Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Live Security Platinum Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.07.2012, 22:34   #1
TorPedetor
 
Live Security Platinum Virus - Ausrufezeichen

Live Security Platinum Virus



Hallo,

auf meinem Laptop hat sich am Wochenende (15.07) das Virus "Live Security Platinum" eingeschleust. Dieses Virus ist ja bereits bekannt, dutzende Fehlermeldungen, Anwendungen funktionieren nicht mehr (Anti-Virus, CCleaner, Internet-Browser... etc) und die Aufforderung, irgendwelche Programme zu erwerben. Ich habe mich auf meinem Handy darüber informiert (Internet ging ja auf Laptop nicht) und irgendwo gelesen, dass man mit einer Systemwiederherstellung den Mist wieder los wird. Das habe ich dann auch gemacht, im Safe-Modus den Recovery Manager gestartet (Ich besitze ein HP Pavilion dv7 mit Windows 7 64 Bit) und den Rechner auf einen früheren Zeitpunkt (11.07) zurückgesetzt. Das ganze war in 5 Min. erledigt und jetzt geht alles wieder. Keine Fehlermeldung, kein Virus oder ähnliches, alles läuft. Ich habe im Nachhinein Malwarebytes Anti-Malware geladen und ausgeführt (im normalen Modus). Folgendes wurde gefunden und in Quarantäne gesetzt:



Hier der Log dazu:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-HP [limited]

Protection: Enabled

16.07.2012 00:35:09
mbam-log-2012-07-16 (00-35-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 176463
Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\$Recycle.Bin\S-1-5-21-625476035-1192893045-2691204042-1001\$R0A9LUY.exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-625476035-1192893045-2691204042-1001\$R0RB5WR.exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.

(end)
         
Wie gesagt, seitdem läuft alles gut.

Um aber sicher zu gehen, dass wirklich alles sauber ist, möchte ich gerne die Meinung eines Profis lesen

Hier der OTL-Text:

Code:
ATTFilter
OTL logfile created on: 17.07.2012 20:24:28 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,67 Gb Available Physical Memory | 71,32% Memory free
15,90 Gb Paging File | 13,09 Gb Available in Paging File | 82,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682,13 Gb Total Space | 602,02 Gb Free Space | 88,26% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 152,81 Gb Free Space | 21,87% Space Free | Partition Type: NTFS
Drive E: | 16,21 Gb Total Space | 1,70 Gb Free Space | 10,47% Space Free | Partition Type: NTFS
 
Computer Name: ***-HP | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.17 20:11:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.04 07:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.04.04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.13 13:48:18 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010.12.10 23:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010.12.07 06:06:00 | 000,249,672 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2010.12.07 06:05:52 | 000,634,696 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2010.12.07 06:05:38 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2010.11.25 07:26:40 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010.11.23 20:26:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.11.23 20:26:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.11.09 16:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010.11.09 16:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.11.03 17:12:54 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.09.13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.07.29 19:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010.04.23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 13:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.02.03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009.10.22 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009.10.22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009.08.25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009.08.25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2009.08.25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.10 06:09:00 | 000,438,296 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
MOD - [2012.07.10 06:08:59 | 003,972,120 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012.07.10 06:07:39 | 000,554,520 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012.07.10 06:07:37 | 000,117,784 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012.07.10 06:07:22 | 000,140,328 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012.07.10 06:07:21 | 000,262,184 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012.07.10 06:07:19 | 002,386,984 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012.07.10 04:17:27 | 009,255,112 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2012.07.10 04:17:27 | 009,255,112 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\APPLIC~1\200113~1.57\gcswf32.dll
MOD - [2012.06.14 14:51:50 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll
MOD - [2012.06.14 14:51:50 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll
MOD - [2012.06.14 14:49:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.06.14 14:49:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 14:49:32 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.14 14:49:22 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.06.14 14:49:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.06.14 14:49:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.06.14 14:49:14 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.06.14 14:49:04 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.04.04 07:54:04 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.11.22 14:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010.11.22 14:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010.11.22 14:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010.12.31 03:10:00 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.10.22 20:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV - [2012.07.16 09:52:53 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.12.07 06:06:00 | 000,249,672 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2010.12.02 06:44:08 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.11.24 21:26:42 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010.11.23 20:26:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.11.23 20:26:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.11.09 16:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.11.03 17:12:54 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.08.05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010.07.29 19:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.07.21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010.06.19 03:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.10.22 20:07:00 | 000,178,920 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield)
SRV - [2009.10.22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009.10.22 20:07:00 | 000,019,720 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009.08.25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.09 17:00:24 | 000,013,184 | ---- | M] (Fengtao Software Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvdfabio.sys -- (dvdfabio)
DRV:64bit: - [2012.05.09 17:00:18 | 000,045,952 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vdrive.sys -- (vdrive)
DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.26 14:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.10.14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.04.09 16:00:59 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.12 08:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010.12.31 03:39:22 | 008,281,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.12.31 02:33:06 | 000,292,864 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.12.17 03:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.12.17 03:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.12.10 23:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.12.02 06:44:08 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.19 20:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 20:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.19 21:56:44 | 000,406,632 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.13 18:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.07.20 23:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.07.20 23:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.07.20 23:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.07.14 16:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.03.03 00:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.10.22 20:07:00 | 000,469,144 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009.10.22 20:07:00 | 000,119,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009.10.22 20:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2009.10.22 20:07:00 | 000,083,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2009.10.22 20:07:00 | 000,077,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.22 19:38:32 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.06.22 19:26:38 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.04.09 16:13:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.04.09 16:13:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.04.09 16:13:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.01 03:17:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.07.05 21:06:58 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2012.07.05 15:40:12 | 000,002,243 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	activate.adobe.com
O1 - Hosts: 127.0.0.1	activate.wip.adobe.com
O1 - Hosts: 127.0.0.1	activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1	activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1	activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1	activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1	activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1	ereg.adobe.com
O1 - Hosts: 127.0.0.1	ereg.wip.adobe.com
O1 - Hosts: 127.0.0.1	ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1	ereg.wip2.adobe.com
O1 - Hosts: 127.0.0.1	ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1	ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1	ereg.wip4.adobe.com
O1 - Hosts: 127.0.0.1	practivate.adobe
O1 - Hosts: 127.0.0.1	practivate.adobe.com
O1 - Hosts: 127.0.0.1	practivate.adobe.ipp
O1 - Hosts: 127.0.0.1	practivate.adobe.newoa
O1 - Hosts: 127.0.0.1	practivate.adobe.ntp
O1 - Hosts: 127.0.0.1	wip.adobe.com
O1 - Hosts: 127.0.0.1	wip1.adobe.com
O1 - Hosts: 127.0.0.1	wip2.adobe.com
O1 - Hosts: 127.0.0.1	wip3.adobe.com
O1 - Hosts: 127.0.0.1	wip3.adobe.com
O1 - Hosts: 127.0.0.1	wip4.adobe.com
O1 - Hosts: 21 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [DVDFab VDrive] C:\Program Files\DVDFab Virtual Drive\vdrive.exe (Fengtao Software Inc.)
O4:64bit: - HKLM..\RunOnce: [*Restore] C:\Windows\SysNative\rstrui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [!BingBar] C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\MUExe\7.1.361.0\BingBarSetup-Partner.EXE (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.4.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F6321DC-BBE1-4A81-8529-E0EE22F452C3}: DhcpNameServer = 10.129.32.1 10.111.81.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1DA77A2-2321-4DE8-8CCB-68DDD88BEF97}: DhcpNameServer = 192.168.4.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4F4E212-966C-48D4-BB8A-0584CD101A04}: DhcpNameServer = 10.0.0.38 10.0.0.40
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.16 00:31:31 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2012.07.16 00:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.16 00:31:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.16 00:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.15 00:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\225932FD027865E6C6F46C5BF875F002
[2012.07.06 16:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2012.07.06 16:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.05 16:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2012.07.05 16:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012.07.05 16:17:18 | 000,000,000 | ---D | C] -- C:\Users\admin\Adobe Flash Builder 4.6
[2012.07.05 16:10:17 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2012.07.05 16:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2012.07.05 16:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2012.07.05 16:07:19 | 000,000,000 | ---D | C] -- C:\adobeTemp
[2012.07.05 15:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
[2012.07.05 14:49:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.07.04 21:44:08 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012.07.04 21:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012.07.04 21:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2012.07.04 12:57:29 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.07.04 12:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.07.04 12:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.07.04 12:54:12 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\WinRAR
[2012.07.01 18:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.07.01 18:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.07.01 18:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.07.01 03:16:42 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\DivX
[2012.07.01 03:16:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.07.01 03:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012.07.01 03:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012.07.01 03:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012.07.01 03:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012.07.01 03:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012.06.27 12:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012.06.27 12:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012.06.27 12:48:16 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Adobe
[2012.06.26 21:54:22 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\CrashDumps
[2012.06.26 10:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.06.24 00:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2012.06.21 20:31:23 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Apple Computer
[2012.06.21 20:27:01 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\wargaming.net
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.17 20:14:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-625476035-1192893045-2691204042-1001UA.job
[2012.07.17 20:09:22 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable
[2012.07.17 19:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.17 18:28:30 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 18:28:30 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 18:28:01 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.17 18:28:01 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.17 18:28:01 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.17 18:28:01 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.17 18:28:01 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.17 18:20:55 | 000,000,200 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.07.17 18:20:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.17 18:20:43 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.16 23:23:45 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWIN-RS8RTOFVIIM$.job
[2012.07.16 23:23:43 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor***.job
[2012.07.16 23:23:43 | 000,000,200 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2012.07.16 13:48:14 | 005,035,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.16 13:46:06 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-625476035-1192893045-2691204042-1001Core.job
[2012.07.16 00:33:27 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.06 16:26:04 | 000,073,830 | ---- | M] () -- C:\Users\admin\Documents\cc_20120706_162539.reg
[2012.07.05 21:07:11 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012.07.04 21:44:09 | 000,001,007 | ---- | M] () -- C:\Users\admin\Desktop\SpeedFan.lnk
[2012.07.04 21:44:07 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.01 03:17:07 | 000,002,116 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012.07.01 03:17:07 | 000,001,610 | ---- | M] () -- C:\Users\admin\Desktop\DivX Movies.lnk
[2012.07.01 03:16:40 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012.06.19 20:38:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
 
