Trojaner-Board - Alle 5 min wird Trojana Sirefef.ts von trend micro gefunden

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Alle 5 min wird Trojana Sirefef.ts von trend micro gefunden (https://www.trojaner-board.de/118311-alle-5-min-trojana-sirefef-ts-trend-micro-gefunden.html)

Alle 5 min wird Trojana Sirefef.ts von trend micro gefunden

Hallo,
auf meinem noch recht neuen Dell Vostro (64bit-System, Windows 7) kommt seit heute Abend alle 5 min Minuten von Trend Micro die Meldung über einen Fund des Trojaners Sirefef.ts informiert, der in Quarantäne verschoben wird. Alle ca. 20 min kommt dann auch die Meldung, dass der Zugriff auf eine omninöse Website (hxxp://promos.fling.com7geo/txt/city.php) verhindert wurde. Bis auf die nervigen Fundmeldungen funktioniert bisher alles noch (habe den Rechner bisher auch noch nicht neu gestartet).
Im Anhang kommt noch das Logfile meines Scanners. Wie kann ich die Malware entfernen?
Vielen Dank für eure Hilfe im Vorraus!!!

Code:

20120701<;>1948<;>TROJ_GEN.RFFCDG1<;>10<;>1<;>0<;>C:\Users\***\AppData\Local\Temp\2222125.exe<;>

20120701<;>1948<;>TROJ_SIREF64.SM<;>1<;>1<;>0<;>C:\Users\***\AppData\Local\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\n<;>

20120701<;>1949<;>TROJ_SIREF64.SM<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\n<;>

20120701<;>1949<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>1953<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>1957<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2002<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2006<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2010<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2015<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2019<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2023<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2027<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2032<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2036<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2040<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2044<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2049<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2053<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2057<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2101<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2106<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2110<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2114<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2119<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2123<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2127<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2131<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2136<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2140<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2144<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2149<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2153<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2157<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2201<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2205<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2211<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2215<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2219<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2224<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2228<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2232<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2237<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2241<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2245<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2249<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2254<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo,
vielen Dank schon mal für deine Hilfe!
habe zunächst Malwarebytes laufen lassen (mein Virenscanner, war aber noch, ist das ein Problem?). Malwarebytes hat nichts gefunden. Logs folgen unten. Danach habe ich Eset installiert. Trendmicro und Malwarebytes habe ich vor dem Scannen deaktiviert. Aber die Windows-FIrewall ließ sich nicht deaktivieren. Dazu kam die im Anhang beigefügte Fehlermeldung. Eset lief dann normal und hat auch was gefunden. Siehe ebenfalls unten.

Malwarebytes Logfile:

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.07.02.04
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

*** :: ***-LAPTOP [Administrator]
 

Schutz: Aktiviert
 

02.07.2012 21:54:00

mbam-log-2012-07-02 (21-54-00).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 368836

Laufzeit: 2 Stunde(n), 4 Minute(n), 53 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Malwarebytes Protection-Logs der letzten beiden Tage:

2.7.

Code:

2012/07/02 21:53:45 +0200        ***-LAPTOP        ***        MESSAGE        Starting protection

2012/07/02 21:53:45 +0200        ***-LAPTOP        ***        MESSAGE        Executing scheduled update:  Daily

2012/07/02 21:53:46 +0200        ***-LAPTOP        ***        MESSAGE        Database already up-to-date

2012/07/02 21:53:46 +0200        ***-LAPTOP        ***        MESSAGE        Protection started successfully

2012/07/02 21:53:49 +0200        ***-LAPTOP        ***        MESSAGE        Starting IP protection

2012/07/02 21:53:51 +0200        ***-LAPTOP        ***        MESSAGE        IP Protection started successfully

2012/07/02 23:24:31 +0200        ***-LAPTOP        ***        IP-BLOCK        77.78.240.33 (Type: outgoing, Port: 54895, Process: services.exe)

2012/07/02 23:24:39 +0200        ***-LAPTOP        ***        IP-BLOCK        77.78.240.33 (Type: outgoing, Port: 54895, Process: services.exe)

2012/07/02 23:40:21 +0200        ***-LAPTOP        ***        IP-BLOCK        77.78.240.33 (Type: outgoing, Port: 54895, Process: services.exe)

3.7. (bis 7:00, danach lief ESET)

Code:

2012/07/03 00:17:28 +0200        ***-LAPTOP        ***        IP-BLOCK        77.78.209.44 (Type: outgoing, Port: 54895, Process: services.exe)

2012/07/03 00:58:47 +0200        ***-LAPTOP        ***        IP-BLOCK        77.78.209.44 (Type: outgoing, Port: 54895, Process: services.exe)

2012/07/03 01:19:53 +0200        ***-LAPTOP        ***        IP-BLOCK        77.78.209.44 (Type: outgoing, Port: 54895, Process: services.exe)

2012/07/03 07:15:04 +0200        ***-LAPTOP        ***        MESSAGE        Stopping IP protection

2012/07/03 07:16:12 +0200        ***-LAPTOP        ***        MESSAGE        IP Protection stopped

ESET

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=e130c0420a0af44ab1aec72750f56f03

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-03 06:22:06

# local_time=2012-07-03 08:22:06 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 6603091 6603091 0 0

# compatibility_mode=5893 16776574 66 94 50974256 92922706 0 0

# compatibility_mode=8192 67108863 100 0 410 410 0 0

# scanned=173102

# found=2

# cleaned=0

# scan_time=3670

C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@        Win64/Sirefef.AL trojan (unable to clean)        00000000000000000000000000000000        I

C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@        Win64/Sirefef.T trojan (unable to clean)        00000000000000000000000000000000        I

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Hallo Arne,
ich habe Malwarebytes nur einmal laufen lassen und das entsprechende Logfile habe ich im vorigen Beitrag gepostet. Ich habe Malwarebytes gestern zum allerersten Mal installiert.
Grüße!

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hi Arne,
folgendes spuckte der OTL aus (Virenscanner Trendmicro habe ich angelassen!?)
Anmerkung: Sirefef wird weiter fleißig gefunden...

Code:

OTL logfile created on: 03.07.2012 20:21:23 - Run 1

OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\***\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,90 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 55,61% Memory free

7,79 Gb Paging File | 5,66 Gb Available in Paging File | 72,70% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | *** Gb Total Space | *** Gb Free Space | ***% Space Free | Partition Type: NTFS

Drive D: | *** Gb Total Space | *** Gb Free Space | ***% Space Free | Partition Type: UDF

Drive E: | *** Gb Total Space | *** Gb Free Space | ***% Space Free | Partition Type: NTFS

 

Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.07.03 20:19:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.02.07 22:16:44 | 000,050,704 | ---- | M] (Trend Micro Inc.) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

PRC - [2012.02.07 22:13:50 | 000,024,592 | ---- | M] (Trend Micro Inc.) -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011.09.15 19:28:50 | 000,199,760 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe

PRC - [2011.04.19 15:03:52 | 000,268,864 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe

PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe

PRC - [2011.01.13 22:56:42 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2010.12.29 20:54:10 | 000,740,688 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe

PRC - [2010.12.21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2010.12.21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010.10.01 16:49:34 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2010.10.01 16:49:34 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll

MOD - [2008.11.26 16:59:32 | 000,131,584 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll

MOD - [2008.10.22 16:01:00 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll

MOD - [2007.04.19 09:33:00 | 000,035,584 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.10.17 11:39:34 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010.10.07 15:56:44 | 003,137,840 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012.07.01 19:49:38 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.06.24 19:18:40 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.05.07 09:17:58 | 001,853,072 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)

SRV - [2012.04.26 16:04:26 | 000,918,032 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)

SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.02.07 22:16:44 | 000,050,704 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe -- (svcGenericHost)

SRV - [2011.12.08 19:29:58 | 002,064,992 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)

SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2011.01.13 22:56:40 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV - [2010.12.29 20:54:24 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost)

SRV - [2010.12.21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)

SRV - [2010.12.21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)

SRV - [2010.11.29 22:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)

SRV - [2010.11.25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)

SRV - [2010.11.25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)

SRV - [2010.10.07 15:45:28 | 002,692,400 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)

SRV - [2010.09.23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010.08.26 03:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)

SRV - [2010.07.21 14:48:20 | 000,596,032 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV - [2009.07.06 21:16:50 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.03.22 16:53:45 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2012.03.22 16:53:45 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.10.17 12:09:10 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011.10.17 11:03:18 | 000,304,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011.09.14 02:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011.09.14 02:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2011.09.05 19:38:22 | 000,212,544 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)

DRV:64bit: - [2011.09.05 19:38:22 | 000,069,184 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)

DRV:64bit: - [2011.08.24 07:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.08.09 18:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)

DRV:64bit: - [2011.06.13 13:06:10 | 000,048,488 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)

DRV:64bit: - [2011.05.17 14:48:22 | 000,225,256 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)

DRV:64bit: - [2011.05.17 14:48:22 | 000,039,016 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)

DRV:64bit: - [2011.04.23 04:24:38 | 001,438,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011.03.14 08:36:08 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)

DRV:64bit: - [2011.01.20 18:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2011.01.14 19:09:00 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)

DRV:64bit: - [2011.01.14 19:08:42 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2011.01.14 19:08:42 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2011.01.14 19:08:42 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2011.01.14 19:08:40 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010.12.01 18:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010.11.29 22:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2010.11.24 18:21:32 | 004,719,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 05:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)

DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010.11.21 05:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.11.09 02:07:48 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)

DRV:64bit: - [2010.11.09 02:06:58 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)

DRV:64bit: - [2010.11.09 02:05:20 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)

DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)

DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)

DRV:64bit: - [2010.09.29 20:38:32 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)

DRV:64bit: - [2010.08.20 12:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)

DRV:64bit: - [2010.03.19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012.04.10 21:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)

DRV - [2011.07.12 10:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)

DRV - [2011.07.12 10:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys -- (TmPreFilter)

DRV - [2011.07.12 10:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys -- (VSApiNt)

