Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GMX Account verschickt Spam-Mails -- keine Listung unter "Gesendet" (https://www.trojaner-board.de/115414-gmx-account-verschickt-spam-mails-keine-listung-gesendet.html)

Cranc v.2 19.05.2012 11:10
GMX Account verschickt Spam-Mails -- keine Listung unter "Gesendet"
 
Hi Leute.
Seid ca. 3 Wochen verschickt mein Mailpostfach ungewollt Spam-Mails an E-Mail Adressen aus meinem Adressbuch.

Habe es nur wegen einigen Fehlermeldungen im Posteingang gesehen, da im Ordner "Gesendet" nur die Mails einzusehen sind, die ich selber verschickt hab.

Ebenfalls hatte ich bis vor 1 Stunde auch noch die GMX Toolbar für Firefox installiert, welchen ich auch als Standardbrowser benutze. Diese Toolbar speichert nunmal die Logindaten stetig, damit man bei neuen Mails sofort benachrichtig wird, habe also mal auf Verdacht diese nun deinstalliert.

Hier ein paar Fotos:

http://img826.imageshack.us/img826/1448/gmxmeldung.png
http://img208.imageshack.us/img208/7442/gmxausgang.png

Betriebsystem: Win7 64bit
Virenprogramme: Microsoft Security Essentials, Comodo Internet Security Premium -- Beide habe ich einen kompletten Test machen lassen mit dem Ergebnis, das nichts gefunden wurde :balla:

Defogger_Disable:

Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:52 on 19/05/2012 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
So, ich hoffe ich habe mein Problem ausreichend geschildert und ihr könnt mir helfen. Danke im Voraus,


Cranc

Und das kam jetzt gerade bei einem Malwarebytes-Scan heraus:
Zitat:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.05.19.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
***** :: *****-PC [Administrator]

Schutz: Aktiviert

19.05.2012 11:17:37
mbam-log-2012-05-19 (14-07-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 435466
Laufzeit: 1 Stunde(n), 52 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\*****\AppData\Local\Temp\tdu.tmp (Packer.ModifiedUPX) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\udu.tmp (Packer.ModifiedUPX) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\vdu.tmp (Packer.ModifiedUPX) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\wdu.tmp (Packer.ModifiedUPX) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\xdu.tmp (Packer.ModifiedUPX) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\ydu.tmp (Packer.ModifiedUPX) -> Keine Aktion durchgeführt.

(Ende)

cosinus 21.05.2012 12:16
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Cranc v.2 21.05.2012 12:22
Ja. Habe ich nun gemacht und das Passwort von einem anderen PC aus geändert,wollen wir mal hoffen,dass jetzt erstmal ruhe ist.

cosinus 21.05.2012 12:24
Beantwortet nicht wirklich die Frage, ob du noch weitere Logs von Malwarebytes hast :nixda:

Cranc v.2 21.05.2012 12:41
Hi, sorry, hab ich überlesen.
Nein das war der erste Scan, den ich mit Malwarebytes gemacht habe. Hier halt nur noch die logdatei, dass alles erfolgreich gelöscht wurde:

Zitat:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.19.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
***** :: *****-PC [Administrator]

Schutz: Aktiviert

19.05.2012 11:17:37
mbam-log-2012-05-19 (11-17-37).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 435466
Laufzeit: 1 Stunde(n), 52 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\*****\AppData\Local\Temp\tdu.tmp (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\*****\AppData\Local\Temp\udu.tmp (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\*****\AppData\Local\Temp\vdu.tmp (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\*****\AppData\Local\Temp\wdu.tmp (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\*****\AppData\Local\Temp\xdu.tmp (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\*****\AppData\Local\Temp\ydu.tmp (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus 21.05.2012 12:52
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Cranc v.2 21.05.2012 21:50
Zitat:
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6b3e501ac14a7943a0f42edd8535be58
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-21 08:01:33
# local_time=2012-05-21 10:01:33 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3073 16777213 80 71 953 13307322 0 0
# compatibility_mode=5893 16776574 66 85 17653930 89247558 0 0
# compatibility_mode=8192 67108863 100 0 240 240 0 0
# scanned=305144
# found=0
# cleaned=0
# scan_time=12784
also das Programm meinte, es habe nichts gefunden... weiß jetzt nicht was die log.txt so aussagt.

cosinus 22.05.2012 11:46
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Cranc v.2 22.05.2012 17:10
Zu 1)
Wenn du mit normaler Modus Firefox meinst, dann eher nicht. Hatte vor ein paar Monaten den Vorfall, dass .pdf Dokumente mit dem eingebauten Plugin nicht mehr geöffnet werden konnten. Und Seiten trotz stehender Internetverbindung langsamer/gar nicht geladen werden können, dann muss ich erst nochmal neu laden.
Zu2)
Im Startmenü vermisse ich nichts, jedoch wird ungefähr mit dem Spam-mails auch plötzlich 800 MB RAM mehr im Leerlauf (nur Virenprogramme laufen) verbraucht. Weiter steigt steigt die CPU Auslastung zwischenzeitlich auf 90-100% obwohl ich mit dem Browser nur ein Forum besuche.

cosinus 22.05.2012 19:10
=> 1) Nein. Es gibt den abgesicherten Modus und den normalen Modus von Windows, von Firefox war eigentlich nicht die zu

=> 2) Browser/RAM/Belegung der Systemresourcen hat so eigentlich nichts mit der Frage nach dem Startmenü zu tun aber egal ^^

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Cranc v.2 23.05.2012 18:26
Wie gesagt, im Startmenüe alles in Ordnung. Hier die OTL.log Habe diesmal vom löschen meines Namens abgesehen.

Code:
OTL logfile created on: 23.05.2012 18:27:42 - Run 1
OTL by OldTimer - Version 3.2.43.1    Folder = C:\Users\Simon\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 67,91% Memory free
8,00 Gb Paging File | 6,43 Gb Available in Paging File | 80,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 14,69 Gb Free Space | 9,86% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 23,82 Gb Free Space | 2,56% Space Free | Partition Type: NTFS
 
Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.23 18:25:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
PRC - [2012.05.16 14:02:06 | 000,412,304 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.16 15:02:22 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2012.02.01 23:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2012.02.01 23:55:58 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.03.29 17:13:26 | 000,602,624 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.01 23:55:58 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2009.07.10 09:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.03.11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012.02.15 05:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.02.14 23:16:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011.11.23 12:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2011.08.31 13:13:56 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011.04.27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007.04.26 17:39:00 | 000,876,976 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdicoms.exe -- (lxdi_device)
SRV - [2012.05.23 17:51:36 | 000,113,136 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.16 14:02:06 | 000,412,304 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.16 15:02:22 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2012.02.01 23:55:58 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.31 13:11:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.05.26 23:17:07 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011.05.26 22:51:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.03.29 17:13:26 | 000,602,624 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.11 21:13:40 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012.02.15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.02.15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.02.15 04:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.12.05 21:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.08.31 14:31:10 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2011.08.21 14:11:23 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.04.27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.08.12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010.05.07 11:56:20 | 000,593,664 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw10bda.sys -- (hcw10bda) Hauppauge USB-Live2 (111xxx)
DRV:64bit: - [2010.05.07 11:45:03 | 000,046,080 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hcw10cir.sys -- (hcw10cir)
DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.10.16 06:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009.08.05 21:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011.08.31 14:31:10 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2258052690-4114816582-727104252-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2258052690-4114816582-727104252-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2258052690-4114816582-727104252-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 9E 23 C1 54 E7 CC 01  [binary data]
IE - HKU\S-1-5-21-2258052690-4114816582-727104252-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2258052690-4114816582-727104252-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2258052690-4114816582-727104252-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soft-xpansion/npsxpdf: C:\Program Files (x86)\Common Files\soft Xpansion\np-sxpdf.dll (soft Xpansion)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 14.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2012.05.23 17:51:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 14.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.19 12:50:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Aurora 14.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2012.05.23 17:51:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Aurora 14.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins
 
