Alle 5 min wird Trojana Sirefef.ts von trend micro gefunden

nimbu · 01.07.2012, 22:06

Hallo,
auf meinem noch recht neuen Dell Vostro (64bit-System, Windows 7) kommt seit heute Abend alle 5 min Minuten von Trend Micro die Meldung über einen Fund des Trojaners Sirefef.ts informiert, der in Quarantäne verschoben wird. Alle ca. 20 min kommt dann auch die Meldung, dass der Zugriff auf eine omninöse Website (hxxp://promos.fling.com7geo/txt/city.php) verhindert wurde. Bis auf die nervigen Fundmeldungen funktioniert bisher alles noch (habe den Rechner bisher auch noch nicht neu gestartet).
Im Anhang kommt noch das Logfile meines Scanners. Wie kann ich die Malware entfernen?
Vielen Dank für eure Hilfe im Vorraus!!!

Code:

ATTFilter

20120701<;>1948<;>TROJ_GEN.RFFCDG1<;>10<;>1<;>0<;>C:\Users\***\AppData\Local\Temp\2222125.exe<;>
20120701<;>1948<;>TROJ_SIREF64.SM<;>1<;>1<;>0<;>C:\Users\***\AppData\Local\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\n<;>
20120701<;>1949<;>TROJ_SIREF64.SM<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\n<;>
20120701<;>1949<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>1953<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>1957<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2002<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2006<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2010<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2015<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2019<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2023<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2027<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2032<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2036<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2040<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2044<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2049<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2053<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2057<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2101<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2106<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2110<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2114<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2119<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2123<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2127<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2131<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2136<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2140<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2144<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2149<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2153<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2157<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2201<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2205<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2211<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2215<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2219<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2224<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2228<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2232<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2237<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2241<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2245<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2249<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2254<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

cosinus · 02.07.2012, 15:57

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

nimbu · 03.07.2012, 09:30

Hallo,
vielen Dank schon mal für deine Hilfe!
habe zunächst Malwarebytes laufen lassen (mein Virenscanner, war aber noch, ist das ein Problem?). Malwarebytes hat nichts gefunden. Logs folgen unten. Danach habe ich Eset installiert. Trendmicro und Malwarebytes habe ich vor dem Scannen deaktiviert. Aber die Windows-FIrewall ließ sich nicht deaktivieren. Dazu kam die im Anhang beigefügte Fehlermeldung. Eset lief dann normal und hat auch was gefunden. Siehe ebenfalls unten.

Malwarebytes Logfile:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-LAPTOP [Administrator]

Schutz: Aktiviert

02.07.2012 21:54:00
mbam-log-2012-07-02 (21-54-00).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 368836
Laufzeit: 2 Stunde(n), 4 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes Protection-Logs der letzten beiden Tage:

2.7.

Code:

ATTFilter

2012/07/02 21:53:45 +0200	***-LAPTOP	***	MESSAGE	Starting protection
2012/07/02 21:53:45 +0200	***-LAPTOP	***	MESSAGE	Executing scheduled update:  Daily
2012/07/02 21:53:46 +0200	***-LAPTOP	***	MESSAGE	Database already up-to-date
2012/07/02 21:53:46 +0200	***-LAPTOP	***	MESSAGE	Protection started successfully
2012/07/02 21:53:49 +0200	***-LAPTOP	***	MESSAGE	Starting IP protection
2012/07/02 21:53:51 +0200	***-LAPTOP	***	MESSAGE	IP Protection started successfully
2012/07/02 23:24:31 +0200	***-LAPTOP	***	IP-BLOCK	77.78.240.33 (Type: outgoing, Port: 54895, Process: services.exe)
2012/07/02 23:24:39 +0200	***-LAPTOP	***	IP-BLOCK	77.78.240.33 (Type: outgoing, Port: 54895, Process: services.exe)
2012/07/02 23:40:21 +0200	***-LAPTOP	***	IP-BLOCK	77.78.240.33 (Type: outgoing, Port: 54895, Process: services.exe)

3.7. (bis 7:00, danach lief ESET)

Code:

ATTFilter

2012/07/03 00:17:28 +0200	***-LAPTOP	***	IP-BLOCK	77.78.209.44 (Type: outgoing, Port: 54895, Process: services.exe)
2012/07/03 00:58:47 +0200	***-LAPTOP	***	IP-BLOCK	77.78.209.44 (Type: outgoing, Port: 54895, Process: services.exe)
2012/07/03 01:19:53 +0200	***-LAPTOP	***	IP-BLOCK	77.78.209.44 (Type: outgoing, Port: 54895, Process: services.exe)
2012/07/03 07:15:04 +0200	***-LAPTOP	***	MESSAGE	Stopping IP protection
2012/07/03 07:16:12 +0200	***-LAPTOP	***	MESSAGE	IP Protection stopped

ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e130c0420a0af44ab1aec72750f56f03
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-03 06:22:06
# local_time=2012-07-03 08:22:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 6603091 6603091 0 0
# compatibility_mode=5893 16776574 66 94 50974256 92922706 0 0
# compatibility_mode=8192 67108863 100 0 410 410 0 0
# scanned=173102
# found=2
# cleaned=0
# scan_time=3670
C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@	Win64/Sirefef.AL trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@	Win64/Sirefef.T trojan (unable to clean)	00000000000000000000000000000000	I

cosinus · 03.07.2012, 14:07

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

nimbu · 03.07.2012, 14:30

Hallo Arne,
ich habe Malwarebytes nur einmal laufen lassen und das entsprechende Logfile habe ich im vorigen Beitrag gepostet. Ich habe Malwarebytes gestern zum allerersten Mal installiert.
Grüße!

cosinus · 03.07.2012, 15:22

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

nimbu · 03.07.2012, 19:53

Hi Arne,
folgendes spuckte der OTL aus (Virenscanner Trendmicro habe ich angelassen!?)
Anmerkung: Sirefef wird weiter fleißig gefunden...

Code:

ATTFilter

OTL logfile created on: 03.07.2012 20:21:23 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 55,61% Memory free
7,79 Gb Paging File | 5,66 Gb Available in Paging File | 72,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | *** Gb Total Space | *** Gb Free Space | ***% Space Free | Partition Type: NTFS
Drive D: | *** Gb Total Space | *** Gb Free Space | ***% Space Free | Partition Type: UDF
Drive E: | *** Gb Total Space | *** Gb Free Space | ***% Space Free | Partition Type: NTFS
 
Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.03 20:19:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.07 22:16:44 | 000,050,704 | ---- | M] (Trend Micro Inc.) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
PRC - [2012.02.07 22:13:50 | 000,024,592 | ---- | M] (Trend Micro Inc.) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.09.15 19:28:50 | 000,199,760 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe
PRC - [2011.04.19 15:03:52 | 000,268,864 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2011.01.13 22:56:42 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010.12.29 20:54:10 | 000,740,688 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2010.12.21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.10.01 16:49:34 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.10.01 16:49:34 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2008.11.26 16:59:32 | 000,131,584 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll
MOD - [2008.10.22 16:01:00 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll
MOD - [2007.04.19 09:33:00 | 000,035,584 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.10.17 11:39:34 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.10.07 15:56:44 | 003,137,840 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.01 19:49:38 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.24 19:18:40 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.07 09:17:58 | 001,853,072 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2012.04.26 16:04:26 | 000,918,032 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.07 22:16:44 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)
SRV - [2011.12.08 19:29:58 | 002,064,992 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.01.13 22:56:40 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.12.29 20:54:24 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2010.12.21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.12.21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.11.29 22:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
SRV - [2010.11.25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010.11.25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010.10.07 15:45:28 | 002,692,400 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010.09.23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.08.26 03:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010.07.21 14:48:20 | 000,596,032 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.07.06 21:16:50 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.22 16:53:45 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.03.22 16:53:45 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.17 12:09:10 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.10.17 11:03:18 | 000,304,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.14 02:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.09.14 02:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.09.05 19:38:22 | 000,212,544 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV:64bit: - [2011.09.05 19:38:22 | 000,069,184 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)
DRV:64bit: - [2011.08.24 07:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.08.09 18:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.06.13 13:06:10 | 000,048,488 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV:64bit: - [2011.05.17 14:48:22 | 000,225,256 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV:64bit: - [2011.05.17 14:48:22 | 000,039,016 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV:64bit: - [2011.04.23 04:24:38 | 001,438,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.14 08:36:08 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2011.01.20 18:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011.01.14 19:09:00 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.01.14 19:08:42 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.01.14 19:08:42 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.01.14 19:08:42 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.01.14 19:08:40 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.01 18:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.11.29 22:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.24 18:21:32 | 004,719,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.09 02:07:48 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2010.11.09 02:06:58 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2010.11.09 02:05:20 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.29 20:38:32 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010.08.20 12:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010.03.19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.04.10 21:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV - [2011.07.12 10:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2011.07.12 10:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys -- (TmPreFilter)
DRV - [2011.07.12 10:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys -- (VSApiNt)
DRV - [2011.06.13 13:06:10 | 000,048,488 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2011.05.17 14:48:22 | 000,225,256 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2011.05.17 14:48:22 | 000,039,016 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {1FF8C28D-9F02-4236-86AB-26BAAA52B5BC}
IE:64bit: - HKLM\..\SearchScopes\{1FF8C28D-9F02-4236-86AB-26BAAA52B5BC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {1FF8C28D-9F02-4236-86AB-26BAAA52B5BC}
IE - HKLM\..\SearchScopes\{1FF8C28D-9F02-4236-86AB-26BAAA52B5BC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3673317262-787391419-4269671268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-3673317262-787391419-4269671268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-3673317262-787391419-4269671268-1001\..\SearchScopes,DefaultScope = {1FF8C28D-9F02-4236-86AB-26BAAA52B5BC}
IE - HKU\S-1-5-21-3673317262-787391419-4269671268-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2012.03.22 14:41:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1046\FirefoxExtension [2012.06.03 09:37:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.24 19:18:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.01 11:29:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.24 19:18:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.04.18 17:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.06.29 21:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9lp1iowa.default\extensions
[2012.05.21 19:34:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9lp1iowa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.06.24 19:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.29 21:14:08 | 000,743,305 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9LP1IOWA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.27 08:05:51 | 000,094,344 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9LP1IOWA.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI
[2012.06.24 19:18:41 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.24 19:18:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.24 19:18:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.24 19:18:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.24 19:18:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.24 19:18:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.24 19:18:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1046\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1046\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [CDAServer] C:\Programme\Common Files\Common Desktop Agent\CDASrv.exe ()
O4:64bit: - HKLM..\Run: [DBRMTray] C:\DELL\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IR_SERVER] C:\PROGRA~2\Realtek\REALTE~1\IR_SERVER.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [STO Backup Service] C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [STO Launcher Service] C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [DBRMTray] C:\DELL\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3673317262-787391419-4269671268-1001\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2DE30B8-2468-42C2-871D-09DC6E8A80BA}: DhcpNameServer = 13.35.0.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5F3A03A-721A-4275-8EE2-272A1F310872}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1046\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1046\TmIEPlg32.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Dell Webcam Central - hkey= - key= - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: Desktop Disc Tool - hkey= - key= - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MsConfig:64bit - StartUpReg: PDVD9LanguageShortcut - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: RemoteControl9 - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: RTHDVCPL - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: DpHost - C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.03 20:17:38 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.03 07:18:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012.07.03 07:15:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MWB
[2012.07.03 07:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.03 07:13:13 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.07.02 21:52:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.07.02 21:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.02 21:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.02 21:52:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.02 21:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.25 23:07:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dvdcss
[2012.06.25 23:07:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2012.06.25 23:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.06.25 23:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.06.25 20:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
[2012.06.25 20:41:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink
[2012.06.24 17:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2012.06.16 21:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent
[2012.06.11 21:28:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2012.06.09 16:59:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2012.06.07 22:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Media Adaptor
[2012.06.07 22:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Media Adaptor
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2012.07.03 20:19:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.03 20:16:38 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.07.03 20:16:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.03 20:16:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.03 10:20:20 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2012.07.03 07:13:14 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.07.02 21:52:22 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.01 20:13:43 | 000,943,230 | ---- | M] () -- C:\Users\***\AppData\Local\census.cache
[2012.07.01 20:12:50 | 000,109,811 | ---- | M] () -- C:\Users\***\AppData\Local\ars.cache
[2012.07.01 20:01:30 | 000,000,036 | ---- | M] () -- C:\Users\***\AppData\Local\housecall.guid.cache
[2012.07.01 19:18:40 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.01 19:18:40 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.01 19:11:05 | 3137,970,176 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.30 13:31:55 | 000,741,706 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.30 13:31:55 | 000,696,984 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.30 13:31:55 | 000,162,664 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.30 13:31:55 | 000,135,610 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.30 13:31:54 | 001,733,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.29 20:46:32 | 000,107,800 | ---- | M] () -- C:\Users\***\Desktop\2012-06-29_***_v2 (1).pdf
[2012.06.29 20:46:06 | 000,107,801 | ---- | M] () -- C:\Users\***\Desktop\2012-06-29_***_v2.pdf
[2012.06.29 20:44:29 | 000,107,806 | ---- | M] () -- C:\Users\***\Desktop\2012-06-29_***.pdf
[2012.06.25 23:05:47 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.24 14:43:48 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.06.24 01:37:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012.06.15 21:20:01 | 000,493,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2012.07.02 21:52:22 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.01 20:13:43 | 000,943,230 | ---- | C] () -- C:\Users\***\AppData\Local\census.cache
[2012.07.01 20:12:50 | 000,109,811 | ---- | C] () -- C:\Users\***\AppData\Local\ars.cache
[2012.07.01 20:00:38 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache
[2012.07.01 19:49:26 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\00000001.@
[2012.06.29 20:46:32 | 000,107,800 | ---- | C] () -- C:\Users\***\Desktop\2012-06-29_***_v2 (1).pdf
[2012.06.29 20:46:06 | 000,107,801 | ---- | C] () -- C:\Users\***\Desktop\2012-06-29_***_v2.pdf
[2012.06.29 20:44:29 | 000,107,806 | ---- | C] () -- C:\Users\***\Desktop\2012-06-29_***.pdf
[2012.06.25 23:05:47 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.24 01:07:08 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012.05.27 12:53:10 | 000,950,585 | ---- | C] () -- C:\Windows\SysWow64\libiconv-2.dll
[2012.05.27 12:41:52 | 000,149,880 | ---- | C] () -- C:\Windows\Wiainst64.exe
[2012.05.20 22:48:10 | 000,001,270 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.05.05 20:11:45 | 005,746,780 | ---- | C] ( ) -- C:\Windows\SysWow64\RTKISDBT.dll
[2012.05.01 18:29:26 | 000,001,994 | ---- | C] () -- C:\Users\***\AppData\Roaming\gnuplot_history
[2012.04.23 21:27:44 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.22 19:40:44 | 000,001,466 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.04.21 19:18:53 | 000,219,848 | ---- | C] () -- C:\Users\***\AppData\Roaming\hdsmsu.dll
[2012.04.19 23:20:40 | 000,039,026 | ---- | C] () -- C:\Users\***\Feiertage_DE.ics
[2012.03.22 16:54:00 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\@
[2012.03.22 16:54:00 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\@
[2012.03.22 16:22:12 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012.03.22 16:21:47 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.22 16:21:45 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.22 16:21:43 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.22 16:21:42 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.22 16:21:41 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.03.22 16:21:36 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.03.22 14:31:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.22 14:30:25 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.10.17 09:05:18 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.02.11 19:45:27 | 001,701,402 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2012.04.17 20:48:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DigitalPersona
[2012.04.24 16:39:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2012.05.18 15:23:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2012.04.21 19:10:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice
[2012.05.01 15:12:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCDr
[2012.05.27 12:55:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.04.26 19:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2012.04.18 17:45:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.04.24 14:30:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2012.06.24 01:37:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012.06.24 14:43:48 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.06.24 14:43:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.03 20:16:38 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.04.21 19:15:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2012.05.05 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ArcSoft
[2012.04.17 20:59:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2012.04.17 20:59:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Creative
[2012.05.02 20:38:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink
[2012.05.01 13:27:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dell
[2012.04.17 20:48:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DigitalPersona
[2012.06.26 07:18:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2012.04.18 17:36:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FLEXnet
[2012.04.24 16:39:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2012.04.17 20:59:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2012.05.18 15:23:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape
[2012.05.05 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2012.04.21 19:10:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice
[2012.04.17 21:29:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.07.02 21:52:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.11.21 09:00:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.06.03 18:47:49 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.04.18 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.05.01 15:12:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCDr
[2012.04.23 21:25:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Reallusion
[2012.04.18 18:00:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Roxio
[2012.04.18 17:32:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Roxio Burn
[2012.05.27 12:55:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.06.25 21:08:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2012.04.26 19:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2012.04.18 17:45:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.04.24 14:30:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2012.06.26 07:19:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2012.05.03 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Drivers\Chipset_IRST\f6flpy-x64\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2012.03.22 16:53:45 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2012.03.22 16:53:45 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2012.03.22 16:53:45 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2012.03.22 16:53:45 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2012.03.22 16:53:45 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2012.03.22 16:53:45 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2012.03.22 16:53:45 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2012.03.22 16:53:45 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

cosinus · 04.07.2012, 16:24

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [IR_SERVER] C:\PROGRA~2\Realtek\REALTE~1\IR_SERVER.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Files
C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U
C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\@
C:\Users\***\AppData\Local\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\@
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

nimbu · 04.07.2012, 19:35

Fix durchgefüht. Hier die OTL-Datei

Code:

ATTFilter

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IR_SERVER deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== FILES ==========
C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U folder moved successfully.
C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\@ moved successfully.
C:\Users\***\AppData\Local\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\@ moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ***
->Temp folder emptied: 165760745 bytes
->Temporary Internet Files folder emptied: 60671824 bytes
->Java cache emptied: 1489512 bytes
->FireFox cache emptied: 1160658714 bytes
->Flash cache emptied: 10855 bytes
 
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 170465552 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52113068 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.537,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: ***
->Flash cache emptied: 0 bytes
 
User: ***
 
User: ***
 
User: ***
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07042012_195151

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Nach dem Neustart lief er jetzt für 20 min ohne einen erneuten Fund

Allerdings besteht immer noch das Problem mit der Firewall, genauer ich kann keine Änderungen an der Windows-Firewall vornehmen (wie bereits oben beschrieben). Die Fehlermeldung findest du im Anhang. Was bleibt noch zu tun?