========== Files Created - No Company Name ==========
 
[2012.07.17 20:09:22 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable
[2012.07.16 00:31:25 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.06 16:25:49 | 000,073,830 | ---- | C] () -- C:\Users\admin\Documents\cc_20120706_162539.reg
[2012.07.05 16:38:53 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012.07.05 16:38:53 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012.07.05 16:38:53 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012.07.05 16:10:59 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012.07.05 16:03:42 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.07.05 14:50:25 | 000,000,824 | ---- | C] () -- C:\Users\admin\Desktop\hosts
[2012.07.05 14:49:17 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.04 21:44:09 | 000,001,007 | ---- | C] () -- C:\Users\admin\Desktop\SpeedFan.lnk
[2012.07.04 21:44:07 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2012.07.01 18:21:50 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2012.07.01 18:21:10 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012.07.01 18:20:20 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2012.07.01 18:19:53 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012.07.01 18:17:52 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012.07.01 18:17:48 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012.07.01 03:17:07 | 000,001,610 | ---- | C] () -- C:\Users\admin\Desktop\DivX Movies.lnk
[2012.07.01 03:16:40 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012.07.01 03:16:17 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012.06.27 12:48:22 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012.06.26 10:12:16 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.06.19 20:38:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2012.06.14 21:01:14 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011.04.09 16:05:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.09 15:49:35 | 000,003,028 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.04.09 15:48:37 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.04.09 15:48:37 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.04.09 15:48:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.09 15:48:35 | 000,003,028 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.09 15:39:30 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.01.27 17:38:29 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2011.01.27 17:32:15 | 000,009,644 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010.09.24 15:41:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
 
========== LOP Check ==========
 
[2012.06.14 13:33:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PictureMover
[2012.06.14 13:32:05 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Synaptics
[2012.06.24 10:59:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\wargaming.net
[2012.07.17 18:20:55 | 000,000,200 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012.07.16 23:23:43 | 000,000,200 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job
[2009.07.14 07:08:49 | 000,023,050 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Und im Anhang der Rest.


Ich danke Euch im Voraus für Eure Hilfe!!!

Alt 18.07.2012, 22:16   #2
t'john
/// Helfer-Team
 
Live Security Platinum Virus - Standard

Live Security Platinum Virus





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} 
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF 
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF 
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms} 
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} 
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox 
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} 
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF 
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF 
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms} 
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} 
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox 
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKCU..\Run: [AdobeBridge] File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) 
O32 - HKLM CDRom: AutoRun - 1 

[2012.07.17 20:14:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-625476035-1192893045-2691204042-1001UA.job 
[2012.07.17 19:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.07.17 18:20:55 | 000,000,200 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job 
[2012.07.17 18:20:55 | 000,000,200 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job 
[2012.07.16 23:23:45 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWIN-RS8RTOFVIIM$.job 
[2012.07.16 23:23:43 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor***.job 
[2012.07.16 23:23:43 | 000,000,200 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job 
[2012.07.16 23:23:43 | 000,000,200 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job 
[2012.07.16 13:46:06 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-625476035-1192893045-2691204042-1001Core.job 
[2012.07.05 14:49:17 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 18.07.2012, 23:20   #3
TorPedetor
 
Live Security Platinum Virus - Standard

Live Security Platinum Virus



Danke für die Hilfe!

Neustart wurde verlangt und ausgeführt, hier das Logfile:

Code:
ATTFilter
All processes killed
Error: Unable to interpret <:OTL PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe  IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}  IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF  IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF  IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}  IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}  IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox  IE - HKLM\..\S> in the current context!
Error: Unable to interpret <earchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}  IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF  IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF  IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}  IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}  IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox  IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0  IE - HKCU\Software\> in the current context!
Error: Unable to interpret <Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local  O4 - HKLM..\Run: [] File not found  O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()  O4 - HKCU..\Run: [AdobeBridge] File not found  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3  O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)  O32 - HKLM CDRom: AutoRun - 1   [2012.07.17 20:14:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-625476035-1192893045-2691204042-1001UA.job  [2012.07.17 19:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job  [2012.07.17 18:20:55 | 000,000,200 | ---- | M] () -- C:> in the current context!
Error: Unable to interpret <\Windows\tasks\AutoKMS.job  [2012.07.17 18:20:55 | 000,000,200 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job  [2012.07.16 23:23:45 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWIN-RS8RTOFVIIM$.job  [2012.07.16 23:23:43 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor***.job  [2012.07.16 23:23:43 | 000,000,200 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job  [2012.07.16 23:23:43 | 000,000,200 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job  [2012.07.16 13:46:06 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-625476035-1192893045-2691204042-1001Core.job  [2012.07.05 14:49:17 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job   :Files  ipconfig /flushdns /c :Commands [purity] [emptytemp] [emptyflash]> in the current context!
 
