Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 05.03.2012, 20:44   #1
hotte83
 
Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert? - Standard

Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?



Hallo

Wenn mein Rechner hochfährt, bekomme ich immer eine Meldung von Avast.



Was kann das sein?


Zusätzlich ist mir etwas bei meinen installierten Programmen aufgefallen.



Das Programm Audiograbber habe ich mal vor zwei Jahren installiert und seit Ewigkeiten nicht mehr verwendet. Wieso wurde es neu installiert?
Auch Windows Live Essentials habe ich nicht neu installiert. Bzw. das habe ich noch nie installiert.

Anbei sind ein paar Log Dateien. Seht ihr dort was auffälliges?

Zitat:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by mrxdu at 20:14:14 on 2012-03-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2047.797 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe
C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Program Files\avmwlanstick\FRITZWLANMini.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [LicenseValidator] c:\users\mrxdu\appdata\roaming\windows search\{d585e5ae-2d46-4465-9174-03e9a76a4be9}\LicenseValidator.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [<NO NAME>]
mRun: [AVMWlanClient] c:\program files\avmwlanstick\FRITZWLANMini.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: add to &BOM - c:\\progra~1\\biet-o~1\\\\AddToBOM.hta
IE: An vorhandene PDF-Datei anfügen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Free YouTube to Mp3 Converter - c:\users\mrxdu\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
IE: In Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\programs\partygaming\partycasino\RunApp.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\users\mrxdu\desktop\PartyPoker.lnk
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{24FC59BC-6D26-443D-8766-DCAD2F04972A} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6A83D432-4027-457F-8587-EFA6DE804EE4} : DhcpNameServer = 192.168.42.129
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 60.190.218.24 www.kavkiskey.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mrxdu\appdata\roaming\mozilla\firefox\profiles\zx3rgilf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\mrxdu\appdata\roaming\mozilla\firefox\profiles\zx3rgilf.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\mrxdu\appdata\roaming\mozilla\firefox\profiles\zx3rgilf.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dl l
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\real\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\netscape6\nprpjplug.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexoneu\ngm\npNxGameeu.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\mrxdu\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
============= SERVICES / DRIVERS ===============
.
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-11 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-6 337112]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2011-3-14 3968]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-7-6 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-6 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-9-6 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-3-5 44768]
R2 EnterpriseDBApachePHP;EnterpriseDB ApachePHP;c:\program files\postgresql\enterprisedb-apachephp\apache\bin\httpd.exe [2010-9-6 18432]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-26 2253120]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-10-17 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-14 381248]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-10-7 185640]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-7-6 173352]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-1 2337144]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2012-2-9 1529152]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-9-4 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-9-4 555096]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2010-9-4 18904]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-9-4 566360]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [2011-4-30 265088]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-9-4 225856]
R3 MTSBDA;TechniSat SkyStar HD2;c:\windows\system32\drivers\MtsBda.sys [2011-8-24 265744]
R3 MtsHID;TechniSat Mantis BDA HID Driver;c:\windows\system32\drivers\MtsHID.sys [2011-8-24 23568]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-1-13 327272]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-12-12 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-17 133104]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-6 7800832]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-6 245760]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-1-26 30312]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-3-30 100880]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2011-4-30 4352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-9-4 99416]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-10-28 79360]
S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files\common files\creative labs shared\service\DDLLicensing.exe [2009-10-28 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-9-4 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-9-4 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-9-4 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-9-4 566360]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-4-19 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-4-19 8456]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-8-13 36640]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-17 133104]
S3 JWLDLLYVYY;JWLDLLYVYY;c:\users\mrxdu\appdata\local\temp\jwldllyvyy.exe --> c:\users\mrxdu\appdata\local\temp\JWLDLLYVYY.exe [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PTSUT;PTSUT;c:\users\mrxdu\appdata\local\temp\ptsut.exe --> c:\users\mrxdu\appdata\local\temp\PTSUT.exe [?]
S3 RLSSTUQBJ;RLSSTUQBJ;c:\users\mrxdu\appdata\local\temp\rlsstuqbj.exe --> c:\users\mrxdu\appdata\local\temp\RLSSTUQBJ.exe [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-1-26 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-1-26 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-1-26 121576]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-1-26 98152]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-22 52224]
S3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\microsoft.net\framework\v4.0.21006\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.21006\wpf\WPFFontCache_v0400.exe [?]
.
=============== Created Last 30 ================
.
2012-03-05 17:50:47 -------- d-----w- c:\users\mrxdu\appdata\roaming\MrJobs
2012-03-05 17:01:42 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-04 09:43:53 -------- d-----w- c:\users\mrxdu\appdata\roaming\Windows Search
2012-03-04 09:08:30 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6526ef10-8c4c-40ae-ad18-8c0b2c43ab05}\mpengine.dll
2012-02-21 13:00:52 -------- d-----w- c:\users\mrxdu\appdata\roaming\HoldemManager
2012-02-16 15:02:52 21312 ----a-w- c:\windows\system32\authuitu.dll
2012-02-16 15:02:48 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-02-15 21:45:44 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-02-15 15:16:43 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 15:16:37 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 15:16:30 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 15:16:28 2343424 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-02-23 16:23:26 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:12:28 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:10:34 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-18 17:07:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-09 10:59:10 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-01-29 04:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-10 14:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
============= FINISH: 20:15:16,38 ===============

Alt 06.03.2012, 13:37   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert? - Standard

Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 06.03.2012, 19:41   #3
hotte83
 
Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert? - Standard

Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?



Erstmal danke für deine Mühe.

So und hier die Logs.


Zitat:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.06.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
mrxdu :: MRXDU-PC [Administrator]

06.03.2012 15:07:55
mbam-log-2012-03-06 (18-54-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 552765
Laufzeit: 3 Stunde(n), 45 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\William Hill Poker (PUP.Casino) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\William Hill Poker\_SetupPoker_6ec802_de.exe (PUP.Casino) -> Keine Aktion durchgeführt.

(Ende)

Eset hingegen findet eine Menge. Ich hoffe man kann die infizierten Sachen ohne Formatierung löschen?


Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8f478bebcc840248a4e9e63a9e4fb321
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-06 06:57:20
# local_time=2012-03-06 07:57:20 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 47424317 47424317 0 0
# compatibility_mode=5893 16776573 100 94 6716 82675284 0 0
# compatibility_mode=8192 67108863 100 0 534 534 0 0
# scanned=485384
# found=18
# cleaned=0
# scan_time=16149
C:\Users\mrxdu\AppData\Local\Temp\Inc.class a variant of Java/Exploit.CVE-2011-3544.AW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\mrxdu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\727e335c-6f9fb1c8 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\mrxdu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\405e179f-56f1b49e multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\mrxdu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-42fb6dd8 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\mrxdu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb8c8a9-23aace33 a variant of Java/Exploit.CVE-2011-3544.AW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\mrxdu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-6004dde8 probably a variant of Win32/Agent.DYXWUMY trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\mrxdu\AppData\Roaming\Identities\{97E4FFC3-47A3-4208-BC3E-3F37B6E483DF}\LicenseValidator.exe a variant of Win32/Kryptik.ACAK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\mrxdu\AppData\Roaming\TeamViewer\{6B9F98E7-D245-4215-9694-12A2B407DDA6}\UpgradeChecker.exe a variant of Win32/Kryptik.ACAK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\mrxdu\AppData\Roaming\Windows Search\{D585E5AE-2D46-4465-9174-03E9A76A4BE9}\LicenseValidator.exe a variant of Win32/Kryptik.ACAK trojan (unable to clean) 00000000000000000000000000000000 I
D:\Downloads\Darkys_v10.0_Extreme_Edition_Final.zip Linux/Exploit.Lotoor.AG trojan (unable to clean) 00000000000000000000000000000000 I
D:\Downloads\Darkys_v10.1_Extreme_Edition.zip Linux/Exploit.Lotoor.AG trojan (unable to clean) 00000000000000000000000000000000 I
D:\Downloads\Darkys_v9.3_Extreme_Edition.zip Linux/Exploit.Lotoor.AG trojan (unable to clean) 00000000000000000000000000000000 I
D:\Downloads\Darkys_v9.5_Extreme_Edition.zip Linux/Exploit.Lotoor.AG trojan (unable to clean) 00000000000000000000000000000000 I
D:\Downloads\SoftonicDownloader_fuer_pdf-xchange-viewer.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
D:\Downloads\Darky\Darkys_v10.0_Extreme_Edition_RC3.zip Linux/Exploit.Lotoor.AG trojan (unable to clean) 00000000000000000000000000000000 I
D:\Downloads\Darkys_v9.2_Resurrection_Edition\resurrection.zip Linux/Exploit.Lotoor.AG trojan (unable to clean) 00000000000000000000000000000000 I
D:\Downloads\Ficeto_JVB_Cappy_Odin\Darky_v10_RC5.3.zip Linux/Exploit.Lotoor.AG trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Gataka.A trojan 00000000000000000000000000000000 I
__________________

Alt 06.03.2012, 20:17   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert? - Standard

Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?



Zitat:
D:\Downloads\Darkys_v10.0_Extreme_Edition_Final.zip
Was fürn Krempel packst du dir da auf die Platte?

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.03.2012, 20:37   #5
hotte83
 
Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert? - Standard

Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?



Diese Darky Dateien sind neue bzw. waren neue Versionen von Android für Samsung Handy. Das sind keine originalen Firmwares, sondern von mehreren Leuten bearbeitete und verbesserte Versionen.
Die Gruppe ist ziemlich bekannt und die Firmware ist sehr verbreitet. Muss ich mir da trotzdem Gedanken machen?




Ich habe Malwarebytes nicht mehr auf meinem Rechner?! Bis vor ein paar Stunden war es noch installiert. Wie kann das denn sein?


Alt 06.03.2012, 22:50   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert? - Standard

Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?



Zitat:
Muss ich mir da trotzdem Gedanken machen?
Ja. Je dubioser/unbekannter desto "mehr Kneifzange" also ich würde nicht "irgendeine" Firmware auf mein Smartphone spielen (sofern ich denn eins hätte, mir reicht es wenn ich simsen und telefonieren kann )

Zitat:
Ich habe Malwarebytes nicht mehr auf meinem Rechner?! Bis vor ein paar Stunden war es noch installiert. Wie kann das denn sein?
Von allein deinstalliert sich das nicht. Schau nach im Startmenü unter ALLE PROGRAMME
__________________
--> Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?