cosinus · 05.07.2012, 10:08

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

nimbu · 05.07.2012, 22:09

Hi,
der TDSS-Killer hat nix gefunden. Hier der Report:

Code:

ATTFilter

23:02:23.0151 3312	TDSS rootkit removing tool 2.7.44.0 Jul  2 2012 20:01:08
23:02:23.0463 3312	============================================================
23:02:23.0463 3312	Current date / time: 2012/07/05 23:02:23.0463
23:02:23.0463 3312	SystemInfo:
23:02:23.0463 3312	
23:02:23.0463 3312	OS Version: 6.1.7601 ServicePack: 1.0
23:02:23.0463 3312	Product type: Workstation
23:02:23.0463 3312	ComputerName: ***-LAPTOP
23:02:23.0463 3312	UserName: ***
23:02:23.0463 3312	Windows directory: C:\Windows
23:02:23.0463 3312	System windows directory: C:\Windows
23:02:23.0463 3312	Running under WOW64
23:02:23.0463 3312	Processor architecture: Intel x64
23:02:23.0463 3312	Number of processors: 4
23:02:23.0463 3312	Page size: 0x1000
23:02:23.0463 3312	Boot type: Normal boot
23:02:23.0463 3312	============================================================
23:02:24.0274 3312	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:02:24.0290 3312	============================================================
23:02:24.0290 3312	\Device\Harddisk0\DR0:
23:02:24.0290 3312	MBR partitions:
23:02:24.0290 3312	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
23:02:24.0290 3312	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x124F7800
23:02:24.0290 3312	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14C3B800, BlocksNum 0x2574A800
23:02:24.0290 3312	============================================================
23:02:24.0321 3312	C: <-> \Device\Harddisk0\DR0\Partition1
23:02:24.0352 3312	E: <-> \Device\Harddisk0\DR0\Partition2
23:02:24.0352 3312	============================================================
23:02:24.0352 3312	Initialize success
23:02:24.0352 3312	============================================================
23:04:02.0757 5884	============================================================
23:04:02.0757 5884	Scan started
23:04:02.0757 5884	Mode: Manual; SigCheck; TDLFS; 
23:04:02.0757 5884	============================================================
23:04:03.0678 5884	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:04:03.0912 5884	1394ohci - ok
23:04:03.0959 5884	Acceler         (aedb94a49236f5ff060c90e09e70281f) C:\Windows\system32\DRIVERS\Accelern.sys
23:04:04.0005 5884	Acceler - ok
23:04:04.0115 5884	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:04:04.0130 5884	ACDaemon - ok
23:04:04.0177 5884	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:04:04.0208 5884	ACPI - ok
23:04:04.0239 5884	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:04:04.0317 5884	AcpiPmi - ok
23:04:04.0395 5884	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:04:04.0411 5884	AdobeARMservice - ok
23:04:04.0536 5884	AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:04:04.0551 5884	AdobeFlashPlayerUpdateSvc - ok
23:04:04.0614 5884	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:04:04.0661 5884	adp94xx - ok
23:04:04.0707 5884	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:04:04.0739 5884	adpahci - ok
23:04:04.0770 5884	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:04:04.0801 5884	adpu320 - ok
23:04:04.0848 5884	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:04:05.0019 5884	AeLookupSvc - ok
23:04:05.0113 5884	AERTFilters     (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
23:04:05.0129 5884	AERTFilters - ok
23:04:05.0222 5884	Afc             (0d0e5281784c2c526ba43c2ecd374288) C:\Windows\syswow64\drivers\Afc.sys
23:04:05.0238 5884	Afc - ok
23:04:05.0300 5884	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:04:05.0378 5884	AFD - ok
23:04:05.0409 5884	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:04:05.0441 5884	agp440 - ok
23:04:05.0472 5884	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:04:05.0534 5884	ALG - ok
23:04:05.0550 5884	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:04:05.0581 5884	aliide - ok
23:04:05.0612 5884	AMD External Events Utility (bf25b0b9355f735dad171e4366d77018) C:\Windows\system32\atiesrxx.exe
23:04:05.0721 5884	AMD External Events Utility - ok
23:04:05.0737 5884	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:04:05.0753 5884	amdide - ok
23:04:05.0784 5884	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:04:05.0799 5884	AmdK8 - ok
23:04:06.0252 5884	amdkmdag        (5e2bc632d187b6b8e5d8565813bb3c93) C:\Windows\system32\DRIVERS\atikmdag.sys
23:04:06.0533 5884	amdkmdag - ok
23:04:06.0657 5884	amdkmdap        (e25e26f6f97ae1b625bd4cbceaf88c91) C:\Windows\system32\DRIVERS\atikmpag.sys
23:04:06.0704 5884	amdkmdap - ok
23:04:06.0735 5884	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
23:04:06.0782 5884	AmdPPM - ok
23:04:06.0813 5884	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:04:06.0829 5884	amdsata - ok
23:04:06.0860 5884	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:04:06.0891 5884	amdsbs - ok
23:04:06.0907 5884	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:04:06.0923 5884	amdxata - ok
23:04:06.0954 5884	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:04:07.0141 5884	AppID - ok
23:04:07.0157 5884	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:04:07.0203 5884	AppIDSvc - ok
23:04:07.0235 5884	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:04:07.0328 5884	Appinfo - ok
23:04:07.0375 5884	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
23:04:07.0406 5884	AppMgmt - ok
23:04:07.0437 5884	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:04:07.0469 5884	arc - ok
23:04:07.0484 5884	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:04:07.0515 5884	arcsas - ok
23:04:07.0609 5884	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:04:07.0656 5884	aspnet_state - ok
23:04:07.0687 5884	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:04:07.0781 5884	AsyncMac - ok
23:04:07.0827 5884	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:04:07.0827 5884	atapi - ok
23:04:07.0905 5884	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:04:07.0999 5884	AudioEndpointBuilder - ok
23:04:07.0999 5884	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:04:08.0061 5884	AudioSrv - ok
23:04:08.0077 5884	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:04:08.0155 5884	AxInstSV - ok
23:04:08.0202 5884	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:04:08.0280 5884	b06bdrv - ok
23:04:08.0327 5884	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:04:08.0373 5884	b57nd60a - ok
23:04:08.0623 5884	BCM43XX         (783f1c7ed6b39454a8d1028d4f30768d) C:\Windows\system32\DRIVERS\bcmwl664.sys
23:04:08.0701 5884	BCM43XX - ok
23:04:08.0795 5884	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:04:08.0841 5884	BDESVC - ok
23:04:08.0857 5884	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:04:08.0935 5884	Beep - ok
23:04:08.0951 5884	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:04:08.0997 5884	blbdrive - ok
23:04:09.0029 5884	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:04:09.0075 5884	bowser - ok
23:04:09.0107 5884	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:04:09.0153 5884	BrFiltLo - ok
23:04:09.0153 5884	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:04:09.0200 5884	BrFiltUp - ok
23:04:09.0231 5884	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:04:09.0341 5884	Browser - ok
23:04:09.0372 5884	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:04:09.0419 5884	Brserid - ok
23:04:09.0419 5884	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:04:09.0465 5884	BrSerWdm - ok
23:04:09.0481 5884	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:04:09.0543 5884	BrUsbMdm - ok
23:04:09.0543 5884	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:04:09.0575 5884	BrUsbSer - ok
23:04:09.0606 5884	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
23:04:09.0684 5884	BthEnum - ok
23:04:09.0699 5884	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:04:09.0731 5884	BTHMODEM - ok
23:04:09.0762 5884	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:04:09.0809 5884	BthPan - ok
23:04:09.0871 5884	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
23:04:09.0933 5884	BTHPORT - ok
23:04:09.0965 5884	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:04:10.0027 5884	bthserv - ok
23:04:10.0058 5884	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
23:04:10.0074 5884	BTHUSB - ok
23:04:10.0136 5884	BTWAMPFL        (a0dfb69ade3444c78b17636fcf28e898) C:\Windows\system32\DRIVERS\btwampfl.sys
23:04:10.0167 5884	BTWAMPFL - ok
23:04:10.0199 5884	btwaudio        (f6135859a582a7294ba7a3336e08baa1) C:\Windows\system32\drivers\btwaudio.sys
23:04:10.0214 5884	btwaudio - ok
23:04:10.0245 5884	btwavdt         (3def2370e414b4e299673558ba171a51) C:\Windows\system32\DRIVERS\btwavdt.sys
23:04:10.0245 5884	btwavdt - ok
23:04:10.0355 5884	btwdins         (b7dea77ee893806859072274ee8ec8fc) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:04:10.0417 5884	btwdins - ok
23:04:10.0448 5884	btwl2cap        (9ad0fa253ed531d39fb2d74fe12a5fa9) C:\Windows\system32\DRIVERS\btwl2cap.sys
23:04:10.0464 5884	btwl2cap - ok
23:04:10.0479 5884	btwrchid        (9937e0e4dfc0030560a6dfe9d3a94b39) C:\Windows\system32\DRIVERS\btwrchid.sys
23:04:10.0495 5884	btwrchid - ok
23:04:10.0542 5884	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:04:10.0635 5884	cdfs - ok
23:04:10.0667 5884	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:04:10.0682 5884	cdrom - ok
23:04:10.0713 5884	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:04:10.0791 5884	CertPropSvc - ok
23:04:10.0823 5884	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:04:10.0854 5884	circlass - ok
23:04:10.0885 5884	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:04:10.0932 5884	CLFS - ok
23:04:11.0010 5884	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:04:11.0041 5884	clr_optimization_v2.0.50727_32 - ok
23:04:11.0088 5884	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:04:11.0119 5884	clr_optimization_v2.0.50727_64 - ok
23:04:11.0181 5884	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:04:11.0275 5884	clr_optimization_v4.0.30319_32 - ok
23:04:11.0306 5884	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:04:11.0353 5884	clr_optimization_v4.0.30319_64 - ok
23:04:11.0369 5884	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:04:11.0415 5884	CmBatt - ok