[2011.05.26 22:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Extensions
[2012.05.19 11:10:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\3yecqz8f.default\extensions
[2012.02.23 18:26:54 | 000,000,933 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\3yecqz8f.default\searchplugins\11-suche.xml
[2012.02.23 18:26:53 | 000,002,419 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\3yecqz8f.default\searchplugins\englische-ergebnisse.xml
[2012.02.23 18:26:54 | 000,010,525 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\3yecqz8f.default\searchplugins\gmx-suche.xml
[2012.02.23 18:26:53 | 000,002,457 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\3yecqz8f.default\searchplugins\lastminute.xml
[2012.05.01 22:57:26 | 000,005,489 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\3yecqz8f.default\searchplugins\webde-suche.xml
[2011.06.09 21:00:00 | 000,004,140 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\3yecqz8f.default\searchplugins\youtube.xml
[2012.02.27 18:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.02.27 18:24:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.03.15 21:57:42 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3YECQZ8F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.12 15:13:12 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3YECQZ8F.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.03.23 13:59:11 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3YECQZ8F.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012.02.19 12:50:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.14 23:56:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.14 23:56:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.14 23:56:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.14 23:56:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.14 23:56:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.14 23:56:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2258052690-4114816582-727104252-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2258052690-4114816582-727104252-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18D98D9E-E6AC-4BCB-94AF-863C0ACE3C74}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{398C0B66-A980-4A70-B90F-DD899A97DDAF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{398C0B66-A980-4A70-B90F-DD899A97DDAF}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E22B2CEE-3C79-43F6-9EA8-A4DEBA104D2B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E22B2CEE-3C79-43F6-9EA8-A4DEBA104D2B}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F68EBC38-B79A-4953-BE2F-7D11CC811942}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{338c6927-87b1-11e0-beaa-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{338c6927-87b1-11e0-beaa-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ANNOfinder.exe
O33 - MountPoints2\{8e402583-cbe6-11e0-b320-001d600b4d4d}\Shell - "" = AutoRun
O33 - MountPoints2\{8e402583-cbe6-11e0-b320-001d600b4d4d}\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinTV Recording Status..lnk - C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe - (Hauppauge Computer Works, Inc.)
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe_ID0ENQBO - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: COMODO - hkey= - key= - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
MsConfig:64bit - StartUpReg: CPA - hkey= - key= - C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
MsConfig:64bit - StartUpReg: MotoCast - hkey= - key= - C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk ()
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: CLPSLS - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: CLPSLS - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {0C8F3D72-3F41-4719-FBC1-D4046EFA09AA} - Browser Customizations
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B2B62956-C21C-C507-07A1-4D40374AF875} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.23 18:25:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2012.05.22 18:12:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.05.21 18:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.19 17:23:45 | 000,000,000 | ---D | C] -- C:\Users\Simon\.gstreamer-0.10
[2012.05.19 17:22:59 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Motorola
[2012.05.19 17:22:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2012.05.19 17:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012.05.19 17:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.05.19 17:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Media Link
[2012.05.19 17:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola
[2012.05.19 17:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Mobility
[2012.05.19 17:22:23 | 000,000,000 | ---D | C] -- C:\Temp
[2012.05.19 17:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012.05.19 17:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012.05.19 17:21:02 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Motorola
[2012.05.19 17:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2012.05.19 17:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Mobility
[2012.05.19 17:20:14 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\MotoCast
[2012.05.19 11:16:20 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Malwarebytes
[2012.05.19 11:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.19 11:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.19 11:15:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.19 11:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.12 19:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012.05.12 19:42:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012.05.12 19:38:16 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Comodo
[2012.05.12 19:38:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2012.05.02 23:27:32 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.04.27 13:02:12 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Targem
[2012.04.27 13:02:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Games
[2012.04.26 01:53:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nadeo
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.23 18:30:00 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.05.23 18:27:11 | 000,717,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.23 18:27:11 | 000,609,092 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.23 18:27:11 | 000,104,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.23 18:25:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2012.05.23 18:12:04 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.23 17:55:32 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 17:55:32 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 17:50:59 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.23 17:50:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.23 17:50:03 | 3220,725,760 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.19 11:39:23 | 000,000,168 | ---- | M] () -- C:\Users\Simon\defogger_reenable
[2012.05.19 11:16:13 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.16 23:05:25 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012.05.13 23:46:56 | 001,629,189 | ---- | M] () -- C:\Users\Simon\Documents\Schülerzeitung_9te.pdf
[2012.05.12 20:07:14 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2012.05.12 20:02:43 | 000,000,136 | ---- | M] () -- C:\Windows\wininit.ini
[2012.05.12 20:02:00 | 000,000,430 | ---- | M] () -- C:\Windows\SysWow64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012.05.12 20:01:36 | 000,001,069 | ---- | M] () -- C:\Users\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012.05.12 20:01:36 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012.04.30 14:44:02 | 002,601,279 | ---- | M] () -- C:\Users\Simon\Desktop\SAM_0195.JPG
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.19 11:39:23 | 000,000,168 | ---- | C] () -- C:\Users\Simon\defogger_reenable
[2012.05.19 11:16:13 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.16 23:05:25 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012.05.13 23:46:56 | 001,629,189 | ---- | C] () -- C:\Users\Simon\Documents\Schülerzeitung_9te.pdf
[2012.05.12 20:07:14 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2012.05.12 20:02:43 | 000,000,136 | ---- | C] () -- C:\Windows\wininit.ini
[2012.05.12 20:01:36 | 000,001,069 | ---- | C] () -- C:\Users\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012.05.12 20:01:36 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012.05.12 19:45:20 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.05.12 19:40:20 | 000,000,430 | ---- | C] () -- C:\Windows\SysWow64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012.04.30 14:54:05 | 002,601,279 | ---- | C] () -- C:\Users\Simon\Desktop\SAM_0195.JPG
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.09 00:12:50 | 000,000,058 | ---- | C] () -- C:\Windows\Russobit-M.ini
[2011.11.21 23:37:33 | 000,000,412 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\All CPU Meter_Settings.ini
[2011.10.24 17:51:05 | 000,000,025 | ---- | C] () -- C:\Windows\SysWow64\ubi.ini
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.12 17:52:07 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.09.12 17:52:07 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.09.12 17:51:22 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2011.09.12 17:35:21 | 000,005,191 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011.06.15 16:16:12 | 000,000,132 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.05.26 23:04:05 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.26 23:03:28 | 000,007,600 | ---- | C] () -- C:\Users\Simon\AppData\Local\resmon.resmoncfg
[2011.05.26 22:49:13 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.05.26 22:49:13 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.05.26 18:01:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2012.03.12 19:23:10 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\ACAMPREF
[2011.12.29 11:06:51 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.17 02:10:03 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.15 08:23:14 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\DAEMON Tools Lite
[2012.03.01 00:34:58 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\FileZilla
[2011.11.15 20:59:39 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\MAXON
[2012.05.22 18:02:28 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\MotoCast
[2012.05.19 17:22:23 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Motorola
[2012.02.12 18:40:30 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Need for Speed World
[2011.05.27 16:08:41 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\PACE Anti-Piracy
[2011.11.18 16:31:44 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\ProtectDISC
[2011.06.13 18:10:33 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.02.16 23:45:51 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Trine2
[2012.05.17 21:26:56 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\UseNeXT
[2011.06.11 19:10:37 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\XMedia Recode
[2012.04.11 19:21:31 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.12 19:23:10 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\ACAMPREF
[2011.11.24 23:51:12 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Adobe
[2011.12.29 12:45:42 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Adobe Mini Bridge CS5
[2011.06.26 15:17:54 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Apple Computer
[2011.10.05 19:13:39 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\ATI
[2011.12.29 11:06:51 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.17 02:10:03 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.15 08:23:14 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\DAEMON Tools Lite
[2012.03.01 00:34:58 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\FileZilla
[2011.05.26 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Identities
[2011.05.26 23:28:48 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Macromedia
[2012.05.19 11:16:20 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Malwarebytes
[2011.11.15 20:59:39 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\MAXON
[2009.07.14 09:45:14 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Media Center Programs
[2012.04.20 00:33:44 | 000,000,000 | --SD | M] -- C:\Users\Simon\AppData\Roaming\Microsoft
[2012.05.22 18:02:28 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\MotoCast
[2012.05.19 17:22:23 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Motorola
[2011.05.26 22:57:38 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Mozilla
[2012.02.12 18:40:30 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Need for Speed World
[2011.05.27 16:08:41 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\PACE Anti-Piracy
[2011.11.18 16:31:44 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\ProtectDISC
[2011.06.13 18:10:33 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.02.16 23:45:51 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Trine2
[2012.05.17 21:26:56 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\UseNeXT
[2012.03.18 21:53:50 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\vlc
[2011.08.17 13:01:18 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\WinRAR
[2011.06.11 19:10:37 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2011.08.17 01:56:46 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Simon\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.05.27 15:43:41 | 000,010,134 | R--- | M] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2012.03.16 13:24:05 | 000,010,134 | R--- | M] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Installer\{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1130 bytes -> C:\Users\Simon\AppData\Local\HHhMpdXpHPWxS9U:UaloyjOx3bScIQabGGF
@Alternate Data Stream - 1129 bytes -> C:\Users\Simon\AppData\Local\aPwbUnuP:JG1jknzkFwTjWKsgKLMWGqogW
@Alternate Data Stream - 1123 bytes -> C:\Users\Simon\AppData\Local\ARSEZpkBlz:UH2HTTtjitg7WARcJJI3zI

< End of report >

cosinus 23.05.2012 20:25
Zitat:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{398C0B66-A980-4A70-B90F-DD899A97DDAF}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E22B2CEE-3C79-43F6-9EA8-A4DEBA104D2B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E22B2CEE-3C79-43F6-9EA8-A4DEBA104D2B}: NameServer = 8.26.56.26,156.154.70.22
Ist das oder war das mal ein Büro-PC?

