23:46.0806 4184	1394ohci        (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
21:23:46.0839 4184	1394ohci - ok
21:23:46.0864 4184	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
21:23:46.0878 4184	ACPI - ok
21:23:46.0896 4184	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
21:23:46.0924 4184	AcpiPmi - ok
21:23:47.0007 4184	AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:23:47.0020 4184	AdobeFlashPlayerUpdateSvc - ok
21:23:47.0095 4184	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
21:23:47.0114 4184	adp94xx - ok
21:23:47.0154 4184	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
21:23:47.0168 4184	adpahci - ok
21:23:47.0184 4184	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
21:23:47.0195 4184	adpu320 - ok
21:23:47.0225 4184	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
21:23:47.0274 4184	AeLookupSvc - ok
21:23:47.0342 4184	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
21:23:47.0360 4184	AFD - ok
21:23:47.0384 4184	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
21:23:47.0389 4184	agp440 - ok
21:23:47.0407 4184	ALG             (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
21:23:47.0414 4184	ALG - ok
21:23:47.0456 4184	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
21:23:47.0462 4184	aliide - ok
21:23:47.0495 4184	AMD External Events Utility (bced2ac6f52aedf56ed91790981eee93) C:\windows\system32\atiesrxx.exe
21:23:47.0525 4184	AMD External Events Utility - ok
21:23:47.0571 4184	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
21:23:47.0577 4184	amdide - ok
21:23:47.0612 4184	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
21:23:47.0647 4184	AmdK8 - ok
21:23:47.0796 4184	amdkmdag        (cc21dd0277eb60a509fb7c88c512e852) C:\windows\system32\DRIVERS\atikmdag.sys
21:23:47.0937 4184	amdkmdag - ok
21:23:47.0996 4184	amdkmdap        (f3de27fec3c674ff24104673682b7b31) C:\windows\system32\DRIVERS\atikmpag.sys
21:23:48.0027 4184	amdkmdap - ok
21:23:48.0076 4184	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
21:23:48.0094 4184	AmdPPM - ok
21:23:48.0122 4184	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
21:23:48.0131 4184	amdsata - ok
21:23:48.0146 4184	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
21:23:48.0156 4184	amdsbs - ok
21:23:48.0169 4184	amdxata         (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
21:23:48.0174 4184	amdxata - ok
21:23:48.0235 4184	AppID           (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
21:23:48.0275 4184	AppID - ok
21:23:48.0312 4184	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
21:23:48.0362 4184	AppIDSvc - ok
21:23:48.0387 4184	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
21:23:48.0421 4184	Appinfo - ok
21:23:48.0481 4184	arc             (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
21:23:48.0489 4184	arc - ok
21:23:48.0515 4184	arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
21:23:48.0524 4184	arcsas - ok
21:23:48.0548 4184	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
21:23:48.0587 4184	AsyncMac - ok
21:23:48.0600 4184	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
21:23:48.0604 4184	atapi - ok
21:23:48.0663 4184	AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\windows\system32\drivers\AtihdW76.sys
21:23:48.0700 4184	AtiHDAudioService - ok
21:23:48.0879 4184	atikmdag        (cc21dd0277eb60a509fb7c88c512e852) C:\windows\system32\DRIVERS\atikmdag.sys
21:23:48.0954 4184	atikmdag - ok
21:23:48.0998 4184	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:23:49.0060 4184	AudioEndpointBuilder - ok
21:23:49.0070 4184	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:23:49.0096 4184	AudioSrv - ok
21:23:49.0168 4184	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
21:23:49.0204 4184	AxInstSV - ok
21:23:49.0246 4184	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
21:23:49.0275 4184	b06bdrv - ok
21:23:49.0310 4184	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
21:23:49.0333 4184	b57nd60a - ok
21:23:49.0410 4184	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
21:23:49.0431 4184	BDESVC - ok
21:23:49.0462 4184	Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
21:23:49.0504 4184	Beep - ok
21:23:49.0541 4184	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
21:23:49.0580 4184	BFE - ok
21:23:49.0612 4184	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
21:23:49.0656 4184	BITS - ok
21:23:49.0732 4184	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
21:23:49.0752 4184	blbdrive - ok
21:23:49.0794 4184	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
21:23:49.0818 4184	bowser - ok
21:23:49.0858 4184	BPntDrv         (aaa4f992f879977a000fe8b8c730cd2c) C:\windows\system32\drivers\BPntDrv.sys
21:23:49.0866 4184	BPntDrv - ok
21:23:49.0880 4184	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
21:23:49.0902 4184	BrFiltLo - ok
21:23:49.0922 4184	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
21:23:49.0936 4184	BrFiltUp - ok
21:23:49.0993 4184	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
21:23:50.0039 4184	Browser - ok
21:23:50.0081 4184	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
21:23:50.0104 4184	Brserid - ok
21:23:50.0127 4184	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
21:23:50.0150 4184	BrSerWdm - ok
21:23:50.0172 4184	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
21:23:50.0197 4184	BrUsbMdm - ok
21:23:50.0243 4184	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
21:23:50.0261 4184	BrUsbSer - ok
21:23:50.0277 4184	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
21:23:50.0303 4184	BTHMODEM - ok
21:23:50.0342 4184	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
21:23:50.0374 4184	bthserv - ok
21:23:50.0414 4184	cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
21:23:50.0459 4184	cdfs - ok
21:23:50.0527 4184	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
21:23:50.0551 4184	cdrom - ok
21:23:50.0585 4184	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:23:50.0632 4184	CertPropSvc - ok
21:23:50.0666 4184	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
21:23:50.0686 4184	circlass - ok
21:23:50.0710 4184	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
21:23:50.0725 4184	CLFS - ok
21:23:50.0766 4184	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:23:50.0775 4184	clr_optimization_v2.0.50727_32 - ok
21:23:50.0819 4184	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:23:50.0827 4184	clr_optimization_v2.0.50727_64 - ok
21:23:50.0871 4184	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:23:50.0882 4184	clr_optimization_v4.0.30319_32 - ok