23:04:11.0431 5884	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:04:11.0462 5884	cmdide - ok
23:04:11.0525 5884	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:04:11.0587 5884	CNG - ok
23:04:11.0603 5884	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:04:11.0618 5884	Compbatt - ok
23:04:11.0634 5884	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:04:11.0665 5884	CompositeBus - ok
23:04:11.0681 5884	COMSysApp - ok
23:04:11.0696 5884	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:04:11.0712 5884	crcdisk - ok
23:04:11.0743 5884	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:04:11.0774 5884	CryptSvc - ok
23:04:11.0821 5884	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
23:04:11.0883 5884	CSC - ok
23:04:11.0946 5884	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
23:04:12.0008 5884	CscService - ok
23:04:12.0055 5884	CtClsFlt        (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys
23:04:12.0102 5884	CtClsFlt - ok
23:04:12.0351 5884	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:04:12.0398 5884	cvhsvc - ok
23:04:12.0539 5884	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:04:12.0617 5884	DcomLaunch - ok
23:04:12.0695 5884	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:04:12.0788 5884	defragsvc - ok
23:04:12.0835 5884	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:04:12.0913 5884	DfsC - ok
23:04:12.0960 5884	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:04:13.0038 5884	Dhcp - ok
23:04:13.0069 5884	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:04:13.0116 5884	discache - ok
23:04:13.0178 5884	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:04:13.0209 5884	Disk - ok
23:04:13.0241 5884	dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
23:04:13.0287 5884	dmvsc - ok
23:04:13.0350 5884	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:04:13.0412 5884	Dnscache - ok
23:04:13.0459 5884	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:04:13.0568 5884	dot3svc - ok
23:04:13.0693 5884	DpHost          (c43618154fc0c8480f53b04ba7a2f371) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
23:04:13.0724 5884	DpHost - ok
23:04:13.0802 5884	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:04:13.0880 5884	DPS - ok
23:04:13.0911 5884	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:04:13.0958 5884	drmkaud - ok
23:04:14.0052 5884	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:04:14.0114 5884	DXGKrnl - ok
23:04:14.0223 5884	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:04:14.0286 5884	EapHost - ok
23:04:14.0613 5884	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:04:14.0691 5884	ebdrv - ok
23:04:15.0003 5884	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:04:15.0050 5884	EFS - ok
23:04:15.0487 5884	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:04:15.0549 5884	ehRecvr - ok
23:04:15.0549 5884	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:04:15.0581 5884	ehSched - ok
23:04:15.0721 5884	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:04:15.0768 5884	elxstor - ok
23:04:15.0783 5884	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:04:15.0799 5884	ErrDev - ok
23:04:15.0846 5884	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:04:15.0908 5884	EventSystem - ok
23:04:15.0939 5884	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:04:16.0002 5884	exfat - ok
23:04:16.0080 5884	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:04:16.0158 5884	fastfat - ok
23:04:16.0220 5884	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:04:16.0298 5884	Fax - ok
23:04:16.0314 5884	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:04:16.0361 5884	fdc - ok
23:04:16.0392 5884	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:04:16.0454 5884	fdPHost - ok
23:04:16.0470 5884	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:04:16.0501 5884	FDResPub - ok
23:04:16.0517 5884	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:04:16.0532 5884	FileInfo - ok
23:04:16.0532 5884	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:04:16.0595 5884	Filetrace - ok
23:04:16.0626 5884	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:04:16.0657 5884	flpydisk - ok
23:04:16.0719 5884	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:04:16.0751 5884	FltMgr - ok
23:04:16.0797 5884	FLxHCIc         (f910874e4789dc95f37d2cf6285a85fa) C:\Windows\system32\DRIVERS\FLxHCIc.sys
23:04:16.0813 5884	FLxHCIc - ok
23:04:16.0844 5884	FLxHCIh         (b957f9a14f696dbc0dc65497aafd0ca4) C:\Windows\system32\DRIVERS\FLxHCIh.sys
23:04:16.0860 5884	FLxHCIh - ok
23:04:16.0938 5884	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:04:17.0047 5884	FontCache - ok
23:04:17.0109 5884	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:04:17.0125 5884	FontCache3.0.0.0 - ok
23:04:17.0156 5884	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:04:17.0172 5884	FsDepends - ok
23:04:17.0203 5884	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:04:17.0234 5884	Fs_Rec - ok
23:04:17.0265 5884	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:04:17.0312 5884	fvevol - ok
23:04:17.0359 5884	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:04:17.0375 5884	gagp30kx - ok
23:04:17.0437 5884	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:04:17.0531 5884	gpsvc - ok
23:04:17.0562 5884	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:04:17.0609 5884	hcw85cir - ok
23:04:17.0655 5884	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:04:17.0718 5884	HdAudAddService - ok
23:04:17.0749 5884	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:04:17.0796 5884	HDAudBus - ok
23:04:17.0811 5884	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:04:17.0827 5884	HidBatt - ok
23:04:17.0858 5884	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:04:17.0874 5884	HidBth - ok
23:04:17.0889 5884	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:04:17.0921 5884	HidIr - ok
23:04:17.0952 5884	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:04:18.0045 5884	hidserv - ok
23:04:18.0077 5884	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:04:18.0108 5884	HidUsb - ok
23:04:18.0155 5884	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:04:18.0248 5884	hkmsvc - ok
23:04:18.0264 5884	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:04:18.0295 5884	HomeGroupListener - ok
23:04:18.0326 5884	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:04:18.0357 5884	HomeGroupProvider - ok
23:04:18.0404 5884	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:04:18.0420 5884	HpSAMD - ok
23:04:18.0467 5884	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:04:18.0560 5884	HTTP - ok
23:04:18.0576 5884	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:04:18.0591 5884	hwpolicy - ok
23:04:18.0607 5884	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:04:18.0623 5884	i8042prt - ok
23:04:18.0654 5884	iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
23:04:18.0654 5884	iaStor - ok
23:04:18.0701 5884	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:04:18.0747 5884	iaStorV - ok
23:04:18.0857 5884	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:04:18.0919 5884	idsvc - ok
23:04:18.0950 5884	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:04:18.0981 5884	iirsp - ok
23:04:19.0059 5884	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:04:19.0200 5884	IKEEXT - ok
23:04:19.0340 5884	IntcAzAudAddService (1b491f385ee96f9d9ee4cb430c8cd29e) C:\Windows\system32\drivers\RTKVHD64.sys
23:04:19.0403 5884	IntcAzAudAddService - ok
23:04:19.0512 5884	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:04:19.0574 5884	IntcDAud - ok
23:04:19.0590 5884	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:04:19.0621 5884	intelide - ok
23:04:20.0073 5884	intelkmd        (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdpmd64.sys
23:04:20.0370 5884	intelkmd - ok
23:04:20.0479 5884	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:04:20.0510 5884	intelppm - ok
23:04:20.0541 5884	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:04:20.0635 5884	IPBusEnum - ok
23:04:20.0666 5884	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:04:20.0697 5884	IpFilterDriver - ok
23:04:20.0713 5884	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:04:20.0713 5884	IPMIDRV - ok
23:04:20.0744 5884	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:04:20.0807 5884	IPNAT - ok
23:04:20.0838 5884	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:04:20.0869 5884	IRENUM - ok
23:04:20.0885 5884	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:04:20.0900 5884	isapnp - ok
23:04:20.0916 5884	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:04:20.0931 5884	iScsiPrt - ok
23:04:20.0963 5884	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:04:20.0978 5884	kbdclass - ok
23:04:21.0009 5884	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:04:21.0041 5884	kbdhid - ok
23:04:21.0087 5884	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:04:21.0103 5884	KeyIso - ok
23:04:21.0134 5884	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:04:21.0150 5884	KSecDD - ok
23:04:21.0181 5884	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:04:21.0197 5884	KSecPkg - ok
23:04:21.0228 5884	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:04:21.0306 5884	ksthunk - ok
23:04:21.0337 5884	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:04:21.0431 5884	KtmRm - ok
23:04:21.0462 5884	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
23:04:21.0524 5884	LanmanServer - ok
23:04:21.0571 5884	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:04:21.0649 5884	LanmanWorkstation - ok
23:04:21.0680 5884	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:04:21.0711 5884	lltdio - ok
23:04:21.0758 5884	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:04:21.0852 5884	lltdsvc - ok
23:04:21.0852 5884	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:04:21.0883 5884	lmhosts - ok
23:04:21.0992 5884	LMS             (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:04:22.0023 5884	LMS - ok
23:04:22.0055 5884	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:04:22.0086 5884	LSI_FC - ok
23:04:22.0117 5884	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:04:22.0148 5884	LSI_SAS - ok
23:04:22.0164 5884	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:04:22.0179 5884	LSI_SAS2 - ok
23:04:22.0211 5884	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:04:22.0211 5884	LSI_SCSI - ok