Cranc v.2 23.05.2012 23:01
Nein, ich habe den PC bis jetzt nur bei mir im Heimnetz zu Hause genutzt.

cosinus 24.05.2012 20:39
Zitat:
NameServer = 156.154.70.25,156.154.71.25
Achso sry, das ist ja ein Provider. Sagt die Neustar was?

Cranc v.2 24.05.2012 23:39
Nein nicht wirklich, sorry.
Habe nur herausgefunden, dass Neustar mit Comodo (meinem Virenprogramm) irgendwie zusammenhängt:

hxxp://forums.comodo.com/news-announcements-feedback-cis/website-for-comodo-secure-dns-was-totally-copied-from-neustars-ultradns-t43885.0.html

Ich hatte damals die Comodo DNS kurzzeitig aktiviert/installiert, da davon ja "mehr Sicherheit" versprochen wurde, jedoch konnte ich dann mit meinen W-LAN Drucker nicht mehr kommunizieren und habe dann COMODO neuinstalliert, ohne die DNS zu aktivieren.

cosinus 25.05.2012 11:03
Ja klar, dann kann das davon kommen. Also legitim :)

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{338c6927-87b1-11e0-beaa-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{338c6927-87b1-11e0-beaa-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ANNOfinder.exe
O33 - MountPoints2\{8e402583-cbe6-11e0-b320-001d600b4d4d}\Shell - "" = AutoRun
O33 - MountPoints2\{8e402583-cbe6-11e0-b320-001d600b4d4d}\Shell\AutoRun\command - "" = E:\Setup.exe
@Alternate Data Stream - 1130 bytes -> C:\Users\Simon\AppData\Local\HHhMpdXpHPWxS9U:UaloyjOx3bScIQabGGF
@Alternate Data Stream - 1129 bytes -> C:\Users\Simon\AppData\Local\aPwbUnuP:JG1jknzkFwTjWKsgKLMWGqogW
@Alternate Data Stream - 1123 bytes -> C:\Users\Simon\AppData\Local\ARSEZpkBlz:UH2HTTtjitg7WARcJJI3zI
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Cranc v.2 25.05.2012 13:15
Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{338c6927-87b1-11e0-beaa-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338c6927-87b1-11e0-beaa-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{338c6927-87b1-11e0-beaa-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338c6927-87b1-11e0-beaa-806e6f6e6963}\ not found.
File D:\ANNOfinder.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e402583-cbe6-11e0-b320-001d600b4d4d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e402583-cbe6-11e0-b320-001d600b4d4d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e402583-cbe6-11e0-b320-001d600b4d4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e402583-cbe6-11e0-b320-001d600b4d4d}\ not found.
File E:\Setup.exe not found.
ADS C:\Users\Simon\AppData\Local\HHhMpdXpHPWxS9U:UaloyjOx3bScIQabGGF deleted successfully.
ADS C:\Users\Simon\AppData\Local\aPwbUnuP:JG1jknzkFwTjWKsgKLMWGqogW deleted successfully.
ADS C:\Users\Simon\AppData\Local\ARSEZpkBlz:UH2HTTtjitg7WARcJJI3zI deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Simon
->Temp folder emptied: 1421024966 bytes
->Temporary Internet Files folder emptied: 32052260 bytes
->Java cache emptied: 15661585 bytes
->FireFox cache emptied: 773650487 bytes
->Flash cache emptied: 92757 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119824241 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 111702 bytes
RecycleBin emptied: 171833784 bytes
 
Total Files Cleaned = 2.417,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Simon
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.1 log created on 05252012_130032

Files\Folders moved on Reboot...
C:\Users\Simon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
PC hat auch neugestartet.

cosinus 25.05.2012 13:17
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Cranc v.2 25.05.2012 13:43
Hier die log.txt