21:23:50.0910 4184	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:23:50.0920 4184	clr_optimization_v4.0.30319_64 - ok
21:23:50.0976 4184	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys
21:23:50.0996 4184	CmBatt - ok
21:23:51.0032 4184	cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
21:23:51.0039 4184	cmdide - ok
21:23:51.0076 4184	CNG             (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
21:23:51.0109 4184	CNG - ok
21:23:51.0124 4184	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
21:23:51.0130 4184	Compbatt - ok
21:23:51.0187 4184	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
21:23:51.0210 4184	CompositeBus - ok
21:23:51.0246 4184	COMSysApp - ok
21:23:51.0269 4184	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
21:23:51.0276 4184	crcdisk - ok
21:23:51.0309 4184	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
21:23:51.0357 4184	CryptSvc - ok
21:23:51.0434 4184	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:23:51.0458 4184	cvhsvc - ok
21:23:51.0525 4184	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:23:51.0569 4184	DcomLaunch - ok
21:23:51.0603 4184	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
21:23:51.0636 4184	defragsvc - ok
21:23:51.0670 4184	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
21:23:51.0707 4184	DfsC - ok
21:23:51.0767 4184	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
21:23:51.0821 4184	Dhcp - ok
21:23:51.0847 4184	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
21:23:51.0893 4184	discache - ok
21:23:51.0941 4184	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
21:23:51.0948 4184	Disk - ok
21:23:52.0005 4184	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
21:23:52.0017 4184	Dnscache - ok
21:23:52.0047 4184	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
21:23:52.0100 4184	dot3svc - ok
21:23:52.0121 4184	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
21:23:52.0152 4184	DPS - ok
21:23:52.0196 4184	drmkaud         (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
21:23:52.0221 4184	drmkaud - ok
21:23:52.0283 4184	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
21:23:52.0306 4184	DXGKrnl - ok
21:23:52.0336 4184	e1cexpress      (6bafd9819d9fec2edbaebc8493c711a4) C:\windows\system32\DRIVERS\e1c62x64.sys
21:23:52.0344 4184	e1cexpress - ok
21:23:52.0370 4184	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
21:23:52.0420 4184	EapHost - ok
21:23:52.0503 4184	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
21:23:52.0563 4184	ebdrv - ok
21:23:52.0618 4184	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
21:23:52.0640 4184	EFS - ok
21:23:52.0689 4184	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
21:23:52.0712 4184	ehRecvr - ok
21:23:52.0732 4184	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
21:23:52.0744 4184	ehSched - ok
21:23:52.0792 4184	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
21:23:52.0811 4184	elxstor - ok
21:23:52.0822 4184	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
21:23:52.0840 4184	ErrDev - ok
21:23:52.0913 4184	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
21:23:52.0971 4184	EventSystem - ok
21:23:53.0025 4184	ewusbmbb        (f673e476eae320ad07278396a05b4aac) C:\windows\system32\DRIVERS\ewusbwwan.sys
21:23:53.0039 4184	ewusbmbb - ok
21:23:53.0081 4184	ewusbnet - ok
21:23:53.0106 4184	ew_hwusbdev     (86f7951bbcee4a86e79a97306bd14318) C:\windows\system32\DRIVERS\ew_hwusbdev.sys
21:23:53.0121 4184	ew_hwusbdev - ok
21:23:53.0191 4184	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
21:23:53.0224 4184	exfat - ok
21:23:53.0243 4184	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
21:23:53.0282 4184	fastfat - ok
21:23:53.0320 4184	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
21:23:53.0351 4184	Fax - ok
21:23:53.0381 4184	fbfmon          (3191aca33088ee2481044fc0db736442) C:\windows\system32\drivers\fbfmon.sys
21:23:53.0390 4184	fbfmon - ok
21:23:53.0445 4184	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
21:23:53.0463 4184	fdc - ok
21:23:53.0487 4184	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
21:23:53.0533 4184	fdPHost - ok
21:23:53.0557 4184	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
21:23:53.0579 4184	FDResPub - ok
21:23:53.0590 4184	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
21:23:53.0595 4184	FileInfo - ok
21:23:53.0609 4184	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
21:23:53.0635 4184	Filetrace - ok
21:23:53.0686 4184	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
21:23:53.0695 4184	flpydisk - ok
21:23:53.0711 4184	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
21:23:53.0722 4184	FltMgr - ok
21:23:53.0755 4184	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
21:23:53.0790 4184	FontCache - ok
21:23:53.0841 4184	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:23:53.0848 4184	FontCache3.0.0.0 - ok
21:23:53.0912 4184	FsDepends       (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
21:23:53.0920 4184	FsDepends - ok
21:23:53.0962 4184	fssfltr         (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\windows\system32\DRIVERS\fssfltr.sys
21:23:53.0969 4184	fssfltr - ok
21:23:54.0040 4184	fsssvc          (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:23:54.0073 4184	fsssvc - ok
21:23:54.0138 4184	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
21:23:54.0144 4184	Fs_Rec - ok
21:23:54.0167 4184	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
21:23:54.0179 4184	fvevol - ok
21:23:54.0203 4184	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
21:23:54.0209 4184	gagp30kx - ok
21:23:54.0235 4184	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
21:23:54.0277 4184	gpsvc - ok
21:23:54.0319 4184	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:23:54.0327 4184	gupdate - ok
21:23:54.0372 4184	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:23:54.0380 4184	gupdatem - ok
21:23:54.0446 4184	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
21:23:54.0463 4184	hcw85cir - ok
21:23:54.0488 4184	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
21:23:54.0517 4184	HdAudAddService - ok
21:23:54.0564 4184	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
21:23:54.0587 4184	HDAudBus - ok
21:23:54.0655 4184	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
21:23:54.0665 4184	HidBatt - ok
21:23:54.0679 4184	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
21:23:54.0706 4184	HidBth - ok
21:23:54.0725 4184	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
21:23:54.0738 4184	HidIr - ok
21:23:54.0752 4184	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
21:23:54.0784 4184	hidserv - ok
21:23:54.0858 4184	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