23:04:22.0226 5884	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:04:22.0273 5884	luafv - ok
23:04:22.0304 5884	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
23:04:22.0320 5884	MBAMProtector - ok
23:04:22.0367 5884	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:04:22.0413 5884	MBAMService - ok
23:04:22.0445 5884	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:04:22.0476 5884	Mcx2Svc - ok
23:04:22.0507 5884	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:04:22.0538 5884	megasas - ok
23:04:22.0569 5884	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:04:22.0601 5884	MegaSR - ok
23:04:22.0647 5884	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
23:04:22.0663 5884	MEIx64 - ok
23:04:22.0694 5884	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:04:22.0757 5884	MMCSS - ok
23:04:22.0772 5884	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:04:22.0803 5884	Modem - ok
23:04:22.0850 5884	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:04:22.0881 5884	monitor - ok
23:04:22.0913 5884	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:04:22.0928 5884	mouclass - ok
23:04:22.0944 5884	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:04:22.0959 5884	mouhid - ok
23:04:22.0991 5884	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:04:23.0022 5884	mountmgr - ok
23:04:23.0115 5884	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:04:23.0147 5884	MozillaMaintenance - ok
23:04:23.0162 5884	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:04:23.0193 5884	mpio - ok
23:04:23.0209 5884	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:04:23.0256 5884	mpsdrv - ok
23:04:23.0271 5884	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:04:23.0287 5884	MRxDAV - ok
23:04:23.0412 5884	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:04:23.0474 5884	mrxsmb - ok
23:04:23.0552 5884	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:04:23.0599 5884	mrxsmb10 - ok
23:04:23.0630 5884	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:04:23.0661 5884	mrxsmb20 - ok
23:04:23.0708 5884	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:04:23.0739 5884	msahci - ok
23:04:23.0895 5884	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:04:23.0927 5884	msdsm - ok
23:04:24.0036 5884	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:04:24.0083 5884	MSDTC - ok
23:04:24.0129 5884	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:04:24.0161 5884	Msfs - ok
23:04:24.0176 5884	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:04:24.0223 5884	mshidkmdf - ok
23:04:24.0254 5884	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:04:24.0254 5884	msisadrv - ok
23:04:24.0301 5884	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:04:24.0379 5884	MSiSCSI - ok
23:04:24.0379 5884	msiserver - ok
23:04:24.0426 5884	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:04:24.0504 5884	MSKSSRV - ok
23:04:24.0551 5884	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:04:24.0644 5884	MSPCLOCK - ok
23:04:24.0660 5884	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:04:24.0691 5884	MSPQM - ok
23:04:24.0722 5884	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:04:24.0738 5884	MsRPC - ok
23:04:24.0753 5884	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:04:24.0769 5884	mssmbios - ok
23:04:24.0785 5884	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:04:24.0816 5884	MSTEE - ok
23:04:24.0816 5884	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:04:24.0831 5884	MTConfig - ok
23:04:24.0831 5884	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:04:24.0847 5884	Mup - ok
23:04:24.0894 5884	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:04:24.0987 5884	napagent - ok
23:04:25.0050 5884	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:04:25.0112 5884	NativeWifiP - ok
23:04:25.0175 5884	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
23:04:25.0237 5884	NDIS - ok
23:04:25.0268 5884	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:04:25.0331 5884	NdisCap - ok
23:04:25.0346 5884	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:04:25.0362 5884	NdisTapi - ok
23:04:25.0377 5884	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:04:25.0409 5884	Ndisuio - ok
23:04:25.0409 5884	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:04:25.0455 5884	NdisWan - ok
23:04:25.0455 5884	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:04:25.0487 5884	NDProxy - ok
23:04:25.0502 5884	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:04:25.0549 5884	NetBIOS - ok
23:04:25.0565 5884	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:04:25.0596 5884	NetBT - ok
23:04:25.0611 5884	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:04:25.0611 5884	Netlogon - ok
23:04:25.0658 5884	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:04:25.0705 5884	Netman - ok
23:04:25.0814 5884	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:04:25.0845 5884	NetMsmqActivator - ok
23:04:25.0861 5884	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:04:25.0877 5884	NetPipeActivator - ok
23:04:25.0908 5884	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:04:26.0001 5884	netprofm - ok
23:04:26.0017 5884	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:04:26.0033 5884	NetTcpActivator - ok
23:04:26.0048 5884	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:04:26.0048 5884	NetTcpPortSharing - ok
23:04:26.0111 5884	netvsc          (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
23:04:26.0157 5884	netvsc - ok
23:04:26.0189 5884	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:04:26.0220 5884	nfrd960 - ok
23:04:26.0267 5884	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:04:26.0360 5884	NlaSvc - ok
23:04:26.0563 5884	NOBU            (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
23:04:26.0688 5884	NOBU - ok
23:04:26.0781 5884	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:04:26.0859 5884	Npfs - ok
23:04:26.0891 5884	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:04:26.0922 5884	nsi - ok
23:04:26.0937 5884	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:04:27.0015 5884	nsiproxy - ok
23:04:27.0109 5884	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:04:27.0234 5884	Ntfs - ok
23:04:27.0390 5884	ntrtscan        (f632dd8aa5c388d1d0528a876a71320d) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
23:04:27.0499 5884	ntrtscan - ok
23:04:27.0577 5884	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:04:27.0671 5884	Null - ok
23:04:27.0686 5884	nusb3hub        (d584abb6a308933a5f72b46c9e5a783f) C:\Windows\system32\drivers\nusb3hub.sys
23:04:27.0717 5884	nusb3hub - ok
23:04:27.0749 5884	nusb3xhc        (345b9c04e2036da4346e3249a5bdfd06) C:\Windows\system32\drivers\nusb3xhc.sys
23:04:27.0795 5884	nusb3xhc - ok
23:04:27.0842 5884	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:04:27.0873 5884	nvraid - ok
23:04:27.0905 5884	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:04:27.0951 5884	nvstor - ok
23:04:27.0967 5884	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:04:27.0983 5884	nv_agp - ok
23:04:27.0983 5884	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:04:28.0014 5884	ohci1394 - ok
23:04:28.0092 5884	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:04:28.0123 5884	ose - ok
23:04:28.0388 5884	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:04:28.0591 5884	osppsvc - ok
23:04:28.0685 5884	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:04:28.0716 5884	p2pimsvc - ok
23:04:28.0763 5884	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:04:28.0809 5884	p2psvc - ok
23:04:28.0856 5884	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:04:28.0887 5884	Parport - ok
23:04:28.0919 5884	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:04:28.0950 5884	partmgr - ok
23:04:28.0981 5884	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:04:29.0043 5884	PcaSvc - ok
23:04:29.0153 5884	PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
23:04:29.0199 5884	PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
23:04:29.0231 5884	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:04:29.0246 5884	pci - ok
23:04:29.0277 5884	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:04:29.0293 5884	pciide - ok
23:04:29.0340 5884	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:04:29.0371 5884	pcmcia - ok
23:04:29.0402 5884	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:04:29.0418 5884	pcw - ok
23:04:29.0465 5884	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:04:29.0589 5884	PEAUTH - ok
23:04:29.0667 5884	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
23:04:29.0761 5884	PeerDistSvc - ok
23:04:29.0839 5884	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:04:29.0870 5884	PerfHost - ok
23:04:30.0011 5884	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:04:30.0135 5884	pla - ok
23:04:30.0182 5884	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:04:30.0245 5884	PlugPlay - ok
23:04:30.0260 5884	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:04:30.0291 5884	PNRPAutoReg - ok
23:04:30.0323 5884	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:04:30.0369 5884	PNRPsvc - ok
23:04:30.0416 5884	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:04:30.0525 5884	PolicyAgent - ok
23:04:30.0572 5884	Power           (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
23:04:30.0588 5884	Power - ok
23:04:30.0635 5884	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:04:30.0728 5884	PptpMiniport - ok
23:04:30.0744 5884	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:04:30.0775 5884	Processor - ok
23:04:30.0806 5884	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
23:04:30.0853 5884	ProfSvc - ok
23:04:30.0884 5884	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:04:30.0915 5884	ProtectedStorage - ok
23:04:30.0962 5884	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:04:31.0040 5884	Psched - ok
23:04:31.0071 5884	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:04:31.0087 5884	PxHlpa64 - ok
23:04:31.0181 5884	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:04:31.0274 5884	ql2300 - ok
23:04:31.0368 5884	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:04:31.0399 5884	ql40xx - ok
23:04:31.0430 5884	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:04:31.0477 5884	QWAVE - ok
23:04:31.0493 5884	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:04:31.0539 5884	QWAVEdrv - ok
23:04:31.0617 5884	RapiMgr         (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