Code:
14:39:29.0340 4800        TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
14:39:29.0699 4800        ============================================================
14:39:29.0699 4800        Current date / time: 2012/05/25 14:39:29.0699
14:39:29.0699 4800        SystemInfo:
14:39:29.0699 4800       
14:39:29.0699 4800        OS Version: 6.1.7601 ServicePack: 1.0
14:39:29.0699 4800        Product type: Workstation
14:39:29.0699 4800        ComputerName: SIMON-PC
14:39:29.0699 4800        UserName: Simon
14:39:29.0699 4800        Windows directory: C:\Windows
14:39:29.0699 4800        System windows directory: C:\Windows
14:39:29.0699 4800        Running under WOW64
14:39:29.0699 4800        Processor architecture: Intel x64
14:39:29.0699 4800        Number of processors: 2
14:39:29.0699 4800        Page size: 0x1000
14:39:29.0699 4800        Boot type: Normal boot
14:39:29.0699 4800        ============================================================
14:39:30.0557 4800        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x11EE4, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
14:39:30.0588 4800        Drive \Device\Harddisk1\DR1 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBD435, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
14:39:30.0588 4800        ============================================================
14:39:30.0588 4800        \Device\Harddisk0\DR0:
14:39:30.0588 4800        MBR partitions:
14:39:30.0588 4800        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:39:30.0588 4800        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
14:39:30.0588 4800        \Device\Harddisk1\DR1:
14:39:30.0588 4800        MBR partitions:
14:39:30.0588 4800        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2E938000
14:39:30.0588 4800        ============================================================
14:39:30.0619 4800        C: <-> \Device\Harddisk0\DR0\Partition1
14:39:30.0681 4800        B: <-> \Device\Harddisk1\DR1\Partition0
14:39:30.0681 4800        ============================================================
14:39:30.0681 4800        Initialize success
14:39:30.0681 4800        ============================================================
14:39:40.0353 0944        ============================================================
14:39:40.0353 0944        Scan started
14:39:40.0353 0944        Mode: Manual; SigCheck; TDLFS;
14:39:40.0353 0944        ============================================================
14:39:41.0648 0944        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:39:41.0804 0944        1394ohci - ok
14:39:41.0851 0944        acedrv11        (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
14:39:56.0234 0944        acedrv11 - ok
14:39:56.0281 0944        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:39:56.0312 0944        ACPI - ok
14:39:56.0328 0944        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:39:56.0406 0944        AcpiPmi - ok
14:39:56.0453 0944        adfs            (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
14:39:56.0468 0944        adfs - ok
14:39:56.0609 0944        Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
14:39:56.0640 0944        Adobe Version Cue CS4 - ok
14:39:56.0687 0944        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:39:56.0687 0944        AdobeARMservice - ok
14:39:56.0718 0944        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:39:56.0749 0944        adp94xx - ok
14:39:56.0780 0944        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:39:56.0796 0944        adpahci - ok
14:39:56.0827 0944        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:39:56.0843 0944        adpu320 - ok
14:39:56.0874 0944        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:39:56.0999 0944        AeLookupSvc - ok
14:39:57.0061 0944        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:39:57.0139 0944        AFD - ok
14:39:57.0170 0944        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:39:57.0170 0944        agp440 - ok
14:39:57.0217 0944        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:39:57.0279 0944        ALG - ok
14:39:57.0279 0944        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:39:57.0295 0944        aliide - ok
14:39:57.0389 0944        ALSysIO - ok
14:39:57.0420 0944        AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
14:39:57.0513 0944        AMD External Events Utility - ok
14:39:57.0591 0944        AMD FUEL Service - ok
14:39:57.0623 0944        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:39:57.0623 0944        amdide - ok
14:39:57.0669 0944        amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
14:39:57.0669 0944        amdiox64 - ok
14:39:57.0716 0944        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:39:57.0779 0944        AmdK8 - ok
14:39:58.0356 0944        amdkmdag        (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
14:39:58.0683 0944        amdkmdag - ok
14:39:58.0793 0944        amdkmdap        (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
14:39:58.0839 0944        amdkmdap - ok
14:39:58.0871 0944        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:39:58.0917 0944        AmdPPM - ok
14:39:58.0964 0944        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:39:58.0980 0944        amdsata - ok
14:39:59.0011 0944        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:39:59.0027 0944        amdsbs - ok
14:39:59.0042 0944        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:39:59.0058 0944        amdxata - ok
14:39:59.0089 0944        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:39:59.0151 0944        AppID - ok
14:39:59.0183 0944        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:39:59.0229 0944        AppIDSvc - ok
14:39:59.0276 0944        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:39:59.0323 0944        Appinfo - ok
14:39:59.0354 0944        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:39:59.0417 0944        AppMgmt - ok
14:39:59.0448 0944        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:39:59.0463 0944        arc - ok
14:39:59.0479 0944        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:39:59.0495 0944        arcsas - ok
14:39:59.0510 0944        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:39:59.0573 0944        AsyncMac - ok
14:39:59.0604 0944        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:39:59.0619 0944        atapi - ok
14:39:59.0666 0944        AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
14:39:59.0682 0944        AtiHDAudioService - ok
14:40:00.0009 0944        atikmdag        (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
14:40:00.0119 0944        atikmdag - ok
14:40:00.0228 0944        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:40:00.0306 0944        AudioEndpointBuilder - ok
14:40:00.0306 0944        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:40:00.0353 0944        AudioSrv - ok
14:40:00.0399 0944        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:40:00.0477 0944        AxInstSV - ok
14:40:00.0540 0944        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:40:00.0602 0944        b06bdrv - ok
14:40:00.0633 0944        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:40:00.0711 0944        b57nd60a - ok
14:40:00.0743 0944        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:40:00.0805 0944        BDESVC - ok
14:40:00.0836 0944        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:40:00.0899 0944        Beep - ok
14:40:00.0945 0944        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:40:01.0023 0944        BFE - ok
14:40:01.0086 0944        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:40:01.0164 0944        BITS - ok
14:40:01.0226 0944        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:40:01.0242 0944        blbdrive - ok
14:40:01.0273 0944        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:40:01.0304 0944        bowser - ok
14:40:01.0320 0944        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:40:01.0398 0944        BrFiltLo - ok
14:40:01.0398 0944        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:40:01.0413 0944        BrFiltUp - ok
14:40:01.0445 0944        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:40:01.0507 0944        Browser - ok
14:40:01.0538 0944        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:40:01.0585 0944        Brserid - ok
14:40:01.0601 0944        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:40:01.0647 0944        BrSerWdm - ok
14:40:01.0647 0944        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:40:01.0663 0944        BrUsbMdm - ok
14:40:01.0663 0944        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:40:01.0725 0944        BrUsbSer - ok
14:40:01.0725 0944        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:40:01.0741 0944        BTHMODEM - ok
14:40:01.0772 0944        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:40:01.0835 0944        bthserv - ok
14:40:01.0866 0944        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:40:01.0928 0944        cdfs - ok
14:40:01.0959 0944        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:40:02.0006 0944        cdrom - ok
14:40:02.0037 0944        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:40:02.0100 0944        CertPropSvc - ok
14:40:02.0147 0944        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:40:02.0178 0944        circlass - ok
14:40:02.0225 0944        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:40:02.0256 0944        CLFS - ok
14:40:02.0396 0944        CLPSLS          (882e3973505c441ce000133c821d0edd) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
14:40:02.0427 0944        CLPSLS - ok
14:40:02.0505 0944        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:40:02.0521 0944        clr_optimization_v2.0.50727_32 - ok
14:40:02.0583 0944        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:40:02.0615 0944        clr_optimization_v2.0.50727_64 - ok
14:40:02.0677 0944        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:40:02.0693 0944        CmBatt - ok
14:40:02.0833 0944        cmdAgent        (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
14:40:02.0880 0944        cmdAgent - ok
14:40:02.0989 0944        cmderd          (7eac5e62f0b93262984d450e0d497b61) C:\Windows\system32\DRIVERS\cmderd.sys
14:40:03.0005 0944        cmderd - ok
14:40:03.0036 0944        cmdGuard        (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
14:40:03.0051 0944        cmdGuard - ok
14:40:03.0083 0944        cmdHlp          (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
14:40:03.0083 0944        cmdHlp - ok
14:40:03.0114 0944        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:40:03.0161 0944        cmdide - ok
14:40:03.0223 0944        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:40:03.0254 0944        CNG - ok
14:40:03.0317 0944        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:40:03.0332 0944        Compbatt - ok
14:40:03.0363 0944        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:40:03.0395 0944        CompositeBus - ok
14:40:03.0410 0944        COMSysApp - ok
14:40:03.0426 0944        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:40:03.0441 0944        crcdisk - ok
14:40:03.0504 0944        Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
14:40:03.0613 0944        Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:40:03.0613 0944        Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:40:03.0644 0944        Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
14:40:03.0675 0944        Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:40:03.0675 0944        Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:40:03.0707 0944        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:40:03.0769 0944        CryptSvc - ok
14:40:03.0863 0944        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:40:03.0941 0944        CSC - ok
14:40:03.0987 0944        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:40:04.0050 0944        CscService - ok
14:40:04.0128 0944        CTAudSvcService (69cdba2b9c397e349a04fa70dd9170a2) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
14:40:04.0159 0944        CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
14:40:04.0159 0944        CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
14:40:04.0190 0944        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:40:04.0268 0944        DcomLaunch - ok
14:40:04.0299 0944        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:40:04.0377 0944        defragsvc - ok