21:23:54.0867 4184	HidUsb - ok
21:23:54.0882 4184	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
21:23:54.0930 4184	hkmsvc - ok
21:23:54.0948 4184	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
21:23:54.0968 4184	HomeGroupListener - ok
21:23:54.0997 4184	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
21:23:55.0017 4184	HomeGroupProvider - ok
21:23:55.0090 4184	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
21:23:55.0098 4184	HpSAMD - ok
21:23:55.0120 4184	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
21:23:55.0175 4184	HTTP - ok
21:23:55.0221 4184	hwdatacard      (48bd20f0d9de15000d2f4fe1a927aea2) C:\windows\system32\DRIVERS\ewusbmdm.sys
21:23:55.0246 4184	hwdatacard - ok
21:23:55.0324 4184	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
21:23:55.0330 4184	hwpolicy - ok
21:23:55.0339 4184	hwusbdev - ok
21:23:55.0391 4184	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
21:23:55.0402 4184	i8042prt - ok
21:23:55.0421 4184	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
21:23:55.0437 4184	iaStorV - ok
21:23:55.0500 4184	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:23:55.0526 4184	idsvc - ok
21:23:55.0588 4184	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
21:23:55.0595 4184	iirsp - ok
21:23:55.0632 4184	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
21:23:55.0695 4184	IKEEXT - ok
21:23:55.0767 4184	IntcAzAudAddService (62c93abec0f8a9a235bf7a86b9fc3a0c) C:\windows\system32\drivers\RTKVHD64.sys
21:23:55.0806 4184	IntcAzAudAddService - ok
21:23:55.0866 4184	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
21:23:55.0873 4184	intelide - ok
21:23:55.0894 4184	intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
21:23:55.0914 4184	intelppm - ok
21:23:55.0960 4184	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
21:23:56.0009 4184	IPBusEnum - ok
21:23:56.0028 4184	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:23:56.0054 4184	IpFilterDriver - ok
21:23:56.0071 4184	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
21:23:56.0111 4184	iphlpsvc - ok
21:23:56.0182 4184	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
21:23:56.0206 4184	IPMIDRV - ok
21:23:56.0215 4184	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
21:23:56.0248 4184	IPNAT - ok
21:23:56.0274 4184	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
21:23:56.0289 4184	IRENUM - ok
21:23:56.0311 4184	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
21:23:56.0317 4184	isapnp - ok
21:23:56.0382 4184	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
21:23:56.0395 4184	iScsiPrt - ok
21:23:56.0433 4184	JME Keyboard    (1ded0d0aa513e2a5862b20a520d3a1e1) C:\Windows\jmesoft\Service.exe
21:23:56.0448 4184	JME Keyboard ( UnsignedFile.Multi.Generic ) - warning
21:23:56.0448 4184	JME Keyboard - detected UnsignedFile.Multi.Generic (1)
21:23:56.0479 4184	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
21:23:56.0486 4184	kbdclass - ok
21:23:56.0508 4184	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
21:23:56.0527 4184	kbdhid - ok
21:23:56.0593 4184	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:23:56.0602 4184	KeyIso - ok
21:23:56.0625 4184	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
21:23:56.0633 4184	KSecDD - ok
21:23:56.0650 4184	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
21:23:56.0658 4184	KSecPkg - ok
21:23:56.0681 4184	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
21:23:56.0729 4184	ksthunk - ok
21:23:56.0754 4184	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
21:23:56.0792 4184	KtmRm - ok
21:23:56.0867 4184	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
21:23:56.0905 4184	LanmanServer - ok
21:23:56.0944 4184	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
21:23:56.0996 4184	LanmanWorkstation - ok
21:23:57.0050 4184	lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
21:23:57.0104 4184	lltdio - ok
21:23:57.0167 4184	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
21:23:57.0224 4184	lltdsvc - ok
21:23:57.0241 4184	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
21:23:57.0274 4184	lmhosts - ok
21:23:57.0350 4184	LMS             (926eba26a8b49d1597751ced06b50862) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:23:57.0363 4184	LMS - ok
21:23:57.0431 4184	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
21:23:57.0439 4184	LSI_FC - ok
21:23:57.0461 4184	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
21:23:57.0470 4184	LSI_SAS - ok
21:23:57.0481 4184	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
21:23:57.0489 4184	LSI_SAS2 - ok
21:23:57.0506 4184	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
21:23:57.0515 4184	LSI_SCSI - ok
21:23:57.0537 4184	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
21:23:57.0587 4184	luafv - ok
21:23:57.0684 4184	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
21:23:57.0693 4184	MBAMProtector - ok
21:23:57.0768 4184	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:23:57.0791 4184	MBAMService - ok
21:23:57.0801 4184	McMPFSvc - ok
21:23:57.0828 4184	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
21:23:57.0835 4184	Mcx2Svc - ok
21:23:57.0863 4184	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
21:23:57.0874 4184	megasas - ok
21:23:57.0953 4184	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
21:23:57.0966 4184	MegaSR - ok
21:23:57.0999 4184	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
21:23:58.0008 4184	MEIx64 - ok
21:23:58.0032 4184	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:23:58.0077 4184	MMCSS - ok
21:23:58.0093 4184	Modem           (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
21:23:58.0114 4184	Modem - ok
21:23:58.0180 4184	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
21:23:58.0207 4184	monitor - ok
21:23:58.0241 4184	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
21:23:58.0248 4184	mouclass - ok
21:23:58.0265 4184	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
21:23:58.0290 4184	mouhid - ok
21:23:58.0316 4184	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
21:23:58.0324 4184	mountmgr - ok
21:23:58.0356 4184	MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
21:23:58.0367 4184	MpFilter - ok
21:23:58.0430 4184	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
21:23:58.0440 4184	mpio - ok
21:23:58.0460 4184	MpNWMon         (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
21:23:58.0466 4184	MpNWMon - ok
21:23:58.0484 4184	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
21:23:58.0524 4184	mpsdrv - ok
21:23:58.0552 4184	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
21:23:58.0596 4184	MpsSvc - ok