23:04:31.0649 5884	RapiMgr - ok
23:04:31.0680 5884	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:04:31.0758 5884	RasAcd - ok
23:04:31.0789 5884	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:04:31.0820 5884	RasAgileVpn - ok
23:04:31.0851 5884	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:04:31.0945 5884	RasAuto - ok
23:04:31.0961 5884	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:04:32.0039 5884	Rasl2tp - ok
23:04:32.0070 5884	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:04:32.0085 5884	RasMan - ok
23:04:32.0117 5884	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:04:32.0210 5884	RasPppoe - ok
23:04:32.0226 5884	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:04:32.0257 5884	RasSstp - ok
23:04:32.0288 5884	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:04:32.0319 5884	rdbss - ok
23:04:32.0335 5884	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:04:32.0351 5884	rdpbus - ok
23:04:32.0366 5884	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:04:32.0382 5884	RDPCDD - ok
23:04:32.0413 5884	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
23:04:32.0460 5884	RDPDR - ok
23:04:32.0491 5884	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:04:32.0585 5884	RDPENCDD - ok
23:04:32.0600 5884	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:04:32.0631 5884	RDPREFMP - ok
23:04:32.0663 5884	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:04:32.0709 5884	RDPWD - ok
23:04:32.0756 5884	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:04:32.0787 5884	rdyboost - ok
23:04:32.0819 5884	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:04:32.0897 5884	RemoteAccess - ok
23:04:32.0943 5884	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:04:33.0006 5884	RemoteRegistry - ok
23:04:33.0053 5884	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:04:33.0084 5884	RFCOMM - ok
23:04:33.0255 5884	RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
23:04:33.0333 5884	RoxMediaDB12OEM - ok
23:04:33.0380 5884	RoxWatch12      (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
23:04:33.0411 5884	RoxWatch12 - ok
23:04:33.0489 5884	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:04:33.0583 5884	RpcEptMapper - ok
23:04:33.0599 5884	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:04:33.0630 5884	RpcLocator - ok
23:04:33.0692 5884	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:04:33.0739 5884	RpcSs - ok
23:04:33.0786 5884	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:04:33.0848 5884	rspndr - ok
23:04:33.0895 5884	RSUSBSTOR       (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys
23:04:33.0911 5884	RSUSBSTOR - ok
23:04:33.0957 5884	RTL2832UBDA     (0bc1f83dc9cd93e233d7a5c0dfab9a12) C:\Windows\system32\drivers\RTL2832UBDA.sys
23:04:33.0973 5884	RTL2832UBDA - ok
23:04:34.0020 5884	RTL2832UUSB     (06560c03cac954b02cdda6aea1ba530c) C:\Windows\system32\Drivers\RTL2832UUSB.sys
23:04:34.0035 5884	RTL2832UUSB - ok
23:04:34.0098 5884	RTL2832U_IRHID  (ed0504e312ca3db775beabd47b49c660) C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys
23:04:34.0113 5884	RTL2832U_IRHID - ok
23:04:34.0176 5884	RTL8167         (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:04:34.0207 5884	RTL8167 - ok
23:04:34.0223 5884	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
23:04:34.0254 5884	s3cap - ok
23:04:34.0269 5884	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:04:34.0301 5884	SamSs - ok
23:04:34.0332 5884	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:04:34.0347 5884	sbp2port - ok
23:04:34.0379 5884	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:04:34.0457 5884	SCardSvr - ok
23:04:34.0472 5884	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:04:34.0550 5884	scfilter - ok
23:04:34.0597 5884	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:04:34.0691 5884	Schedule - ok
23:04:34.0722 5884	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:04:34.0737 5884	SCPolicySvc - ok
23:04:34.0769 5884	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:04:34.0815 5884	SDRSVC - ok
23:04:34.0862 5884	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:04:34.0940 5884	secdrv - ok
23:04:34.0956 5884	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:04:34.0971 5884	seclogon - ok
23:04:34.0987 5884	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:04:35.0018 5884	SENS - ok
23:04:35.0034 5884	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:04:35.0049 5884	SensrSvc - ok
23:04:35.0081 5884	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:04:35.0112 5884	Serenum - ok
23:04:35.0127 5884	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:04:35.0174 5884	Serial - ok
23:04:35.0190 5884	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:04:35.0237 5884	sermouse - ok
23:04:35.0283 5884	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:04:35.0346 5884	SessionEnv - ok
23:04:35.0346 5884	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:04:35.0361 5884	sffdisk - ok
23:04:35.0361 5884	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:04:35.0393 5884	sffp_mmc - ok
23:04:35.0393 5884	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:04:35.0408 5884	sffp_sd - ok
23:04:35.0408 5884	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:04:35.0439 5884	sfloppy - ok
23:04:35.0486 5884	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
23:04:35.0533 5884	Sftfs - ok
23:04:35.0627 5884	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:04:35.0673 5884	sftlist - ok
23:04:35.0705 5884	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:04:35.0736 5884	Sftplay - ok
23:04:35.0751 5884	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:04:35.0767 5884	Sftredir - ok
23:04:35.0783 5884	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
23:04:35.0783 5884	Sftvol - ok
23:04:35.0814 5884	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:04:35.0814 5884	sftvsa - ok
23:04:35.0861 5884	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:04:35.0892 5884	ShellHWDetection - ok
23:04:35.0923 5884	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:04:35.0923 5884	SiSRaid2 - ok
23:04:35.0939 5884	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:04:35.0954 5884	SiSRaid4 - ok
23:04:35.0985 5884	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
23:04:36.0017 5884	SkypeUpdate - ok
23:04:36.0032 5884	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:04:36.0110 5884	Smb - ok
23:04:36.0141 5884	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:04:36.0157 5884	SNMPTRAP - ok
23:04:36.0173 5884	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:04:36.0173 5884	spldr - ok
23:04:36.0219 5884	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:04:36.0313 5884	Spooler - ok
23:04:36.0453 5884	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:04:36.0578 5884	sppsvc - ok
23:04:36.0672 5884	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:04:36.0750 5884	sppuinotify - ok
23:04:36.0828 5884	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:04:36.0890 5884	srv - ok
23:04:36.0921 5884	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:04:36.0968 5884	srv2 - ok
23:04:36.0999 5884	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:04:37.0031 5884	srvnet - ok
23:04:37.0093 5884	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:04:37.0187 5884	SSDPSRV - ok
23:04:37.0249 5884	SSPORT          (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
23:04:37.0265 5884	SSPORT - ok
23:04:37.0280 5884	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:04:37.0343 5884	SstpSvc - ok
23:04:37.0358 5884	stdcfltn        (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
23:04:37.0374 5884	stdcfltn - ok
23:04:37.0389 5884	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:04:37.0421 5884	stexstor - ok
23:04:37.0467 5884	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:04:37.0545 5884	stisvc - ok
23:04:37.0608 5884	stllssvr        (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
23:04:37.0639 5884	stllssvr - ok
23:04:37.0655 5884	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
23:04:37.0717 5884	StorSvc - ok
23:04:37.0733 5884	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
23:04:37.0764 5884	storvsc - ok
23:04:37.0826 5884	svcGenericHost  (15323ae5d254aa1d389522166e6f4244) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
23:04:37.0842 5884	svcGenericHost - ok
23:04:37.0873 5884	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:04:37.0904 5884	swenum - ok
23:04:37.0951 5884	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:04:38.0060 5884	swprv - ok
23:04:38.0091 5884	SynthVid        (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
23:04:38.0123 5884	SynthVid - ok
23:04:38.0232 5884	SynTP           (aad83760a0887975d8f524b4d2c86060) C:\Windows\system32\DRIVERS\SynTP.sys
23:04:38.0294 5884	SynTP - ok
23:04:38.0466 5884	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:04:38.0575 5884	SysMain - ok
23:04:38.0637 5884	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:04:38.0684 5884	TabletInputService - ok
23:04:38.0715 5884	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:04:38.0825 5884	TapiSrv - ok
23:04:38.0856 5884	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:04:38.0871 5884	TBS - ok
23:04:39.0012 5884	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:04:39.0137 5884	Tcpip - ok
23:04:39.0277 5884	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:04:39.0371 5884	TCPIP6 - ok
23:04:39.0433 5884	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:04:39.0527 5884	tcpipreg - ok
23:04:39.0542 5884	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:04:39.0573 5884	TDPIPE - ok
23:04:39.0589 5884	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:04:39.0605 5884	TDTCP - ok
23:04:39.0636 5884	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:04:39.0683 5884	tdx - ok
23:04:39.0714 5884	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
23:04:39.0729 5884	TermDD - ok
23:04:39.0776 5884	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:04:39.0885 5884	TermService - ok
23:04:39.0901 5884	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:04:39.0917 5884	Themes - ok
23:04:39.0932 5884	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:04:39.0963 5884	THREADORDER - ok
23:04:40.0057 5884	TMBMServer      (963c903e5176c5cdcae321d48635b21f) c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