Alt 07.03.2012, 11:07   #7
hotte83
 
Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert? - Standard

Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?



Ich habe dort ca. 100 Logdateien. Bei keinem ist eine infizierte Datei gefunden worden.

Alt 07.03.2012, 11:39   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert? - Standard

Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?



Ok.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.03.2012, 13:01   #9
hotte83
 
Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert? - Standard

Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?



So hier ist die Auswertung. Ich kenne mich damit nicht aus und habe es nur kurz überflogen. Auch hier ist vom License Validator zu lesen.


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.03.2012 13:27:02 - Run 1
OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\mrxdu\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 54,79% Memory free
4,00 Gb Paging File | 2,85 Gb Available in Paging File | 71,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,01 Gb Total Space | 27,95 Gb Free Space | 28,23% Space Free | Partition Type: NTFS
Drive D: | 302,69 Gb Total Space | 200,60 Gb Free Space | 66,27% Space Free | Partition Type: NTFS
Drive E: | 64,06 Gb Total Space | 44,01 Gb Free Space | 68,70% Space Free | Partition Type: NTFS
 
Computer Name: MRXDU-PC | User Name: mrxdu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.07 13:20:29 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\mrxdu\Desktop\OTL.exe
PRC - [2012.02.23 17:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.02.23 17:23:21 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.02.09 11:59:08 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012.02.09 11:59:08 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 09:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.10.15 09:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.10.14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.07.06 21:43:43 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.07.06 21:43:34 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.07.09 00:32:19 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe
PRC - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.02.12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.10.07 13:50:26 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009.09.08 08:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.09.02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007.02.02 16:26:44 | 000,283,136 | ---- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\FRITZWLANMini.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.03 14:10:54 | 000,123,904 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroIEFavClient.DEU
MOD - [2011.05.22 18:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011.01.23 14:47:51 | 000,139,776 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007.09.02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007.09.02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (WPFFontCache_v0400)
SRV - File not found [On_Demand | Stopped] --  -- (RLSSTUQBJ)
SRV - File not found [On_Demand | Stopped] --  -- (PTSUT)
SRV - File not found [On_Demand | Stopped] --  -- (JWLDLLYVYY)
SRV - [2012.02.23 17:23:21 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.02.09 11:59:08 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.07.06 21:43:43 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.03.16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.02.11 00:23:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.09.04 17:07:16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service)
SRV - [2010.07.09 00:32:19 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe -- (EnterpriseDBApachePHP)
SRV - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.06.15 16:19:03 | 003,583,592 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.02.12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.10.28 16:15:06 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009.10.07 13:50:26 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (LGVMODEM)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (lgbusenum)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (LgBttPort)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (dgderdrv)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (CTSBLFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (CTERFXFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (CTAUDFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (COMMONFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (ANDModem)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (AndGps)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (AndDiag)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Andbus)
DRV - [2012.02.23 17:12:28 | 000,610,648 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.02.23 17:12:16 | 000,337,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.02.23 17:10:59 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\Drivers\aswrdr2.sys -- (aswRdr)
DRV - [2012.02.23 17:10:39 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.02.23 17:10:34 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.02.23 17:10:16 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.12.12 19:31:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.10.15 09:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.07.06 21:45:13 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.07.06 21:45:13 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.07.06 21:44:38 | 000,245,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.06.19 18:57:18 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.06.19 18:57:17 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.04.24 23:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2011.03.30 19:46:36 | 000,100,880 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.10 13:36:41 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.08.27 05:32:08 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010.08.27 05:32:08 | 000,098,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2010.08.27 05:32:08 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010.08.27 05:32:08 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010.08.27 05:32:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.07.26 14:15:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.05.13 23:05:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010.04.27 03:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.04.27 03:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010.04.27 03:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.03.19 00:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010.03.19 00:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010.03.19 00:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010.03.19 00:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2010.03.19 00:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010.03.19 00:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010.03.19 00:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010.03.19 00:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctgame.sys -- (ctgame)
DRV - [2010.03.19 00:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010.03.19 00:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010.03.19 00:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010.03.19 00:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2010.03.19 00:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010.03.19 00:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2010.03.19 00:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010.03.19 00:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2010.03.19 00:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010.03.19 00:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2010.03.19 00:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2010.02.23 10:51:14 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010.02.23 10:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010.01.28 15:33:30 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.07.13 06:34:38 | 000,265,744 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MtsBda.sys -- (MTSBDA)
DRV - [2009.07.13 06:34:38 | 000,023,568 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MtsHID.sys -- (MtsHID)
DRV - [2008.11.14 01:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2007.04.12 07:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007.04.12 07:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007.04.12 07:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007.04.12 07:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007.04.12 07:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007.04.12 07:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007.04.12 07:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007.01.31 14:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007.01.26 00:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.01.26 00:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2007.01.18 13:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AvgArCln.sys -- (AvgArCln)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 5C 65 03 3B D1 CA 01  [binary data]
IE - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\..\SearchScopes\{5A6751A0-DE58-4EAC-90FE-81490AE6D14F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
IE - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "TableRatings"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {de1b245c-de57-11da-ba2d-0050c2490048}:1.0.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {af5514fc-7603-4cec-9894-f07f3d8672a5}:1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.6
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.6.6
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100805
FF - prefs.js..network.proxy.autoconfig_url: "file:///E:/Music/Temp/Tunebite/.downloading/profile/rrproxy_ffox_4a9ea39e.pac"
FF - prefs.js..network.proxy.type: 2
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mrxdu\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mrxdu\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.01.13 19:01:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.01.26 19:45:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.23 18:11:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.03.05 18:01:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.17 18:36:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.13 19:02:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.11.14 12:01:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.01.13 19:02:05 | 000,000,000 | ---D | M]
 