DRV - [2011.06.13 13:06:10 | 000,048,488 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)

DRV - [2011.05.17 14:48:22 | 000,225,256 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)

DRV - [2011.05.17 14:48:22 | 000,039,016 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {1FF8C28D-9F02-4236-86AB-26BAAA52B5BC}

IE:64bit: - HKLM\..\SearchScopes\{1FF8C28D-9F02-4236-86AB-26BAAA52B5BC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {1FF8C28D-9F02-4236-86AB-26BAAA52B5BC}

IE - HKLM\..\SearchScopes\{1FF8C28D-9F02-4236-86AB-26BAAA52B5BC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3673317262-787391419-4269671268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8

IE - HKU\S-1-5-21-3673317262-787391419-4269671268-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USSMB/8

IE - HKU\S-1-5-21-3673317262-787391419-4269671268-1001\..\SearchScopes,DefaultScope = {1FF8C28D-9F02-4236-86AB-26BAAA52B5BC}

IE - HKU\S-1-5-21-3673317262-787391419-4269671268-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2012.03.22 14:41:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1046\FirefoxExtension [2012.06.03 09:37:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.24 19:18:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.01 11:29:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.24 19:18:41 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012.04.18 17:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2012.06.29 21:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9lp1iowa.default\extensions

[2012.05.21 19:34:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9lp1iowa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2012.06.24 19:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.06.29 21:14:08 | 000,743,305 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9LP1IOWA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012.06.27 08:05:51 | 000,094,344 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9LP1IOWA.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI

[2012.06.24 19:18:41 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.06.24 19:18:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.06.24 19:18:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.06.24 19:18:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.24 19:18:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.24 19:18:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.24 19:18:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1046\TmIEPlg.dll (Trend Micro Inc.)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1046\TmIEPlg32.dll (Trend Micro Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [CDAServer] C:\Programme\Common Files\Common Desktop Agent\CDASrv.exe ()

O4:64bit: - HKLM..\Run: [DBRMTray] C:\DELL\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)

O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [QuickSet] c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)

O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)

O4 - HKLM..\Run: [IR_SERVER] C:\PROGRA~2\Realtek\REALTE~1\IR_SERVER.exe File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [OfficeScanNT Monitor] c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [STO Backup Service] C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [STO Launcher Service] C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe" File not found

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4:64bit: - HKLM..\RunOnce: [DBRMTray] C:\DELL\DBRM\Reminder\TrayApp.exe (Microsoft)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3673317262-787391419-4269671268-1001\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2DE30B8-2468-42C2-871D-09DC6E8A80BA}: DhcpNameServer = 13.35.0.103

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5F3A03A-721A-4275-8EE2-272A1F310872}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1046\TmIEPlg.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1046\TmIEPlg32.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Dell Webcam Central - hkey= - key= - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

MsConfig:64bit - StartUpReg: Desktop Disc Tool - hkey= - key= - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()

MsConfig:64bit - StartUpReg: PDVD9LanguageShortcut - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)

MsConfig:64bit - StartUpReg: RemoteControl9 - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

MsConfig:64bit - StartUpReg: RTHDVCPL - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: MPSSvc - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: DpHost - C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: MPSSvc - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.03 20:17:38 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012.07.03 07:18:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%

[2012.07.03 07:15:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MWB

[2012.07.03 07:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.07.03 07:13:13 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe

[2012.07.02 21:52:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2012.07.02 21:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.07.02 21:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.07.02 21:52:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.07.02 21:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.06.25 23:07:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dvdcss

[2012.06.25 23:07:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc

[2012.06.25 23:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2012.06.25 23:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2012.06.25 20:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink

[2012.06.25 20:41:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink

[2012.06.24 17:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink

[2012.06.16 21:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Client-Server Security Agent

[2012.06.11 21:28:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia

[2012.06.09 16:59:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte

[2012.06.07 22:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Media Adaptor

[2012.06.07 22:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Media Adaptor

 
 ========== Files - Modified Within 30 Days ==========

 

File not found -- C:\Windows\SysNative\

[2012.07.03 20:19:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012.07.03 20:16:38 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2012.07.03 20:16:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.07.03 20:16:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.03 10:20:20 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini

[2012.07.03 07:13:14 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe

[2012.07.02 21:52:22 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.01 20:13:43 | 000,943,230 | ---- | M] () -- C:\Users\***\AppData\Local\census.cache

[2012.07.01 20:12:50 | 000,109,811 | ---- | M] () -- C:\Users\***\AppData\Local\ars.cache

[2012.07.01 20:01:30 | 000,000,036 | ---- | M] () -- C:\Users\***\AppData\Local\housecall.guid.cache

[2012.07.01 19:18:40 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.01 19:18:40 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.01 19:11:05 | 3137,970,176 | -HS- | M] () -- C:\hiberfil.sys

[2012.06.30 13:31:55 | 000,741,706 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.06.30 13:31:55 | 000,696,984 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.06.30 13:31:55 | 000,162,664 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.06.30 13:31:55 | 000,135,610 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.06.30 13:31:54 | 001,733,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.06.29 20:46:32 | 000,107,800 | ---- | M] () -- C:\Users\***\Desktop\2012-06-29_***_v2 (1).pdf

[2012.06.29 20:46:06 | 000,107,801 | ---- | M] () -- C:\Users\***\Desktop\2012-06-29_***_v2.pdf

[2012.06.29 20:44:29 | 000,107,806 | ---- | M] () -- C:\Users\***\Desktop\2012-06-29_***.pdf

[2012.06.25 23:05:47 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012.06.24 14:43:48 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2012.06.24 01:37:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job

[2012.06.15 21:20:01 | 000,493,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

 
 ========== Files Created - No Company Name ==========

 

File not found -- C:\Windows\SysNative\

[2012.07.02 21:52:22 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.01 20:13:43 | 000,943,230 | ---- | C] () -- C:\Users\***\AppData\Local\census.cache

[2012.07.01 20:12:50 | 000,109,811 | ---- | C] () -- C:\Users\***\AppData\Local\ars.cache

[2012.07.01 20:00:38 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache

[2012.07.01 19:49:26 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\00000001.@

[2012.06.29 20:46:32 | 000,107,800 | ---- | C] () -- C:\Users\***\Desktop\2012-06-29_***_v2 (1).pdf

[2012.06.29 20:46:06 | 000,107,801 | ---- | C] () -- C:\Users\***\Desktop\2012-06-29_***_v2.pdf

[2012.06.29 20:44:29 | 000,107,806 | ---- | C] () -- C:\Users\***\Desktop\2012-06-29_***.pdf

[2012.06.25 23:05:47 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012.06.24 01:07:08 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job

[2012.05.27 12:53:10 | 000,950,585 | ---- | C] () -- C:\Windows\SysWow64\libiconv-2.dll

[2012.05.27 12:41:52 | 000,149,880 | ---- | C] () -- C:\Windows\Wiainst64.exe

[2012.05.20 22:48:10 | 000,001,270 | ---- | C] () -- C:\Users\***\.recently-used.xbel

[2012.05.05 20:11:45 | 005,746,780 | ---- | C] ( ) -- C:\Windows\SysWow64\RTKISDBT.dll

[2012.05.01 18:29:26 | 000,001,994 | ---- | C] () -- C:\Users\***\AppData\Roaming\gnuplot_history

[2012.04.23 21:27:44 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.04.22 19:40:44 | 000,001,466 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel

[2012.04.21 19:18:53 | 000,219,848 | ---- | C] () -- C:\Users\***\AppData\Roaming\hdsmsu.dll

[2012.04.19 23:20:40 | 000,039,026 | ---- | C] () -- C:\Users\***\Feiertage_DE.ics

[2012.03.22 16:54:00 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\@

[2012.03.22 16:54:00 | 000,002,048 | -HS- | C] () -- C:\Users\***\AppData\Local\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\@

[2012.03.22 16:22:12 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

[2012.03.22 16:21:47 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2012.03.22 16:21:45 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2012.03.22 16:21:43 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012.03.22 16:21:42 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2012.03.22 16:21:41 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2012.03.22 16:21:36 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2012.03.22 14:31:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012.03.22 14:30:25 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat

[2011.10.17 09:05:18 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011.02.11 19:45:27 | 001,701,402 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

 
 ========== LOP Check ==========

 

[2012.04.17 20:48:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DigitalPersona

[2012.04.24 16:39:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF

[2012.05.18 15:23:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape

[2012.04.21 19:10:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice

[2012.05.01 15:12:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCDr

[2012.05.27 12:55:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung

[2012.04.26 19:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client

[2012.04.18 17:45:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird

[2012.04.24 14:30:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP

[2012.06.24 01:37:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job

[2012.06.24 14:43:48 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

[2012.06.24 14:43:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.07.03 20:16:38 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.04.21 19:15:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe

[2012.05.05 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ArcSoft

[2012.04.17 20:59:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI

[2012.04.17 20:59:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Creative

[2012.05.02 20:38:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink

[2012.05.01 13:27:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dell

[2012.04.17 20:48:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DigitalPersona

[2012.06.26 07:18:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss

[2012.04.18 17:36:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FLEXnet

[2012.04.24 16:39:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF

[2012.04.17 20:59:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities

[2012.05.18 15:23:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape

[2012.05.05 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield

[2012.04.21 19:10:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice

[2012.04.17 21:29:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia

[2012.07.02 21:52:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2010.11.21 09:00:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs

[2012.06.03 18:47:49 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft

[2012.04.18 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla

[2012.05.01 15:12:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCDr

[2012.04.23 21:25:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Reallusion

[2012.04.18 18:00:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Roxio

[2012.04.18 17:32:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Roxio Burn

[2012.05.27 12:55:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung

[2012.06.25 21:08:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype

[2012.04.26 19:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client

[2012.04.18 17:45:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird

[2012.04.24 14:30:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP

[2012.06.26 07:19:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc

[2012.05.03 21:07:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Drivers\Chipset_IRST\f6flpy-x64\iaStor.sys

[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys

[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys

[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2012.03.22 16:53:45 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2012.03.22 16:53:45 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2012.03.22 16:53:45 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2012.03.22 16:53:45 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2012.03.22 16:53:45 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2012.03.22 16:53:45 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2012.03.22 16:53:45 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2012.03.22 16:53:45 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [IR_SERVER] C:\PROGRA~2\Realtek\REALTE~1\IR_SERVER.exe File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

:Files

C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U

C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\@

C:\Users\***\AppData\Local\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\@

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Fix durchgefüht. Hier die OTL-Datei

Code:

All processes killed

========== OTL ==========

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IR_SERVER deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

========== FILES ==========

C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U folder moved successfully.