OTL by OldTimer - Version 3.2.54.0 log created on 07182012_230354
         
Ich nehme an, nach jedem Fix-Prozess kann ich wieder meine Scanner einschalten?

Windows Firewall und Defender auch?

Übrigens, obwohl ich am 17.07 defogger ausgeführt habe, konnte ich heute einen Film (Miniso-Datei) mit dvdfab ausführen und sehen. Ich dachte defogger hätte dieses unterbunden?!
__________________

Geändert von TorPedetor (19.07.2012 um 00:05 Uhr)

Alt 19.07.2012, 00:16   #4
t'john
/// Helfer-Team
 
Live Security Platinum Virus - Standard

Live Security Platinum Virus



So kam das Logfile raus?

Bitte wiederholen und Anleitung beachten.
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.07.2012, 00:42   #5
TorPedetor
 
Live Security Platinum Virus - Standard

Live Security Platinum Virus



Ok.
Ich glaube, davor habe ich erst OTL.exe ausgeführt und dann die Scanner ausgeschaltet... mein Fehler

Hier das neue Logfile:

Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named DivXUpdate.exe was found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-625476035-1192893045-2691204042-1001UA.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\AutoKMS.job moved successfully.
File C:\Windows\Tasks\AutoKMS.job not found.
C:\Windows\Tasks\HPCeeScheduleForWIN-RS8RTOFVIIM$.job moved successfully.
File C:\Windows\tasks\HPCeeScheduleFor***.job not found.
C:\Windows\Tasks\AutoKMSDaily.job moved successfully.
File C:\Windows\Tasks\AutoKMSDaily.job not found.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-625476035-1192893045-2691204042-1001Core.job moved successfully.
File C:\Windows\tasks\Adobe Flash Player Updater.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: admin
->Temp folder emptied: 7710653 bytes
->Temporary Internet Files folder emptied: 10576900 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1012 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes
 
User: Default User
 
User: ***
->Temp folder emptied: 41296258 bytes
->Temporary Internet Files folder emptied: 51134029 bytes
->Java cache emptied: 51256 bytes
->Google Chrome cache emptied: 64242416 bytes
->Flash cache emptied: 57497 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8687762 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028538 bytes
RecycleBin emptied: 4259 bytes
 
Total Files Cleaned = 210,00 mb
 
 
[EMPTYFLASH]
 
User: admin
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: ***
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07192012_003030
         


Alt 19.07.2012, 10:14   #6
t'john
/// Helfer-Team
 
Live Security Platinum Virus - Standard

Live Security Platinum Virus



Sehr gut!

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> Live Security Platinum Virus

Alt 19.07.2012, 20:37   #7
TorPedetor
 
Live Security Platinum Virus - Standard

Live Security Platinum Virus



Hier das Log:

Code:
ATTFilter
# AdwCleaner v1.702 - Logfile created 07/19/2012 at 20:32:20
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : admin - ***-HP
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Folder Found : C:\Users\***\AppData\LocalLow\boost_interprocess
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [Registry] *****


***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [880 octets] - [19/07/2012 20:32:20]

########## EOF - \AdwCleaner[R1].txt - [1007 octets] ##########
         

Alt 19.07.2012, 21:37   #8
t'john
/// Helfer-Team
 
Live Security Platinum Virus - Standard

Live Security Platinum Virus



Sehr gut!

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



dann:


Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)



Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.




  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.




  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".



  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.



  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.



  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.07.2012, 21:51   #9
TorPedetor
 
Live Security Platinum Virus - Standard

Live Security Platinum Virus



Hier das AdwCleaner Logfile:

Zitat:
# AdwCleaner v1.702 - Logfile created 07/19/2012 at 21:44:49
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : admin - ***-HP
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Folder Deleted : C:\Users\***\AppData\LocalLow\boost_interprocess
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [Registry] *****


***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [888 octets] - [19/07/2012 21:44:49]
AdwCleaner[R1].txt - [1006 octets] - [19/07/2012 20:32:20]

########## EOF - \AdwCleaner[S1].txt - [1075 octets] ##########

Alt 19.07.2012, 21:59   #10
t'john
/// Helfer-Team
 
Live Security Platinum Virus - Standard

Live Security Platinum Virus



Noch Combofix?
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.07.2012, 23:08   #11
TorPedetor
 
Live Security Platinum Virus - Standard

Live Security Platinum Virus



Fertig mit ComboFix, hier die Logs:

ComboFix:

Code:
ATTFilter
ComboFix 12-07-19.02 - admin 19.07.2012  22:35:34.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8140.6179 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-19 bis 2012-07-19  ))))))))))))))))))))))))))))))
.
.
2012-07-19 20:42 . 2012-07-19 20:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-19 20:42 . 2012-07-19 20:42	--------	d-----w-	c:\users\admin\AppData\Local\temp
2012-07-18 21:03 . 2012-07-18 21:03	--------	d-----w-	C:\_OTL
2012-07-17 16:27 . 2012-06-29 10:04	9133488	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD8B41B7-D6CC-43AA-8F7C-017C8DB44F51}\mpengine.dll
2012-07-16 11:45 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-16 11:38 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-07-16 11:38 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-07-16 07:52 . 2012-06-06 06:06	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-07-16 07:52 . 2012-06-06 06:06	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-07-16 07:52 . 2012-06-06 05:05	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-07-16 07:52 . 2012-06-06 05:05	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-07-16 07:52 . 2010-06-26 03:55	2048	----a-w-	c:\windows\system32\msxml3r.dll
2012-07-16 07:52 . 2010-06-26 03:24	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2012-07-16 07:52 . 2012-06-09 05:43	14172672	----a-w-	c:\windows\system32\shell32.dll
2012-07-15 22:34 . 2012-07-15 22:34	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-07-15 22:31 . 2012-07-15 22:31	--------	d-----w-	c:\users\admin\AppData\Roaming\Malwarebytes
2012-07-15 22:31 . 2012-07-15 22:31	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-15 22:31 . 2012-07-15 22:33	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-15 22:31 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-14 22:41 . 2012-07-15 14:45	--------	d-----w-	c:\programdata\225932FD027865E6C6F46C5BF875F002
2012-07-06 14:29 . 2012-07-06 14:29	--------	d-----w-	c:\users\***\AppData\Roaming\PACE Anti-Piracy
2012-07-06 14:29 . 2012-07-06 14:29	--------	d-----w-	c:\users\***\AppData\Local\PACE Anti-Piracy
2012-07-06 14:29 . 2012-07-06 14:29	--------	d-----w-	c:\programdata\PACE Anti-Piracy
2012-07-06 14:21 . 2012-07-06 14:21	--------	d-----w-	c:\program files\CCleaner
2012-07-06 08:44 . 2012-07-06 08:44	--------	d-----w-	c:\users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-07-05 21:13 . 2012-07-05 21:13	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2012-07-05 14:23 . 2012-07-05 14:23	--------	d-----w-	c:\programdata\ALM
2012-07-05 14:17 . 2012-07-05 14:17	--------	d-----w-	c:\users\admin\Adobe Flash Builder 4.6
2012-07-05 14:10 . 2011-11-03 01:01	56208	------w-	c:\windows\system32\drivers\PxHlpa64.sys
2012-07-05 14:10 . 2011-10-17 01:00	10224	------w-	c:\windows\system32\drivers\cdralw2k.sys
2012-07-05 14:10 . 2011-10-17 01:00	10224	------w-	c:\windows\system32\drivers\cdr4_xp.sys
2012-07-05 14:10 . 2012-07-05 14:10	--------	d-----w-	c:\program files (x86)\Common Files\Sonic Shared
2012-07-05 14:10 . 2012-07-05 14:10	--------	d-----w-	c:\program files (x86)\My Company Name
2012-07-05 12:49 . 2012-07-16 07:52	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 12:49 . 2012-07-16 07:52	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 12:49 . 2012-07-05 12:49	--------	d-----w-	c:\windows\system32\Macromed
2012-07-04 19:44 . 2012-07-04 19:45	--------	d-----w-	c:\program files (x86)\SpeedFan
2012-07-04 10:57 . 2012-07-04 10:57	--------	d-----w-	c:\program files\WinRAR
2012-07-01 16:21 . 2012-07-05 18:14	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2012-07-01 16:20 . 2012-07-18 22:07	--------	d-----w-	c:\program files\Adobe
2012-07-01 16:15 . 2012-07-18 22:14	--------	d-----w-	c:\program files\Common Files\Adobe
2012-07-01 01:17 . 2012-07-01 01:17	--------	d-----w-	c:\users\***\AppData\Local\DDMSettings
2012-07-01 01:16 . 2012-07-01 01:16	--------	d-----w-	c:\users\admin\AppData\Roaming\DivX
2012-07-01 01:16 . 2012-07-05 14:10	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2012-07-01 01:16 . 2012-07-01 01:16	--------	d-----w-	c:\program files\DivX
2012-07-01 01:15 . 2012-07-01 01:16	--------	d-----w-	c:\program files (x86)\Common Files\DivX Shared
2012-07-01 01:13 . 2012-07-01 01:17	--------	d-----w-	c:\program files (x86)\DivX
2012-07-01 01:12 . 2012-07-01 01:17	--------	d-----w-	c:\programdata\DivX
2012-06-27 10:48 . 2012-06-27 10:48	--------	d-----w-	c:\users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-06-27 10:48 . 2012-06-27 10:48	--------	d-----w-	c:\program files (x86)\Adobe Download Assistant
2012-06-27 10:48 . 2012-06-27 10:48	--------	d-----w-	c:\program files (x86)\Common Files\Adobe AIR
2012-06-27 10:48 . 2012-07-05 14:29	--------	d-----w-	c:\users\admin\AppData\Local\Adobe
2012-06-26 19:54 . 2012-07-18 17:10	--------	d-----w-	c:\users\admin\AppData\Local\CrashDumps
2012-06-26 14:36 . 2012-07-18 22:07	--------	d-----w-	c:\users\***\AppData\Local\Adobe
2012-06-26 08:12 . 2012-06-26 08:12	--------	d-----w-	c:\users\***\AppData\Local\fontconfig
2012-06-26 08:12 . 2012-06-27 11:08	--------	d-----w-	c:\users\***\.gimp-2.8
2012-06-26 08:12 . 2012-06-26 08:12	--------	d-----w-	c:\users\***\AppData\Local\gegl-0.2
2012-06-26 08:11 . 2012-06-26 08:12	--------	d-----w-	c:\program files\GIMP 2
2012-06-23 22:17 . 2012-06-23 22:17	--------	d-----w-	c:\users\***\AppData\Local\Diagnostics
2012-06-21 18:31 . 2012-06-21 18:31	--------	d-----w-	c:\users\admin\AppData\Roaming\Apple Computer
2012-06-21 18:28 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 18:28 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 18:28 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 18:28 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 18:27 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 18:27 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 18:27 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 18:27 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 18:27 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-21 18:27 . 2012-06-24 08:59	--------	d-----w-	c:\users\admin\AppData\Roaming\wargaming.net
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 11:41 . 2012-06-12 19:55	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-06-12 20:10 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-06-12 20:10 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-06-10 20:04 . 2012-06-10 20:04	476960	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-06-10 20:04 . 2011-01-27 15:33	472864	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-06-10 11:16 . 2012-06-10 11:16	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-06-10 11:16 . 2012-06-10 11:16	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-06-10 11:16 . 2012-06-10 11:16	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2012-06-10 11:16 . 2012-06-10 11:16	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-06-10 11:16 . 2012-06-10 11:16	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-06-10 11:16 . 2012-06-10 11:16	82432	----a-w-	c:\windows\system32\icardie.dll
2012-06-10 11:16 . 2012-06-10 11:16	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-06-10 11:16 . 2012-06-10 11:16	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-06-10 11:16 . 2012-06-10 11:16	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-06-10 11:16 . 2012-06-10 11:16	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-06-10 11:16 . 2012-06-10 11:16	697344	----a-w-	c:\windows\system32\msfeeds.dll
2012-06-10 11:16 . 2012-06-10 11:16	65024	----a-w-	c:\windows\system32\pngfilt.dll
2012-06-10 11:16 . 2012-06-10 11:16	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-06-10 11:16 . 2012-06-10 11:16	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-06-10 11:16 . 2012-06-10 11:16	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2012-06-10 11:16 . 2012-06-10 11:16	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2012-06-10 11:16 . 2012-06-10 11:16	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-06-10 11:16 . 2012-06-10 11:16	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-06-10 11:16 . 2012-06-10 11:16	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-06-10 11:16 . 2012-06-10 11:16	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2012-06-10 11:16 . 2012-06-10 11:16	448512	----a-w-	c:\windows\system32\html.iec
2012-06-10 11:16 . 2012-06-10 11:16	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-06-10 11:16 . 2012-06-10 11:16	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2012-06-10 11:16 . 2012-06-10 11:16	39936	----a-w-	c:\windows\system32\iernonce.dll
2012-06-10 11:16 . 2012-06-10 11:16	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2012-06-10 11:16 . 2012-06-10 11:16	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-06-10 11:16 . 2012-06-10 11:16	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-06-10 11:16 . 2012-06-10 11:16	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-06-10 11:16 . 2012-06-10 11:16	282112	----a-w-	c:\windows\system32\dxtrans.dll
2012-06-10 11:16 . 2012-06-10 11:16	267776	----a-w-	c:\windows\system32\ieaksie.dll
2012-06-10 11:16 . 2012-06-10 11:16	249344	----a-w-	c:\windows\system32\webcheck.dll
2012-06-10 11:16 . 2012-06-10 11:16	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-06-10 11:16 . 2012-06-10 11:16	222208	----a-w-	c:\windows\system32\msls31.dll
2012-06-10 11:16 . 2012-06-10 11:16	197120	----a-w-	c:\windows\system32\msrating.dll
2012-06-10 11:16 . 2012-06-10 11:16	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-06-10 11:16 . 2012-06-10 11:16	163840	----a-w-	c:\windows\system32\ieakui.dll
2012-06-10 11:16 . 2012-06-10 11:16	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-06-10 11:16 . 2012-06-10 11:16	160256	----a-w-	c:\windows\system32\wextract.exe
2012-06-10 11:16 . 2012-06-10 11:16	160256	----a-w-	c:\windows\system32\ieakeng.dll
2012-06-10 11:16 . 2012-06-10 11:16	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-06-10 11:16 . 2012-06-10 11:16	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-06-10 11:16 . 2012-06-10 11:16	149504	----a-w-	c:\windows\system32\occache.dll
2012-06-10 11:16 . 2012-06-10 11:16	145920	----a-w-	c:\windows\system32\iepeers.dll
2012-06-10 11:16 . 2012-06-10 11:16	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-06-10 11:16 . 2012-06-10 11:16	12288	----a-w-	c:\windows\system32\mshta.exe
2012-06-10 11:16 . 2012-06-10 11:16	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-06-10 11:16 . 2012-06-10 11:16	114176	----a-w-	c:\windows\system32\admparse.dll
2012-06-10 11:16 . 2012-06-10 11:16	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-06-10 11:16 . 2012-06-10 11:16	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-06-10 11:16 . 2012-06-10 11:16	10752	----a-w-	c:\windows\system32\msfeedssync.exe
2012-06-10 11:16 . 2012-06-10 11:16	103936	----a-w-	c:\windows\system32\inseng.dll
2012-06-10 11:16 . 2012-06-10 11:16	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-06-09 18:52 . 2012-06-09 18:52	163048	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-31 10:25 . 2012-06-11 19:29	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-05-23 22:15 . 2010-06-24 10:33	19736	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-09 15:00 . 2012-06-14 18:41	13184	----a-w-	c:\windows\system32\drivers\dvdfabio.sys
2012-05-09 15:00 . 2012-06-14 18:41	45952	----a-w-	c:\windows\system32\drivers\vdrive.sys
2012-05-04 11:06 . 2012-06-12 19:32	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 19:32	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 19:32	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 19:31	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-12 19:31	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-12 19:32	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-12 19:32	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-12 19:32	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-04-25 10:11 . 2012-04-25 10:11	52736	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
2012-04-25 10:11 . 2012-04-25 10:11	4547944	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-04-24 05:37 . 2012-06-12 19:32	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-12 19:32	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-12 19:32	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-12 19:32	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-12 19:32	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-12 19:32	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]
"DVDFab VDrive"="c:\program files\DVDFab Virtual Drive\vdrive.exe" [2012-05-09 412032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-30 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-25 75048]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-12-13 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-22 124240]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"!BingBar"="c:\program files (x86)\Microsoft\BingBar\7.1.361.0\MUExe\7.1.361.0\BingBarSetup-Partner.EXE" [2012-02-10 6191616]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"OTL"="c:\users\***\Desktop\OTL.exe" [2012-07-17 596480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/04/09 16:09;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-24 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 250056]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 113792]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-10-22 77104]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 dvdfabio;dvdfabio;c:\windows\system32\drivers\dvdfabio.sys [2012-05-09 13184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-31 203776]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-07 249672]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-03 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-10-22 19720]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-10-22 79504]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-12-31 8281600]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-12-31 292864]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-10 31088]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-12-17 12256512]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-12 333928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-19 406632]
S3 vdrive;vdrive;c:\windows\system32\DRIVERS\vdrive.sys [2012-05-09 45952]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 12:18	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-19 c:\windows\Tasks\HPCeeScheduleFor***.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-17 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-17 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-17 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-02 524800]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*Restore"="c:\windows\System32\rstrui.exe" [2010-11-20 296960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.4.2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\InstallShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-19  22:44:11
ComboFix-quarantined-files.txt  2012-07-19 20:44
.
Vor Suchlauf: 11 Verzeichnis(se), 644.715.601.920 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 644.567.224.320 Bytes frei
.
- - End Of File - - 4F2FCC46E365504A2113BDEABE9B7842
         