[2010.09.04 15:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Extensions
[2009.12.22 20:26:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.12.23 01:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.09.04 15:40:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions
[2010.09.04 15:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
[2010.09.04 15:35:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010.09.04 15:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.09.04 15:35:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2010.09.04 15:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010.09.04 15:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010.09.04 15:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{af5514fc-7603-4cec-9894-f07f3d8672a5}
[2010.09.04 15:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.09.04 15:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.04 15:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.09.04 15:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2010.09.04 15:40:49 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\awo9dtr6.default\extensions\nasanightlaunch@example.com
[2012.03.05 17:12:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions
[2012.02.15 16:11:45 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.02.04 15:03:59 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.09.04 16:18:44 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2011.12.25 21:27:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.18 19:03:39 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.09.04 16:11:07 | 000,000,000 | ---D | M] (Fast Youtube Downloader) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2011.06.22 13:25:22 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\keyscrambler@qfx.software.corporation
[2010.10.19 20:02:09 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\mrxdu\AppData\Roaming\mozilla\Firefox\Profiles\zx3rgilf.default\extensions\vshare@toolbar
[2012.03.04 16:54:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012.02.17 18:36:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.01.02 19:46:10 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.02 19:46:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.02 19:46:10 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.02 19:46:10 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.02 19:46:10 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.02 19:46:10 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\mrxdu\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\mrxdu\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\mrxdu\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\mrxdu\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\mrxdu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\mrxdu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AdBlock = C:\Users\mrxdu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.19_0\
CHR - Extension: avast! WebRep = C:\Users\mrxdu\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\mrxdu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\mrxdu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\mrxdu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.01.20 22:10:11 | 000,344,217 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123haustiereundmehr.com
O1 - Hosts: 11798 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000..\Run: [UpgradeChecker] C:\Users\mrxdu\AppData\Roaming\TeamViewer\{6B9F98E7-D245-4215-9694-12A2B407DDA6}\UpgradeChecker.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html ()
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2498521526-3322181197-3109250805-1007..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html ()
O4 - HKU\S-1-5-21-2498521526-3322181197-3109250805-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2498521526-3322181197-3109250805-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mrxdu\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\mrxdu\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\mrxdu\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24FC59BC-6D26-443D-8766-DCAD2F04972A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A83D432-4027-457F-8587-EFA6DE804EE4}: DhcpNameServer = 192.168.42.129
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.07.31 18:30:53 | 000,001,352 | ---- | M] () - D:\AutoHotkey.ahk -- [ NTFS ]
O33 - MountPoints2\{1289848e-7311-11e0-95a6-00196636b259}\Shell - "" = AutoRun
O33 - MountPoints2\{1289848e-7311-11e0-95a6-00196636b259}\Shell\AutoRun\command - "" = H:\pushinst.exe
O33 - MountPoints2\{95cb1b3e-bbe2-11de-9d43-00196636b259}\Shell - "" = AutoRun
O33 - MountPoints2\{95cb1b3e-bbe2-11de-9d43-00196636b259}\Shell\AutoRun\command - "" = G:\Install.cmd
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UltraMon.lnk - C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico - ()
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: B2C_AGENT - hkey= - key= - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\mrxdu\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: Intel AppUp(SM) center - hkey= - key= - C:\Program Files\Intel\IntelAppStore\bin\serviceManager.lnk ()
MsConfig - StartUpReg: LicenseValidator - hkey= - key= - C:\Users\mrxdu\AppData\Roaming\Identities\{97E4FFC3-47A3-4208-BC3E-3F37B6E483DF}\LicenseValidator.exe ()
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: Steam - hkey= - key= - E:\Games\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= -  File not found
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.IV32 - C:\Windows\System32\ir32.dll ()
Drivers32: vidc.IV45 - C:\Windows\System32\ir41_qc.dll (Intel Corporation.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.07 13:20:23 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\mrxdu\Desktop\OTL.exe
[2012.03.07 11:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.07 11:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.07 11:39:55 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.07 11:39:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.06 22:00:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.06 15:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.06 15:12:11 | 002,322,184 | ---- | C] (ESET) -- C:\Users\mrxdu\Desktop\esetsmartinstaller_enu.exe
[2012.03.05 20:05:27 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\mrxdu\Desktop\dds.com
[2012.03.05 18:50:47 | 000,000,000 | ---D | C] -- C:\Users\mrxdu\AppData\Roaming\MrJobs
[2012.03.05 18:01:42 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.03.04 10:56:25 | 000,000,000 | ---D | C] -- C:\Users\mrxdu\Desktop\Ski 2012
[2012.03.04 10:47:58 | 000,000,000 | ---D | C] -- C:\Users\mrxdu\AppData\Roaming\Help
[2012.03.04 10:43:53 | 000,000,000 | ---D | C] -- C:\Users\mrxdu\AppData\Roaming\Windows Search
[2012.02.21 14:01:10 | 000,000,000 | ---D | C] -- D:\HM Backup
[2012.02.21 14:00:52 | 000,000,000 | ---D | C] -- C:\Users\mrxdu\AppData\Roaming\HoldemManager
[2012.02.16 16:02:52 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.02.16 16:02:48 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2012.02.15 22:45:44 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[1 D:\*.tmp files -> D:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.07 13:20:29 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\mrxdu\Desktop\OTL.exe
[2012.03.07 12:42:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498521526-3322181197-3109250805-1000UA.job
[2012.03.07 12:31:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.07 11:42:02 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498521526-3322181197-3109250805-1000Core.job
[2012.03.07 11:31:16 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.07 11:31:16 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.07 11:28:28 | 009,024,840 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.07 11:28:28 | 003,101,432 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.07 11:28:28 | 002,740,924 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.07 11:28:28 | 002,450,770 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.07 11:23:53 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.07 11:23:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.06 23:03:03 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-00531102}.rfx
[2012.03.06 23:03:02 | 000,031,632 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-00531102}.rfx
[2012.03.06 23:03:02 | 000,028,848 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-00531102}.rfx
[2012.03.06 23:03:02 | 000,028,848 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-00531102}.rfx
[2012.03.06 23:03:01 | 000,031,632 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-00531102}.rfx
[2012.03.06 15:11:27 | 002,322,184 | ---- | M] (ESET) -- C:\Users\mrxdu\Desktop\esetsmartinstaller_enu.exe
[2012.03.05 20:22:24 | 000,302,592 | ---- | M] () -- C:\Users\mrxdu\Desktop\b6q341tq.exe
[2012.03.05 20:09:34 | 000,000,020 | ---- | M] () -- C:\Users\mrxdu\defogger_reenable
[2012.03.05 20:05:53 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\mrxdu\Desktop\dds.com
[2012.03.05 20:04:54 | 000,050,477 | ---- | M] () -- C:\Users\mrxdu\Desktop\Defogger.exe
[2012.03.05 18:01:42 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.02.23 17:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.02.23 17:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.02.23 17:12:28 | 000,610,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.02.23 17:12:16 | 000,337,112 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.02.23 17:10:59 | 000,044,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.02.23 17:10:39 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.02.23 17:10:34 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.02.23 17:10:16 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.02.21 14:47:29 | 000,000,918 | -H-- | M] () -- C:\Windows\EPMBatch.ept
[2012.02.16 15:51:53 | 000,294,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.09 11:59:10 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.02.09 11:59:08 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[1 D:\*.tmp files -> D:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.05 20:22:27 | 000,302,592 | ---- | C] () -- C:\Users\mrxdu\Desktop\b6q341tq.exe
[2012.03.05 20:09:11 | 000,000,020 | ---- | C] () -- C:\Users\mrxdu\defogger_reenable
[2012.03.05 20:04:34 | 000,050,477 | ---- | C] () -- C:\Users\mrxdu\Desktop\Defogger.exe
[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.08.18 16:07:02 | 000,000,600 | ---- | C] () -- C:\Users\mrxdu\AppData\Local\PUTTY.RND
[2011.07.31 19:10:18 | 000,000,045 | ---- | C] () -- C:\Users\mrxdu\AppData\Local\machpro.dat
[2011.07.06 21:43:40 | 000,233,765 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.07.03 21:23:05 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2011.07.03 21:23:05 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2011.06.19 18:57:18 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.06.19 18:57:17 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.06.16 01:21:15 | 000,004,608 | ---- | C] () -- C:\Users\mrxdu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.24 22:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.04.30 11:40:59 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.24 18:59:26 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011.03.24 18:59:26 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.03.09 19:35:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011.02.22 20:43:50 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.01.29 19:31:35 | 000,000,000 | ---- | C] () -- C:\Windows\MC-Version.INI
[2011.01.29 19:30:40 | 000,000,032 | ---- | C] () -- C:\Windows\MineCraft.INI
[2011.01.20 22:02:08 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.01.13 01:50:23 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.11.12 14:28:57 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.10.05 00:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys
[2010.09.04 16:58:07 | 000,177,664 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010.09.04 16:58:07 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010.09.04 16:54:02 | 000,077,824 | ---- | C] () -- C:\Windows\System32\ctmmactl.dll
[2010.09.04 16:54:02 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBurst.dll
[2010.09.04 16:54:02 | 000,037,888 | ---- | C] () -- C:\Windows\System32\psconv.exe
[2010.09.04 16:54:02 | 000,013,312 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2010.09.04 16:54:02 | 000,010,752 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2010.09.04 16:54:02 | 000,010,240 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
[2010.09.04 16:54:02 | 000,005,120 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2010.09.04 16:54:00 | 000,386,852 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2010.09.04 16:54:00 | 000,313,207 | ---- | C] () -- C:\Windows\System32\ctstatic.dat
[2010.09.04 16:54:00 | 000,274,587 | ---- | C] () -- C:\Windows\System32\ctsbas2w.dat
[2010.09.04 16:54:00 | 000,149,838 | ---- | C] () -- C:\Windows\System32\ctbas2w.dat
[2010.09.04 16:54:00 | 000,053,932 | ---- | C] () -- C:\Windows\System32\ctdaught.dat
[2010.09.04 16:54:00 | 000,051,787 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2010.09.04 16:54:00 | 000,050,466 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2010.09.04 16:54:00 | 000,000,307 | ---- | C] () -- C:\Windows\System32\kill.ini
[2010.09.04 16:54:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010.08.13 18:01:41 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.08.13 18:01:41 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.07.26 20:47:50 | 000,000,600 | ---- | C] () -- C:\Users\mrxdu\AppData\Roaming\winscp.rnd
[2010.04.19 18:31:57 | 001,711,232 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010.04.19 18:31:57 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010.04.19 18:31:57 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010.04.19 18:31:57 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010.04.19 18:31:57 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010.04.19 18:25:44 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2010.03.25 18:13:55 | 000,019,456 | ---- | C] () -- C:\Users\mrxdu\AppData\Local\WebpageIcons.db
 
========== LOP Check ==========
 
[2011.02.24 13:49:04 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Canneverbe Limited
[2009.10.18 15:03:17 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\DAEMON Tools Lite
[2010.05.28 11:04:28 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.22 09:46:43 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\EPSON
[2011.08.21 22:22:17 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\FileZilla
[2011.01.17 12:47:25 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\FreeFLVConverter
[2010.11.27 12:24:59 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\GrabPro
[2010.08.28 02:56:29 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\gtk-2.0
[2011.01.26 19:54:09 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\HEM Data
[2012.02.21 14:00:52 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\HoldemManager
[2010.07.28 21:43:20 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\ijjigame
[2011.01.26 19:21:13 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\IrfanView
[2012.02.21 23:12:34 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\KeePass
[2009.10.18 15:12:15 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Leadertech
[2011.01.13 23:51:39 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\MFSM-Tasks
[2011.07.11 21:42:54 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Miranda Fusion
[2011.03.10 15:27:23 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Mp3tag
[2012.03.05 18:50:59 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\MrJobs
[2009.12.23 01:07:41 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Nokia
[2009.10.17 17:57:09 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\OpenOffice.org
[2011.01.26 19:44:32 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Orbit
[2009.10.20 23:01:17 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\PC Suite
[2010.01.06 16:47:28 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\postgresql
[2010.02.20 03:14:12 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Prish
[2010.11.27 12:25:07 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\ProgSense
[2011.06.22 13:30:20 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\QFX Software
[2011.04.04 20:18:49 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Roaming
[2011.03.23 21:31:11 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Rovio
[2012.02.17 18:23:51 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Samsung
[2011.08.13 09:37:34 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Simfy
[2012.03.06 15:03:56 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\TeamViewer
[2010.08.06 11:32:53 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Teleca
[2009.12.22 20:26:51 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Thunderbird
[2009.12.23 01:48:33 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\TomTom
[2011.12.24 12:29:13 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\TuneUp Software
[2012.03.04 10:43:53 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Windows Search
[2011.08.18 16:01:15 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\XnView
[2011.12.25 20:12:09 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.04.11 22:02:49 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Adobe
[2010.02.22 17:25:18 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Apple Computer
[2009.10.17 16:44:32 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\ATI
[2011.01.26 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\AVS4YOU
[2011.02.24 13:49:04 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Canneverbe Limited
[2009.10.18 15:03:17 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\DAEMON Tools Lite
[2011.01.13 21:29:01 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\DivX
[2010.07.22 21:56:24 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\dvdcss
[2010.05.28 11:04:28 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.22 09:46:43 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\EPSON
[2011.08.21 22:22:17 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\FileZilla
[2011.01.17 12:47:25 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\FreeFLVConverter
[2010.11.27 12:24:59 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\GrabPro
[2010.08.28 02:56:29 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\gtk-2.0
[2012.03.04 10:47:58 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Help
[2011.01.26 19:54:09 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\HEM Data
[2012.02.21 14:00:52 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\HoldemManager
[2012.03.07 13:04:18 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Identities
[2010.07.28 21:43:20 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\ijjigame
[2011.01.26 19:21:13 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\IrfanView
[2012.02.21 23:12:34 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\KeePass
[2009.10.18 15:12:15 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Leadertech
[2009.10.17 15:36:17 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Macromedia
[2009.10.17 15:53:00 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Media Center Programs
[2012.01.14 16:08:31 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Media Player Classic
[2011.01.13 23:51:39 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\MFSM-Tasks
[2011.06.07 20:18:22 | 000,000,000 | --SD | M] -- C:\Users\mrxdu\AppData\Roaming\Microsoft
[2011.07.11 21:42:54 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Miranda Fusion
[2009.10.17 15:18:36 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Mozilla
[2010.07.28 12:10:33 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Mozilla-Cache
[2011.03.10 15:27:23 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Mp3tag
[2012.03.05 18:50:59 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\MrJobs
[2009.10.17 17:42:02 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Nero
[2009.12.23 01:07:41 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Nokia
[2011.12.23 18:26:23 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\NVIDIA
[2009.10.17 17:57:09 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\OpenOffice.org
[2011.01.26 19:44:32 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Orbit
[2009.10.20 23:01:17 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\PC Suite
[2010.01.06 16:47:28 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\postgresql
[2010.02.20 03:14:12 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Prish
[2010.11.27 12:25:07 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\ProgSense
[2011.06.22 13:30:20 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\QFX Software
[2011.01.26 19:45:34 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Real
[2011.09.05 19:45:26 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Realtime Soft
[2011.04.04 20:18:49 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Roaming
[2011.03.23 21:31:11 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Rovio
[2012.02.17 18:23:51 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Samsung
[2011.08.13 09:37:34 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Simfy
[2011.10.08 19:03:24 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Skype
[2011.07.28 00:38:49 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\skypePM
[2009.10.17 15:18:38 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Talkback
[2009.12.08 00:17:18 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\teamspeak2
[2012.03.06 15:03:56 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\TeamViewer
[2010.08.06 11:32:53 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Teleca
[2009.12.22 20:26:51 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Thunderbird
[2009.12.23 01:48:33 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\TomTom
[2011.12.24 12:29:13 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\TuneUp Software
[2011.12.21 11:35:18 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\vlc
[2010.07.13 14:04:08 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Winamp
[2012.03.04 10:43:53 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\Windows Search
[2009.10.17 16:13:47 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\WinRAR
[2011.08.18 16:01:15 | 000,000,000 | ---D | M] -- C:\Users\mrxdu\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
[2012.03.06 14:57:37 | 000,272,384 | ---- | M] () -- C:\Users\mrxdu\AppData\Roaming\Identities\{97E4FFC3-47A3-4208-BC3E-3F37B6E483DF}\LicenseValidator.exe
[2011.10.08 13:03:44 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\mrxdu\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009.12.10 15:46:02 | 000,319,488 | ---- | M] (Octoshape ApS) -- C:\Users\mrxdu\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
[2010.07.26 21:27:17 | 000,010,134 | R--- | M] () -- C:\Users\mrxdu\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe
[2010.07.26 21:27:17 | 000,000,766 | R--- | M] () -- C:\Users\mrxdu\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe
[2010.07.28 12:34:19 | 000,738,824 | ---- | M] (RealNetworks, Inc.) -- C:\Users\mrxdu\AppData\Roaming\Real\RealPlayer\setup\AU_setup20100218.exe
[2011.01.26 19:38:23 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\mrxdu\AppData\Roaming\Real\RealPlayer\setup\AU_setup20101108.exe
[2012.03.07 13:04:18 | 000,271,360 | ---- | M] () -- C:\Users\mrxdu\AppData\Roaming\TeamViewer\{6B9F98E7-D245-4215-9694-12A2B407DDA6}\UpgradeChecker.exe
[2009.12.23 01:49:32 | 020,299,200 | ---- | M] (TomTom International B.V.) -- C:\Users\mrxdu\AppData\Roaming\TomTom\HOME\Profiles\auhdt0y7.default\Updates\v2_7_3_1894_win.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         
--- --- ---