C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\@ moved successfully.

C:\Users\***\AppData\Local\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\@ moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: ***

->Temp folder emptied: 165760745 bytes

->Temporary Internet Files folder emptied: 60671824 bytes

->Java cache emptied: 1489512 bytes

->FireFox cache emptied: 1160658714 bytes

->Flash cache emptied: 10855 bytes

 

User: ***

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: ***

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: ***

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 170465552 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52113068 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 1.537,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: ***

->Flash cache emptied: 0 bytes

 

User: ***

 

User: ***

 

User: ***

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.53.1 log created on 07042012_195151
 

Files\Folders moved on Reboot...

C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

PendingFileRenameOperations files...

File C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
 

Registry entries deleted on Reboot...

Nach dem Neustart lief er jetzt für 20 min ohne einen erneuten Fund :applaus:

Allerdings besteht immer noch das Problem mit der Firewall, genauer ich kann keine Änderungen an der Windows-Firewall vornehmen (wie bereits oben beschrieben). Die Fehlermeldung findest du im Anhang. Was bleibt noch zu tun?

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hi,
der TDSS-Killer hat nix gefunden. Hier der Report:

Code:

23:02:23.0151 3312        TDSS rootkit removing tool 2.7.44.0 Jul  2 2012 20:01:08

23:02:23.0463 3312        ============================================================

23:02:23.0463 3312        Current date / time: 2012/07/05 23:02:23.0463

23:02:23.0463 3312        SystemInfo:

23:02:23.0463 3312        

23:02:23.0463 3312        OS Version: 6.1.7601 ServicePack: 1.0

23:02:23.0463 3312        Product type: Workstation

23:02:23.0463 3312        ComputerName: ***-LAPTOP

23:02:23.0463 3312        UserName: ***

23:02:23.0463 3312        Windows directory: C:\Windows

23:02:23.0463 3312        System windows directory: C:\Windows

23:02:23.0463 3312        Running under WOW64

23:02:23.0463 3312        Processor architecture: Intel x64

23:02:23.0463 3312        Number of processors: 4

23:02:23.0463 3312        Page size: 0x1000

23:02:23.0463 3312        Boot type: Normal boot

23:02:23.0463 3312        ============================================================

23:02:24.0274 3312        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:02:24.0290 3312        ============================================================

23:02:24.0290 3312        \Device\Harddisk0\DR0:

23:02:24.0290 3312        MBR partitions:

23:02:24.0290 3312        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000

23:02:24.0290 3312        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x124F7800

23:02:24.0290 3312        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14C3B800, BlocksNum 0x2574A800

23:02:24.0290 3312        ============================================================

23:02:24.0321 3312        C: <-> \Device\Harddisk0\DR0\Partition1

23:02:24.0352 3312        E: <-> \Device\Harddisk0\DR0\Partition2

23:02:24.0352 3312        ============================================================

23:02:24.0352 3312        Initialize success

23:02:24.0352 3312        ============================================================

23:04:02.0757 5884        ============================================================

23:04:02.0757 5884        Scan started

23:04:02.0757 5884        Mode: Manual; SigCheck; TDLFS; 

23:04:02.0757 5884        ============================================================

23:04:03.0678 5884        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

23:04:03.0912 5884        1394ohci - ok

23:04:03.0959 5884        Acceler         (aedb94a49236f5ff060c90e09e70281f) C:\Windows\system32\DRIVERS\Accelern.sys

23:04:04.0005 5884        Acceler - ok

23:04:04.0115 5884        ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

23:04:04.0130 5884        ACDaemon - ok

23:04:04.0177 5884        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

23:04:04.0208 5884        ACPI - ok

23:04:04.0239 5884        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

23:04:04.0317 5884        AcpiPmi - ok

23:04:04.0395 5884        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

23:04:04.0411 5884        AdobeARMservice - ok

23:04:04.0536 5884        AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

23:04:04.0551 5884        AdobeFlashPlayerUpdateSvc - ok

23:04:04.0614 5884        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

23:04:04.0661 5884        adp94xx - ok

23:04:04.0707 5884        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

23:04:04.0739 5884        adpahci - ok

23:04:04.0770 5884        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

23:04:04.0801 5884        adpu320 - ok

23:04:04.0848 5884        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

23:04:05.0019 5884        AeLookupSvc - ok

23:04:05.0113 5884        AERTFilters     (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

23:04:05.0129 5884        AERTFilters - ok

23:04:05.0222 5884        Afc             (0d0e5281784c2c526ba43c2ecd374288) C:\Windows\syswow64\drivers\Afc.sys

23:04:05.0238 5884        Afc - ok

23:04:05.0300 5884        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

23:04:05.0378 5884        AFD - ok

23:04:05.0409 5884        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

23:04:05.0441 5884        agp440 - ok

23:04:05.0472 5884        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

23:04:05.0534 5884        ALG - ok

23:04:05.0550 5884        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

23:04:05.0581 5884        aliide - ok

23:04:05.0612 5884        AMD External Events Utility (bf25b0b9355f735dad171e4366d77018) C:\Windows\system32\atiesrxx.exe

23:04:05.0721 5884        AMD External Events Utility - ok

23:04:05.0737 5884        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

23:04:05.0753 5884        amdide - ok

23:04:05.0784 5884        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

23:04:05.0799 5884        AmdK8 - ok

23:04:06.0252 5884        amdkmdag        (5e2bc632d187b6b8e5d8565813bb3c93) C:\Windows\system32\DRIVERS\atikmdag.sys

23:04:06.0533 5884        amdkmdag - ok

23:04:06.0657 5884        amdkmdap        (e25e26f6f97ae1b625bd4cbceaf88c91) C:\Windows\system32\DRIVERS\atikmpag.sys

23:04:06.0704 5884        amdkmdap - ok

23:04:06.0735 5884        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

23:04:06.0782 5884        AmdPPM - ok

23:04:06.0813 5884        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

23:04:06.0829 5884        amdsata - ok

23:04:06.0860 5884        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

23:04:06.0891 5884        amdsbs - ok

23:04:06.0907 5884        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

23:04:06.0923 5884        amdxata - ok

23:04:06.0954 5884        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

23:04:07.0141 5884        AppID - ok

23:04:07.0157 5884        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

23:04:07.0203 5884        AppIDSvc - ok

23:04:07.0235 5884        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

23:04:07.0328 5884        Appinfo - ok

23:04:07.0375 5884        AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

23:04:07.0406 5884        AppMgmt - ok

23:04:07.0437 5884        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

23:04:07.0469 5884        arc - ok

23:04:07.0484 5884        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

23:04:07.0515 5884        arcsas - ok

23:04:07.0609 5884        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

23:04:07.0656 5884        aspnet_state - ok

23:04:07.0687 5884        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

23:04:07.0781 5884        AsyncMac - ok

23:04:07.0827 5884        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

23:04:07.0827 5884        atapi - ok

23:04:07.0905 5884        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

23:04:07.0999 5884        AudioEndpointBuilder - ok

23:04:07.0999 5884        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

23:04:08.0061 5884        AudioSrv - ok

23:04:08.0077 5884        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

23:04:08.0155 5884        AxInstSV - ok

23:04:08.0202 5884        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

23:04:08.0280 5884        b06bdrv - ok

23:04:08.0327 5884        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

23:04:08.0373 5884        b57nd60a - ok

23:04:08.0623 5884        BCM43XX         (783f1c7ed6b39454a8d1028d4f30768d) C:\Windows\system32\DRIVERS\bcmwl664.sys

23:04:08.0701 5884        BCM43XX - ok

23:04:08.0795 5884        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

23:04:08.0841 5884        BDESVC - ok

23:04:08.0857 5884        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

23:04:08.0935 5884        Beep - ok

23:04:08.0951 5884        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

23:04:08.0997 5884        blbdrive - ok

23:04:09.0029 5884        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

23:04:09.0075 5884        bowser - ok

23:04:09.0107 5884        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

23:04:09.0153 5884        BrFiltLo - ok

23:04:09.0153 5884        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

23:04:09.0200 5884        BrFiltUp - ok

23:04:09.0231 5884        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

23:04:09.0341 5884        Browser - ok

23:04:09.0372 5884        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

23:04:09.0419 5884        Brserid - ok

23:04:09.0419 5884        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

23:04:09.0465 5884        BrSerWdm - ok

23:04:09.0481 5884        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

23:04:09.0543 5884        BrUsbMdm - ok

23:04:09.0543 5884        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

23:04:09.0575 5884        BrUsbSer - ok

23:04:09.0606 5884        BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys

23:04:09.0684 5884        BthEnum - ok

23:04:09.0699 5884        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

23:04:09.0731 5884        BTHMODEM - ok

23:04:09.0762 5884        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

23:04:09.0809 5884        BthPan - ok

23:04:09.0871 5884        BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys

23:04:09.0933 5884        BTHPORT - ok

23:04:09.0965 5884        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

23:04:10.0027 5884        bthserv - ok

23:04:10.0058 5884        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys

23:04:10.0074 5884        BTHUSB - ok

23:04:10.0136 5884        BTWAMPFL        (a0dfb69ade3444c78b17636fcf28e898) C:\Windows\system32\DRIVERS\btwampfl.sys

23:04:10.0167 5884        BTWAMPFL - ok

23:04:10.0199 5884        btwaudio        (f6135859a582a7294ba7a3336e08baa1) C:\Windows\system32\drivers\btwaudio.sys