14:40:04.0518 0944        DeviceMonitorService (14bcef1bc82f020cf3f00aa2113d67fd) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
14:40:04.0533 0944        DeviceMonitorService - ok
14:40:04.0596 0944        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:40:04.0643 0944        DfsC - ok
14:40:04.0705 0944        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:40:04.0767 0944        Dhcp - ok
14:40:04.0799 0944        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:40:04.0861 0944        discache - ok
14:40:04.0892 0944        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:40:04.0908 0944        Disk - ok
14:40:04.0939 0944        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:40:05.0017 0944        Dnscache - ok
14:40:05.0064 0944        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:40:05.0126 0944        dot3svc - ok
14:40:05.0142 0944        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:40:05.0204 0944        DPS - ok
14:40:05.0298 0944        DragonUpdater  (79b8d78f3f3255b2858a79f1bf31adbd) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
14:40:05.0313 0944        DragonUpdater - ok
14:40:05.0345 0944        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:40:05.0376 0944        drmkaud - ok
14:40:05.0423 0944        dtsoftbus01    (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:40:05.0454 0944        dtsoftbus01 - ok
14:40:05.0516 0944        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:40:05.0547 0944        DXGKrnl - ok
14:40:05.0579 0944        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:40:05.0641 0944        EapHost - ok
14:40:05.0766 0944        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:40:05.0875 0944        ebdrv - ok
14:40:05.0984 0944        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:40:06.0031 0944        EFS - ok
14:40:06.0109 0944        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:40:06.0203 0944        ehRecvr - ok
14:40:06.0218 0944        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:40:06.0249 0944        ehSched - ok
14:40:06.0312 0944        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:40:06.0343 0944        elxstor - ok
14:40:06.0374 0944        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:40:06.0405 0944        ErrDev - ok
14:40:06.0452 0944        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:40:06.0530 0944        EventSystem - ok
14:40:06.0561 0944        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:40:06.0608 0944        exfat - ok
14:40:06.0639 0944        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:40:06.0686 0944        fastfat - ok
14:40:06.0717 0944        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:40:06.0795 0944        Fax - ok
14:40:06.0811 0944        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:40:06.0858 0944        fdc - ok
14:40:06.0889 0944        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:40:06.0920 0944        fdPHost - ok
14:40:06.0951 0944        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:40:07.0014 0944        FDResPub - ok
14:40:07.0045 0944        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:40:07.0061 0944        FileInfo - ok
14:40:07.0076 0944        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:40:07.0139 0944        Filetrace - ok
14:40:07.0217 0944        FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:40:07.0232 0944        FLEXnet Licensing Service - ok
14:40:07.0310 0944        FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
14:40:07.0326 0944        FLEXnet Licensing Service 64 - ok
14:40:07.0435 0944        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:40:07.0435 0944        flpydisk - ok
14:40:07.0482 0944        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:40:07.0513 0944        FltMgr - ok
14:40:07.0575 0944        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:40:07.0669 0944        FontCache - ok
14:40:07.0731 0944        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:40:07.0809 0944        FontCache3.0.0.0 - ok
14:40:07.0856 0944        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:40:07.0872 0944        FsDepends - ok
14:40:07.0887 0944        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:40:07.0903 0944        Fs_Rec - ok
14:40:07.0919 0944        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:40:07.0950 0944        fvevol - ok
14:40:07.0965 0944        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:40:07.0981 0944        gagp30kx - ok
14:40:08.0028 0944        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:40:08.0106 0944        gpsvc - ok
14:40:08.0215 0944        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:40:08.0231 0944        gupdate - ok
14:40:08.0231 0944        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:40:08.0231 0944        gupdatem - ok
14:40:08.0293 0944        HauppaugeTVServer (1dbbf9be473f6ca2f2f4182fccf563dc) C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
14:40:08.0324 0944        HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - warning
14:40:08.0324 0944        HauppaugeTVServer - detected UnsignedFile.Multi.Generic (1)
14:40:08.0465 0944        hcw10bda        (bac77c58dede086bd204029eff130dd7) C:\Windows\system32\drivers\hcw10bda.sys
14:40:08.0543 0944        hcw10bda - ok
14:40:08.0558 0944        hcw10cir        (a8518733af128859bf2daab6b5c742e5) C:\Windows\system32\drivers\hcw10cir.sys
14:40:08.0621 0944        hcw10cir - ok
14:40:08.0652 0944        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:40:08.0699 0944        hcw85cir - ok
14:40:08.0730 0944        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:40:08.0792 0944        HdAudAddService - ok
14:40:08.0823 0944        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:40:08.0870 0944        HDAudBus - ok
14:40:08.0901 0944        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:40:08.0933 0944        HidBatt - ok
14:40:08.0948 0944        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:40:08.0964 0944        HidBth - ok
14:40:08.0979 0944        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:40:09.0011 0944        HidIr - ok
14:40:09.0042 0944        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:40:09.0104 0944        hidserv - ok
14:40:09.0135 0944        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:40:09.0151 0944        HidUsb - ok
14:40:09.0182 0944        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:40:09.0245 0944        hkmsvc - ok
14:40:09.0276 0944        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:40:09.0354 0944        HomeGroupListener - ok
14:40:09.0385 0944        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:40:09.0432 0944        HomeGroupProvider - ok
14:40:09.0479 0944        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:40:09.0494 0944        HpSAMD - ok
14:40:09.0541 0944        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:40:09.0619 0944        HTTP - ok
14:40:09.0650 0944        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:40:09.0666 0944        hwpolicy - ok
14:40:09.0697 0944        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:40:09.0713 0944        i8042prt - ok
14:40:09.0759 0944        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:40:09.0791 0944        iaStorV - ok
14:40:09.0931 0944        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:40:09.0978 0944        idsvc - ok
14:40:10.0009 0944        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:40:10.0025 0944        iirsp - ok
14:40:10.0071 0944        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:40:10.0149 0944        IKEEXT - ok
14:40:10.0212 0944        inspect        (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
14:40:10.0212 0944        inspect - ok
14:40:10.0259 0944        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:40:10.0259 0944        intelide - ok
14:40:10.0305 0944        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:40:10.0337 0944        intelppm - ok
14:40:10.0383 0944        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:40:10.0430 0944        IPBusEnum - ok
14:40:10.0477 0944        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:40:10.0524 0944        IpFilterDriver - ok
14:40:10.0571 0944        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:40:10.0649 0944        iphlpsvc - ok
14:40:10.0695 0944        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:40:10.0727 0944        IPMIDRV - ok
14:40:10.0789 0944        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:40:10.0851 0944        IPNAT - ok
14:40:10.0867 0944        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:40:10.0929 0944        IRENUM - ok
14:40:10.0961 0944        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:40:10.0961 0944        isapnp - ok
14:40:11.0007 0944        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:40:11.0023 0944        iScsiPrt - ok
14:40:11.0054 0944        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:40:11.0054 0944        kbdclass - ok
14:40:11.0085 0944        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:40:11.0101 0944        kbdhid - ok
14:40:11.0132 0944        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:40:11.0148 0944        KeyIso - ok
14:40:11.0163 0944        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:40:11.0179 0944        KSecDD - ok
14:40:11.0179 0944        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:40:11.0210 0944        KSecPkg - ok
14:40:11.0226 0944        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:40:11.0288 0944        ksthunk - ok
14:40:11.0319 0944        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:40:11.0397 0944        KtmRm - ok
14:40:11.0444 0944        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:40:11.0507 0944        LanmanServer - ok
14:40:11.0538 0944        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:40:11.0600 0944        LanmanWorkstation - ok
14:40:11.0647 0944        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:40:11.0678 0944        lltdio - ok
14:40:11.0709 0944        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:40:11.0787 0944        lltdsvc - ok
14:40:11.0803 0944        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:40:11.0834 0944        lmhosts - ok
14:40:11.0865 0944        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:40:11.0881 0944        LSI_FC - ok
14:40:11.0912 0944        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:40:11.0928 0944        LSI_SAS - ok
14:40:11.0943 0944        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:40:11.0959 0944        LSI_SAS2 - ok
14:40:11.0975 0944        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:40:11.0990 0944        LSI_SCSI - ok
14:40:12.0021 0944        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:40:12.0084 0944        luafv - ok
14:40:12.0084 0944        lxdi_device - ok
14:40:12.0146 0944        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
14:40:12.0162 0944        MBAMProtector - ok
14:40:12.0224 0944        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:40:12.0240 0944        MBAMService - ok
14:40:12.0271 0944        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:40:12.0302 0944        Mcx2Svc - ok
14:40:12.0333 0944        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:40:12.0349 0944        megasas - ok
14:40:12.0365 0944        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:40:12.0396 0944        MegaSR - ok
14:40:12.0474 0944        Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:40:12.0474 0944        Microsoft Office Groove Audit Service - ok
14:40:12.0521 0944        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:40:12.0552 0944        MMCSS - ok
14:40:12.0583 0944        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:40:12.0630 0944        Modem - ok
14:40:12.0677 0944        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:40:12.0723 0944        monitor - ok
14:40:12.0848 0944        Motorola Device Manager (5ddce3fc5a54a4a58ee693046ebfaef3) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
14:40:12.0864 0944        Motorola Device Manager - ok
14:40:12.0895 0944        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:40:12.0911 0944        mouclass - ok
14:40:12.0926 0944        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:40:12.0973 0944        mouhid - ok
14:40:12.0989 0944        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:40:13.0004 0944        mountmgr - ok