21:23:58.0618 4184	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
21:23:58.0641 4184	MRxDAV - ok
21:23:58.0709 4184	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
21:23:58.0720 4184	mrxsmb - ok
21:23:58.0747 4184	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:23:58.0760 4184	mrxsmb10 - ok
21:23:58.0774 4184	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:23:58.0797 4184	mrxsmb20 - ok
21:23:58.0823 4184	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
21:23:58.0830 4184	msahci - ok
21:23:58.0878 4184	msdsm           (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
21:23:58.0887 4184	msdsm - ok
21:23:58.0907 4184	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
21:23:58.0935 4184	MSDTC - ok
21:23:58.0968 4184	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
21:23:59.0005 4184	Msfs - ok
21:23:59.0025 4184	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
21:23:59.0056 4184	mshidkmdf - ok
21:23:59.0138 4184	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
21:23:59.0144 4184	msisadrv - ok
21:23:59.0223 4184	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
21:23:59.0256 4184	MSiSCSI - ok
21:23:59.0261 4184	msiserver - ok
21:23:59.0292 4184	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
21:23:59.0337 4184	MSKSSRV - ok
21:23:59.0388 4184	MsMpSvc         (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
21:23:59.0395 4184	MsMpSvc - ok
21:23:59.0442 4184	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
21:23:59.0477 4184	MSPCLOCK - ok
21:23:59.0484 4184	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
21:23:59.0519 4184	MSPQM - ok
21:23:59.0537 4184	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
21:23:59.0545 4184	MsRPC - ok
21:23:59.0563 4184	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
21:23:59.0567 4184	mssmbios - ok
21:23:59.0578 4184	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
21:23:59.0607 4184	MSTEE - ok
21:23:59.0621 4184	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
21:23:59.0627 4184	MTConfig - ok
21:23:59.0683 4184	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
21:23:59.0690 4184	Mup - ok
21:23:59.0716 4184	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
21:23:59.0757 4184	napagent - ok
21:23:59.0792 4184	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
21:23:59.0819 4184	NativeWifiP - ok
21:23:59.0851 4184	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
21:23:59.0877 4184	NDIS - ok
21:23:59.0947 4184	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
21:23:59.0983 4184	NdisCap - ok
21:23:59.0999 4184	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
21:24:00.0020 4184	NdisTapi - ok
21:24:00.0051 4184	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
21:24:00.0101 4184	Ndisuio - ok
21:24:00.0118 4184	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
21:24:00.0168 4184	NdisWan - ok
21:24:00.0230 4184	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
21:24:00.0266 4184	NDProxy - ok
21:24:00.0290 4184	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
21:24:00.0338 4184	NetBIOS - ok
21:24:00.0362 4184	NetBT           (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
21:24:00.0391 4184	NetBT - ok
21:24:00.0426 4184	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:24:00.0431 4184	Netlogon - ok
21:24:00.0505 4184	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
21:24:00.0550 4184	Netman - ok
21:24:00.0577 4184	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
21:24:00.0618 4184	netprofm - ok
21:24:00.0679 4184	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:24:00.0686 4184	NetTcpPortSharing - ok
21:24:00.0765 4184	nfrd960         (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
21:24:00.0772 4184	nfrd960 - ok
21:24:00.0792 4184	NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
21:24:00.0799 4184	NisDrv - ok
21:24:00.0839 4184	NisSrv          (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
21:24:00.0854 4184	NisSrv - ok
21:24:00.0887 4184	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
21:24:00.0942 4184	NlaSvc - ok
21:24:00.0959 4184	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
21:24:00.0981 4184	Npfs - ok
21:24:01.0030 4184	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
21:24:01.0077 4184	nsi - ok
21:24:01.0116 4184	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
21:24:01.0155 4184	nsiproxy - ok
21:24:01.0193 4184	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
21:24:01.0221 4184	Ntfs - ok
21:24:01.0234 4184	Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
21:24:01.0254 4184	Null - ok
21:24:01.0316 4184	nusb3hub        (786db821bfd57c0551dbbe4f75384a7d) C:\windows\system32\DRIVERS\nusb3hub.sys
21:24:01.0338 4184	nusb3hub - ok
21:24:01.0364 4184	nusb3xhc        (daa8005caf745042bb427a1ed7433354) C:\windows\system32\DRIVERS\nusb3xhc.sys
21:24:01.0374 4184	nusb3xhc - ok
21:24:01.0403 4184	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
21:24:01.0412 4184	nvraid - ok
21:24:01.0426 4184	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
21:24:01.0436 4184	nvstor - ok
21:24:01.0449 4184	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
21:24:01.0457 4184	nv_agp - ok
21:24:01.0477 4184	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
21:24:01.0502 4184	ohci1394 - ok
21:24:01.0594 4184	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:24:01.0604 4184	ose - ok
21:24:01.0705 4184	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:24:01.0783 4184	osppsvc - ok
21:24:01.0839 4184	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:24:01.0854 4184	p2pimsvc - ok
21:24:01.0872 4184	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
21:24:01.0903 4184	p2psvc - ok
21:24:01.0949 4184	Parport         (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
21:24:01.0967 4184	Parport - ok
21:24:01.0987 4184	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
21:24:01.0994 4184	partmgr - ok
21:24:02.0012 4184	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
21:24:02.0044 4184	PcaSvc - ok
21:24:02.0094 4184	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
21:24:02.0104 4184	pci - ok
21:24:02.0117 4184	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
21:24:02.0123 4184	pciide - ok
21:24:02.0144 4184	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
21:24:02.0154 4184	pcmcia - ok
21:24:02.0189 4184	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
21:24:02.0196 4184	pcw - ok
21:24:02.0218 4184	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
21:24:02.0276 4184	PEAUTH - ok
21:24:02.0339 4184	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
21:24:02.0349 4184	PerfHost - ok