Alt 07.03.2012, 13:46   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert? - Standard

Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?



Zitat:
O2 - BHO: (DivX Plus Web Player HTML5 <video>)
Gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschaut?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.03.2012, 14:07   #11
hotte83
 
Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert? - Standard

Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?



Hmm ja, ich kann mich davon nicht freisprechen. Habe mal auf solchen Seiten Serien geguckt.
Aber das ist auch schon Ewigkeiten her. Das aktuelle Problem ist allerdings für mich neu. Diese Meldung hatte ich früher nie.

Ist der Player denn an sich gefährlich? Den habe ich von Chip.de und der müsste doch Virenfrei sein, oder?

Alt 07.03.2012, 14:33   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert? - Standard

Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?



Die Seiten sind gefährlich! Die werden von Kriminellen betrieben, dort werden Exploits verbreitet! Die Exploits auf den Seiten klopfen deinen Rechner auf alte Versionen ab um Sicherheitslücken zB im Flashplayer zu finden und schwuppdiwupp hast du sowas wie BKA-Windows-Blockierer drauf! Also einfach Finger weg von solchen Seiten

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
SRV - File not found [On_Demand | Stopped] --  -- (RLSSTUQBJ)
SRV - File not found [On_Demand | Stopped] --  -- (PTSUT)
SRV - File not found [On_Demand | Stopped] --  -- (JWLDLLYVYY)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 5C 65 03 3B D1 CA 01  [binary data]
IE - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\..\SearchScopes\{5A6751A0-DE58-4EAC-90FE-81490AE6D14F}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\mrxdu\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\mrxdu\Desktop\PartyPoker.lnk File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.07.31 18:30:53 | 000,001,352 | ---- | M] () - D:\AutoHotkey.ahk -- [ NTFS ]
O33 - MountPoints2\{1289848e-7311-11e0-95a6-00196636b259}\Shell - "" = AutoRun
O33 - MountPoints2\{1289848e-7311-11e0-95a6-00196636b259}\Shell\AutoRun\command - "" = H:\pushinst.exe
O33 - MountPoints2\{95cb1b3e-bbe2-11de-9d43-00196636b259}\Shell - "" = AutoRun
O33 - MountPoints2\{95cb1b3e-bbe2-11de-9d43-00196636b259}\Shell\AutoRun\command - "" = G:\Install.cmd
MsConfig - StartUpReg: LicenseValidator - hkey= - key= - C:\Users\mrxdu\AppData\Roaming\Identities\{97E4FFC3-47A3-4208-BC3E-3F37B6E483DF}\LicenseValidator.exe ()
[2012.03.06 14:57:37 | 000,272,384 | ---- | M] () -- C:\Users\mrxdu\AppData\Roaming\Identities\{97E4FFC3-47A3-4208-BC3E-3F37B6E483DF}\LicenseValidator.exe
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.03.2012, 17:03   #13
hotte83
 
Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert? - Standard

Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?



Hier ist die Log Datei. Alles bereinigt worden?
Spybot - Search & Destroy bzw. der Teatimer funktioniert jetzt nicht mehr. War das gewollt bzw. ist das ein schlechtes Programm?



Und nochmal vielen Dank für deine Mühe.


Code:
ATTFilter
All processes killed
========== OTL ==========
Service RLSSTUQBJ stopped successfully!
Service RLSSTUQBJ deleted successfully!
Service PTSUT stopped successfully!
Service PTSUT deleted successfully!
Service JWLDLLYVYY stopped successfully!
Service JWLDLLYVYY deleted successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files\DVDVideoSoftTB\tbDVDV.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-2498521526-3322181197-3109250805-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2498521526-3322181197-3109250805-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found.
HKEY_USERS\S-1-5-21-2498521526-3322181197-3109250805-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2498521526-3322181197-3109250805-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2498521526-3322181197-3109250805-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5A6751A0-DE58-4EAC-90FE-81490AE6D14F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A6751A0-DE58-4EAC-90FE-81490AE6D14F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-2498521526-3322181197-3109250805-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2498521526-3322181197-3109250805-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2498521526-3322181197-3109250805-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AutoHotkey.ahk moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1289848e-7311-11e0-95a6-00196636b259}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1289848e-7311-11e0-95a6-00196636b259}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1289848e-7311-11e0-95a6-00196636b259}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1289848e-7311-11e0-95a6-00196636b259}\ not found.
File H:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95cb1b3e-bbe2-11de-9d43-00196636b259}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95cb1b3e-bbe2-11de-9d43-00196636b259}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95cb1b3e-bbe2-11de-9d43-00196636b259}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95cb1b3e-bbe2-11de-9d43-00196636b259}\ not found.
File G:\Install.cmd not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\LicenseValidator\ deleted successfully.
C:\Users\mrxdu\AppData\Roaming\Identities\{97E4FFC3-47A3-4208-BC3E-3F37B6E483DF}\LicenseValidator.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: mrxdu
->Temp folder emptied: 169273632 bytes
->Temporary Internet Files folder emptied: 5214499 bytes
->Java cache emptied: 45915119 bytes
->FireFox cache emptied: 284675192 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1529615 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: postgres.mrxdu-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: postgres.mrxdu-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: postgres.mrxdu-PC.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2704648 bytes
RecycleBin emptied: 16716545056 bytes
 
Total Files Cleaned = 16.428,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.35.1 log created on 03072012_175248

Files\Folders moved on Reboot...
C:\Users\mrxdu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\715SJ36T\pgcb1_2[1].htm moved successfully.

Registry entries deleted on Reboot...
         

Geändert von hotte83 (07.03.2012 um 17:47 Uhr)

Alt 07.03.2012, 21:30   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert? - Standard

Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?



Den dämlichen Teatimer hab ich deaktiviert

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.03.2012, 21:47   #15
hotte83
 
Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert? - Standard

Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?



Hier das Ergebnis.