23:04:40.0104 5884	TMBMServer - ok
23:04:40.0182 5884	TmFilter        (8b97ba7e28bd39a2bc4a2bb66a83fec0) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys
23:04:40.0213 5884	TmFilter - ok
23:04:40.0322 5884	tmlisten        (e5f23152b394fdebc53b07e2b2e64c62) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
23:04:40.0400 5884	tmlisten - ok
23:04:40.0525 5884	tmlwf           (b5c00fc8786a237937c33aabee68ca26) C:\Windows\system32\DRIVERS\tmlwf.sys
23:04:40.0541 5884	tmlwf - ok
23:04:40.0665 5884	TmPfw           (48d09383511757645c0a828622ef5ab3) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe
23:04:40.0728 5884	TmPfw - ok
23:04:40.0728 5884	TmPreFilter     (1889f49a828b1cf0e2866cdd325875b0) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys
23:04:40.0759 5884	TmPreFilter - ok
23:04:40.0806 5884	TmProxy         (19d6f618802f93c0ed9ea89e5cd6e12e) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
23:04:40.0868 5884	TmProxy - ok
23:04:40.0977 5884	tmtdi           (a42e6780c52b248af54c6010a9a93384) C:\Windows\system32\DRIVERS\tmtdi.sys
23:04:40.0993 5884	tmtdi - ok
23:04:41.0055 5884	tmwfp           (5d38c32a4b093bc8190cf3fb9078c9cd) C:\Windows\system32\DRIVERS\tmwfp.sys
23:04:41.0087 5884	tmwfp - ok
23:04:41.0118 5884	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:04:41.0180 5884	TrkWks - ok
23:04:41.0243 5884	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:04:41.0321 5884	TrustedInstaller - ok
23:04:41.0352 5884	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:04:41.0383 5884	tssecsrv - ok
23:04:41.0414 5884	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:04:41.0461 5884	TsUsbFlt - ok
23:04:41.0461 5884	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:04:41.0492 5884	TsUsbGD - ok
23:04:41.0508 5884	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:04:41.0586 5884	tunnel - ok
23:04:41.0601 5884	TurboB          (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
23:04:41.0601 5884	TurboB - ok
23:04:41.0648 5884	TurboBoost      (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
23:04:41.0679 5884	TurboBoost - ok
23:04:41.0711 5884	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:04:41.0726 5884	uagp35 - ok
23:04:41.0742 5884	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:04:41.0835 5884	udfs - ok
23:04:41.0851 5884	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:04:41.0882 5884	UI0Detect - ok
23:04:41.0898 5884	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:04:41.0929 5884	uliagpkx - ok
23:04:41.0945 5884	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:04:41.0991 5884	umbus - ok
23:04:42.0007 5884	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:04:42.0038 5884	UmPass - ok
23:04:42.0085 5884	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
23:04:42.0132 5884	UmRdpService - ok
23:04:42.0303 5884	UNS             (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:04:42.0444 5884	UNS - ok
23:04:42.0537 5884	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:04:42.0647 5884	upnphost - ok
23:04:42.0709 5884	usbccgp         (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
23:04:42.0725 5884	usbccgp - ok
23:04:42.0756 5884	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:04:42.0787 5884	usbcir - ok
23:04:42.0803 5884	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:04:42.0834 5884	usbehci - ok
23:04:42.0865 5884	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:04:42.0912 5884	usbhub - ok
23:04:42.0927 5884	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:04:42.0974 5884	usbohci - ok
23:04:42.0990 5884	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
23:04:43.0037 5884	usbprint - ok
23:04:43.0052 5884	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:04:43.0083 5884	USBSTOR - ok
23:04:43.0115 5884	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:04:43.0161 5884	usbuhci - ok
23:04:43.0208 5884	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
23:04:43.0255 5884	usbvideo - ok
23:04:43.0286 5884	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:04:43.0333 5884	UxSms - ok
23:04:43.0349 5884	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:04:43.0364 5884	VaultSvc - ok
23:04:43.0520 5884	vcsFPService    (20bf96c13db4ba085d98f4700f3b05fe) C:\Windows\system32\vcsFPService.exe
23:04:43.0645 5884	vcsFPService - ok
23:04:43.0739 5884	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:04:43.0754 5884	vdrvroot - ok
23:04:43.0801 5884	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:04:43.0910 5884	vds - ok
23:04:43.0926 5884	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:04:43.0941 5884	vga - ok
23:04:43.0957 5884	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:04:43.0988 5884	VgaSave - ok
23:04:44.0019 5884	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:04:44.0035 5884	vhdmp - ok
23:04:44.0035 5884	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:04:44.0051 5884	viaide - ok
23:04:44.0082 5884	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
23:04:44.0113 5884	VMBusHID - ok
23:04:44.0129 5884	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:04:44.0144 5884	volmgr - ok
23:04:44.0191 5884	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:04:44.0222 5884	volmgrx - ok
23:04:44.0253 5884	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:04:44.0285 5884	volsnap - ok
23:04:44.0456 5884	VSApiNt         (3a5862d9a4fe4bbb2ffa1700e2b21b9b) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys
23:04:44.0534 5884	VSApiNt - ok
23:04:44.0628 5884	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:04:44.0659 5884	vsmraid - ok
23:04:44.0768 5884	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:04:44.0893 5884	VSS - ok
23:04:44.0940 5884	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:04:44.0987 5884	vwifibus - ok
23:04:45.0018 5884	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:04:45.0065 5884	vwififlt - ok
23:04:45.0127 5884	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:04:45.0189 5884	W32Time - ok
23:04:45.0221 5884	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:04:45.0236 5884	WacomPen - ok
23:04:45.0267 5884	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:04:45.0345 5884	WANARP - ok
23:04:45.0361 5884	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:04:45.0392 5884	Wanarpv6 - ok
23:04:45.0470 5884	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:04:45.0579 5884	wbengine - ok
23:04:45.0673 5884	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:04:45.0720 5884	WbioSrvc - ok
23:04:45.0813 5884	WcesComm        (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
23:04:45.0845 5884	WcesComm - ok
23:04:45.0876 5884	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:04:45.0954 5884	wcncsvc - ok
23:04:45.0969 5884	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:04:46.0016 5884	WcsPlugInService - ok
23:04:46.0063 5884	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:04:46.0094 5884	Wd - ok
23:04:46.0125 5884	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:04:46.0188 5884	Wdf01000 - ok
23:04:46.0219 5884	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:04:46.0313 5884	WdiServiceHost - ok
23:04:46.0328 5884	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:04:46.0359 5884	WdiSystemHost - ok
23:04:46.0391 5884	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:04:46.0422 5884	WebClient - ok
23:04:46.0437 5884	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:04:46.0515 5884	Wecsvc - ok
23:04:46.0531 5884	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:04:46.0562 5884	wercplsupport - ok
23:04:46.0578 5884	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:04:46.0609 5884	WerSvc - ok
23:04:46.0656 5884	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:04:46.0718 5884	WfpLwf - ok
23:04:46.0734 5884	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:04:46.0749 5884	WIMMount - ok
23:04:46.0749 5884	WinHttpAutoProxySvc - ok
23:04:46.0796 5884	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:04:46.0890 5884	Winmgmt - ok
23:04:46.0983 5884	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:04:47.0124 5884	WinRM - ok
23:04:47.0249 5884	WinUSB          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
23:04:47.0295 5884	WinUSB - ok
23:04:47.0358 5884	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:04:47.0436 5884	Wlansvc - ok
23:04:47.0498 5884	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:04:47.0514 5884	wlcrasvc - ok
23:04:47.0701 5884	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:04:47.0826 5884	wlidsvc - ok
23:04:47.0919 5884	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:04:47.0951 5884	WmiAcpi - ok
23:04:48.0013 5884	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:04:48.0060 5884	wmiApSrv - ok
23:04:48.0107 5884	WMPNetworkSvc - ok
23:04:48.0153 5884	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:04:48.0185 5884	WPCSvc - ok
23:04:48.0200 5884	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:04:48.0247 5884	WPDBusEnum - ok
23:04:48.0263 5884	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:04:48.0341 5884	ws2ifsl - ok
23:04:48.0356 5884	WSearch - ok
23:04:48.0387 5884	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:04:48.0419 5884	WudfPf - ok
23:04:48.0450 5884	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:04:48.0481 5884	WUDFRd - ok
23:04:48.0497 5884	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:04:48.0512 5884	wudfsvc - ok
23:04:48.0543 5884	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:04:48.0559 5884	WwanSvc - ok
23:04:48.0590 5884	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:04:48.0871 5884	\Device\Harddisk0\DR0 - ok
23:04:48.0887 5884	Boot (0x1200)   (c3a300e8db7622e6f74ceb12e4bc07ce) \Device\Harddisk0\DR0\Partition0
23:04:48.0887 5884	\Device\Harddisk0\DR0\Partition0 - ok
23:04:48.0918 5884	Boot (0x1200)   (080b07f6917fde64ced87bde719a2e87) \Device\Harddisk0\DR0\Partition1
23:04:48.0918 5884	\Device\Harddisk0\DR0\Partition1 - ok
23:04:48.0949 5884	Boot (0x1200)   (5cc295ec1bbcecb5c6e1577a0f39123b) \Device\Harddisk0\DR0\Partition2
23:04:48.0949 5884	\Device\Harddisk0\DR0\Partition2 - ok
23:04:48.0949 5884	============================================================
23:04:48.0949 5884	Scan finished
23:04:48.0949 5884	============================================================
23:04:48.0980 5440	Detected object count: 0
23:04:48.0980 5440	Actual detected object count: 0