14:40:13.0067 0944        MozillaMaintenance (5b109c18acc43afc1ec22b1c071e4da9) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:40:13.0082 0944        MozillaMaintenance - ok
14:40:13.0113 0944        MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
14:40:13.0129 0944        MpFilter - ok
14:40:13.0160 0944        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:40:13.0176 0944        mpio - ok
14:40:13.0223 0944        MpNWMon        (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:40:13.0223 0944        MpNWMon - ok
14:40:13.0269 0944        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:40:13.0301 0944        mpsdrv - ok
14:40:13.0347 0944        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:40:13.0441 0944        MpsSvc - ok
14:40:13.0488 0944        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:40:13.0535 0944        MRxDAV - ok
14:40:13.0581 0944        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:40:13.0644 0944        mrxsmb - ok
14:40:13.0675 0944        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:40:13.0722 0944        mrxsmb10 - ok
14:40:13.0769 0944        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:40:13.0815 0944        mrxsmb20 - ok
14:40:13.0862 0944        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:40:13.0862 0944        msahci - ok
14:40:13.0893 0944        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:40:13.0909 0944        msdsm - ok
14:40:13.0940 0944        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:40:13.0987 0944        MSDTC - ok
14:40:14.0034 0944        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:40:14.0065 0944        Msfs - ok
14:40:14.0081 0944        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:40:14.0143 0944        mshidkmdf - ok
14:40:14.0190 0944        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:40:14.0205 0944        msisadrv - ok
14:40:14.0237 0944        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:40:14.0299 0944        MSiSCSI - ok
14:40:14.0315 0944        msiserver - ok
14:40:14.0346 0944        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:40:14.0377 0944        MSKSSRV - ok
14:40:14.0455 0944        MsMpSvc        (157e9e498206a3366baa7e4697bdd947) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
14:40:14.0471 0944        MsMpSvc - ok
14:40:14.0471 0944        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:40:14.0533 0944        MSPCLOCK - ok
14:40:14.0564 0944        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:40:14.0595 0944        MSPQM - ok
14:40:14.0627 0944        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:40:14.0642 0944        MsRPC - ok
14:40:14.0673 0944        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:40:14.0689 0944        mssmbios - ok
14:40:14.0705 0944        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:40:14.0751 0944        MSTEE - ok
14:40:14.0767 0944        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:40:14.0783 0944        MTConfig - ok
14:40:14.0814 0944        MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
14:40:14.0861 0944        MTsensor - ok
14:40:14.0907 0944        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:40:14.0907 0944        Mup - ok
14:40:14.0954 0944        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:40:15.0017 0944        napagent - ok
14:40:15.0048 0944        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:40:15.0110 0944        NativeWifiP - ok
14:40:15.0157 0944        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:40:15.0204 0944        NDIS - ok
14:40:15.0235 0944        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:40:15.0266 0944        NdisCap - ok
14:40:15.0282 0944        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:40:15.0313 0944        NdisTapi - ok
14:40:15.0344 0944        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:40:15.0407 0944        Ndisuio - ok
14:40:15.0438 0944        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:40:15.0500 0944        NdisWan - ok
14:40:15.0563 0944        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:40:15.0594 0944        NDProxy - ok
14:40:15.0625 0944        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:40:15.0672 0944        NetBIOS - ok
14:40:15.0734 0944        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:40:15.0765 0944        NetBT - ok
14:40:15.0797 0944        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:40:15.0812 0944        Netlogon - ok
14:40:15.0843 0944        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:40:15.0906 0944        Netman - ok
14:40:15.0953 0944        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:40:16.0015 0944        netprofm - ok
14:40:16.0093 0944        netr28ux        (26672f93749ac9fd28da1b0f94efa78d) C:\Windows\system32\DRIVERS\netr28ux.sys
14:40:16.0155 0944        netr28ux - ok
14:40:16.0280 0944        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:40:16.0374 0944        NetTcpPortSharing - ok
14:40:16.0421 0944        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:40:16.0436 0944        nfrd960 - ok
14:40:16.0467 0944        NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:40:16.0483 0944        NisDrv - ok
14:40:16.0577 0944        NisSrv          (566ddd5d82520da01d75f81428ac4c38) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
14:40:16.0592 0944        NisSrv - ok
14:40:16.0608 0944        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:40:16.0686 0944        NlaSvc - ok
14:40:16.0733 0944        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:40:16.0764 0944        Npfs - ok
14:40:16.0795 0944        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:40:16.0857 0944        nsi - ok
14:40:16.0873 0944        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:40:16.0935 0944        nsiproxy - ok
14:40:17.0013 0944        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:40:17.0076 0944        Ntfs - ok
14:40:17.0185 0944        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:40:17.0232 0944        Null - ok
14:40:17.0294 0944        NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
14:40:17.0341 0944        NVENETFD - ok
14:40:17.0388 0944        NVNET          (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
14:40:17.0403 0944        NVNET - ok
14:40:17.0450 0944        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:40:17.0466 0944        nvraid - ok
14:40:17.0497 0944        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:40:17.0513 0944        nvstor - ok
14:40:17.0528 0944        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:40:17.0544 0944        nv_agp - ok
14:40:17.0637 0944        odserv          (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:40:17.0669 0944        odserv - ok
14:40:17.0715 0944        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:40:17.0747 0944        ohci1394 - ok
14:40:17.0793 0944        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:40:17.0809 0944        ose - ok
14:40:17.0871 0944        P17            (edd1dcd36f6115acc6935c3f88ff54d7) C:\Windows\system32\drivers\P17.sys
14:40:17.0965 0944        P17 - ok
14:40:17.0996 0944        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:40:18.0074 0944        p2pimsvc - ok
14:40:18.0105 0944        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:40:18.0137 0944        p2psvc - ok
14:40:18.0183 0944        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:40:18.0199 0944        Parport - ok
14:40:18.0230 0944        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:40:18.0246 0944        partmgr - ok
14:40:18.0261 0944        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:40:18.0308 0944        PcaSvc - ok
14:40:18.0355 0944        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:40:18.0371 0944        pci - ok
14:40:18.0386 0944        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:40:18.0386 0944        pciide - ok
14:40:18.0417 0944        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:40:18.0449 0944        pcmcia - ok
14:40:18.0464 0944        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:40:18.0464 0944        pcw - ok
14:40:18.0495 0944        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:40:18.0573 0944        PEAUTH - ok
14:40:18.0651 0944        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:40:18.0745 0944        PeerDistSvc - ok
14:40:18.0807 0944        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:40:18.0917 0944        PerfHost - ok
14:40:19.0041 0944        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:40:19.0119 0944        pla - ok
14:40:19.0166 0944        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:40:19.0244 0944        PlugPlay - ok
14:40:19.0275 0944        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:40:19.0307 0944        PNRPAutoReg - ok
14:40:19.0338 0944        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:40:19.0353 0944        PNRPsvc - ok
14:40:19.0400 0944        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:40:19.0478 0944        PolicyAgent - ok
14:40:19.0509 0944        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:40:19.0572 0944        Power - ok
14:40:19.0634 0944        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:40:19.0681 0944        PptpMiniport - ok
14:40:19.0712 0944        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:40:19.0743 0944        Processor - ok
14:40:19.0977 0944        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:40:20.0055 0944        ProfSvc - ok
14:40:20.0087 0944        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:40:20.0102 0944        ProtectedStorage - ok
14:40:20.0118 0944        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:40:20.0165 0944        Psched - ok
14:40:20.0274 0944        PST Service    (ea735bf6df13a857a83c99bf27a422ad) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
14:40:20.0289 0944        PST Service ( UnsignedFile.Multi.Generic ) - warning
14:40:20.0289 0944        PST Service - detected UnsignedFile.Multi.Generic (1)
14:40:20.0367 0944        PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
14:40:20.0367 0944        PxHlpa64 - ok
14:40:20.0445 0944        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:40:20.0523 0944        ql2300 - ok
14:40:20.0633 0944        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:40:20.0648 0944        ql40xx - ok
14:40:20.0695 0944        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:40:20.0742 0944        QWAVE - ok
14:40:20.0773 0944        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:40:20.0804 0944        QWAVEdrv - ok
14:40:20.0835 0944        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:40:20.0882 0944        RasAcd - ok
14:40:20.0929 0944        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:40:20.0960 0944        RasAgileVpn - ok
14:40:21.0007 0944        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:40:21.0069 0944        RasAuto - ok
14:40:21.0101 0944        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:40:21.0163 0944        Rasl2tp - ok
14:40:21.0225 0944        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:40:21.0272 0944        RasMan - ok
14:40:21.0319 0944        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:40:21.0381 0944        RasPppoe - ok
14:40:21.0413 0944        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:40:21.0475 0944        RasSstp - ok
14:40:21.0522 0944        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:40:21.0600 0944        rdbss - ok
14:40:21.0631 0944        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:40:21.0678 0944        rdpbus - ok
14:40:21.0709 0944        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:40:21.0787 0944        RDPCDD - ok
14:40:21.0834 0944        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:40:21.0881 0944        RDPDR - ok
14:40:21.0912 0944        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:40:21.0959 0944        RDPENCDD - ok
14:40:21.0990 0944        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:40:22.0021 0944        RDPREFMP - ok
14:40:22.0161 0944        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
14:40:22.0255 0944        RdpVideoMiniport - ok
14:40:22.0286 0944        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:40:22.0317 0944        RDPWD - ok
14:40:22.0364 0944        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:40:22.0380 0944        rdyboost - ok