Code:
ATTFilter
22:44:07.0730 4580	TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
22:44:09.0730 4580	============================================================
22:44:09.0730 4580	Current date / time: 2012/03/07 22:44:09.0730
22:44:09.0730 4580	SystemInfo:
22:44:09.0730 4580	
22:44:09.0730 4580	OS Version: 6.1.7601 ServicePack: 1.0
22:44:09.0730 4580	Product type: Workstation
22:44:09.0730 4580	ComputerName: MRXDU-PC
22:44:09.0730 4580	UserName: mrxdu
22:44:09.0730 4580	Windows directory: C:\Windows
22:44:09.0730 4580	System windows directory: C:\Windows
22:44:09.0730 4580	Processor architecture: Intel x86
22:44:09.0730 4580	Number of processors: 2
22:44:09.0730 4580	Page size: 0x1000
22:44:09.0730 4580	Boot type: Normal boot
22:44:09.0730 4580	============================================================
22:44:10.0777 4580	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:44:10.0792 4580	Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:44:10.0792 4580	\Device\Harddisk0\DR0:
22:44:10.0792 4580	MBR used
22:44:10.0792 4580	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0xC6055FD
22:44:10.0808 4580	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC60567C, BlocksNum 0x25D6299B
22:44:10.0824 4580	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32368056, BlocksNum 0x801CBEB
22:44:10.0824 4580	\Device\Harddisk1\DR1:
22:44:10.0824 4580	MBR used
22:44:10.0824 4580	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
22:44:10.0917 4580	Initialize success
22:44:10.0917 4580	============================================================
22:44:29.0183 1116	============================================================
22:44:29.0183 1116	Scan started
22:44:29.0183 1116	Mode: Manual; SigCheck; TDLFS; 
22:44:29.0183 1116	============================================================
22:44:29.0667 1116	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:44:29.0746 1116	1394ohci - ok
22:44:29.0777 1116	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:44:29.0792 1116	ACPI - ok
22:44:29.0824 1116	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:44:29.0839 1116	AcpiPmi - ok
22:44:29.0871 1116	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:44:29.0902 1116	adp94xx - ok
22:44:29.0917 1116	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:44:29.0933 1116	adpahci - ok
22:44:29.0949 1116	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:44:29.0964 1116	adpu320 - ok
22:44:29.0996 1116	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:44:30.0027 1116	AFD - ok
22:44:30.0042 1116	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:44:30.0058 1116	agp440 - ok
22:44:30.0089 1116	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:44:30.0105 1116	aic78xx - ok
22:44:30.0121 1116	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:44:30.0136 1116	aliide - ok
22:44:30.0152 1116	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:44:30.0152 1116	amdagp - ok
22:44:30.0167 1116	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:44:30.0183 1116	amdide - ok
22:44:30.0199 1116	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:44:30.0214 1116	AmdK8 - ok
22:44:30.0355 1116	amdkmdag        (aeae5ecbeaa0107d36c0b94ef341abc7) C:\Windows\system32\DRIVERS\atikmdag.sys
22:44:30.0542 1116	amdkmdag - ok
22:44:30.0574 1116	amdkmdap        (60643c3abe28015269a62eb3dd4a49f4) C:\Windows\system32\DRIVERS\atikmpag.sys
22:44:30.0605 1116	amdkmdap - ok
22:44:30.0621 1116	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:44:30.0636 1116	AmdPPM - ok
22:44:30.0667 1116	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:44:30.0667 1116	amdsata - ok
22:44:30.0699 1116	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:44:30.0714 1116	amdsbs - ok
22:44:30.0730 1116	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:44:30.0730 1116	amdxata - ok
22:44:30.0746 1116	Andbus - ok
22:44:30.0761 1116	AndDiag - ok
22:44:30.0761 1116	AndGps - ok
22:44:30.0777 1116	ANDModem - ok
22:44:30.0808 1116	androidusb      (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
22:44:30.0824 1116	androidusb - ok
22:44:30.0839 1116	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:44:30.0871 1116	AppID - ok
22:44:30.0902 1116	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:44:30.0917 1116	arc - ok
22:44:30.0933 1116	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:44:30.0949 1116	arcsas - ok
22:44:30.0980 1116	aswFsBlk        (581b82df5dbcc1dda6b775fac0d92472) C:\Windows\system32\drivers\aswFsBlk.sys
22:44:30.0996 1116	aswFsBlk - ok
22:44:31.0027 1116	aswMonFlt       (0787b434e9098840966c23bb1c77df49) C:\Windows\system32\drivers\aswMonFlt.sys
22:44:31.0027 1116	aswMonFlt - ok
22:44:31.0074 1116	aswRdr          (03a901b0ba42aac44d7669c7c71dbbc0) C:\Windows\System32\Drivers\aswrdr2.sys
22:44:31.0074 1116	aswRdr - ok
22:44:31.0121 1116	aswSnx          (ca9601cd277a1e510b80422a40240a95) C:\Windows\system32\drivers\aswSnx.sys
22:44:31.0136 1116	aswSnx - ok
22:44:31.0152 1116	aswSP           (05ea22dde5ca7ee3a865046aff2f0229) C:\Windows\system32\drivers\aswSP.sys
22:44:31.0167 1116	aswSP - ok
22:44:31.0199 1116	aswTdi          (3ac73a9e7378848d1bde174b4bb39212) C:\Windows\system32\drivers\aswTdi.sys
22:44:31.0199 1116	aswTdi - ok
22:44:31.0230 1116	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:44:31.0246 1116	AsyncMac - ok
22:44:31.0277 1116	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:44:31.0277 1116	atapi - ok
22:44:31.0308 1116	AtiHDAudioService (45fe74599fba4070e7c7dac928896474) C:\Windows\system32\drivers\AtihdW73.sys
22:44:31.0324 1116	AtiHDAudioService - ok
22:44:31.0339 1116	AtiHdmiService  (36a49b49e982450ac117eda6ab35bdf5) C:\Windows\system32\drivers\AtiHdmi.sys
22:44:31.0355 1116	AtiHdmiService - ok
22:44:31.0683 1116	atikmdag        (aeae5ecbeaa0107d36c0b94ef341abc7) C:\Windows\system32\DRIVERS\atikmdag.sys
22:44:31.0777 1116	atikmdag - ok
22:44:31.0917 1116	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
22:44:31.0964 1116	atksgt - ok
22:44:31.0996 1116	AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\Windows\system32\DRIVERS\avgarkt.sys
22:44:31.0996 1116	AVG Anti-Rootkit ( UnsignedFile.Multi.Generic ) - warning
22:44:31.0996 1116	AVG Anti-Rootkit - detected UnsignedFile.Multi.Generic (1)
22:44:32.0027 1116	AvgArCln        (ec08d1625f5c6cf2a57b79eb35186f8c) C:\Windows\system32\DRIVERS\AvgArCln.sys
22:44:32.0027 1116	AvgArCln ( UnsignedFile.Multi.Generic ) - warning
22:44:32.0027 1116	AvgArCln - detected UnsignedFile.Multi.Generic (1)
22:44:32.0074 1116	avmeject        (263cf9d248fd5e020a1333ed4f7eaa88) C:\Windows\system32\drivers\avmeject.sys
22:44:32.0089 1116	avmeject ( UnsignedFile.Multi.Generic ) - warning
22:44:32.0089 1116	avmeject - detected UnsignedFile.Multi.Generic (1)
22:44:32.0121 1116	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:44:32.0152 1116	b06bdrv - ok
22:44:32.0167 1116	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:44:32.0183 1116	b57nd60x - ok
22:44:32.0199 1116	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:44:32.0246 1116	Beep - ok
22:44:32.0261 1116	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:44:32.0277 1116	blbdrive - ok
22:44:32.0308 1116	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:44:32.0324 1116	bowser - ok
22:44:32.0355 1116	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:44:32.0371 1116	BrFiltLo - ok
22:44:32.0386 1116	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:44:32.0417 1116	BrFiltUp - ok
22:44:32.0433 1116	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:44:32.0449 1116	Brserid - ok
22:44:32.0464 1116	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:44:32.0496 1116	BrSerWdm - ok
22:44:32.0511 1116	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:44:32.0542 1116	BrUsbMdm - ok
22:44:32.0558 1116	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:44:32.0574 1116	BrUsbSer - ok
22:44:32.0589 1116	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:44:32.0605 1116	BTHMODEM - ok
22:44:32.0636 1116	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:44:32.0667 1116	cdfs - ok
22:44:32.0683 1116	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
22:44:32.0714 1116	cdrom - ok
22:44:32.0730 1116	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:44:32.0746 1116	circlass - ok
22:44:32.0777 1116	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:44:32.0792 1116	CLFS - ok
22:44:32.0824 1116	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:44:32.0824 1116	CmBatt - ok
22:44:32.0855 1116	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:44:32.0871 1116	cmdide - ok
22:44:32.0917 1116	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
22:44:32.0933 1116	CNG - ok
22:44:32.0964 1116	COMMONFX        (ef44c32b1aef62380426b260bf2c66f1) C:\Windows\system32\drivers\COMMONFX.SYS
22:44:32.0980 1116	COMMONFX - ok
22:44:32.0980 1116	COMMONFX.DLL - ok
22:44:32.0996 1116	COMMONFX.SYS    (ef44c32b1aef62380426b260bf2c66f1) C:\Windows\System32\drivers\COMMONFX.SYS
22:44:33.0011 1116	COMMONFX.SYS - ok
22:44:33.0011 1116	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:44:33.0027 1116	Compbatt - ok
22:44:33.0042 1116	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:44:33.0074 1116	CompositeBus - ok
22:44:33.0089 1116	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:44:33.0089 1116	crcdisk - ok
22:44:33.0136 1116	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
22:44:33.0152 1116	CSC - ok
22:44:33.0183 1116	CT20XUT.DLL     (6191a973461852a09d643609e1d5f7c6) C:\Windows\system32\CT20XUT.DLL
22:44:33.0199 1116	CT20XUT.DLL ( UnsignedFile.Multi.Generic ) - warning
22:44:33.0199 1116	CT20XUT.DLL - detected UnsignedFile.Multi.Generic (1)
22:44:33.0230 1116	ctac32k         (357c534b38019b597f51c8bf7186c118) C:\Windows\system32\drivers\ctac32k.sys
22:44:33.0246 1116	ctac32k - ok
22:44:33.0277 1116	ctaud2k         (691f8259a1f9c983356d8db2cde8043c) C:\Windows\system32\drivers\ctaud2k.sys
22:44:33.0308 1116	ctaud2k - ok
22:44:33.0324 1116	CTAUDFX         (7fc78aa6521ef3d9f16e51efab0bf13b) C:\Windows\system32\drivers\CTAUDFX.SYS
22:44:33.0355 1116	CTAUDFX - ok
22:44:33.0371 1116	CTAUDFX.DLL - ok
22:44:33.0386 1116	CTAUDFX.SYS     (7fc78aa6521ef3d9f16e51efab0bf13b) C:\Windows\System32\drivers\CTAUDFX.SYS
22:44:33.0402 1116	CTAUDFX.SYS - ok
22:44:33.0433 1116	ctdvda2k        (8545d70b0335a05498f34e7e3f8ca9a2) C:\Windows\system32\drivers\ctdvda2k.sys
22:44:33.0433 1116	ctdvda2k - ok
22:44:33.0449 1116	CTEAPSFX.DLL    (6a57f82009563aee8826f117e1d3c72c) C:\Windows\system32\CTEAPSFX.DLL
22:44:33.0464 1116	CTEAPSFX.DLL ( UnsignedFile.Multi.Generic ) - warning
22:44:33.0464 1116	CTEAPSFX.DLL - detected UnsignedFile.Multi.Generic (1)
22:44:33.0480 1116	CTEDSPFX.DLL    (c8ac1ffaeadd655193d7b1811a572d8d) C:\Windows\system32\CTEDSPFX.DLL
22:44:33.0511 1116	CTEDSPFX.DLL ( UnsignedFile.Multi.Generic ) - warning
22:44:33.0511 1116	CTEDSPFX.DLL - detected UnsignedFile.Multi.Generic (1)
22:44:33.0527 1116	CTEDSPIO.DLL    (44495d9daf675257d00b25b041ee6667) C:\Windows\system32\CTEDSPIO.DLL
22:44:33.0542 1116	CTEDSPIO.DLL ( UnsignedFile.Multi.Generic ) - warning
22:44:33.0542 1116	CTEDSPIO.DLL - detected UnsignedFile.Multi.Generic (1)
22:44:33.0558 1116	CTEDSPSY.DLL    (8e90b1762cb42e2fc76dac9210c83c66) C:\Windows\system32\CTEDSPSY.DLL
22:44:33.0574 1116	CTEDSPSY.DLL ( UnsignedFile.Multi.Generic ) - warning
22:44:33.0574 1116	CTEDSPSY.DLL - detected UnsignedFile.Multi.Generic (1)
22:44:33.0605 1116	CTERFXFX        (16f448354067914e7deaea709011bd60) C:\Windows\system32\drivers\CTERFXFX.SYS
22:44:33.0605 1116	CTERFXFX - ok
22:44:33.0621 1116	CTERFXFX.DLL - ok
22:44:33.0636 1116	CTERFXFX.SYS    (16f448354067914e7deaea709011bd60) C:\Windows\System32\drivers\CTERFXFX.SYS
22:44:33.0636 1116	CTERFXFX.SYS - ok
22:44:33.0683 1116	CTEXFIFX.DLL    (2c48e9d8ca703964463f27ae341115b7) C:\Windows\system32\CTEXFIFX.DLL
22:44:33.0730 1116	CTEXFIFX.DLL ( UnsignedFile.Multi.Generic ) - warning
22:44:33.0730 1116	CTEXFIFX.DLL - detected UnsignedFile.Multi.Generic (1)
22:44:33.0746 1116	ctgame          (b4f6b60feed3eb5f85be85e8fa4c0cc1) C:\Windows\system32\DRIVERS\ctgame.sys
22:44:33.0761 1116	ctgame - ok
22:44:33.0777 1116	CTHWIUT.DLL     (f7657c598e7c29c6683c1e4a8dd68884) C:\Windows\system32\CTHWIUT.DLL
22:44:33.0792 1116	CTHWIUT.DLL ( UnsignedFile.Multi.Generic ) - warning
22:44:33.0792 1116	CTHWIUT.DLL - detected UnsignedFile.Multi.Generic (1)
22:44:33.0808 1116	ctprxy2k        (4d71541283aea28fb839007be90b5fc7) C:\Windows\system32\drivers\ctprxy2k.sys
22:44:33.0808 1116	ctprxy2k - ok
22:44:33.0839 1116	CTSBLFX         (64c83684661be137023f5186a612cf34) C:\Windows\system32\drivers\CTSBLFX.SYS
22:44:33.0855 1116	CTSBLFX - ok
22:44:33.0871 1116	CTSBLFX.DLL - ok
22:44:33.0886 1116	CTSBLFX.SYS     (64c83684661be137023f5186a612cf34) C:\Windows\System32\drivers\CTSBLFX.SYS
22:44:33.0902 1116	CTSBLFX.SYS - ok
22:44:33.0917 1116	ctsfm2k         (632194572ebde8d461728cf382a7e964) C:\Windows\system32\drivers\ctsfm2k.sys
22:44:33.0933 1116	ctsfm2k - ok
22:44:33.0949 1116	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:44:33.0980 1116	DfsC - ok
22:44:33.0996 1116	dgderdrv - ok
22:44:34.0011 1116	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:44:34.0042 1116	discache - ok
22:44:34.0058 1116	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:44:34.0074 1116	Disk - ok
22:44:34.0121 1116	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:44:34.0136 1116	drmkaud - ok
22:44:34.0183 1116	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:44:34.0214 1116	DXGKrnl - ok
22:44:34.0230 1116	EagleNT - ok
22:44:34.0246 1116	EagleXNt - ok
22:44:34.0339 1116	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:44:34.0433 1116	ebdrv - ok