und hier Add-Remove Programs:

Code:
ATTFilter
ActiveCheck component for HP Active Support Library
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Creative Suite 6 Master Collection
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Help Manager
Adobe Photoshop CS6
Adobe Reader 9.5.1 MUI
Adobe Shockwave Player 11.5
Adobe Widget Browser
Adobe® Content Viewer
Agatha Christie - Peril at End House
Apple Application Support
Apple Software Update
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
bl
Blasterball 3
Bounce Symphony
Build-a-Lot - The Elizabethan Era
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
Chuzzle Deluxe
CyberLink DVD Suite
CyberLink PowerDVD 10
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
DivX-Setup
DVDFab 8.1.8.5 (24/05/2012) Qt
Energy Star Digital Logo
ESU for Microsoft Windows 7
Farm Frenzy
FATE
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
IDT Audio
Insaniquarium Deluxe
Intel(R) Display Audio Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 32
Jewel Quest II
Jewel Quest Solitaire
John Deere Drive Green
Junk Mail filter update
LabelPrint
LightScribe System Software
Magic Desktop
Malwarebytes Anti-Malware Version 1.62.0.1300
McAfee Agent
McAfee VirusScan Enterprise
Mesh Runtime
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mobile Partner
MSVCRT
MSVCRT_amd64
PDF Settings CS6
Penguins!
ph
PictureMover
Plants vs. Zombies
Polar Bowler
Power2Go
PX Profile Update
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype™ 4.2
Slingo Deluxe
SpeedFan (remove only)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Virtual Villagers - The Secret City
Wedding Dash
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World of Tanks
Zuma Deluxe
         

Alt 21.07.2012, 13:33   #12
TorPedetor
 
Live Security Platinum Virus - Standard

Live Security Platinum Virus



Hallo t'John, ich habe die ComboFix Log's oben gepostet.

Ist mein Laptop jetzt gereinigt? Oder fehlt noch was?

Kann ich jetzt meine CD-Emulatoren (dvdfab) wieder aktivieren? Einige meiner Spiele gehen nicht mehr... z.B. WOT. Liegt es daran?

Danke für deine Hilfe!

Geändert von TorPedetor (21.07.2012 um 13:46 Uhr)

Alt 21.07.2012, 18:33   #13
t'john
/// Helfer-Team
 
Live Security Platinum Virus - Standard

Live Security Platinum Virus



TDSSKiller von Kaspersky
- Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
- Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
- deaktiviere vorübergehend dein AntiVirus-Programm
- Starte die TDSSKiller.exe durch Doppelklick.
- Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
- Bestätige das ggfs. mit Y(es).
- Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
- Poste den Inhalt von C:\TDSSKiller.txt hier in den Thread.
Hier findest Du eine ausführlichere TDSSKiller Anleitung.