21:24:02.0409 4184	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
21:24:02.0469 4184	pla - ok
21:24:02.0506 4184	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
21:24:02.0526 4184	PlugPlay - ok
21:24:02.0557 4184	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
21:24:02.0575 4184	PNRPAutoReg - ok
21:24:02.0622 4184	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:24:02.0635 4184	PNRPsvc - ok
21:24:02.0663 4184	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
21:24:02.0718 4184	PolicyAgent - ok
21:24:02.0737 4184	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
21:24:02.0787 4184	Power - ok
21:24:02.0856 4184	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
21:24:02.0898 4184	PptpMiniport - ok
21:24:02.0913 4184	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
21:24:02.0939 4184	Processor - ok
21:24:02.0960 4184	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
21:24:03.0017 4184	ProfSvc - ok
21:24:03.0042 4184	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:24:03.0047 4184	ProtectedStorage - ok
21:24:03.0122 4184	Psched          (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
21:24:03.0153 4184	Psched - ok
21:24:03.0191 4184	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
21:24:03.0217 4184	ql2300 - ok
21:24:03.0230 4184	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
21:24:03.0235 4184	ql40xx - ok
21:24:03.0257 4184	QWAVE           (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
21:24:03.0269 4184	QWAVE - ok
21:24:03.0327 4184	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
21:24:03.0352 4184	QWAVEdrv - ok
21:24:03.0371 4184	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
21:24:03.0404 4184	RasAcd - ok
21:24:03.0430 4184	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
21:24:03.0452 4184	RasAgileVpn - ok
21:24:03.0465 4184	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
21:24:03.0503 4184	RasAuto - ok
21:24:03.0577 4184	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
21:24:03.0613 4184	Rasl2tp - ok
21:24:03.0659 4184	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
21:24:03.0695 4184	RasMan - ok
21:24:03.0719 4184	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
21:24:03.0754 4184	RasPppoe - ok
21:24:03.0831 4184	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
21:24:03.0872 4184	RasSstp - ok
21:24:03.0891 4184	rdbss           (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
21:24:03.0927 4184	rdbss - ok
21:24:03.0943 4184	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
21:24:03.0950 4184	rdpbus - ok
21:24:03.0967 4184	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
21:24:03.0988 4184	RDPCDD - ok
21:24:04.0054 4184	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
21:24:04.0094 4184	RDPENCDD - ok
21:24:04.0111 4184	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
21:24:04.0131 4184	RDPREFMP - ok
21:24:04.0177 4184	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
21:24:04.0189 4184	RDPWD - ok
21:24:04.0210 4184	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
21:24:04.0221 4184	rdyboost - ok
21:24:04.0248 4184	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
21:24:04.0285 4184	RemoteAccess - ok
21:24:04.0353 4184	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
21:24:04.0399 4184	RemoteRegistry - ok
21:24:04.0416 4184	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
21:24:04.0447 4184	RpcEptMapper - ok
21:24:04.0467 4184	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
21:24:04.0483 4184	RpcLocator - ok
21:24:04.0506 4184	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:24:04.0530 4184	RpcSs - ok
21:24:04.0566 4184	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
21:24:04.0588 4184	rspndr - ok
21:24:04.0645 4184	RSUSBSTOR       (9beb5f18a418ff70659ce2e356829568) C:\windows\system32\Drivers\RtsUStor.sys
21:24:04.0658 4184	RSUSBSTOR - ok
21:24:04.0684 4184	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:24:04.0693 4184	SamSs - ok
21:24:04.0725 4184	SANDRA - ok
21:24:04.0783 4184	SASDIFSV        (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:24:04.0791 4184	SASDIFSV - ok
21:24:04.0820 4184	SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:24:04.0827 4184	SASKUTIL - ok
21:24:04.0888 4184	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
21:24:04.0896 4184	sbp2port - ok
21:24:04.0917 4184	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
21:24:04.0952 4184	SCardSvr - ok
21:24:04.0962 4184	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
21:24:04.0991 4184	scfilter - ok
21:24:05.0018 4184	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
21:24:05.0063 4184	Schedule - ok
21:24:05.0117 4184	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:24:05.0143 4184	SCPolicySvc - ok
21:24:05.0169 4184	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
21:24:05.0185 4184	SDRSVC - ok
21:24:05.0224 4184	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
21:24:05.0275 4184	secdrv - ok
21:24:05.0295 4184	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
21:24:05.0315 4184	seclogon - ok
21:24:05.0362 4184	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
21:24:05.0413 4184	SENS - ok
21:24:05.0445 4184	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
21:24:05.0465 4184	SensrSvc - ok
21:24:05.0513 4184	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
21:24:05.0530 4184	Serenum - ok
21:24:05.0555 4184	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
21:24:05.0574 4184	Serial - ok
21:24:05.0622 4184	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
21:24:05.0631 4184	sermouse - ok
21:24:05.0650 4184	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
21:24:05.0695 4184	SessionEnv - ok
21:24:05.0703 4184	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
21:24:05.0710 4184	sffdisk - ok
21:24:05.0727 4184	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
21:24:05.0736 4184	sffp_mmc - ok
21:24:05.0756 4184	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
21:24:05.0774 4184	sffp_sd - ok
21:24:05.0788 4184	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
21:24:05.0810 4184	sfloppy - ok
21:24:05.0889 4184	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
21:24:05.0907 4184	Sftfs - ok
21:24:05.0978 4184	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:24:05.0996 4184	sftlist - ok
21:24:06.0016 4184	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
21:24:06.0025 4184	Sftplay - ok
21:24:06.0071 4184	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
21:24:06.0077 4184	Sftredir - ok
21:24:06.0103 4184	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