Firewall geht weiterhin nicht!

cosinus · 06.07.2012, 09:30

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

nimbu · 07.07.2012, 07:23

Hi,
Combofix lief. Die Fehlermeldungen kamen auch, allerdings sind sie nach dem Neustart verschwunden. Die Firewall funzt auch wieder!

Hier noch das Logfile vom COmbofix

Code:

ATTFilter

ComboFix 12-07-06.02 - *** 07.07.2012   0:44.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3990.2560 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Trend Micro Client/Server Security Agent *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
FW: Trend Micro Personal Firewall *Enabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}
SP: Trend Micro Client/Server Security Agent Anti-Spyware *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\16ab6978-b6b5-41fa-81a1-8bffc55a69b9.dll
c:\programdata\PCDr\5907\Downloads\9a727e3b-3b75-44f1-aa0c-b5b6cd760030.dll
c:\programdata\PCDr\5907\Downloads\a31dcb19-c462-4b91-b5af-0c0196d8d501.dll
c:\programdata\PCDr\5907\Downloads\eb1a169a-7868-4b2c-ae46-52b55b4db151.dll
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-06 bis 2012-07-06  ))))))))))))))))))))))))))))))
.
.
2012-07-06 22:49 . 2012-07-06 22:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-04 17:51 . 2012-07-04 17:51	--------	d-----w-	C:\_OTL
2012-07-03 05:18 . 2012-07-03 05:18	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-07-03 05:14 . 2012-07-03 05:14	--------	d-----w-	c:\program files (x86)\ESET
2012-07-02 19:52 . 2012-07-02 19:52	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-07-02 19:52 . 2012-07-02 19:52	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-02 19:52 . 2012-07-02 19:52	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-02 19:52 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-25 21:07 . 2012-06-26 05:18	--------	d-----w-	c:\users\***\AppData\Roaming\dvdcss
2012-06-25 21:07 . 2012-06-26 05:19	--------	d-----w-	c:\users\***\AppData\Roaming\vlc
2012-06-25 21:05 . 2012-06-25 21:05	--------	d-----w-	c:\program files (x86)\VideoLAN
2012-06-25 18:41 . 2012-06-25 18:41	--------	d-----w-	c:\program files (x86)\DVD Shrink
2012-06-24 17:18 . 2012-06-24 17:18	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-24 17:18 . 2012-06-24 17:18	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-24 15:56 . 2012-07-05 06:13	--------	d-----w-	c:\programdata\DVD Shrink
2012-06-21 06:31 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 06:31 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 06:31 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 06:31 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 06:31 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 06:31 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 06:31 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 06:31 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 06:31 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-14 18:37 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-11 19:28 . 2012-06-11 19:28	--------	d-----w-	c:\users\***\AppData\Local\Macromedia
2012-06-07 20:53 . 2012-06-07 20:54	--------	d-----w-	c:\program files (x86)\USB Media Adaptor
2012-06-07 20:52 . 1998-10-29 14:45	306688	----a-w-	c:\windows\IsUninst.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-01 17:49 . 2012-04-21 21:17	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-01 17:49 . 2012-03-22 12:10	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-22 11:16 . 2010-06-24 16:33	19352	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-17 343168]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2012-01-09 1712656]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"STO Backup Service"="c:\program files (x86)\SmarThru Office\BackUpSvr.exe" [2011-09-15 199760]
"STO Launcher Service"="c:\program files (x86)\SmarThru Office\x64\LegacyLauncher.exe" [2011-09-15 405584]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2012-5-5 268864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	DPPassFilter scecli
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 257224]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-09-14 95744]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-09-14 212992]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2011-06-13 48488]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2011-05-17 225256]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2011-05-17 39016]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-11-08 196688]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-17 203264]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-14 11576]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2012-02-07 50704]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-07-12 342288]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-07-12 42768]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-11-08 338000]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-10-07 3137840]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-09-29 27760]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-17 9319424]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-17 304128]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-01-14 349736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-01-14 39464]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-09-05 212544]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-09-05 69184]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2010-07-21 596032]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy-Dienst;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-04-26 918032]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - TMWFP
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 17:49]
.
2012-06-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-07-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-10-01 727664]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-03-11 4500640]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 438784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9lp1iowa.default\
FF - prefs.js: network.proxy.type - 0
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre7\bin\jusched.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe
c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-07  01:00:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-06 23:00
.
Vor Suchlauf: 13 Verzeichnis(se), 101.626.404.864 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 101.315.457.024 Bytes frei
.
- - End Of File - - D1BFFFD07D7753D796F57339B5681410

Ist der Rechner jetzt wieder clean?

Und noch eine Frage. Mein Laptop ist per WLAN mit einer externen Festplatte verbunden. Kann sich die Malware auch dort eingenistet haben?

nimbu · 08.07.2012, 08:07

Hi,
gestern hatte Trend Micro wieder einen Fudn gemeldet. Ich war mir aber nciht sicher ob, das womöglich nur eine Datei aus einer der Quarantänen war. Ich habe daraufhin nochmal Malwarebytes und Eset scannen lassen, wie beim ersten mal beschrieben. Hier die Log-files.

Trendmicro

Code:

ATTFilter

20120701<;>1948<;>TROJ_GEN.RFFCDG1<;>10<;>1<;>0<;>C:\Users\***\AppData\Local\Temp\2222125.exe<;>
20120701<;>1948<;>TROJ_SIREF64.SM<;>1<;>1<;>0<;>C:\Users\***\AppData\Local\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\n<;>
20120701<;>1949<;>TROJ_SIREF64.SM<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\n<;>
20120701<;>1949<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>1953<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>1957<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2002<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2006<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2010<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2015<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2019<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2023<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2027<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2032<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2036<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2040<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2044<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2049<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2053<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2057<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2101<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2106<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2110<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2114<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2119<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2123<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2127<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2131<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2136<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2140<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2144<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2149<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2153<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2157<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2201<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2205<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2211<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2215<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2219<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2224<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2228<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2232<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2237<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2241<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2245<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2249<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2254<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2258<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2302<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120701<;>2306<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2151<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2156<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2200<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2204<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2209<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2213<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2217<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2221<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2226<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2230<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2234<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2238<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2243<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2247<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2251<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2255<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2300<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2304<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2308<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2313<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2317<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2321<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2325<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2330<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2334<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2338<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2342<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2347<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2351<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2355<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120702<;>2359<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>4<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>8<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>12<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>16<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>21<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>25<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>29<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>34<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>38<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>42<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>46<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>51<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>55<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>59<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>103<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>108<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>112<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>116<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>121<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>125<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>129<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>133<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>138<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>142<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>146<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>150<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>155<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>159<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>203<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>207<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>212<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>216<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>220<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>225<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>229<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>233<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>237<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>242<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>246<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>250<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>254<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>259<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>303<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>307<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>311<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>316<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>320<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>324<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>329<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>333<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>337<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>341<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>346<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>350<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>354<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>359<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>403<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>407<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>411<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>415<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>420<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>424<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>428<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>433<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>437<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>441<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>445<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>450<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>454<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>458<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>502<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>507<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>511<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>515<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>519<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>524<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>528<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>532<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>536<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>541<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>545<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>549<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>554<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>558<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>602<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>606<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>611<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>615<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>619<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>623<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>628<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>632<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>636<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>641<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>645<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>649<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>653<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>658<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>702<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>706<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>710<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>1022<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>1022<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>1022<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>1022<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>1027<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>1027<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2016<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2016<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2020<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2020<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2024<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2024<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2028<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2029<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2033<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2033<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2037<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2037<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2041<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2042<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2046<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2046<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2050<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2050<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2054<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2054<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2058<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2058<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2103<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2103<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2107<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2107<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2111<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2113<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2115<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2116<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2120<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2120<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2124<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2124<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2128<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2128<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2132<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2133<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2138<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2139<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2141<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2141<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2145<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2146<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2150<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2150<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2154<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2154<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2158<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2158<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2202<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2202<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2207<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2207<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2211<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2212<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2215<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2215<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2219<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2220<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2224<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2224<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2228<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2228<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2232<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2233<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2237<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2237<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2241<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2241<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2245<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2246<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2249<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2249<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2254<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2254<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2258<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2258<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2302<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2302<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2306<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2306<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2311<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2311<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2315<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2315<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2319<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2319<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2323<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2324<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120703<;>2328<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120703<;>2328<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>
20120704<;>758<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120704<;>802<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>
20120707<;>2038<;>TROJ_GEN.FC5CBG7<;>10<;>1<;>0<;>C:\DELL\DBRM\Reminder\TrayApp.exe<;>

Malwarebytes Quickscan

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.07.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-LAPTOP [Administrator]

Schutz: Aktiviert

07.07.2012 20:49:07
mbam-log-2012-07-07 (20-49-07).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211751
Laufzeit: 2 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes Full Scan

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.07.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-LAPTOP [Administrator]

Schutz: Aktiviert

07.07.2012 20:54:30
mbam-log-2012-07-07 (21-50-03).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 365464
Laufzeit: 43 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\_OTL\MovedFiles\07042012_195151\C_Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)

Eset

Code:

ATTFilter

C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir	Win64/Patched.B.Gen trojan
C:\_OTL\MovedFiles\07042012_195151\C_Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@	Win64/Sirefef.AL trojan

cosinus · 09.07.2012, 11:35

Sagmal, ist das rein zufällig ein Büro-PC?

03.07.2012, 14:07	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Alle 5 min wird Trojana Sirefef.ts von trend micro gefunden Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

09.07.2012, 11:35	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Alle 5 min wird Trojana Sirefef.ts von trend micro gefunden Sagmal, ist das rein zufällig ein Büro-PC? __________________ Logfiles bitte immer in CODE-Tags posten

Alle 5 min wird Trojana Sirefef.ts von trend micro gefunden

Plagegeister aller Art und deren Bekämpfung: Alle 5 min wird Trojana Sirefef.ts von trend micro gefunden