22:44:34.0464 1116	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:44:34.0480 1116	elxstor - ok
22:44:34.0511 1116	emupia          (bacd9cc06d7a787e529e7ebf56b671aa) C:\Windows\system32\drivers\emupia2k.sys
22:44:34.0527 1116	emupia - ok
22:44:34.0589 1116	epmntdrv        (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
22:44:34.0621 1116	epmntdrv ( UnsignedFile.Multi.Generic ) - warning
22:44:34.0621 1116	epmntdrv - detected UnsignedFile.Multi.Generic (1)
22:44:34.0636 1116	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:44:34.0652 1116	ErrDev - ok
22:44:34.0667 1116	EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
22:44:34.0683 1116	EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
22:44:34.0683 1116	EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
22:44:34.0714 1116	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:44:34.0746 1116	exfat - ok
22:44:34.0761 1116	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:44:34.0792 1116	fastfat - ok
22:44:34.0824 1116	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:44:34.0839 1116	fdc - ok
22:44:34.0855 1116	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:44:34.0871 1116	FileInfo - ok
22:44:34.0886 1116	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:44:34.0917 1116	Filetrace - ok
22:44:34.0933 1116	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:44:34.0949 1116	flpydisk - ok
22:44:34.0964 1116	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:44:34.0980 1116	FltMgr - ok
22:44:35.0011 1116	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:44:35.0011 1116	FsDepends - ok
22:44:35.0058 1116	FsUsbExDisk     (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
22:44:35.0074 1116	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
22:44:35.0074 1116	FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
22:44:35.0105 1116	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
22:44:35.0121 1116	Fs_Rec - ok
22:44:35.0136 1116	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:44:35.0152 1116	fvevol - ok
22:44:35.0183 1116	FWLANUSB        (ff12fa487265da2ac7de4be53f72ff1a) C:\Windows\system32\DRIVERS\fwlanusb.sys
22:44:35.0199 1116	FWLANUSB - ok
22:44:35.0230 1116	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:44:35.0230 1116	gagp30kx - ok
22:44:35.0277 1116	ha10kx2k        (70606233f3ed0e53cb3ea17f846d6a4f) C:\Windows\system32\drivers\ha10kx2k.sys
22:44:35.0308 1116	ha10kx2k - ok
22:44:35.0324 1116	hap16v2k        (a0c69ad2a61e576b0207acdd9626e167) C:\Windows\system32\drivers\hap16v2k.sys
22:44:35.0339 1116	hap16v2k - ok
22:44:35.0355 1116	hap17v2k        (2ee89452c574d259ada4fc9fc1c07243) C:\Windows\system32\drivers\hap17v2k.sys
22:44:35.0371 1116	hap17v2k - ok
22:44:35.0386 1116	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:44:35.0402 1116	hcw85cir - ok
22:44:35.0417 1116	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:44:35.0449 1116	HdAudAddService - ok
22:44:35.0464 1116	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:44:35.0480 1116	HDAudBus - ok
22:44:35.0496 1116	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:44:35.0527 1116	HidBatt - ok
22:44:35.0542 1116	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:44:35.0574 1116	HidBth - ok
22:44:35.0589 1116	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:44:35.0605 1116	HidIr - ok
22:44:35.0652 1116	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:44:35.0667 1116	HidUsb - ok
22:44:35.0714 1116	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:44:35.0714 1116	HpSAMD - ok
22:44:35.0761 1116	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:44:35.0792 1116	HTTP - ok
22:44:35.0808 1116	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:44:35.0824 1116	hwpolicy - ok
22:44:35.0855 1116	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:44:35.0871 1116	i8042prt - ok
22:44:35.0902 1116	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:44:35.0917 1116	iaStorV - ok
22:44:36.0308 1116	igfx            (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:44:36.0433 1116	igfx - ok
22:44:36.0480 1116	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:44:36.0496 1116	iirsp - ok
22:44:36.0542 1116	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:44:36.0542 1116	intelide - ok
22:44:36.0558 1116	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:44:36.0574 1116	intelppm - ok
22:44:36.0605 1116	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:44:36.0652 1116	IpFilterDriver - ok
22:44:36.0667 1116	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:44:36.0699 1116	IPMIDRV - ok
22:44:36.0714 1116	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:44:36.0730 1116	IPNAT - ok
22:44:36.0761 1116	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:44:36.0777 1116	IRENUM - ok
22:44:36.0792 1116	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:44:36.0808 1116	isapnp - ok
22:44:36.0824 1116	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:44:36.0855 1116	iScsiPrt - ok
22:44:36.0871 1116	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:44:36.0871 1116	kbdclass - ok
22:44:36.0917 1116	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
22:44:36.0933 1116	kbdhid - ok
22:44:36.0964 1116	KeyScrambler    (8f1bb80d589affb9c5e9cd7544251b29) C:\Windows\system32\drivers\keyscrambler.sys
22:44:36.0980 1116	KeyScrambler - ok
22:44:37.0011 1116	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
22:44:37.0027 1116	KSecDD - ok
22:44:37.0058 1116	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
22:44:37.0074 1116	KSecPkg - ok
22:44:37.0105 1116	LgBttPort - ok
22:44:37.0121 1116	lgbusenum - ok
22:44:37.0136 1116	LGVMODEM - ok
22:44:37.0199 1116	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
22:44:37.0199 1116	lirsgt - ok
22:44:37.0355 1116	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:44:37.0386 1116	lltdio - ok
22:44:37.0417 1116	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:44:37.0417 1116	LSI_FC - ok
22:44:37.0449 1116	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:44:37.0449 1116	LSI_SAS - ok
22:44:37.0480 1116	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:44:37.0496 1116	LSI_SAS2 - ok
22:44:37.0511 1116	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:44:37.0527 1116	LSI_SCSI - ok
22:44:37.0542 1116	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:44:37.0574 1116	luafv - ok
22:44:37.0621 1116	MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
22:44:37.0636 1116	MBAMSwissArmy - ok
22:44:37.0652 1116	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:44:37.0667 1116	megasas - ok
22:44:37.0683 1116	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:44:37.0699 1116	MegaSR - ok
22:44:37.0714 1116	MEMSWEEP2 - ok
22:44:37.0746 1116	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:44:37.0761 1116	Modem - ok
22:44:37.0792 1116	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:44:37.0808 1116	monitor - ok
22:44:37.0839 1116	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:44:37.0839 1116	mouclass - ok
22:44:37.0871 1116	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:44:37.0886 1116	mouhid - ok
22:44:37.0902 1116	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:44:37.0917 1116	mountmgr - ok
22:44:37.0949 1116	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:44:37.0964 1116	mpio - ok
22:44:37.0996 1116	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:44:38.0027 1116	mpsdrv - ok
22:44:38.0074 1116	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:44:38.0105 1116	MRxDAV - ok
22:44:38.0136 1116	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:44:38.0167 1116	mrxsmb - ok
22:44:38.0199 1116	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:44:38.0230 1116	mrxsmb10 - ok
22:44:38.0246 1116	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:44:38.0246 1116	mrxsmb20 - ok
22:44:38.0277 1116	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:44:38.0292 1116	msahci - ok
22:44:38.0308 1116	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:44:38.0324 1116	msdsm - ok
22:44:38.0339 1116	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:44:38.0371 1116	Msfs - ok
22:44:38.0386 1116	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:44:38.0417 1116	mshidkmdf - ok
22:44:38.0433 1116	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:44:38.0433 1116	msisadrv - ok
22:44:38.0464 1116	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:44:38.0511 1116	MSKSSRV - ok
22:44:38.0527 1116	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:44:38.0558 1116	MSPCLOCK - ok
22:44:38.0558 1116	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:44:38.0589 1116	MSPQM - ok
22:44:38.0621 1116	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:44:38.0636 1116	MsRPC - ok
22:44:38.0652 1116	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:44:38.0667 1116	mssmbios - ok
22:44:38.0683 1116	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:44:38.0714 1116	MSTEE - ok
22:44:38.0730 1116	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:44:38.0746 1116	MTConfig - ok
22:44:38.0792 1116	MTSBDA          (283cd3e86f98a18eb0566df56d99fd90) C:\Windows\system32\Drivers\MtsBda.sys
22:44:38.0808 1116	MTSBDA - ok
22:44:38.0839 1116	MtsHID          (cda98c3a905da0e5a773be412bb190b3) C:\Windows\system32\drivers\MtsHID.sys
22:44:38.0839 1116	MtsHID - ok
22:44:38.0855 1116	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:44:38.0871 1116	Mup - ok
22:44:38.0886 1116	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:44:38.0902 1116	NativeWifiP - ok
22:44:38.0949 1116	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:44:38.0980 1116	NDIS - ok
22:44:38.0996 1116	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:44:39.0027 1116	NdisCap - ok
22:44:39.0042 1116	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:44:39.0074 1116	NdisTapi - ok
22:44:39.0105 1116	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:44:39.0136 1116	Ndisuio - ok
22:44:39.0167 1116	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:44:39.0199 1116	NdisWan - ok
22:44:39.0230 1116	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:44:39.0261 1116	NDProxy - ok
22:44:39.0261 1116	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:44:39.0292 1116	NetBIOS - ok
22:44:39.0324 1116	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:44:39.0355 1116	NetBT - ok
22:44:39.0402 1116	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:44:39.0402 1116	nfrd960 - ok
22:44:39.0433 1116	nmwcdnsu - ok
22:44:39.0449 1116	nmwcdnsuc - ok
22:44:39.0464 1116	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:44:39.0480 1116	Npfs - ok
22:44:39.0496 1116	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:44:39.0542 1116	nsiproxy - ok
22:44:39.0589 1116	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:44:39.0636 1116	Ntfs - ok
22:44:39.0636 1116	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:44:39.0667 1116	Null - ok
22:44:40.0105 1116	nvlddmkm        (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:44:40.0355 1116	nvlddmkm - ok
22:44:40.0417 1116	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:44:40.0433 1116	nvraid - ok
22:44:40.0464 1116	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:44:40.0480 1116	nvstor - ok
22:44:40.0527 1116	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:44:40.0527 1116	nv_agp - ok
22:44:40.0558 1116	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:44:40.0574 1116	ohci1394 - ok
22:44:40.0605 1116	ossrv           (ae896073e1bbf98fefc2ec52f62c0fba) C:\Windows\system32\drivers\ctoss2k.sys
22:44:40.0621 1116	ossrv - ok
22:44:40.0652 1116	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:44:40.0667 1116	Parport - ok
22:44:40.0699 1116	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
22:44:40.0714 1116	partmgr - ok
22:44:40.0730 1116	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:44:40.0746 1116	Parvdm - ok
22:44:40.0761 1116	pccsmcfd - ok
22:44:40.0777 1116	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:44:40.0792 1116	pci - ok
22:44:40.0824 1116	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:44:40.0839 1116	pciide - ok
22:44:40.0855 1116	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:44:40.0871 1116	pcmcia - ok
22:44:40.0886 1116	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:44:40.0902 1116	pcw - ok
22:44:40.0917 1116	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:44:40.0964 1116	PEAUTH - ok
22:44:41.0027 1116	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:44:41.0058 1116	PptpMiniport - ok
22:44:41.0089 1116	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:44:41.0105 1116	Processor - ok
22:44:41.0136 1116	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:44:41.0183 1116	Psched - ok
22:44:41.0230 1116	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:44:41.0277 1116	ql2300 - ok
22:44:41.0292 1116	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:44:41.0308 1116	ql40xx - ok
22:44:41.0339 1116	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:44:41.0355 1116	QWAVEdrv - ok
22:44:41.0371 1116	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:44:41.0402 1116	RasAcd - ok
22:44:41.0449 1116	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:44:41.0464 1116	RasAgileVpn - ok
22:44:41.0496 1116	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:44:41.0527 1116	Rasl2tp - ok
22:44:41.0542 1116	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:44:41.0574 1116	RasPppoe - ok
22:44:41.0589 1116	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:44:41.0621 1116	RasSstp - ok
22:44:41.0636 1116	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:44:41.0667 1116	rdbss - ok
22:44:41.0683 1116	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:44:41.0699 1116	rdpbus - ok