14:40:22.0411 0944        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:40:22.0473 0944        RemoteAccess - ok
14:40:22.0520 0944        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:40:22.0583 0944        RemoteRegistry - ok
14:40:22.0614 0944        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:40:22.0692 0944        RpcEptMapper - ok
14:40:22.0723 0944        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:40:22.0770 0944        RpcLocator - ok
14:40:22.0910 0944        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:40:22.0957 0944        RpcSs - ok
14:40:22.0973 0944        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:40:23.0019 0944        rspndr - ok
14:40:23.0051 0944        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:40:23.0097 0944        s3cap - ok
14:40:23.0129 0944        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:40:23.0144 0944        SamSs - ok
14:40:23.0175 0944        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:40:23.0191 0944        sbp2port - ok
14:40:23.0238 0944        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:40:23.0300 0944        SCardSvr - ok
14:40:23.0347 0944        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:40:23.0394 0944        scfilter - ok
14:40:23.0456 0944        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:40:23.0534 0944        Schedule - ok
14:40:23.0565 0944        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:40:23.0597 0944        SCPolicySvc - ok
14:40:23.0628 0944        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:40:23.0690 0944        SDRSVC - ok
14:40:23.0737 0944        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:40:23.0768 0944        secdrv - ok
14:40:23.0815 0944        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:40:23.0862 0944        seclogon - ok
14:40:23.0909 0944        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:40:23.0955 0944        SENS - ok
14:40:23.0987 0944        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:40:24.0002 0944        SensrSvc - ok
14:40:24.0018 0944        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:40:24.0065 0944        Serenum - ok
14:40:24.0096 0944        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:40:24.0127 0944        Serial - ok
14:40:24.0143 0944        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:40:24.0174 0944        sermouse - ok
14:40:24.0236 0944        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:40:24.0283 0944        SessionEnv - ok
14:40:24.0314 0944        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:40:24.0361 0944        sffdisk - ok
14:40:24.0377 0944        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:40:24.0408 0944        sffp_mmc - ok
14:40:24.0455 0944        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:40:24.0470 0944        sffp_sd - ok
14:40:24.0501 0944        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:40:24.0501 0944        sfloppy - ok
14:40:24.0564 0944        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:40:24.0611 0944        SharedAccess - ok
14:40:24.0673 0944        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:40:24.0735 0944        ShellHWDetection - ok
14:40:24.0767 0944        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:40:24.0767 0944        SiSRaid2 - ok
14:40:24.0782 0944        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:40:24.0798 0944        SiSRaid4 - ok
14:40:24.0829 0944        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:40:24.0891 0944        Smb - ok
14:40:24.0923 0944        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:40:24.0969 0944        SNMPTRAP - ok
14:40:25.0235 0944        speedfan        (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
14:40:25.0235 0944        speedfan - ok
14:40:25.0297 0944        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:40:25.0313 0944        spldr - ok
14:40:25.0359 0944        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:40:25.0391 0944        Spooler - ok
14:40:25.0562 0944        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:40:25.0656 0944        sppsvc - ok
14:40:25.0765 0944        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:40:25.0843 0944        sppuinotify - ok
14:40:25.0905 0944        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:40:25.0952 0944        srv - ok
14:40:25.0983 0944        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:40:26.0046 0944        srv2 - ok
14:40:26.0077 0944        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:40:26.0124 0944        srvnet - ok
14:40:26.0155 0944        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:40:26.0217 0944        SSDPSRV - ok
14:40:26.0249 0944        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:40:26.0280 0944        SstpSvc - ok
14:40:26.0311 0944        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:40:26.0327 0944        stexstor - ok
14:40:26.0373 0944        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:40:26.0436 0944        stisvc - ok
14:40:26.0467 0944        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:40:26.0467 0944        storflt - ok
14:40:26.0498 0944        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:40:26.0514 0944        storvsc - ok
14:40:26.0545 0944        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:40:26.0561 0944        swenum - ok
14:40:26.0654 0944        SwitchBoard    (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:40:26.0701 0944        SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
14:40:26.0701 0944        SwitchBoard - detected UnsignedFile.Multi.Generic (1)
14:40:26.0748 0944        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:40:26.0810 0944        swprv - ok
14:40:26.0841 0944        Synth3dVsc - ok
14:40:26.0904 0944        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:40:26.0997 0944        SysMain - ok
14:40:27.0107 0944        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:40:27.0138 0944        TabletInputService - ok
14:40:27.0169 0944        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:40:27.0231 0944        TapiSrv - ok
14:40:27.0278 0944        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:40:27.0309 0944        TBS - ok
14:40:27.0419 0944        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:40:27.0481 0944        Tcpip - ok
14:40:27.0590 0944        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:40:27.0621 0944        TCPIP6 - ok
14:40:27.0684 0944        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:40:27.0746 0944        tcpipreg - ok
14:40:27.0793 0944        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:40:27.0824 0944        TDPIPE - ok
14:40:27.0855 0944        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:40:27.0887 0944        TDTCP - ok
14:40:27.0933 0944        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:40:27.0980 0944        tdx - ok
14:40:28.0105 0944        TeamViewer6    (1c46c27e9f1938b9589859c70450d275) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
14:40:28.0152 0944        TeamViewer6 - ok
14:40:28.0261 0944        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:40:28.0261 0944        TermDD - ok
14:40:28.0308 0944        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:40:28.0386 0944        TermService - ok
14:40:28.0417 0944        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:40:28.0433 0944        Themes - ok
14:40:28.0464 0944        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:40:28.0495 0944        THREADORDER - ok
14:40:28.0526 0944        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:40:28.0589 0944        TrkWks - ok
14:40:28.0635 0944        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:40:28.0698 0944        TrustedInstaller - ok
14:40:28.0745 0944        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:40:28.0791 0944        tssecsrv - ok
14:40:28.0838 0944        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:40:28.0869 0944        TsUsbFlt - ok
14:40:28.0869 0944        tsusbhub - ok
14:40:28.0901 0944        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:40:28.0963 0944        tunnel - ok
14:40:29.0010 0944        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:40:29.0025 0944        uagp35 - ok
14:40:29.0057 0944        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:40:29.0135 0944        udfs - ok
14:40:29.0166 0944        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:40:29.0181 0944        UI0Detect - ok
14:40:29.0228 0944        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:40:29.0244 0944        uliagpkx - ok
14:40:29.0259 0944        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:40:29.0275 0944        umbus - ok
14:40:29.0306 0944        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:40:29.0337 0944        UmPass - ok
14:40:29.0384 0944        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:40:29.0431 0944        UmRdpService - ok
14:40:29.0462 0944        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:40:29.0540 0944        upnphost - ok
14:40:29.0587 0944        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
14:40:29.0618 0944        usbccgp - ok
14:40:29.0649 0944        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:40:29.0665 0944        usbcir - ok
14:40:29.0696 0944        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:40:29.0743 0944        usbehci - ok
14:40:29.0774 0944        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:40:29.0821 0944        usbhub - ok
14:40:29.0837 0944        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:40:29.0852 0944        usbohci - ok
14:40:29.0883 0944        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:40:29.0915 0944        usbprint - ok
14:40:29.0961 0944        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:40:29.0993 0944        USBSTOR - ok
14:40:30.0008 0944        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:40:30.0055 0944        usbuhci - ok
14:40:30.0086 0944        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:40:30.0149 0944        UxSms - ok
14:40:30.0211 0944        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:40:30.0227 0944        VaultSvc - ok
14:40:30.0258 0944        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:40:30.0273 0944        vdrvroot - ok
14:40:30.0305 0944        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:40:30.0351 0944        vds - ok
14:40:30.0383 0944        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:40:30.0398 0944        vga - ok
14:40:30.0414 0944        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:40:30.0461 0944        VgaSave - ok
14:40:30.0461 0944        VGPU - ok
14:40:30.0507 0944        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:40:30.0539 0944        vhdmp - ok
14:40:30.0570 0944        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:40:30.0570 0944        viaide - ok
14:40:30.0601 0944        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:40:30.0617 0944        vmbus - ok
14:40:30.0648 0944        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:40:30.0663 0944        VMBusHID - ok
14:40:30.0679 0944        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:40:30.0695 0944        volmgr - ok
14:40:30.0726 0944        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:40:30.0757 0944        volmgrx - ok
14:40:30.0804 0944        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:40:30.0819 0944        volsnap - ok
14:40:30.0851 0944        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:40:30.0866 0944        vsmraid - ok
14:40:30.0944 0944        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:40:31.0038 0944        VSS - ok
14:40:31.0163 0944        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:40:31.0194 0944        vwifibus - ok
14:40:31.0225 0944        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:40:31.0241 0944        vwififlt - ok
14:40:31.0272 0944        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:40:31.0319 0944        W32Time - ok
14:40:31.0350 0944        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:40:31.0350 0944        WacomPen - ok
14:40:31.0381 0944        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:40:31.0459 0944        WANARP - ok
14:40:31.0459 0944        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:40:31.0490 0944        Wanarpv6 - ok
14:40:31.0568 0944        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:40:31.0677 0944        wbengine - ok