21:24:06.0110 4184	Sftvol - ok
21:24:06.0170 4184	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:24:06.0181 4184	sftvsa - ok
21:24:06.0207 4184	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
21:24:06.0243 4184	SharedAccess - ok
21:24:06.0301 4184	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
21:24:06.0357 4184	ShellHWDetection - ok
21:24:06.0401 4184	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
21:24:06.0405 4184	SiSRaid2 - ok
21:24:06.0419 4184	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
21:24:06.0424 4184	SiSRaid4 - ok
21:24:06.0448 4184	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
21:24:06.0470 4184	Smb - ok
21:24:06.0527 4184	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
21:24:06.0548 4184	SNMPTRAP - ok
21:24:06.0566 4184	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
21:24:06.0572 4184	spldr - ok
21:24:06.0590 4184	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
21:24:06.0631 4184	Spooler - ok
21:24:06.0685 4184	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
21:24:06.0759 4184	sppsvc - ok
21:24:06.0822 4184	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
21:24:06.0861 4184	sppuinotify - ok
21:24:06.0890 4184	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
21:24:06.0916 4184	srv - ok
21:24:06.0945 4184	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
21:24:06.0976 4184	srv2 - ok
21:24:07.0000 4184	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
21:24:07.0011 4184	srvnet - ok
21:24:07.0084 4184	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
21:24:07.0136 4184	SSDPSRV - ok
21:24:07.0150 4184	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
21:24:07.0172 4184	SstpSvc - ok
21:24:07.0197 4184	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
21:24:07.0201 4184	stexstor - ok
21:24:07.0236 4184	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
21:24:07.0261 4184	stisvc - ok
21:24:07.0327 4184	SWDUMon         (2edb932a7b007f7939229aa8f55385b8) C:\windows\system32\DRIVERS\SWDUMon.sys
21:24:07.0336 4184	SWDUMon - ok
21:24:07.0348 4184	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
21:24:07.0353 4184	swenum - ok
21:24:07.0383 4184	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
21:24:07.0434 4184	swprv - ok
21:24:07.0476 4184	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
21:24:07.0532 4184	SysMain - ok
21:24:07.0579 4184	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
21:24:07.0597 4184	TabletInputService - ok
21:24:07.0638 4184	taphss          (f33fdc72298df4bf9813a55d21f4eb31) C:\windows\system32\DRIVERS\taphss.sys
21:24:07.0647 4184	taphss - ok
21:24:07.0673 4184	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
21:24:07.0711 4184	TapiSrv - ok
21:24:07.0726 4184	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
21:24:07.0748 4184	TBS - ok
21:24:07.0833 4184	Tcpip           (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
21:24:07.0872 4184	Tcpip - ok
21:24:07.0913 4184	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
21:24:07.0936 4184	TCPIP6 - ok
21:24:07.0958 4184	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
21:24:07.0977 4184	tcpipreg - ok
21:24:07.0992 4184	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
21:24:08.0009 4184	TDPIPE - ok
21:24:08.0096 4184	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
21:24:08.0129 4184	TDTCP - ok
21:24:08.0147 4184	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
21:24:08.0186 4184	tdx - ok
21:24:08.0204 4184	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
21:24:08.0208 4184	TermDD - ok
21:24:08.0238 4184	TermService     (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
21:24:08.0274 4184	TermService - ok
21:24:08.0292 4184	Themes          (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
21:24:08.0302 4184	Themes - ok
21:24:08.0323 4184	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:24:08.0344 4184	THREADORDER - ok
21:24:08.0386 4184	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
21:24:08.0416 4184	TrkWks - ok
21:24:08.0443 4184	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
21:24:08.0488 4184	TrustedInstaller - ok
21:24:08.0523 4184	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
21:24:08.0575 4184	tssecsrv - ok
21:24:08.0641 4184	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
21:24:08.0662 4184	TsUsbFlt - ok
21:24:08.0679 4184	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
21:24:08.0688 4184	TsUsbGD - ok
21:24:08.0712 4184	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
21:24:08.0757 4184	tunnel - ok
21:24:08.0790 4184	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
21:24:08.0798 4184	uagp35 - ok
21:24:08.0819 4184	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
21:24:08.0871 4184	udfs - ok
21:24:08.0926 4184	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
21:24:08.0937 4184	UI0Detect - ok
21:24:08.0956 4184	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
21:24:08.0963 4184	uliagpkx - ok
21:24:08.0982 4184	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
21:24:09.0003 4184	umbus - ok
21:24:09.0047 4184	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
21:24:09.0071 4184	UmPass - ok
21:24:09.0171 4184	UNS             (fdf92ec84fecee834fb10a2a0a19bcda) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:24:09.0217 4184	UNS - ok
21:24:09.0276 4184	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
21:24:09.0326 4184	upnphost - ok
21:24:09.0365 4184	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
21:24:09.0374 4184	usbccgp - ok
21:24:09.0405 4184	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
21:24:09.0418 4184	usbcir - ok
21:24:09.0433 4184	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
21:24:09.0451 4184	usbehci - ok
21:24:09.0519 4184	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
21:24:09.0548 4184	usbhub - ok
21:24:09.0566 4184	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
21:24:09.0590 4184	usbohci - ok
21:24:09.0615 4184	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
21:24:09.0636 4184	usbprint - ok
21:24:09.0662 4184	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:24:09.0671 4184	USBSTOR - ok
21:24:09.0693 4184	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
21:24:09.0717 4184	usbuhci - ok
21:24:09.0777 4184	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
21:24:09.0831 4184	UxSms - ok
21:24:09.0859 4184	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:24:09.0864 4184	VaultSvc - ok
21:24:09.0895 4184	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
21:24:09.0902 4184	vdrvroot - ok
21:24:09.0924 4184	vds             (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