22:44:41.0714 1116	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:44:41.0746 1116	RDPCDD - ok
22:44:41.0777 1116	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
22:44:41.0808 1116	RDPDR - ok
22:44:41.0808 1116	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:44:41.0839 1116	RDPENCDD - ok
22:44:41.0855 1116	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:44:41.0871 1116	RDPREFMP - ok
22:44:41.0902 1116	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
22:44:41.0933 1116	RDPWD - ok
22:44:41.0964 1116	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:44:41.0980 1116	rdyboost - ok
22:44:42.0027 1116	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:44:42.0042 1116	rspndr - ok
22:44:42.0074 1116	RTL8167         (60647bfa2fef7f6d6fbbaf661312f2ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
22:44:42.0089 1116	RTL8167 - ok
22:44:42.0121 1116	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
22:44:42.0136 1116	s3cap - ok
22:44:42.0183 1116	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:44:42.0199 1116	sbp2port - ok
22:44:42.0230 1116	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:44:42.0261 1116	scfilter - ok
22:44:42.0292 1116	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:44:42.0324 1116	secdrv - ok
22:44:42.0355 1116	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:44:42.0371 1116	Serenum - ok
22:44:42.0402 1116	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:44:42.0417 1116	Serial - ok
22:44:42.0449 1116	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:44:42.0449 1116	sermouse - ok
22:44:42.0496 1116	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:44:42.0527 1116	sffdisk - ok
22:44:42.0542 1116	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:44:42.0558 1116	sffp_mmc - ok
22:44:42.0574 1116	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:44:42.0605 1116	sffp_sd - ok
22:44:42.0621 1116	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:44:42.0636 1116	sfloppy - ok
22:44:42.0683 1116	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:44:42.0699 1116	sisagp - ok
22:44:42.0730 1116	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:44:42.0746 1116	SiSRaid2 - ok
22:44:42.0761 1116	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:44:42.0777 1116	SiSRaid4 - ok
22:44:42.0792 1116	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:44:42.0824 1116	Smb - ok
22:44:42.0871 1116	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:44:42.0871 1116	spldr - ok
22:44:42.0933 1116	sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
22:44:42.0949 1116	sptd - ok
22:44:42.0980 1116	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:44:42.0996 1116	srv - ok
22:44:43.0027 1116	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:44:43.0042 1116	srv2 - ok
22:44:43.0058 1116	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:44:43.0074 1116	srvnet - ok
22:44:43.0105 1116	ssadbus         (6d83ff6722baf7e82a4521dbec363e5a) C:\Windows\system32\DRIVERS\ssadbus.sys
22:44:43.0105 1116	ssadbus - ok
22:44:43.0136 1116	ssadmdfl        (5ae42e90f99749e0e35b9989a2d0275c) C:\Windows\system32\DRIVERS\ssadmdfl.sys
22:44:43.0152 1116	ssadmdfl - ok
22:44:43.0183 1116	ssadmdm         (9285d8aba50a4d6482b1574448f9eb76) C:\Windows\system32\DRIVERS\ssadmdm.sys
22:44:43.0199 1116	ssadmdm - ok
22:44:43.0230 1116	ssadserd        (8e6f645a098aa8e2e0947eee70dccb89) C:\Windows\system32\DRIVERS\ssadserd.sys
22:44:43.0230 1116	ssadserd - ok
22:44:43.0261 1116	sscdbus         (ffe42941e0326c322f40b0b79a46493c) C:\Windows\system32\DRIVERS\sscdbus.sys
22:44:43.0277 1116	sscdbus - ok
22:44:43.0308 1116	sscdmdfl        (a68e7d87adfbb8c50d88cd58230c6819) C:\Windows\system32\DRIVERS\sscdmdfl.sys
22:44:43.0324 1116	sscdmdfl - ok
22:44:43.0339 1116	sscdmdm         (b534b24151281856ec2f69ed3d6d60dd) C:\Windows\system32\DRIVERS\sscdmdm.sys
22:44:43.0355 1116	sscdmdm - ok
22:44:43.0402 1116	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:44:43.0402 1116	stexstor - ok
22:44:43.0449 1116	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
22:44:43.0464 1116	storflt - ok
22:44:43.0496 1116	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
22:44:43.0496 1116	storvsc - ok
22:44:43.0527 1116	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:44:43.0527 1116	swenum - ok
22:44:43.0574 1116	taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
22:44:43.0589 1116	taphss - ok
22:44:43.0683 1116	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
22:44:43.0730 1116	Tcpip - ok
22:44:43.0746 1116	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
22:44:43.0777 1116	TCPIP6 - ok
22:44:43.0824 1116	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:44:43.0855 1116	tcpipreg - ok
22:44:43.0886 1116	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:44:43.0917 1116	TDPIPE - ok
22:44:43.0933 1116	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
22:44:43.0964 1116	TDTCP - ok
22:44:43.0996 1116	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:44:44.0042 1116	tdx - ok
22:44:44.0058 1116	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:44:44.0074 1116	TermDD - ok
22:44:44.0121 1116	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:44:44.0152 1116	tssecsrv - ok
22:44:44.0183 1116	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:44:44.0214 1116	TsUsbFlt - ok
22:44:44.0277 1116	TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
22:44:44.0277 1116	TuneUpUtilitiesDrv - ok
22:44:44.0308 1116	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:44:44.0339 1116	tunnel - ok
22:44:44.0386 1116	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:44:44.0386 1116	uagp35 - ok
22:44:44.0433 1116	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:44:44.0449 1116	udfs - ok
22:44:44.0496 1116	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:44:44.0511 1116	uliagpkx - ok
22:44:44.0558 1116	UltraMonUtility (5a5bd0f66e84eb039cb227520d49908c) C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
22:44:44.0574 1116	UltraMonUtility - ok
22:44:44.0589 1116	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
22:44:44.0605 1116	umbus - ok
22:44:44.0621 1116	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:44:44.0636 1116	UmPass - ok
22:44:44.0667 1116	USBAAPL         (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
22:44:44.0683 1116	USBAAPL ( UnsignedFile.Multi.Generic ) - warning
22:44:44.0683 1116	USBAAPL - detected UnsignedFile.Multi.Generic (1)
22:44:44.0699 1116	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:44:44.0730 1116	usbccgp - ok
22:44:44.0777 1116	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:44:44.0792 1116	usbcir - ok
22:44:44.0824 1116	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:44:44.0839 1116	usbehci - ok
22:44:44.0871 1116	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:44:44.0886 1116	usbhub - ok
22:44:44.0917 1116	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
22:44:44.0933 1116	usbohci - ok
22:44:44.0964 1116	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:44:44.0980 1116	usbprint - ok
22:44:45.0011 1116	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
22:44:45.0027 1116	usbscan - ok
22:44:45.0042 1116	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:44:45.0058 1116	USBSTOR - ok
22:44:45.0089 1116	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:44:45.0089 1116	usbuhci - ok
22:44:45.0121 1116	usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
22:44:45.0136 1116	usb_rndisx - ok
22:44:45.0183 1116	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:44:45.0199 1116	vdrvroot - ok
22:44:45.0214 1116	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:44:45.0246 1116	vga - ok
22:44:45.0261 1116	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:44:45.0292 1116	VgaSave - ok
22:44:45.0324 1116	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:44:45.0339 1116	vhdmp - ok
22:44:45.0355 1116	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:44:45.0371 1116	viaagp - ok
22:44:45.0386 1116	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:44:45.0417 1116	ViaC7 - ok
22:44:45.0449 1116	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:44:45.0449 1116	viaide - ok
22:44:45.0480 1116	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
22:44:45.0496 1116	vmbus - ok
22:44:45.0527 1116	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
22:44:45.0542 1116	VMBusHID - ok
22:44:45.0558 1116	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:44:45.0574 1116	volmgr - ok
22:44:45.0589 1116	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:44:45.0605 1116	volmgrx - ok
22:44:45.0621 1116	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:44:45.0636 1116	volsnap - ok
22:44:45.0667 1116	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:44:45.0667 1116	vsmraid - ok
22:44:45.0699 1116	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
22:44:45.0714 1116	vwifibus - ok
22:44:45.0746 1116	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:44:45.0761 1116	WacomPen - ok
22:44:45.0792 1116	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:44:45.0808 1116	WANARP - ok
22:44:45.0824 1116	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:44:45.0839 1116	Wanarpv6 - ok
22:44:45.0886 1116	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:44:45.0886 1116	Wd - ok
22:44:45.0917 1116	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:44:45.0980 1116	Wdf01000 - ok
22:44:46.0027 1116	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:44:46.0058 1116	WfpLwf - ok
22:44:46.0074 1116	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:44:46.0089 1116	WIMMount - ok
22:44:46.0152 1116	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
22:44:46.0167 1116	WinUsb - ok
22:44:46.0199 1116	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:44:46.0230 1116	WmiAcpi - ok
22:44:46.0277 1116	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:44:46.0308 1116	ws2ifsl - ok
22:44:46.0339 1116	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:44:46.0371 1116	WudfPf - ok
22:44:46.0402 1116	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:44:46.0417 1116	WUDFRd - ok
22:44:46.0480 1116	xnacc           (ce0c846127d6abb1e2a22e59682b2527) C:\Windows\system32\DRIVERS\xnacc.sys
22:44:46.0496 1116	xnacc - ok
22:44:46.0527 1116	xusb21          (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys
22:44:46.0542 1116	xusb21 - ok
22:44:46.0574 1116	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:44:46.0699 1116	\Device\Harddisk0\DR0 - ok
22:44:46.0699 1116	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
22:44:47.0167 1116	\Device\Harddisk1\DR1 - ok
22:44:47.0167 1116	Boot (0x1200)   (b36aedb9d4bd7dac825d009431607386) \Device\Harddisk0\DR0\Partition0
22:44:47.0183 1116	\Device\Harddisk0\DR0\Partition0 - ok
22:44:47.0183 1116	Boot (0x1200)   (0da61460d0d105ef27c8eed8e506f493) \Device\Harddisk0\DR0\Partition1
22:44:47.0199 1116	\Device\Harddisk0\DR0\Partition1 - ok
22:44:47.0214 1116	Boot (0x1200)   (dbd985747f722415679b6fa4a47f8ee2) \Device\Harddisk0\DR0\Partition2
22:44:47.0246 1116	\Device\Harddisk0\DR0\Partition2 - ok
22:44:47.0246 1116	Boot (0x1200)   (f9e0feea1b1231de92df66a92d87675b) \Device\Harddisk1\DR1\Partition0
22:44:47.0261 1116	\Device\Harddisk1\DR1\Partition0 - ok
22:44:47.0261 1116	============================================================
22:44:47.0261 1116	Scan finished
22:44:47.0261 1116	============================================================
22:44:47.0261 4032	Detected object count: 14
22:44:47.0261 4032	Actual detected object count: 14
22:45:10.0917 4032	AVG Anti-Rootkit ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:10.0917 4032	AVG Anti-Rootkit ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:45:10.0917 4032	AvgArCln ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:10.0917 4032	AvgArCln ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:45:10.0917 4032	avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:10.0917 4032	avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:45:10.0917 4032	CT20XUT.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:10.0917 4032	CT20XUT.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:45:10.0917 4032	CTEAPSFX.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:10.0917 4032	CTEAPSFX.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:45:10.0933 4032	CTEDSPFX.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:10.0933 4032	CTEDSPFX.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:45:10.0933 4032	CTEDSPIO.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:10.0933 4032	CTEDSPIO.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:45:10.0933 4032	CTEDSPSY.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:10.0933 4032	CTEDSPSY.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:45:10.0933 4032	CTEXFIFX.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:10.0933 4032	CTEXFIFX.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:45:10.0933 4032	CTHWIUT.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:10.0933 4032	CTHWIUT.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:45:10.0933 4032	epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:10.0933 4032	epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:45:10.0933 4032	EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:10.0933 4032	EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:45:10.0933 4032	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:10.0933 4032	FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:45:10.0933 4032	USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:10.0933 4032	USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Antwort