14:40:31.0771 0944        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:40:31.0802 0944        WbioSrvc - ok
14:40:31.0833 0944        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:40:31.0880 0944        wcncsvc - ok
14:40:31.0911 0944        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:40:31.0943 0944        WcsPlugInService - ok
14:40:32.0005 0944        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:40:32.0021 0944        Wd - ok
14:40:32.0052 0944        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:40:32.0083 0944        Wdf01000 - ok
14:40:32.0099 0944        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:40:32.0208 0944        WdiServiceHost - ok
14:40:32.0208 0944        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:40:32.0223 0944        WdiSystemHost - ok
14:40:32.0255 0944        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:40:32.0317 0944        WebClient - ok
14:40:32.0364 0944        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:40:32.0426 0944        Wecsvc - ok
14:40:32.0457 0944        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:40:32.0504 0944        wercplsupport - ok
14:40:32.0535 0944        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:40:32.0598 0944        WerSvc - ok
14:40:32.0676 0944        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:40:32.0723 0944        WfpLwf - ok
14:40:32.0754 0944        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:40:32.0754 0944        WIMMount - ok
14:40:32.0785 0944        WinDefend - ok
14:40:32.0801 0944        WinHttpAutoProxySvc - ok
14:40:32.0847 0944        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:40:32.0910 0944        Winmgmt - ok
14:40:33.0019 0944        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:40:33.0128 0944        WinRM - ok
14:40:33.0253 0944        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:40:33.0269 0944        WinUsb - ok
14:40:33.0331 0944        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:40:33.0378 0944        Wlansvc - ok
14:40:33.0409 0944        WmBEnum        (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
14:40:33.0425 0944        WmBEnum - ok
14:40:33.0456 0944        WmFilter        (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
14:40:33.0456 0944        WmFilter - ok
14:40:33.0487 0944        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:40:33.0534 0944        WmiAcpi - ok
14:40:33.0596 0944        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:40:33.0627 0944        wmiApSrv - ok
14:40:33.0690 0944        WMPNetworkSvc - ok
14:40:33.0721 0944        WmVirHid        (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
14:40:33.0737 0944        WmVirHid - ok
14:40:33.0752 0944        WmXlCore        (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
14:40:33.0752 0944        WmXlCore - ok
14:40:33.0783 0944        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:40:33.0815 0944        WPCSvc - ok
14:40:33.0846 0944        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:40:33.0861 0944        WPDBusEnum - ok
14:40:33.0877 0944        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:40:33.0908 0944        ws2ifsl - ok
14:40:33.0939 0944        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:40:34.0002 0944        wscsvc - ok
14:40:34.0002 0944        WSearch - ok
14:40:34.0095 0944        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:40:34.0220 0944        wuauserv - ok
14:40:34.0345 0944        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:40:34.0407 0944        WudfPf - ok
14:40:34.0423 0944        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:40:34.0470 0944        WUDFRd - ok
14:40:34.0501 0944        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:40:34.0532 0944        wudfsvc - ok
14:40:34.0563 0944        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:40:34.0610 0944        WwanSvc - ok
14:40:34.0673 0944        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:40:34.0875 0944        \Device\Harddisk0\DR0 - ok
14:40:34.0891 0944        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
14:40:34.0938 0944        \Device\Harddisk1\DR1 - ok
14:40:34.0938 0944        Boot (0x1200)  (815405d175a32db08c04c21d4b01ac38) \Device\Harddisk0\DR0\Partition0
14:40:34.0938 0944        \Device\Harddisk0\DR0\Partition0 - ok
14:40:34.0969 0944        Boot (0x1200)  (c7d1b430a3a1f48038b0fe5e04583544) \Device\Harddisk0\DR0\Partition1
14:40:34.0969 0944        \Device\Harddisk0\DR0\Partition1 - ok
14:40:35.0000 0944        Boot (0x1200)  (192ccefa9e5465846740a40152048e4c) \Device\Harddisk1\DR1\Partition0
14:40:35.0000 0944        \Device\Harddisk1\DR1\Partition0 - ok
14:40:35.0000 0944        ============================================================
14:40:35.0000 0944        Scan finished
14:40:35.0000 0944        ============================================================
14:40:35.0016 5088        Detected object count: 6
14:40:35.0016 5088        Actual detected object count: 6
14:41:48.0508 5088        Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:48.0508 5088        Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:41:48.0523 5088        Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:48.0523 5088        Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:41:48.0523 5088        CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:48.0523 5088        CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:41:48.0523 5088        HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:48.0523 5088        HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:41:48.0523 5088        PST Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:48.0523 5088        PST Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:41:48.0523 5088        SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
14:41:48.0523 5088        SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 25.05.2012 14:52
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Cranc v.2 26.05.2012 01:52
Ausgeführt und die log schaut so aus:
Code:
ComboFix 12-05-25.03 - Simon 26.05.2012  2:33.1.2 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1033.18.4095.2742 [GMT 2:00]
ausgeführt von:: c:\users\Simon\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Simon\4.0
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-26 bis 2012-05-26  ))))))))))))))))))))))))))))))
.
.
2012-05-26 00:40 . 2012-05-26 00:40        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-25 11:00 . 2012-05-25 11:00        --------        d-----w-        C:\_OTL
2012-05-25 10:57 . 2012-05-08 17:02        8955792        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29A2D94F-FE53-4B53-8480-EF7ECC9C6226}\mpengine.dll
2012-05-24 20:44 . 2012-05-24 20:44        --------        d-----w-        c:\program files (x86)\Motorola Media Link
2012-05-24 20:42 . 2012-05-24 20:42        --------        d-----w-        c:\users\Simon\AppData\Roaming\Motorola Mobility
2012-05-24 20:41 . 2012-05-24 20:41        --------        d-----w-        c:\program files\Motorola Inc
2012-05-21 16:24 . 2012-05-21 16:24        --------        d-----w-        c:\program files (x86)\ESET
2012-05-19 15:23 . 2012-05-25 10:48        --------        d-----w-        c:\users\Simon\.gstreamer-0.10
2012-05-19 15:22 . 2012-05-19 15:22        --------        d-----w-        c:\users\Simon\AppData\Local\Motorola
2012-05-19 15:22 . 2012-05-19 15:22        --------        d-----w-        c:\program files (x86)\Common Files\Nero
2012-05-19 15:22 . 2012-05-24 20:44        --------        d-----w-        c:\programdata\Nero
2012-05-19 15:22 . 2012-05-19 15:22        --------        d-----w-        c:\programdata\Motorola
2012-05-19 15:22 . 2012-05-24 20:42        --------        d-----w-        c:\program files (x86)\Motorola Mobility
2012-05-19 15:22 . 2012-05-26 00:42        --------        d-----w-        C:\Temp
2012-05-19 15:21 . 2012-05-19 15:21        --------        d-----w-        c:\program files\Common Files\Motorola Shared
2012-05-19 15:21 . 2012-05-25 10:46        --------        d-----w-        c:\program files (x86)\Motorola
2012-05-19 15:21 . 2012-05-19 15:22        --------        d-----w-        c:\users\Simon\AppData\Roaming\Motorola
2012-05-19 15:20 . 2012-05-25 10:48        --------        d-----w-        c:\users\Simon\AppData\Roaming\MotoCast
2012-05-19 09:16 . 2012-05-19 09:16        --------        d-----w-        c:\users\Simon\AppData\Roaming\Malwarebytes
2012-05-19 09:15 . 2012-05-19 09:15        --------        d-----w-        c:\programdata\Malwarebytes
2012-05-19 09:15 . 2012-05-19 09:16        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-19 09:15 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-12 17:43 . 2012-05-12 18:25        --------        d-----w-        c:\programdata\CPA_VA
2012-05-12 17:38 . 2012-05-12 18:01        --------        d-----w-        c:\users\Simon\AppData\Local\Comodo
2012-05-12 17:38 . 2012-05-16 21:05        --------        d-----w-        c:\program files (x86)\Comodo
2012-05-12 17:37 . 2012-05-12 17:37        348160        ----a-w-        c:\windows\SysWow64\msvcr71.dll
2012-05-12 17:37 . 2012-05-12 17:37        1700352        ----a-w-        c:\windows\SysWow64\gdiplus.dll
2012-04-27 11:02 . 2012-04-27 11:02        --------        d-----w-        c:\users\Simon\AppData\Local\Targem
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 11:08 . 2012-04-05 13:38        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-09 11:07 . 2011-05-26 21:28        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 17:02 . 2011-05-28 09:15        8955792        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-14 20:45 . 2012-03-14 20:45        1948672        ----a-w-        c:\windows\SysWow64\sx-csp.dll
2012-03-11 21:13 . 2011-10-21 16:28        41200        ----a-w-        c:\windows\system32\cmdcsr.dll
2012-03-11 19:13 . 2012-03-11 19:13        577824        ----a-w-        c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 19:13 . 2012-03-11 19:13        43248        ----a-w-        c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 19:13 . 2012-03-11 19:13        22696        ----a-w-        c:\windows\system32\drivers\cmderd.sys
2012-03-11 19:13 . 2012-03-11 19:13        301224        ----a-w-        c:\windows\SysWow64\guard32.dll
2012-03-11 19:13 . 2012-03-11 19:13        389840        ----a-w-        c:\windows\system32\guard64.dll
2012-02-27 16:23 . 2011-10-22 17:43        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 136176]
R2 hcw10cir;Hauppauge CIR Receiver;c:\windows\system32\drivers\hcw10cir.sys [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 ALSysIO;ALSysIO;c:\users\Simon\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-05-26 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-26 79360]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-08-31 1038088]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 136176]
R3 hcw10bda;Hauppauge USB-Live2 (111xxx);c:\windows\system32\drivers\hcw10bda.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-24 113136]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-05-14 87368]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-05-16 412304]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-05-18 116632]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28ux;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 14:02]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 14:02]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{398C0B66-A980-4A70-B90F-DD899A97DDAF}: NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{E22B2CEE-3C79-43F6-9EA8-A4DEBA104D2B}: NameServer = 8.26.56.26,156.154.70.22
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\3yecqz8f.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\progra~2\WinTV\TVServer\HAUPPA~1.EXE
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-26  02:47:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-26 00:47
.
Vor Suchlauf: 22.637.375.488 bytes free
Nach Suchlauf: 21.969.059.840 bytes free
.
- - End Of File - - 73A96B8B1FFA4F47A9E62F5D14456B92
Und? Was sagst du?

cosinus 26.05.2012 14:33
Zitat:
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
Hast du das alles noch installiert? Sowas sollte man nicht machen, mit mehreren Virenscannern wie zB MSE und Comodo kannst du dein System in die Knie zwingen. Deinstalliere umgehend eins der beiden, ich würde dir empfehlen COMODO zu deinstallieren


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:13 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131