23:04:10.0214 5884        btwaudio - ok

23:04:10.0245 5884        btwavdt         (3def2370e414b4e299673558ba171a51) C:\Windows\system32\DRIVERS\btwavdt.sys

23:04:10.0245 5884        btwavdt - ok

23:04:10.0355 5884        btwdins         (b7dea77ee893806859072274ee8ec8fc) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

23:04:10.0417 5884        btwdins - ok

23:04:10.0448 5884        btwl2cap        (9ad0fa253ed531d39fb2d74fe12a5fa9) C:\Windows\system32\DRIVERS\btwl2cap.sys

23:04:10.0464 5884        btwl2cap - ok

23:04:10.0479 5884        btwrchid        (9937e0e4dfc0030560a6dfe9d3a94b39) C:\Windows\system32\DRIVERS\btwrchid.sys

23:04:10.0495 5884        btwrchid - ok

23:04:10.0542 5884        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

23:04:10.0635 5884        cdfs - ok

23:04:10.0667 5884        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

23:04:10.0682 5884        cdrom - ok

23:04:10.0713 5884        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

23:04:10.0791 5884        CertPropSvc - ok

23:04:10.0823 5884        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

23:04:10.0854 5884        circlass - ok

23:04:10.0885 5884        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

23:04:10.0932 5884        CLFS - ok

23:04:11.0010 5884        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:04:11.0041 5884        clr_optimization_v2.0.50727_32 - ok

23:04:11.0088 5884        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:04:11.0119 5884        clr_optimization_v2.0.50727_64 - ok

23:04:11.0181 5884        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:04:11.0275 5884        clr_optimization_v4.0.30319_32 - ok

23:04:11.0306 5884        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:04:11.0353 5884        clr_optimization_v4.0.30319_64 - ok

23:04:11.0369 5884        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

23:04:11.0415 5884        CmBatt - ok

23:04:11.0431 5884        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

23:04:11.0462 5884        cmdide - ok

23:04:11.0525 5884        CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

23:04:11.0587 5884        CNG - ok

23:04:11.0603 5884        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

23:04:11.0618 5884        Compbatt - ok

23:04:11.0634 5884        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

23:04:11.0665 5884        CompositeBus - ok

23:04:11.0681 5884        COMSysApp - ok

23:04:11.0696 5884        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

23:04:11.0712 5884        crcdisk - ok

23:04:11.0743 5884        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

23:04:11.0774 5884        CryptSvc - ok

23:04:11.0821 5884        CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

23:04:11.0883 5884        CSC - ok

23:04:11.0946 5884        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

23:04:12.0008 5884        CscService - ok

23:04:12.0055 5884        CtClsFlt        (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys

23:04:12.0102 5884        CtClsFlt - ok

23:04:12.0351 5884        cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

23:04:12.0398 5884        cvhsvc - ok

23:04:12.0539 5884        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

23:04:12.0617 5884        DcomLaunch - ok

23:04:12.0695 5884        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

23:04:12.0788 5884        defragsvc - ok

23:04:12.0835 5884        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

23:04:12.0913 5884        DfsC - ok

23:04:12.0960 5884        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

23:04:13.0038 5884        Dhcp - ok

23:04:13.0069 5884        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

23:04:13.0116 5884        discache - ok

23:04:13.0178 5884        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

23:04:13.0209 5884        Disk - ok

23:04:13.0241 5884        dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

23:04:13.0287 5884        dmvsc - ok

23:04:13.0350 5884        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

23:04:13.0412 5884        Dnscache - ok

23:04:13.0459 5884        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

23:04:13.0568 5884        dot3svc - ok

23:04:13.0693 5884        DpHost          (c43618154fc0c8480f53b04ba7a2f371) C:\Program Files\DigitalPersona\Bin\DpHostW.exe

23:04:13.0724 5884        DpHost - ok

23:04:13.0802 5884        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

23:04:13.0880 5884        DPS - ok

23:04:13.0911 5884        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

23:04:13.0958 5884        drmkaud - ok

23:04:14.0052 5884        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

23:04:14.0114 5884        DXGKrnl - ok

23:04:14.0223 5884        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

23:04:14.0286 5884        EapHost - ok

23:04:14.0613 5884        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

23:04:14.0691 5884        ebdrv - ok

23:04:15.0003 5884        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

23:04:15.0050 5884        EFS - ok

23:04:15.0487 5884        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

23:04:15.0549 5884        ehRecvr - ok

23:04:15.0549 5884        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

23:04:15.0581 5884        ehSched - ok

23:04:15.0721 5884        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

23:04:15.0768 5884        elxstor - ok

23:04:15.0783 5884        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

23:04:15.0799 5884        ErrDev - ok

23:04:15.0846 5884        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

23:04:15.0908 5884        EventSystem - ok

23:04:15.0939 5884        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

23:04:16.0002 5884        exfat - ok

23:04:16.0080 5884        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

23:04:16.0158 5884        fastfat - ok

23:04:16.0220 5884        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

23:04:16.0298 5884        Fax - ok

23:04:16.0314 5884        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

23:04:16.0361 5884        fdc - ok

23:04:16.0392 5884        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

23:04:16.0454 5884        fdPHost - ok

23:04:16.0470 5884        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

23:04:16.0501 5884        FDResPub - ok

23:04:16.0517 5884        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

23:04:16.0532 5884        FileInfo - ok

23:04:16.0532 5884        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

23:04:16.0595 5884        Filetrace - ok

23:04:16.0626 5884        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

23:04:16.0657 5884        flpydisk - ok

23:04:16.0719 5884        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

23:04:16.0751 5884        FltMgr - ok

23:04:16.0797 5884        FLxHCIc         (f910874e4789dc95f37d2cf6285a85fa) C:\Windows\system32\DRIVERS\FLxHCIc.sys

23:04:16.0813 5884        FLxHCIc - ok

23:04:16.0844 5884        FLxHCIh         (b957f9a14f696dbc0dc65497aafd0ca4) C:\Windows\system32\DRIVERS\FLxHCIh.sys

23:04:16.0860 5884        FLxHCIh - ok

23:04:16.0938 5884        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

23:04:17.0047 5884        FontCache - ok

23:04:17.0109 5884        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:04:17.0125 5884        FontCache3.0.0.0 - ok

23:04:17.0156 5884        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

23:04:17.0172 5884        FsDepends - ok

23:04:17.0203 5884        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

23:04:17.0234 5884        Fs_Rec - ok

23:04:17.0265 5884        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

23:04:17.0312 5884        fvevol - ok

23:04:17.0359 5884        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

23:04:17.0375 5884        gagp30kx - ok

23:04:17.0437 5884        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

23:04:17.0531 5884        gpsvc - ok

23:04:17.0562 5884        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

23:04:17.0609 5884        hcw85cir - ok

23:04:17.0655 5884        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

23:04:17.0718 5884        HdAudAddService - ok

23:04:17.0749 5884        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

23:04:17.0796 5884        HDAudBus - ok

23:04:17.0811 5884        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

23:04:17.0827 5884        HidBatt - ok

23:04:17.0858 5884        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

23:04:17.0874 5884        HidBth - ok

23:04:17.0889 5884        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

23:04:17.0921 5884        HidIr - ok

23:04:17.0952 5884        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

23:04:18.0045 5884        hidserv - ok

23:04:18.0077 5884        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

23:04:18.0108 5884        HidUsb - ok

23:04:18.0155 5884        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

23:04:18.0248 5884        hkmsvc - ok

23:04:18.0264 5884        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

23:04:18.0295 5884        HomeGroupListener - ok

23:04:18.0326 5884        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

23:04:18.0357 5884        HomeGroupProvider - ok

23:04:18.0404 5884        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

23:04:18.0420 5884        HpSAMD - ok

23:04:18.0467 5884        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

23:04:18.0560 5884        HTTP - ok

23:04:18.0576 5884        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

23:04:18.0591 5884        hwpolicy - ok

23:04:18.0607 5884        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

23:04:18.0623 5884        i8042prt - ok

23:04:18.0654 5884        iaStor          (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys

23:04:18.0654 5884        iaStor - ok

23:04:18.0701 5884        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

23:04:18.0747 5884        iaStorV - ok

23:04:18.0857 5884        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:04:18.0919 5884        idsvc - ok

23:04:18.0950 5884        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

23:04:18.0981 5884        iirsp - ok

23:04:19.0059 5884        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

23:04:19.0200 5884        IKEEXT - ok

23:04:19.0340 5884        IntcAzAudAddService (1b491f385ee96f9d9ee4cb430c8cd29e) C:\Windows\system32\drivers\RTKVHD64.sys

23:04:19.0403 5884        IntcAzAudAddService - ok

23:04:19.0512 5884        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

23:04:19.0574 5884        IntcDAud - ok

23:04:19.0590 5884        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

23:04:19.0621 5884        intelide - ok

23:04:20.0073 5884        intelkmd        (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdpmd64.sys

23:04:20.0370 5884        intelkmd - ok

23:04:20.0479 5884        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

23:04:20.0510 5884        intelppm - ok

23:04:20.0541 5884        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

23:04:20.0635 5884        IPBusEnum - ok

23:04:20.0666 5884        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:04:20.0697 5884        IpFilterDriver - ok

23:04:20.0713 5884        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

23:04:20.0713 5884        IPMIDRV - ok

23:04:20.0744 5884        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

23:04:20.0807 5884        IPNAT - ok

23:04:20.0838 5884        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

23:04:20.0869 5884        IRENUM - ok

23:04:20.0885 5884        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

23:04:20.0900 5884        isapnp - ok

23:04:20.0916 5884        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

23:04:20.0931 5884        iScsiPrt - ok

23:04:20.0963 5884        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

23:04:20.0978 5884        kbdclass - ok

23:04:21.0009 5884        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

23:04:21.0041 5884        kbdhid - ok

23:04:21.0087 5884        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:04:21.0103 5884        KeyIso - ok