Themen zu Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?
adobe, antivirus, audiograbber, avast, avg, converter, defender, device driver, downloader, explorer, firefox, google earth, helper, hängen, meldung beim hochfahren, mozilla, mp3, nvidia, nvidia update, pdf, realtek, security, software, stick, svchost.exe, system, temp, tracker, updates, usb, windows



Ähnliche Themen: Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?


  1. Werbung beim Surfen, unangeforderter Browserstart, neue Programme, die ich nicht installiert habe
    Plagegeister aller Art und deren Bekämpfung - 11.11.2015 (28)
  2. WIN 8: PC installiert automatisch neue Programme/Apps: z.B. "Game Hug Acarde" oder "Any Protect"
    Log-Analyse und Auswertung - 19.02.2015 (10)
  3. Problem beim Öffnen aller Programme ("Ungültiges Bild -..*.dll."st entweder..")
    Log-Analyse und Auswertung - 09.02.2015 (11)
  4. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  5. Windows 7: Beim Hochfahren "Problem beim Starten von...Babsolution\shared enhancedNT.dll"
    Log-Analyse und Auswertung - 07.09.2013 (11)
  6. Avast häufige Meldung "bösartige Website gefunden" (nach voherigen PC Problemen)
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (9)
  7. Meldung"Konsistenz überprüfen" und kein hochfahren mehr möglich
    Alles rund um Windows - 07.06.2013 (5)
  8. Meldung nach dem Hochfahren meines Rechners "deo0_sar.exe konnte nicht gefunden werden"
    Log-Analyse und Auswertung - 27.09.2012 (4)
  9. Avast-Meldung: Datei "800000cb.@ TR..." gefunden und in Container verschoben
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (3)
  10. mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (
    Log-Analyse und Auswertung - 18.04.2012 (28)
  11. "Licensevalidator.exe" u.A.: ESET meldet "Win32/Kryptik.ADPW trojan" sowie "Win32/Gataka.A trojan"
    Log-Analyse und Auswertung - 12.04.2012 (21)
  12. "Search Settings Notification" Meldung bei jedem Hochfahren
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (20)
  13. Malware-Software automatisch installiert - Meldung "Document has moved - redirecting"
    Log-Analyse und Auswertung - 28.05.2010 (8)
  14. "regchk.exe beim Hochfahren, hängt evtll. mit "chkdisk" zusammen
    Plagegeister aller Art und deren Bekämpfung - 16.06.2007 (5)
  15. "regchk.exe" beim Hochfahren, hängt evtll. mit "chkdisk" zusammen???
    Mülltonne - 16.06.2007 (4)
  16. F-Secure wird ständig als "Neue Programme wurden installiert" angezeigt
    Antiviren-, Firewall- und andere Schutzprogramme - 01.05.2007 (2)
  17. Seltsame Programme "installiert"
    Log-Analyse und Auswertung - 27.08.2004 (5)

Zum Thema Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert? - Hallo Wenn mein Rechner hochfährt, bekomme ich immer eine Meldung von Avast. Was kann das sein? Zusätzlich ist mir etwas bei meinen installierten Programmen aufgefallen. Das Programm Audiograbber habe ich - Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert?...
Archiv
Du betrachtest: Avast Meldung beim Hochfahren "LicenseValidator.exe" . Neue Programme installiert? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.