Zitat:
Kann ich jetzt meine CD-Emulatoren (dvdfab) wieder aktivieren?
kannst du.
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.07.2012, 22:50   #14
TorPedetor
 
Live Security Platinum Virus - Standard

Live Security Platinum Virus



Danke, hier das Logfile von TDSSKiller

Code:
ATTFilter
22:39:57.0101 3708	TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
22:39:57.0600 3708	============================================================
22:39:57.0600 3708	Current date / time: 2012/07/21 22:39:57.0600
22:39:57.0600 3708	SystemInfo:
22:39:57.0600 3708	
22:39:57.0600 3708	OS Version: 6.1.7601 ServicePack: 1.0
22:39:57.0600 3708	Product type: Workstation
22:39:57.0600 3708	ComputerName: ***-HP
22:39:57.0600 3708	UserName: admin
22:39:57.0600 3708	Windows directory: C:\Windows
22:39:57.0600 3708	System windows directory: C:\Windows
22:39:57.0600 3708	Running under WOW64
22:39:57.0600 3708	Processor architecture: Intel x64
22:39:57.0600 3708	Number of processors: 8
22:39:57.0600 3708	Page size: 0x1000
22:39:57.0600 3708	Boot type: Normal boot
22:39:57.0600 3708	============================================================
22:39:57.0944 3708	Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:39:58.0287 3708	Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:39:58.0287 3708	============================================================
22:39:58.0287 3708	\Device\Harddisk0\DR0:
22:39:58.0302 3708	MBR partitions:
22:39:58.0302 3708	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
22:39:58.0302 3708	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x55445000
22:39:58.0302 3708	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x554A9000, BlocksNum 0x2069800
22:39:58.0302 3708	\Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0
22:39:58.0302 3708	\Device\Harddisk1\DR1:
22:39:58.0302 3708	MBR partitions:
22:39:58.0302 3708	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
22:39:58.0302 3708	============================================================
22:39:58.0318 3708	C: <-> \Device\Harddisk0\DR0\Partition1
22:39:58.0334 3708	D: <-> \Device\Harddisk1\DR1\Partition0
22:39:58.0396 3708	E: <-> \Device\Harddisk0\DR0\Partition2
22:39:58.0396 3708	============================================================
22:39:58.0396 3708	Initialize success
22:39:58.0396 3708	============================================================
22:40:15.0696 7196	============================================================
22:40:15.0696 7196	Scan started
22:40:15.0696 7196	Mode: Manual; 
22:40:15.0696 7196	============================================================
22:40:16.0102 7196	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:40:16.0118 7196	1394ohci - ok
22:40:16.0164 7196	Accelerometer   (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
22:40:16.0164 7196	Accelerometer - ok
22:40:16.0211 7196	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:40:16.0227 7196	ACPI - ok
22:40:16.0242 7196	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:40:16.0242 7196	AcpiPmi - ok
22:40:16.0367 7196	AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:40:16.0383 7196	AdobeFlashPlayerUpdateSvc - ok
22:40:16.0461 7196	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:40:16.0476 7196	adp94xx - ok
22:40:16.0539 7196	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:40:16.0539 7196	adpahci - ok
22:40:16.0570 7196	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:40:16.0570 7196	adpu320 - ok
22:40:16.0601 7196	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:40:16.0617 7196	AeLookupSvc - ok
22:40:16.0679 7196	AESTFilters     (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
22:40:16.0679 7196	AESTFilters - ok
22:40:16.0773 7196	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:40:16.0773 7196	AFD - ok
22:40:16.0820 7196	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:40:16.0835 7196	agp440 - ok
22:40:16.0866 7196	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:40:16.0866 7196	ALG - ok
22:40:16.0913 7196	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:40:16.0913 7196	aliide - ok
22:40:16.0960 7196	AMD External Events Utility (263570714ac4cf41208e647c77bd2a63) C:\Windows\system32\atiesrxx.exe
22:40:16.0976 7196	AMD External Events Utility - ok
22:40:16.0991 7196	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:40:16.0991 7196	amdide - ok
22:40:17.0038 7196	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:40:17.0038 7196	AmdK8 - ok
22:40:17.0444 7196	amdkmdag        (0eeafb005d334910bb0aee1941351b1e) C:\Windows\system32\DRIVERS\atikmdag.sys
22:40:17.0600 7196	amdkmdag - ok
22:40:17.0740 7196	amdkmdap        (65f58cfb0bfdcebeae0164bb037545a8) C:\Windows\system32\DRIVERS\atikmpag.sys
22:40:17.0756 7196	amdkmdap - ok
22:40:17.0787 7196	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:40:17.0787 7196	AmdPPM - ok
22:40:17.0834 7196	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:40:17.0849 7196	amdsata - ok
22:40:17.0880 7196	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:40:17.0880 7196	amdsbs - ok
22:40:17.0912 7196	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:40:17.0912 7196	amdxata - ok
22:40:17.0958 7196	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:40:17.0958 7196	AppID - ok
22:40:17.0990 7196	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:40:17.0990 7196	AppIDSvc - ok
22:40:18.0036 7196	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:40:18.0036 7196	Appinfo - ok
22:40:18.0130 7196	Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:40:18.0130 7196	Apple Mobile Device - ok
22:40:18.0208 7196	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:40:18.0208 7196	arc - ok
22:40:18.0224 7196	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:40:18.0224 7196	arcsas - ok
22:40:18.0239 7196	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:40:18.0255 7196	AsyncMac - ok
22:40:18.0286 7196	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:40:18.0286 7196	atapi - ok
22:40:18.0395 7196	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:40:18.0411 7196	AudioEndpointBuilder - ok
22:40:18.0426 7196	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:40:18.0442 7196	AudioSrv - ok
22:40:18.0489 7196	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:40:18.0489 7196	AxInstSV - ok
22:40:18.0567 7196	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:40:18.0582 7196	b06bdrv - ok
22:40:18.0614 7196	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:40:18.0629 7196	b57nd60a - ok
22:40:18.0832 7196	BCM43XX         (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:40:18.0879 7196	BCM43XX - ok
22:40:19.0004 7196	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:40:19.0004 7196	BDESVC - ok
22:40:19.0066 7196	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:40:19.0066 7196	Beep - ok
22:40:19.0175 7196	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:40:19.0191 7196	BFE - ok
22:40:19.0284 7196	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:40:19.0300 7196	BITS - ok
22:40:19.0362 7196	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:40:19.0362 7196	blbdrive - ok
22:40:19.0472 7196	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:40:19.0487 7196	Bonjour Service - ok
22:40:19.0534 7196	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:40:19.0534 7196	bowser - ok
22:40:19.0565 7196	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:40:19.0581 7196	BrFiltLo - ok
22:40:19.0596 7196	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:40:19.0596 7196	BrFiltUp - ok
22:40:19.0659 7196	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:40:19.0659 7196	BridgeMP - ok
22:40:19.0721 7196	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:40:19.0721 7196	Browser - ok
22:40:19.0752 7196	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:40:19.0768 7196	Brserid - ok
22:40:19.0799 7196	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:40:19.0799 7196	BrSerWdm - ok
22:40:19.0815 7196	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:40:19.0815 7196	BrUsbMdm - ok
22:40:19.0862 7196	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:40:19.0862 7196	BrUsbSer - ok
22:40:19.0908 7196	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