21:24:09.0962 4184	vds - ok
21:24:10.0018 4184	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
21:24:10.0031 4184	vga - ok
21:24:10.0048 4184	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
21:24:10.0093 4184	VgaSave - ok
21:24:10.0116 4184	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
21:24:10.0123 4184	vhdmp - ok
21:24:10.0151 4184	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
21:24:10.0155 4184	viaide - ok
21:24:10.0182 4184	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
21:24:10.0190 4184	volmgr - ok
21:24:10.0212 4184	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
21:24:10.0227 4184	volmgrx - ok
21:24:10.0277 4184	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
21:24:10.0290 4184	volsnap - ok
21:24:10.0307 4184	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
21:24:10.0317 4184	vsmraid - ok
21:24:10.0358 4184	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
21:24:10.0414 4184	VSS - ok
21:24:10.0487 4184	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\System32\drivers\vwifibus.sys
21:24:10.0514 4184	vwifibus - ok
21:24:10.0546 4184	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
21:24:10.0586 4184	W32Time - ok
21:24:10.0604 4184	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
21:24:10.0610 4184	WacomPen - ok
21:24:10.0633 4184	WANARP          (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:24:10.0653 4184	WANARP - ok
21:24:10.0664 4184	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:24:10.0684 4184	Wanarpv6 - ok
21:24:10.0722 4184	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
21:24:10.0754 4184	wbengine - ok
21:24:10.0814 4184	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
21:24:10.0833 4184	WbioSrvc - ok
21:24:10.0848 4184	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
21:24:10.0879 4184	wcncsvc - ok
21:24:10.0887 4184	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
21:24:10.0904 4184	WcsPlugInService - ok
21:24:10.0936 4184	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
21:24:10.0942 4184	Wd - ok
21:24:10.0998 4184	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
21:24:11.0020 4184	Wdf01000 - ok
21:24:11.0036 4184	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:24:11.0054 4184	WdiServiceHost - ok
21:24:11.0058 4184	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:24:11.0070 4184	WdiSystemHost - ok
21:24:11.0086 4184	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
21:24:11.0111 4184	WebClient - ok
21:24:11.0133 4184	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
21:24:11.0190 4184	Wecsvc - ok
21:24:11.0209 4184	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
21:24:11.0231 4184	wercplsupport - ok
21:24:11.0253 4184	WerSvc          (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
21:24:11.0275 4184	WerSvc - ok
21:24:11.0335 4184	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
21:24:11.0369 4184	WfpLwf - ok
21:24:11.0386 4184	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
21:24:11.0389 4184	WIMMount - ok
21:24:11.0415 4184	WinDefend - ok
21:24:11.0417 4184	WinHttpAutoProxySvc - ok
21:24:11.0437 4184	WinI2C-DDC      (66c365b542195c1f6e2ff4a7d8f3827c) C:\windows\system32\drivers\DDCDrv.sys
21:24:11.0449 4184	WinI2C-DDC - ok
21:24:11.0483 4184	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
21:24:11.0520 4184	Winmgmt - ok
21:24:11.0609 4184	WinRM           (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
21:24:11.0663 4184	WinRM - ok
21:24:11.0691 4184	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
21:24:11.0725 4184	Wlansvc - ok
21:24:11.0776 4184	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:24:11.0784 4184	wlcrasvc - ok
21:24:11.0846 4184	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:24:11.0892 4184	wlidsvc - ok
21:24:11.0982 4184	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
21:24:12.0002 4184	WmiAcpi - ok
21:24:12.0042 4184	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
21:24:12.0071 4184	wmiApSrv - ok
21:24:12.0098 4184	WMPNetworkSvc - ok
21:24:12.0118 4184	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
21:24:12.0128 4184	WPCSvc - ok
21:24:12.0139 4184	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
21:24:12.0153 4184	WPDBusEnum - ok
21:24:12.0171 4184	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
21:24:12.0207 4184	ws2ifsl - ok
21:24:12.0254 4184	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
21:24:12.0280 4184	wscsvc - ok
21:24:12.0295 4184	WSearch - ok
21:24:12.0332 4184	wsvd            (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
21:24:12.0343 4184	wsvd - ok
21:24:12.0397 4184	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
21:24:12.0464 4184	wuauserv - ok
21:24:12.0528 4184	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
21:24:12.0579 4184	WudfPf - ok
21:24:12.0616 4184	WUDFRd          (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
21:24:12.0651 4184	WUDFRd - ok
21:24:12.0674 4184	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
21:24:12.0695 4184	wudfsvc - ok
21:24:12.0745 4184	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
21:24:12.0766 4184	WwanSvc - ok
21:24:12.0800 4184	yukonw7         (b3eeacf62445e24fbb2cd4b0fb4db026) C:\windows\system32\DRIVERS\yk62x64.sys
21:24:12.0823 4184	yukonw7 - ok
21:24:12.0860 4184	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:24:12.0984 4184	\Device\Harddisk0\DR0 - ok
21:24:12.0986 4184	Boot (0x1200)   (59d50b237211d17951ac3d570fcbea28) \Device\Harddisk0\DR0\Partition0
21:24:12.0988 4184	\Device\Harddisk0\DR0\Partition0 - ok
21:24:13.0024 4184	Boot (0x1200)   (1f944e4806ee8ae1a30dd00a481cc7af) \Device\Harddisk0\DR0\Partition1
21:24:13.0026 4184	\Device\Harddisk0\DR0\Partition1 - ok
21:24:13.0026 4184	============================================================
21:24:13.0026 4184	Scan finished
21:24:13.0026 4184	============================================================
21:24:13.0036 1432	Detected object count: 1
21:24:13.0036 1432	Actual detected object count: 1
21:27:58.0252 1432	JME Keyboard ( UnsignedFile.Multi.Generic ) - skipped by user
21:27:58.0252 1432	JME Keyboard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:48:21.0569 5740	Deinitialize success

cosinus · 04.04.2012, 10:08

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

christian83 · 04.04.2012, 21:24

Code:

ATTFilter

ComboFix 12-04-04.02 - lenovo 04.04.2012  18:15:38.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6126.4826 [GMT 2:00]
ausgeführt von:: c:\users\christian\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-04 bis 2012-04-04  ))))))))))))))))))))))))))))))
.
.