23:04:21.0134 5884        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

23:04:21.0150 5884        KSecDD - ok

23:04:21.0181 5884        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

23:04:21.0197 5884        KSecPkg - ok

23:04:21.0228 5884        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

23:04:21.0306 5884        ksthunk - ok

23:04:21.0337 5884        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

23:04:21.0431 5884        KtmRm - ok

23:04:21.0462 5884        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

23:04:21.0524 5884        LanmanServer - ok

23:04:21.0571 5884        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

23:04:21.0649 5884        LanmanWorkstation - ok

23:04:21.0680 5884        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

23:04:21.0711 5884        lltdio - ok

23:04:21.0758 5884        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

23:04:21.0852 5884        lltdsvc - ok

23:04:21.0852 5884        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

23:04:21.0883 5884        lmhosts - ok

23:04:21.0992 5884        LMS             (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

23:04:22.0023 5884        LMS - ok

23:04:22.0055 5884        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

23:04:22.0086 5884        LSI_FC - ok

23:04:22.0117 5884        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

23:04:22.0148 5884        LSI_SAS - ok

23:04:22.0164 5884        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

23:04:22.0179 5884        LSI_SAS2 - ok

23:04:22.0211 5884        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

23:04:22.0211 5884        LSI_SCSI - ok

23:04:22.0226 5884        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

23:04:22.0273 5884        luafv - ok

23:04:22.0304 5884        MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

23:04:22.0320 5884        MBAMProtector - ok

23:04:22.0367 5884        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

23:04:22.0413 5884        MBAMService - ok

23:04:22.0445 5884        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

23:04:22.0476 5884        Mcx2Svc - ok

23:04:22.0507 5884        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

23:04:22.0538 5884        megasas - ok

23:04:22.0569 5884        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

23:04:22.0601 5884        MegaSR - ok

23:04:22.0647 5884        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

23:04:22.0663 5884        MEIx64 - ok

23:04:22.0694 5884        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

23:04:22.0757 5884        MMCSS - ok

23:04:22.0772 5884        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

23:04:22.0803 5884        Modem - ok

23:04:22.0850 5884        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

23:04:22.0881 5884        monitor - ok

23:04:22.0913 5884        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

23:04:22.0928 5884        mouclass - ok

23:04:22.0944 5884        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

23:04:22.0959 5884        mouhid - ok

23:04:22.0991 5884        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

23:04:23.0022 5884        mountmgr - ok

23:04:23.0115 5884        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

23:04:23.0147 5884        MozillaMaintenance - ok

23:04:23.0162 5884        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

23:04:23.0193 5884        mpio - ok

23:04:23.0209 5884        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

23:04:23.0256 5884        mpsdrv - ok

23:04:23.0271 5884        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

23:04:23.0287 5884        MRxDAV - ok

23:04:23.0412 5884        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:04:23.0474 5884        mrxsmb - ok

23:04:23.0552 5884        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:04:23.0599 5884        mrxsmb10 - ok

23:04:23.0630 5884        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:04:23.0661 5884        mrxsmb20 - ok

23:04:23.0708 5884        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

23:04:23.0739 5884        msahci - ok

23:04:23.0895 5884        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

23:04:23.0927 5884        msdsm - ok

23:04:24.0036 5884        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

23:04:24.0083 5884        MSDTC - ok

23:04:24.0129 5884        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

23:04:24.0161 5884        Msfs - ok

23:04:24.0176 5884        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

23:04:24.0223 5884        mshidkmdf - ok

23:04:24.0254 5884        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

23:04:24.0254 5884        msisadrv - ok

23:04:24.0301 5884        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

23:04:24.0379 5884        MSiSCSI - ok

23:04:24.0379 5884        msiserver - ok

23:04:24.0426 5884        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

23:04:24.0504 5884        MSKSSRV - ok

23:04:24.0551 5884        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

23:04:24.0644 5884        MSPCLOCK - ok

23:04:24.0660 5884        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

23:04:24.0691 5884        MSPQM - ok

23:04:24.0722 5884        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

23:04:24.0738 5884        MsRPC - ok

23:04:24.0753 5884        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

23:04:24.0769 5884        mssmbios - ok

23:04:24.0785 5884        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

23:04:24.0816 5884        MSTEE - ok

23:04:24.0816 5884        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

23:04:24.0831 5884        MTConfig - ok

23:04:24.0831 5884        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

23:04:24.0847 5884        Mup - ok

23:04:24.0894 5884        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

23:04:24.0987 5884        napagent - ok

23:04:25.0050 5884        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

23:04:25.0112 5884        NativeWifiP - ok

23:04:25.0175 5884        NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

23:04:25.0237 5884        NDIS - ok

23:04:25.0268 5884        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

23:04:25.0331 5884        NdisCap - ok

23:04:25.0346 5884        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

23:04:25.0362 5884        NdisTapi - ok

23:04:25.0377 5884        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

23:04:25.0409 5884        Ndisuio - ok

23:04:25.0409 5884        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

23:04:25.0455 5884        NdisWan - ok

23:04:25.0455 5884        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

23:04:25.0487 5884        NDProxy - ok

23:04:25.0502 5884        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

23:04:25.0549 5884        NetBIOS - ok

23:04:25.0565 5884        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

23:04:25.0596 5884        NetBT - ok

23:04:25.0611 5884        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:04:25.0611 5884        Netlogon - ok

23:04:25.0658 5884        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

23:04:25.0705 5884        Netman - ok

23:04:25.0814 5884        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:04:25.0845 5884        NetMsmqActivator - ok

23:04:25.0861 5884        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:04:25.0877 5884        NetPipeActivator - ok

23:04:25.0908 5884        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

23:04:26.0001 5884        netprofm - ok

23:04:26.0017 5884        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:04:26.0033 5884        NetTcpActivator - ok

23:04:26.0048 5884        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

23:04:26.0048 5884        NetTcpPortSharing - ok

23:04:26.0111 5884        netvsc          (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys

23:04:26.0157 5884        netvsc - ok

23:04:26.0189 5884        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

23:04:26.0220 5884        nfrd960 - ok

23:04:26.0267 5884        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

23:04:26.0360 5884        NlaSvc - ok

23:04:26.0563 5884        NOBU            (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

23:04:26.0688 5884        NOBU - ok

23:04:26.0781 5884        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

23:04:26.0859 5884        Npfs - ok

23:04:26.0891 5884        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

23:04:26.0922 5884        nsi - ok

23:04:26.0937 5884        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

23:04:27.0015 5884        nsiproxy - ok

23:04:27.0109 5884        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

23:04:27.0234 5884        Ntfs - ok

23:04:27.0390 5884        ntrtscan        (f632dd8aa5c388d1d0528a876a71320d) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe

23:04:27.0499 5884        ntrtscan - ok

23:04:27.0577 5884        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

23:04:27.0671 5884        Null - ok

23:04:27.0686 5884        nusb3hub        (d584abb6a308933a5f72b46c9e5a783f) C:\Windows\system32\drivers\nusb3hub.sys

23:04:27.0717 5884        nusb3hub - ok

23:04:27.0749 5884        nusb3xhc        (345b9c04e2036da4346e3249a5bdfd06) C:\Windows\system32\drivers\nusb3xhc.sys

23:04:27.0795 5884        nusb3xhc - ok

23:04:27.0842 5884        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

23:04:27.0873 5884        nvraid - ok

23:04:27.0905 5884        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

23:04:27.0951 5884        nvstor - ok

23:04:27.0967 5884        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

23:04:27.0983 5884        nv_agp - ok

23:04:27.0983 5884        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

23:04:28.0014 5884        ohci1394 - ok

23:04:28.0092 5884        ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:04:28.0123 5884        ose - ok

23:04:28.0388 5884        osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

23:04:28.0591 5884        osppsvc - ok

23:04:28.0685 5884        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

23:04:28.0716 5884        p2pimsvc - ok

23:04:28.0763 5884        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

23:04:28.0809 5884        p2psvc - ok

23:04:28.0856 5884        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

23:04:28.0887 5884        Parport - ok

23:04:28.0919 5884        partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

23:04:28.0950 5884        partmgr - ok

23:04:28.0981 5884        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

23:04:29.0043 5884        PcaSvc - ok

23:04:29.0153 5884        PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms

23:04:29.0199 5884        PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok

23:04:29.0231 5884        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

23:04:29.0246 5884        pci - ok

23:04:29.0277 5884        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

23:04:29.0293 5884        pciide - ok

23:04:29.0340 5884        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

23:04:29.0371 5884        pcmcia - ok

23:04:29.0402 5884        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

23:04:29.0418 5884        pcw - ok

23:04:29.0465 5884        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

23:04:29.0589 5884        PEAUTH - ok

23:04:29.0667 5884        PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

23:04:29.0761 5884        PeerDistSvc - ok

23:04:29.0839 5884        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

23:04:29.0870 5884        PerfHost - ok

23:04:30.0011 5884        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

23:04:30.0135 5884        pla - ok

23:04:30.0182 5884        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

23:04:30.0245 5884        PlugPlay - ok

23:04:30.0260 5884        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

23:04:30.0291 5884        PNRPAutoReg - ok

23:04:30.0323 5884        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

23:04:30.0369 5884        PNRPsvc - ok

23:04:30.0416 5884        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

23:04:30.0525 5884        PolicyAgent - ok

23:04:30.0572 5884        Power           (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll

23:04:30.0588 5884        Power - ok

23:04:30.0635 5884        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

23:04:30.0728 5884        PptpMiniport - ok

23:04:30.0744 5884        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

23:04:30.0775 5884        Processor - ok

23:04:30.0806 5884        ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

23:04:30.0853 5884        ProfSvc - ok

23:04:30.0884 5884        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:04:30.0915 5884        ProtectedStorage - ok

23:04:30.0962 5884        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

23:04:31.0040 5884        Psched - ok

23:04:31.0071 5884        PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

23:04:31.0087 5884        PxHlpa64 - ok

23:04:31.0181 5884        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

23:04:31.0274 5884        ql2300 - ok

23:04:31.0368 5884        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

23:04:31.0399 5884        ql40xx - ok

23:04:31.0430 5884        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

23:04:31.0477 5884        QWAVE - ok

23:04:31.0493 5884        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

23:04:31.0539 5884        QWAVEdrv - ok

23:04:31.0617 5884        RapiMgr         (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll

23:04:31.0649 5884        RapiMgr - ok

23:04:31.0680 5884        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

23:04:31.0758 5884        RasAcd - ok

23:04:31.0789 5884        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

23:04:31.0820 5884        RasAgileVpn - ok

23:04:31.0851 5884        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

23:04:31.0945 5884        RasAuto - ok

23:04:31.0961 5884        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:04:32.0039 5884        Rasl2tp - ok

23:04:32.0070 5884        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

23:04:32.0085 5884        RasMan - ok

23:04:32.0117 5884        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

23:04:32.0210 5884        RasPppoe - ok

23:04:32.0226 5884        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

23:04:32.0257 5884        RasSstp - ok

23:04:32.0288 5884        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

23:04:32.0319 5884        rdbss - ok

23:04:32.0335 5884        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

23:04:32.0351 5884        rdpbus - ok

23:04:32.0366 5884        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:04:32.0382 5884        RDPCDD - ok

23:04:32.0413 5884        RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

23:04:32.0460 5884        RDPDR - ok

23:04:32.0491 5884        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

23:04:32.0585 5884        RDPENCDD - ok

23:04:32.0600 5884        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

23:04:32.0631 5884        RDPREFMP - ok

23:04:32.0663 5884        RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

23:04:32.0709 5884        RDPWD - ok

23:04:32.0756 5884        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

23:04:32.0787 5884        rdyboost - ok

23:04:32.0819 5884        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

23:04:32.0897 5884        RemoteAccess - ok

23:04:32.0943 5884        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

23:04:33.0006 5884        RemoteRegistry - ok

23:04:33.0053 5884        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

23:04:33.0084 5884        RFCOMM - ok

23:04:33.0255 5884        RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

23:04:33.0333 5884        RoxMediaDB12OEM - ok

23:04:33.0380 5884        RoxWatch12      (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

23:04:33.0411 5884        RoxWatch12 - ok

23:04:33.0489 5884        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

23:04:33.0583 5884        RpcEptMapper - ok

23:04:33.0599 5884        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

23:04:33.0630 5884        RpcLocator - ok

23:04:33.0692 5884        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

23:04:33.0739 5884        RpcSs - ok

23:04:33.0786 5884        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

23:04:33.0848 5884        rspndr - ok

23:04:33.0895 5884        RSUSBSTOR       (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys

23:04:33.0911 5884        RSUSBSTOR - ok

23:04:33.0957 5884        RTL2832UBDA     (0bc1f83dc9cd93e233d7a5c0dfab9a12) C:\Windows\system32\drivers\RTL2832UBDA.sys

23:04:33.0973 5884        RTL2832UBDA - ok

23:04:34.0020 5884        RTL2832UUSB     (06560c03cac954b02cdda6aea1ba530c) C:\Windows\system32\Drivers\RTL2832UUSB.sys

23:04:34.0035 5884        RTL2832UUSB - ok

23:04:34.0098 5884        RTL2832U_IRHID  (ed0504e312ca3db775beabd47b49c660) C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys

23:04:34.0113 5884        RTL2832U_IRHID - ok

23:04:34.0176 5884        RTL8167         (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys

23:04:34.0207 5884        RTL8167 - ok

23:04:34.0223 5884        s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

23:04:34.0254 5884        s3cap - ok

23:04:34.0269 5884        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:04:34.0301 5884        SamSs - ok

23:04:34.0332 5884        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

23:04:34.0347 5884        sbp2port - ok

23:04:34.0379 5884        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

23:04:34.0457 5884        SCardSvr - ok

23:04:34.0472 5884        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

23:04:34.0550 5884        scfilter - ok

23:04:34.0597 5884        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

23:04:34.0691 5884        Schedule - ok

23:04:34.0722 5884        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

23:04:34.0737 5884        SCPolicySvc - ok

23:04:34.0769 5884        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

23:04:34.0815 5884        SDRSVC - ok

23:04:34.0862 5884        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

23:04:34.0940 5884        secdrv - ok

23:04:34.0956 5884        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

23:04:34.0971 5884        seclogon - ok

23:04:34.0987 5884        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

23:04:35.0018 5884        SENS - ok

23:04:35.0034 5884        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

23:04:35.0049 5884        SensrSvc - ok

23:04:35.0081 5884        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

23:04:35.0112 5884        Serenum - ok

23:04:35.0127 5884        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

23:04:35.0174 5884        Serial - ok

23:04:35.0190 5884        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

23:04:35.0237 5884        sermouse - ok

23:04:35.0283 5884        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

23:04:35.0346 5884        SessionEnv - ok

23:04:35.0346 5884        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

23:04:35.0361 5884        sffdisk - ok

23:04:35.0361 5884        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

23:04:35.0393 5884        sffp_mmc - ok

23:04:35.0393 5884        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

23:04:35.0408 5884        sffp_sd - ok

23:04:35.0408 5884        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

23:04:35.0439 5884        sfloppy - ok

23:04:35.0486 5884        Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

23:04:35.0533 5884        Sftfs - ok

23:04:35.0627 5884        sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

23:04:35.0673 5884        sftlist - ok

23:04:35.0705 5884        Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

23:04:35.0736 5884        Sftplay - ok

23:04:35.0751 5884        Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

23:04:35.0767 5884        Sftredir - ok

23:04:35.0783 5884        Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

23:04:35.0783 5884        Sftvol - ok

23:04:35.0814 5884        sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

23:04:35.0814 5884        sftvsa - ok

23:04:35.0861 5884        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

23:04:35.0892 5884        ShellHWDetection - ok

23:04:35.0923 5884        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

23:04:35.0923 5884        SiSRaid2 - ok

23:04:35.0939 5884        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

23:04:35.0954 5884        SiSRaid4 - ok

23:04:35.0985 5884        SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe

23:04:36.0017 5884        SkypeUpdate - ok

23:04:36.0032 5884        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

23:04:36.0110 5884        Smb - ok

23:04:36.0141 5884        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

23:04:36.0157 5884        SNMPTRAP - ok

23:04:36.0173 5884        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

23:04:36.0173 5884        spldr - ok

23:04:36.0219 5884        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

23:04:36.0313 5884        Spooler - ok

23:04:36.0453 5884        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

23:04:36.0578 5884        sppsvc - ok

23:04:36.0672 5884        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

23:04:36.0750 5884        sppuinotify - ok

23:04:36.0828 5884        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

23:04:36.0890 5884        srv - ok

23:04:36.0921 5884        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

23:04:36.0968 5884        srv2 - ok

23:04:36.0999 5884        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

23:04:37.0031 5884        srvnet - ok

23:04:37.0093 5884        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

23:04:37.0187 5884        SSDPSRV - ok

23:04:37.0249 5884        SSPORT          (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys

23:04:37.0265 5884        SSPORT - ok

23:04:37.0280 5884        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

23:04:37.0343 5884        SstpSvc - ok

23:04:37.0358 5884        stdcfltn        (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys

23:04:37.0374 5884        stdcfltn - ok

23:04:37.0389 5884        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

23:04:37.0421 5884        stexstor - ok

23:04:37.0467 5884        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

23:04:37.0545 5884        stisvc - ok

23:04:37.0608 5884        stllssvr        (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

23:04:37.0639 5884        stllssvr - ok

23:04:37.0655 5884        StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

23:04:37.0717 5884        StorSvc - ok

23:04:37.0733 5884        storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

23:04:37.0764 5884        storvsc - ok

23:04:37.0826 5884        svcGenericHost  (15323ae5d254aa1d389522166e6f4244) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

23:04:37.0842 5884        svcGenericHost - ok

23:04:37.0873 5884        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

23:04:37.0904 5884        swenum - ok

23:04:37.0951 5884        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

23:04:38.0060 5884        swprv - ok

23:04:38.0091 5884        SynthVid        (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys

23:04:38.0123 5884        SynthVid - ok

23:04:38.0232 5884        SynTP           (aad83760a0887975d8f524b4d2c86060) C:\Windows\system32\DRIVERS\SynTP.sys

23:04:38.0294 5884        SynTP - ok

23:04:38.0466 5884        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

23:04:38.0575 5884        SysMain - ok

23:04:38.0637 5884        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

23:04:38.0684 5884        TabletInputService - ok

23:04:38.0715 5884        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

23:04:38.0825 5884        TapiSrv - ok

23:04:38.0856 5884        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

23:04:38.0871 5884        TBS - ok

23:04:39.0012 5884        Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

23:04:39.0137 5884        Tcpip - ok

23:04:39.0277 5884        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

23:04:39.0371 5884        TCPIP6 - ok

23:04:39.0433 5884        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

23:04:39.0527 5884        tcpipreg - ok

23:04:39.0542 5884        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

23:04:39.0573 5884        TDPIPE - ok

23:04:39.0589 5884        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

23:04:39.0605 5884        TDTCP - ok

23:04:39.0636 5884        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

23:04:39.0683 5884        tdx - ok

23:04:39.0714 5884        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

23:04:39.0729 5884        TermDD - ok

23:04:39.0776 5884        TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

23:04:39.0885 5884        TermService - ok

23:04:39.0901 5884        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

23:04:39.0917 5884        Themes - ok

23:04:39.0932 5884        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

23:04:39.0963 5884        THREADORDER - ok

23:04:40.0057 5884        TMBMServer      (963c903e5176c5cdcae321d48635b21f) c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe

23:04:40.0104 5884        TMBMServer - ok

23:04:40.0182 5884        TmFilter        (8b97ba7e28bd39a2bc4a2bb66a83fec0) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys

23:04:40.0213 5884        TmFilter - ok

23:04:40.0322 5884        tmlisten        (e5f23152b394fdebc53b07e2b2e64c62) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe

23:04:40.0400 5884        tmlisten - ok

23:04:40.0525 5884        tmlwf           (b5c00fc8786a237937c33aabee68ca26) C:\Windows\system32\DRIVERS\tmlwf.sys

23:04:40.0541 5884        tmlwf - ok

23:04:40.0665 5884        TmPfw           (48d09383511757645c0a828622ef5ab3) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe

23:04:40.0728 5884        TmPfw - ok

23:04:40.0728 5884        TmPreFilter     (1889f49a828b1cf0e2866cdd325875b0) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys

23:04:40.0759 5884        TmPreFilter - ok

23:04:40.0806 5884        TmProxy         (19d6f618802f93c0ed9ea89e5cd6e12e) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe

23:04:40.0868 5884        TmProxy - ok

23:04:40.0977 5884        tmtdi           (a42e6780c52b248af54c6010a9a93384) C:\Windows\system32\DRIVERS\tmtdi.sys

23:04:40.0993 5884        tmtdi - ok

23:04:41.0055 5884        tmwfp           (5d38c32a4b093bc8190cf3fb9078c9cd) C:\Windows\system32\DRIVERS\tmwfp.sys

23:04:41.0087 5884        tmwfp - ok

23:04:41.0118 5884        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

23:04:41.0180 5884        TrkWks - ok

23:04:41.0243 5884        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

23:04:41.0321 5884        TrustedInstaller - ok

23:04:41.0352 5884        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:04:41.0383 5884        tssecsrv - ok

23:04:41.0414 5884        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

23:04:41.0461 5884        TsUsbFlt - ok

23:04:41.0461 5884        TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

23:04:41.0492 5884        TsUsbGD - ok

23:04:41.0508 5884        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

23:04:41.0586 5884        tunnel - ok

23:04:41.0601 5884        TurboB          (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys

23:04:41.0601 5884        TurboB - ok

23:04:41.0648 5884        TurboBoost      (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

23:04:41.0679 5884        TurboBoost - ok

23:04:41.0711 5884        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

23:04:41.0726 5884        uagp35 - ok

23:04:41.0742 5884        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

23:04:41.0835 5884        udfs - ok

23:04:41.0851 5884        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

23:04:41.0882 5884        UI0Detect - ok

23:04:41.0898 5884        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

23:04:41.0929 5884        uliagpkx - ok

23:04:41.0945 5884        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

23:04:41.0991 5884        umbus - ok

23:04:42.0007 5884        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

23:04:42.0038 5884        UmPass - ok

23:04:42.0085 5884        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

23:04:42.0132 5884        UmRdpService - ok

23:04:42.0303 5884        UNS             (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

23:04:42.0444 5884        UNS - ok

23:04:42.0537 5884        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

23:04:42.0647 5884        upnphost - ok

23:04:42.0709 5884        usbccgp         (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys

23:04:42.0725 5884        usbccgp - ok

23:04:42.0756 5884        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

23:04:42.0787 5884        usbcir - ok

23:04:42.0803 5884        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

23:04:42.0834 5884        usbehci - ok

23:04:42.0865 5884        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

23:04:42.0912 5884        usbhub - ok

23:04:42.0927 5884        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

23:04:42.0974 5884        usbohci - ok

23:04:42.0990 5884        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

23:04:43.0037 5884        usbprint - ok

23:04:43.0052 5884        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:04:43.0083 5884        USBSTOR - ok

23:04:43.0115 5884        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

23:04:43.0161 5884        usbuhci - ok

23:04:43.0208 5884        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

23:04:43.0255 5884        usbvideo - ok

23:04:43.0286 5884        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

23:04:43.0333 5884        UxSms - ok

23:04:43.0349 5884        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

23:04:43.0364 5884        VaultSvc - ok

23:04:43.0520 5884        vcsFPService    (20bf96c13db4ba085d98f4700f3b05fe) C:\Windows\system32\vcsFPService.exe

23:04:43.0645 5884        vcsFPService - ok

23:04:43.0739 5884        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

23:04:43.0754 5884        vdrvroot - ok

23:04:43.0801 5884        vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

23:04:43.0910 5884        vds - ok

23:04:43.0926 5884        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

23:04:43.0941 5884        vga - ok

23:04:43.0957 5884        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

23:04:43.0988 5884        VgaSave - ok

23:04:44.0019 5884        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

23:04:44.0035 5884        vhdmp - ok

23:04:44.0035 5884        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

23:04:44.0051 5884        viaide - ok

23:04:44.0082 5884        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

23:04:44.0113 5884        VMBusHID - ok

23:04:44.0129 5884        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

23:04:44.0144 5884        volmgr - ok

23:04:44.0191 5884        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

23:04:44.0222 5884        volmgrx - ok

23:04:44.0253 5884        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

23:04:44.0285 5884        volsnap - ok

23:04:44.0456 5884        VSApiNt         (3a5862d9a4fe4bbb2ffa1700e2b21b9b) c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys

23:04:44.0534 5884        VSApiNt - ok

23:04:44.0628 5884        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

23:04:44.0659 5884        vsmraid - ok

23:04:44.0768 5884        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

23:04:44.0893 5884        VSS - ok

23:04:44.0940 5884        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

23:04:44.0987 5884        vwifibus - ok

23:04:45.0018 5884        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

23:04:45.0065 5884        vwififlt - ok

23:04:45.0127 5884        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

23:04:45.0189 5884        W32Time - ok

23:04:45.0221 5884        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

23:04:45.0236 5884        WacomPen - ok

23:04:45.0267 5884        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:04:45.0345 5884        WANARP - ok

23:04:45.0361 5884        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:04:45.0392 5884        Wanarpv6 - ok

23:04:45.0470 5884        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

23:04:45.0579 5884        wbengine - ok

23:04:45.0673 5884        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

23:04:45.0720 5884        WbioSrvc - ok

23:04:45.0813 5884        WcesComm        (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll

23:04:45.0845 5884        WcesComm - ok

23:04:45.0876 5884        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

23:04:45.0954 5884        wcncsvc - ok

23:04:45.0969 5884        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

23:04:46.0016 5884        WcsPlugInService - ok

23:04:46.0063 5884        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

23:04:46.0094 5884        Wd - ok

23:04:46.0125 5884        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

23:04:46.0188 5884        Wdf01000 - ok

23:04:46.0219 5884        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

23:04:46.0313 5884        WdiServiceHost - ok

23:04:46.0328 5884        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

23:04:46.0359 5884        WdiSystemHost - ok

23:04:46.0391 5884        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

23:04:46.0422 5884        WebClient - ok

23:04:46.0437 5884        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

23:04:46.0515 5884        Wecsvc - ok

23:04:46.0531 5884        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

23:04:46.0562 5884        wercplsupport - ok

23:04:46.0578 5884        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

23:04:46.0609 5884        WerSvc - ok

23:04:46.0656 5884        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

23:04:46.0718 5884        WfpLwf - ok

23:04:46.0734 5884        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

23:04:46.0749 5884        WIMMount - ok

23:04:46.0749 5884        WinHttpAutoProxySvc - ok

23:04:46.0796 5884        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

23:04:46.0890 5884        Winmgmt - ok

23:04:46.0983 5884        WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

23:04:47.0124 5884        WinRM - ok

23:04:47.0249 5884        WinUSB          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

23:04:47.0295 5884        WinUSB - ok

23:04:47.0358 5884        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

23:04:47.0436 5884        Wlansvc - ok

23:04:47.0498 5884        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

23:04:47.0514 5884        wlcrasvc - ok

23:04:47.0701 5884        wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

23:04:47.0826 5884        wlidsvc - ok

23:04:47.0919 5884        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

23:04:47.0951 5884        WmiAcpi - ok

23:04:48.0013 5884        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

23:04:48.0060 5884        wmiApSrv - ok

23:04:48.0107 5884        WMPNetworkSvc - ok

23:04:48.0153 5884        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

23:04:48.0185 5884        WPCSvc - ok

23:04:48.0200 5884        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

23:04:48.0247 5884        WPDBusEnum - ok

23:04:48.0263 5884        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

23:04:48.0341 5884        ws2ifsl - ok

23:04:48.0356 5884        WSearch - ok

23:04:48.0387 5884        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

23:04:48.0419 5884        WudfPf - ok

23:04:48.0450 5884        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:04:48.0481 5884        WUDFRd - ok

23:04:48.0497 5884        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

23:04:48.0512 5884        wudfsvc - ok

23:04:48.0543 5884        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

23:04:48.0559 5884        WwanSvc - ok

23:04:48.0590 5884        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

23:04:48.0871 5884        \Device\Harddisk0\DR0 - ok

23:04:48.0887 5884        Boot (0x1200)   (c3a300e8db7622e6f74ceb12e4bc07ce) \Device\Harddisk0\DR0\Partition0

23:04:48.0887 5884        \Device\Harddisk0\DR0\Partition0 - ok

23:04:48.0918 5884        Boot (0x1200)   (080b07f6917fde64ced87bde719a2e87) \Device\Harddisk0\DR0\Partition1

23:04:48.0918 5884        \Device\Harddisk0\DR0\Partition1 - ok

23:04:48.0949 5884        Boot (0x1200)   (5cc295ec1bbcecb5c6e1577a0f39123b) \Device\Harddisk0\DR0\Partition2

23:04:48.0949 5884        \Device\Harddisk0\DR0\Partition2 - ok

23:04:48.0949 5884        ============================================================

23:04:48.0949 5884        Scan finished

23:04:48.0949 5884        ============================================================

23:04:48.0980 5440        Detected object count: 0

23:04:48.0980 5440        Actual detected object count: 0

Firewall geht weiterhin nicht!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hi,
Combofix lief. Die Fehlermeldungen kamen auch, allerdings sind sie nach dem Neustart verschwunden. Die Firewall funzt auch wieder! :Boogie:
Hier noch das Logfile vom COmbofix

Code:

ComboFix 12-07-06.02 - *** 07.07.2012   0:44.1.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3990.2560 [GMT 2:00]

ausgeführt von:: c:\users\***\Desktop\ComboFix.exe

AV: Trend Micro Client/Server Security Agent *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

FW: Trend Micro Personal Firewall *Enabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}

SP: Trend Micro Client/Server Security Agent Anti-Spyware *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\PCDr\5907\Downloads\16ab6978-b6b5-41fa-81a1-8bffc55a69b9.dll

c:\programdata\PCDr\5907\Downloads\9a727e3b-3b75-44f1-aa0c-b5b6cd760030.dll

c:\programdata\PCDr\5907\Downloads\a31dcb19-c462-4b91-b5af-0c0196d8d501.dll

c:\programdata\PCDr\5907\Downloads\eb1a169a-7868-4b2c-ae46-52b55b4db151.dll

.

Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert 

Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt 

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-06-06 bis 2012-07-06  ))))))))))))))))))))))))))))))

.

.

2012-07-06 22:49 . 2012-07-06 22:49        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-07-04 17:51 . 2012-07-04 17:51        --------        d-----w-        C:\_OTL

2012-07-03 05:18 . 2012-07-03 05:18        --------        d-sh--w-        c:\windows\system32\%APPDATA%

2012-07-03 05:14 . 2012-07-03 05:14        --------        d-----w-        c:\program files (x86)\ESET

2012-07-02 19:52 . 2012-07-02 19:52        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes

2012-07-02 19:52 . 2012-07-02 19:52        --------        d-----w-        c:\programdata\Malwarebytes

2012-07-02 19:52 . 2012-07-02 19:52        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-02 19:52 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-06-25 21:07 . 2012-06-26 05:18        --------        d-----w-        c:\users\***\AppData\Roaming\dvdcss

2012-06-25 21:07 . 2012-06-26 05:19        --------        d-----w-        c:\users\***\AppData\Roaming\vlc

2012-06-25 21:05 . 2012-06-25 21:05        --------        d-----w-        c:\program files (x86)\VideoLAN

2012-06-25 18:41 . 2012-06-25 18:41        --------        d-----w-        c:\program files (x86)\DVD Shrink

2012-06-24 17:18 . 2012-06-24 17:18        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-24 17:18 . 2012-06-24 17:18        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-24 15:56 . 2012-07-05 06:13        --------        d-----w-        c:\programdata\DVD Shrink

2012-06-21 06:31 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe

2012-06-21 06:31 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll

2012-06-21 06:31 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll

2012-06-21 06:31 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll

2012-06-21 06:31 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll

2012-06-21 06:31 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll

2012-06-21 06:31 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll

2012-06-21 06:31 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll

2012-06-21 06:31 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe

2012-06-14 18:37 . 2012-04-26 05:41        77312        ----a-w-        c:\windows\system32\rdpwsx.dll

2012-06-11 19:28 . 2012-06-11 19:28        --------        d-----w-        c:\users\***\AppData\Local\Macromedia

2012-06-07 20:53 . 2012-06-07 20:54        --------        d-----w-        c:\program files (x86)\USB Media Adaptor

2012-06-07 20:52 . 1998-10-29 14:45        306688        ----a-w-        c:\windows\IsUninst.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-01 17:49 . 2012-04-21 21:17        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-01 17:49 . 2012-03-22 12:10        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-22 11:16 . 2010-06-24 16:33        19352        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-17 343168]

"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2012-01-09 1712656]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"STO Backup Service"="c:\program files (x86)\SmarThru Office\BackUpSvr.exe" [2011-09-15 199760]

"STO Launcher Service"="c:\program files (x86)\SmarThru Office\x64\LegacyLauncher.exe" [2011-09-15 405584]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464]

TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2012-5-5 268864]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages        REG_MULTI_SZ           DPPassFilter scecli

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 257224]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120]

R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-09-14 95744]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-09-14 212992]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]

R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2011-06-13 48488]

R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2011-05-17 225256]

R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2011-05-17 39016]

R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]

S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-11-08 196688]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-17 203264]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-14 11576]

S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2012-02-07 50704]

S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-07-12 342288]

S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-07-12 42768]

S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-11-08 338000]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-10-07 3137840]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-09-29 27760]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-17 9319424]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-17 304128]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-01-14 349736]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-01-14 39464]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-09-05 212544]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-09-05 69184]

S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2010-07-21 596032]

S3 TmProxy;Trend Micro Client/Server Security Agent Proxy-Dienst;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-04-26 918032]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - TMWFP

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 17:49]

.

2012-06-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

2012-06-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

2012-07-06 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-10-01 727664]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-03-11 4500640]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 438784]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: samsungsetup.com\www

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9lp1iowa.default\

FF - prefs.js: network.proxy.type - 0

.

.

------- Dateityp-Verknüpfung -------

.

JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre7\bin\jusched.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe

c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-07-07  01:00:08 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-07-06 23:00

.

Vor Suchlauf: 13 Verzeichnis(se), 101.626.404.864 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 101.315.457.024 Bytes frei

.

- - End Of File - - D1BFFFD07D7753D796F57339B5681410

Ist der Rechner jetzt wieder clean?

Und noch eine Frage. Mein Laptop ist per WLAN mit einer externen Festplatte verbunden. Kann sich die Malware auch dort eingenistet haben?

Hi,
gestern hatte Trend Micro wieder einen Fudn gemeldet. Ich war mir aber nciht sicher ob, das womöglich nur eine Datei aus einer der Quarantänen war. Ich habe daraufhin nochmal Malwarebytes und Eset scannen lassen, wie beim ersten mal beschrieben. Hier die Log-files.

Trendmicro

Code:

20120701<;>1948<;>TROJ_GEN.RFFCDG1<;>10<;>1<;>0<;>C:\Users\***\AppData\Local\Temp\2222125.exe<;>

20120701<;>1948<;>TROJ_SIREF64.SM<;>1<;>1<;>0<;>C:\Users\***\AppData\Local\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\n<;>

20120701<;>1949<;>TROJ_SIREF64.SM<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\n<;>

20120701<;>1949<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>1953<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>1957<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2002<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2006<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2010<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2015<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2019<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2023<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2027<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2032<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2036<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2040<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2044<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2049<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2053<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2057<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2101<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2106<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2110<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2114<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2119<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2123<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2127<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2131<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2136<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2140<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2144<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2149<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2153<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2157<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2201<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2205<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2211<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2215<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2219<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2224<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2228<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2232<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2237<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2241<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2245<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2249<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2254<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2258<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2302<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120701<;>2306<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2151<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2156<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2200<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2204<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2209<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2213<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2217<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2221<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2226<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2230<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2234<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2238<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2243<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2247<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2251<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2255<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2300<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2304<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2308<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2313<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2317<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2321<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2325<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2330<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2334<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2338<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2342<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2347<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2351<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2355<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120702<;>2359<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>4<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>8<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>12<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>16<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>21<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>25<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>29<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>34<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>38<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>42<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>46<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>51<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>55<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>59<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>103<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>108<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>112<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>116<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>121<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>125<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>129<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>133<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>138<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>142<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>146<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>150<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>155<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>159<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>203<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>207<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>212<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>216<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>220<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>225<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>229<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>233<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>237<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>242<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>246<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>250<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>254<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>259<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>303<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>307<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>311<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>316<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>320<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>324<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>329<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>333<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>337<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>341<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>346<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>350<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>354<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>359<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>403<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>407<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>411<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>415<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>420<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>424<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>428<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>433<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>437<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>441<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>445<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>450<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>454<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>458<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>502<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>507<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>511<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>515<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>519<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>524<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>528<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>532<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>536<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>541<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>545<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>549<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>554<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>558<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>602<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>606<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>611<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>615<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>619<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>623<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>628<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>632<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>636<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>641<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>645<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>649<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>653<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>658<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>702<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>706<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>710<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>1022<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>1022<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>1022<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>1022<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>1027<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>1027<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2016<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2016<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2020<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2020<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2024<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2024<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2028<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2029<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2033<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2033<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2037<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2037<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2041<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2042<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2046<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2046<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2050<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2050<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2054<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2054<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2058<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2058<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2103<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2103<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2107<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2107<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2111<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2113<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2115<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2116<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2120<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2120<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2124<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2124<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2128<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2128<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2132<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2133<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2138<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2139<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2141<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2141<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2145<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2146<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2150<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2150<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2154<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2154<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2158<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2158<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2202<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2202<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2207<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2207<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2211<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2212<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2215<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2215<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2219<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2220<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2224<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2224<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2228<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2228<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2232<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2233<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2237<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2237<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2241<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2241<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2245<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2246<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2249<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2249<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2254<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2254<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2258<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2258<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2302<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2302<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2306<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2306<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2311<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2311<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2315<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2315<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2319<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2319<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2323<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2324<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120703<;>2328<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120703<;>2328<;>TROJ_SIREFEF.TS<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@<;>

20120704<;>758<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120704<;>802<;>BKDR_ZACCESS.FU<;>1<;>1<;>0<;>C:\Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@<;>

20120707<;>2038<;>TROJ_GEN.FC5CBG7<;>10<;>1<;>0<;>C:\DELL\DBRM\Reminder\TrayApp.exe<;>

Malwarebytes Quickscan

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.07.07.06
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

*** :: ***-LAPTOP [Administrator]
 

Schutz: Aktiviert
 

07.07.2012 20:49:07

mbam-log-2012-07-07 (20-49-07).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 211751

Laufzeit: 2 Minute(n), 7 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Malwarebytes Full Scan

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.07.07.06
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

*** :: ***-LAPTOP [Administrator]
 

Schutz: Aktiviert
 

07.07.2012 20:54:30

mbam-log-2012-07-07 (21-50-03).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 365464

Laufzeit: 43 Minute(n), 56 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\_OTL\MovedFiles\07042012_195151\C_Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
 

(Ende)

Eset

Code:

C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir        Win64/Patched.B.Gen trojan

C:\_OTL\MovedFiles\07042012_195151\C_Windows\Installer\{fe69c990-4be5-0d3b-b25c-52e84df55c9c}\U\80000000.@        Win64/Sirefef.AL trojan

Sagmal, ist das rein zufällig ein Büro-PC?