22:40:19.0908 7196	BthEnum - ok
22:40:19.0924 7196	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:40:19.0924 7196	BTHMODEM - ok
22:40:19.0971 7196	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:40:19.0971 7196	BthPan - ok
22:40:20.0018 7196	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
22:40:20.0033 7196	BTHPORT - ok
22:40:20.0064 7196	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:40:20.0064 7196	bthserv - ok
22:40:20.0096 7196	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
22:40:20.0096 7196	BTHUSB - ok
22:40:20.0158 7196	btwampfl        (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
22:40:20.0174 7196	btwampfl - ok
22:40:20.0189 7196	btwaudio        (a75bf6802a967f5aacecc3c67febdf55) C:\Windows\system32\drivers\btwaudio.sys
22:40:20.0189 7196	btwaudio - ok
22:40:20.0220 7196	btwavdt         (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\DRIVERS\btwavdt.sys
22:40:20.0236 7196	btwavdt - ok
22:40:20.0345 7196	btwdins         (692f8648d7686d91e34a65ac698019d8) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:40:20.0361 7196	btwdins - ok
22:40:20.0392 7196	btwl2cap        (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:40:20.0392 7196	btwl2cap - ok
22:40:20.0408 7196	btwrchid        (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\DRIVERS\btwrchid.sys
22:40:20.0408 7196	btwrchid - ok
22:40:20.0454 7196	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:40:20.0454 7196	cdfs - ok
22:40:20.0517 7196	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:40:20.0517 7196	cdrom - ok
22:40:20.0564 7196	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:40:20.0564 7196	CertPropSvc - ok
22:40:20.0626 7196	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:40:20.0626 7196	circlass - ok
22:40:20.0704 7196	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:40:20.0720 7196	CLFS - ok
22:40:20.0844 7196	CLKMSVC10_38F51D56 (524dc3807cb1746225f9d26add19c319) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
22:40:20.0844 7196	CLKMSVC10_38F51D56 - ok
22:40:20.0922 7196	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:40:20.0922 7196	clr_optimization_v2.0.50727_32 - ok
22:40:20.0969 7196	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:40:20.0969 7196	clr_optimization_v2.0.50727_64 - ok
22:40:21.0032 7196	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:40:21.0032 7196	clr_optimization_v4.0.30319_32 - ok
22:40:21.0078 7196	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:40:21.0094 7196	clr_optimization_v4.0.30319_64 - ok
22:40:21.0203 7196	clwvd           (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
22:40:21.0203 7196	clwvd - ok
22:40:21.0234 7196	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:40:21.0234 7196	CmBatt - ok
22:40:21.0266 7196	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:40:21.0266 7196	cmdide - ok
22:40:21.0344 7196	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
22:40:21.0344 7196	CNG - ok
22:40:21.0390 7196	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:40:21.0390 7196	Compbatt - ok
22:40:21.0437 7196	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:40:21.0453 7196	CompositeBus - ok
22:40:21.0453 7196	COMSysApp - ok
22:40:21.0484 7196	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:40:21.0484 7196	crcdisk - ok
22:40:21.0546 7196	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
22:40:21.0546 7196	CryptSvc - ok
22:40:21.0609 7196	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:40:21.0624 7196	DcomLaunch - ok
22:40:21.0671 7196	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:40:21.0671 7196	defragsvc - ok
22:40:21.0718 7196	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:40:21.0718 7196	DfsC - ok
22:40:21.0796 7196	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:40:21.0796 7196	Dhcp - ok
22:40:21.0827 7196	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:40:21.0827 7196	discache - ok
22:40:21.0858 7196	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:40:21.0858 7196	Disk - ok
22:40:21.0905 7196	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:40:21.0905 7196	Dnscache - ok
22:40:21.0952 7196	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:40:21.0968 7196	dot3svc - ok
22:40:21.0999 7196	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:40:21.0999 7196	DPS - ok
22:40:22.0046 7196	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:40:22.0046 7196	drmkaud - ok
22:40:22.0092 7196	dvdfabio        (4b42f9dcfa4e72c51578262fd721ce99) C:\Windows\system32\drivers\dvdfabio.sys
22:40:22.0092 7196	dvdfabio - ok
22:40:22.0217 7196	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:40:22.0233 7196	DXGKrnl - ok
22:40:22.0264 7196	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:40:22.0280 7196	EapHost - ok
22:40:22.0576 7196	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:40:22.0607 7196	ebdrv - ok
22:40:22.0732 7196	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:40:22.0732 7196	EFS - ok
22:40:22.0857 7196	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:40:22.0872 7196	ehRecvr - ok
22:40:22.0904 7196	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:40:22.0904 7196	ehSched - ok
22:40:23.0013 7196	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:40:23.0028 7196	elxstor - ok
22:40:23.0044 7196	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:40:23.0044 7196	ErrDev - ok
22:40:23.0138 7196	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:40:23.0153 7196	EventSystem - ok
22:40:23.0216 7196	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:40:23.0216 7196	exfat - ok
22:40:23.0231 7196	ezSharedSvc - ok
22:40:23.0262 7196	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:40:23.0278 7196	fastfat - ok
22:40:23.0372 7196	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:40:23.0387 7196	Fax - ok
22:40:23.0418 7196	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:40:23.0418 7196	fdc - ok
22:40:23.0465 7196	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:40:23.0465 7196	fdPHost - ok
22:40:23.0496 7196	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:40:23.0496 7196	FDResPub - ok
22:40:23.0528 7196	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:40:23.0528 7196	FileInfo - ok
22:40:23.0543 7196	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:40:23.0543 7196	Filetrace - ok
22:40:23.0574 7196	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:40:23.0574 7196	flpydisk - ok
22:40:23.0637 7196	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:40:23.0637 7196	FltMgr - ok
22:40:23.0762 7196	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:40:23.0777 7196	FontCache - ok
22:40:23.0855 7196	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:40:23.0855 7196	FontCache3.0.0.0 - ok
22:40:23.0964 7196	FPLService      (cdc54db949d1e2bbf86b0c7ab86b912e) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
22:40:23.0964 7196	FPLService - ok
22:40:24.0074 7196	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:40:24.0089 7196	FsDepends - ok
22:40:24.0120 7196	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:40:24.0120 7196	Fs_Rec - ok
22:40:24.0183 7196	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:40:24.0183 7196	fvevol - ok
22:40:24.0230 7196	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:40:24.0230 7196	gagp30kx - ok
22:40:24.0323 7196	GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
22:40:24.0323 7196	GameConsoleService - ok
22:40:24.0370 7196	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:40:24.0370 7196	GEARAspiWDM - ok
22:40:24.0495 7196	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:40:24.0510 7196	gpsvc - ok
22:40:24.0542 7196	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:40:24.0542 7196	hcw85cir - ok
22:40:24.0620 7196	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:40:24.0635 7196	HdAudAddService - ok
22:40:24.0666 7196	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:40:24.0666 7196	HDAudBus - ok
22:40:24.0698 7196	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:40:24.0698 7196	HidBatt - ok
22:40:24.0729 7196	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:40:24.0729 7196	HidBth - ok
22:40:24.0776 7196	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:40:24.0776 7196	HidIr - ok