2012-04-04 16:17 . 2012-04-04 16:17	--------	d-----w-	c:\users\lenovo\AppData\Local\temp
2012-04-04 16:17 . 2012-04-04 16:17	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-03 19:31 . 2012-03-14 03:27	8669240	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD46D9A8-5774-4661-B191-1F0CA852CD11}\mpengine.dll
2012-04-03 15:34 . 2012-04-03 15:34	--------	d-----w-	C:\_OTL
2012-03-27 16:08 . 2012-03-27 16:08	--------	d-----w-	c:\users\Public\Recorded TV
2012-03-26 21:01 . 2012-03-26 21:24	--------	d-----w-	C:\music
2012-03-23 21:10 . 2012-03-23 21:10	--------	d-----w-	c:\users\lenovo\AppData\Roaming\SumatraPDF
2012-03-23 21:01 . 2012-03-23 21:01	15712	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\1fe390851cd093802\MeshBetaRemover.exe
2012-03-23 21:01 . 2012-03-23 21:01	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\1b8ef33a1cd093801\DSETUP.dll
2012-03-23 21:01 . 2012-03-23 21:01	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\1b8ef33a1cd093801\DXSETUP.exe
2012-03-23 21:01 . 2012-03-23 21:01	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\1b8ef33a1cd093801\dsetup32.dll
2012-03-18 01:23 . 2012-03-18 01:23	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 01:23 . 2012-03-18 01:23	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 22:20 . 2012-03-16 22:21	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-03-15 00:42 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-15 00:42 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 00:42 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 12:08 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 12:08 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 12:08 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-14 12:01 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 12:01 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 12:01 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 12:01 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 12:01 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-14 12:01 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 12:01 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-05 17:09 . 2012-03-29 18:08	8738464	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 16:56 . 2012-01-16 18:04	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-04-03 16:51 . 2012-01-15 02:52	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-04-03 16:50 . 2012-01-24 06:41	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-04-02 18:27 . 2012-01-15 02:52	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-02 18:24 . 2012-01-16 17:57	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-04-01 05:50 . 2012-01-15 02:51	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-29 18:08 . 2012-02-10 20:17	418464	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 18:08 . 2012-01-04 21:10	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 03:27 . 2012-01-01 17:03	8669240	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-10 20:19 . 2010-06-24 18:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-10 19:01 . 2012-02-10 19:01	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9913F74E-FB8B-4C56-A4E6-21D7DFCF71B9}\gapaengine.dll
2012-01-31 12:44 . 2010-11-21 03:27	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-01-24 11:02 . 2012-01-15 02:59	15672	----a-w-	c:\windows\system32\drivers\SWDUMon.sys
2012-01-08 10:22 . 2012-01-08 10:22	388096	----a-r-	c:\users\christian\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-08 10:07 . 2012-01-08 10:02	1402880	----a-w-	C:\HiJackThis.msi
2012-01-08 05:15 . 2012-01-08 05:15	458608	----a-w-	C:\MVTInstaller.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-11 336384]
"jmekey"="c:\windows\jmesoft\hotkey.exe" [2011-03-21 118784]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Lenovo Eye Distance System"="c:\program files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe" [2010-09-09 265216]
"Lenovo Dynamic Brightness System"="c:\program files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe" [2010-10-08 285696]
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-12-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"jmesoft"="c:\windows\jmesoft\ServiceLoader.exe" [2011-03-16 28672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [x]
S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys [2008-04-08 20832]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe [2011-03-16 32768]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-10 18:08]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 23:25]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 23:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-26 11543656]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-10-21 114688]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\lenovo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\lenovo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: Interfaces\{ACDB1B37-0C37-4216-A783-09D154660FE9}: NameServer = 212.23.115.148 212.23.97.2
TCP: Interfaces\{BB83DF5F-F9AD-499A-A299-95C8071DDE3E}: NameServer = 212.23.115.148 212.23.97.3
FF - ProfilePath - c:\users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-04  18:23:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-04 16:23
.
Vor Suchlauf: 13 Verzeichnis(se), 888.295.202.816 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 887.748.644.864 Bytes frei
.
- - End Of File - - CD314DFF8A270F359D1B3A8DBB1A209F

Danke für deine Hilfe

cosinus · 04.04.2012, 23:02

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

christian83 · 05.04.2012, 19:13

Hallo Arne
hier der Log bitte:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-05 05:49:14
-----------------------------
05:49:14.854    OS Version: Windows x64 6.1.7601 Service Pack 1
05:49:14.854    Number of processors: 4 586 0x2A07
05:49:14.854    ComputerName: LENOVO-PC  UserName: lenovo
05:49:18.268    Initialize success
06:32:24.306    AVAST engine defs: 12040401
06:36:09.008    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
06:36:09.011    Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3FE Size: 953869MB BusType: 11
06:36:09.019    Disk 0 MBR read successfully
06:36:09.022    Disk 0 MBR scan
06:36:09.026    Disk 0 Windows 7 default MBR code
06:36:09.034    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
06:36:09.042    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       928093 MB offset 206848
06:36:09.074    Disk 0 Partition 3 00     12  Compaq diag NTFS        25675 MB offset 1900941312
06:36:09.115    Disk 0 scanning C:\windows\system32\drivers
06:36:14.608    Service scanning
06:36:28.843    Modules scanning
06:36:28.851    Disk 0 trace - called modules:
06:36:28.868    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
06:36:28.874    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006571060]
06:36:28.879    3 CLASSPNP.SYS[fffff880019a043f] -> nt!IofCallDriver -> [0xfffffa8005f61e40]
06:36:28.883    5 ACPI.sys[fffff88000f137a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005f5e060]
06:36:32.167    AVAST engine scan C:\windows
06:36:35.956    AVAST engine scan C:\windows\system32
06:38:06.080    AVAST engine scan C:\windows\system32\drivers
06:38:15.417    AVAST engine scan C:\Users\lenovo
06:38:45.170    AVAST engine scan C:\ProgramData
06:39:05.221    Scan finished successfully
06:39:33.803    Disk 0 MBR has been saved successfully to "C:\Users\christian\Downloads\MBR.dat"
06:39:33.808    The log file has been saved successfully to "C:\Users\christian\Downloads\aswMBR.txt"

30.03.2012, 23:01	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	probleme mit der internetverbindung Und was soll da nicht gehen? Rechtsklick auf FF => als Admin ausführen __________________ Logfiles bitte immer in CODE-Tags posten

probleme mit der internetverbindung

Plagegeister aller Art und deren Bekämpfung: probleme mit der internetverbindung