22:40:24.0807 7196	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:40:24.0807 7196	hidserv - ok
22:40:24.0854 7196	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:40:24.0854 7196	HidUsb - ok
22:40:24.0900 7196	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:40:24.0900 7196	hkmsvc - ok
22:40:24.0963 7196	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:40:24.0963 7196	HomeGroupListener - ok
22:40:25.0010 7196	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:40:25.0025 7196	HomeGroupProvider - ok
22:40:25.0134 7196	HP Health Check Service (7a24ad37416b91e4b5e5b46bd25c075f) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
22:40:25.0134 7196	HP Health Check Service - ok
22:40:25.0181 7196	HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
22:40:25.0181 7196	HP Wireless Assistant Service - ok
22:40:25.0212 7196	HPClientSvc     (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
22:40:25.0228 7196	HPClientSvc - ok
22:40:25.0290 7196	HPDrvMntSvc.exe (2a047e7e0f1018e3134a4065636f2025) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
22:40:25.0290 7196	HPDrvMntSvc.exe - ok
22:40:25.0322 7196	hpdskflt        (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
22:40:25.0322 7196	hpdskflt - ok
22:40:25.0415 7196	hpqwmiex        (59cb6a1ca093edc2881598a45518857d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
22:40:25.0431 7196	hpqwmiex - ok
22:40:25.0478 7196	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:40:25.0478 7196	HpSAMD - ok
22:40:25.0524 7196	hpsrv           (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
22:40:25.0524 7196	hpsrv - ok
22:40:25.0571 7196	HPWMISVC        (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
22:40:25.0571 7196	HPWMISVC - ok
22:40:25.0680 7196	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:40:25.0696 7196	HTTP - ok
22:40:25.0743 7196	hwdatacard      (d96a290f699081ae737390c0fe329d7c) C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:40:25.0743 7196	hwdatacard - ok
22:40:25.0774 7196	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:40:25.0774 7196	hwpolicy - ok
22:40:25.0805 7196	hwusbdev        (e0c7255498640fc64b19aae17fd6f965) C:\Windows\system32\DRIVERS\ewusbdev.sys
22:40:25.0805 7196	hwusbdev - ok
22:40:25.0868 7196	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:40:25.0883 7196	i8042prt - ok
22:40:25.0930 7196	iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
22:40:25.0930 7196	iaStor - ok
22:40:26.0024 7196	IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:40:26.0024 7196	IAStorDataMgrSvc - ok
22:40:26.0102 7196	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:40:26.0117 7196	iaStorV - ok
22:40:26.0242 7196	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:40:26.0258 7196	idsvc - ok
22:40:27.0287 7196	igfx            (8cb8667f5a3b5515f2585f3254f3aaf7) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:40:27.0521 7196	igfx - ok
22:40:27.0646 7196	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:40:27.0646 7196	iirsp - ok
22:40:27.0755 7196	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:40:27.0771 7196	IKEEXT - ok
22:40:27.0849 7196	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
22:40:27.0849 7196	IntcDAud - ok
22:40:27.0911 7196	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:40:27.0911 7196	intelide - ok
22:40:28.0410 7196	intelkmd        (8cb8667f5a3b5515f2585f3254f3aaf7) C:\Windows\system32\DRIVERS\igdpmd64.sys
22:40:28.0644 7196	intelkmd - ok
22:40:28.0769 7196	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:40:28.0769 7196	intelppm - ok
22:40:28.0800 7196	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:40:28.0816 7196	IPBusEnum - ok
22:40:28.0863 7196	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:40:28.0863 7196	IpFilterDriver - ok
22:40:28.0941 7196	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:40:28.0956 7196	iphlpsvc - ok
22:40:28.0988 7196	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:40:28.0988 7196	IPMIDRV - ok
22:40:29.0034 7196	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:40:29.0034 7196	IPNAT - ok
22:40:29.0190 7196	iPod Service    (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
22:40:29.0206 7196	iPod Service - ok
22:40:29.0237 7196	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:40:29.0237 7196	IRENUM - ok
22:40:29.0284 7196	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:40:29.0284 7196	isapnp - ok
22:40:29.0331 7196	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:40:29.0331 7196	iScsiPrt - ok
22:40:29.0378 7196	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:40:29.0378 7196	kbdclass - ok
22:40:29.0409 7196	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:40:29.0409 7196	kbdhid - ok
22:40:29.0440 7196	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:40:29.0440 7196	KeyIso - ok
22:40:29.0471 7196	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
22:40:29.0471 7196	KSecDD - ok
22:40:29.0518 7196	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
22:40:29.0518 7196	KSecPkg - ok
22:40:29.0549 7196	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:40:29.0549 7196	ksthunk - ok
22:40:29.0612 7196	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:40:29.0612 7196	KtmRm - ok
22:40:29.0674 7196	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:40:29.0674 7196	LanmanServer - ok
22:40:29.0736 7196	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:40:29.0752 7196	LanmanWorkstation - ok
22:40:29.0830 7196	LightScribeService (fa4a45c179ab0e0f1a31b9751d4b18d7) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:40:29.0830 7196	LightScribeService - ok
22:40:29.0861 7196	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:40:29.0861 7196	lltdio - ok
22:40:29.0924 7196	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:40:29.0924 7196	lltdsvc - ok
22:40:29.0955 7196	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:40:29.0970 7196	lmhosts - ok
22:40:30.0048 7196	LMS             (c463a25f01c6237295917417c5e9e344) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:40:30.0048 7196	LMS - ok
22:40:30.0095 7196	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:40:30.0095 7196	LSI_FC - ok
22:40:30.0126 7196	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:40:30.0126 7196	LSI_SAS - ok
22:40:30.0158 7196	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:40:30.0158 7196	LSI_SAS2 - ok
22:40:30.0173 7196	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:40:30.0173 7196	LSI_SCSI - ok
22:40:30.0204 7196	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:40:30.0204 7196	luafv - ok
22:40:30.0251 7196	MBAMProtector   (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
22:40:30.0251 7196	MBAMProtector - ok
22:40:30.0376 7196	MBAMService     (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:40:30.0376 7196	MBAMService - ok
22:40:30.0470 7196	McAfeeEngineService (639da8f468552785e15f0f2fd8db44b3) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
22:40:30.0470 7196	McAfeeEngineService - ok
22:40:30.0532 7196	McAfeeFramework (1b963d79740b187795407cd03e2f7b4d) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
22:40:30.0548 7196	McAfeeFramework - ok
22:40:30.0610 7196	McShield        (4e09d8c4c861348a7f1c12a5aa9c4de7) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
22:40:30.0610 7196	McShield - ok
22:40:30.0641 7196	McTaskManager   (3774aad155f31d58d932861d0a4fd641) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
22:40:30.0641 7196	McTaskManager - ok
22:40:30.0704 7196	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:40:30.0704 7196	Mcx2Svc - ok
22:40:30.0735 7196	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:40:30.0735 7196	megasas - ok
22:40:30.0782 7196	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:40:30.0797 7196	MegaSR - ok
22:40:30.0828 7196	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
22:40:30.0828 7196	MEIx64 - ok
22:40:30.0875 7196	mfeapfk         (e2d642a38a8dc4722f859092f731b6a3) C:\Windows\system32\drivers\mfeapfk.sys
22:40:30.0875 7196	mfeapfk - ok
22:40:30.0891 7196	mfeavfk         (ae23ed41216e160f54e5ef1a5ee325f7) C:\Windows\system32\drivers\mfeavfk.sys
22:40:30.0891 7196	mfeavfk - ok
22:40:30.0953 7196	mfehidk         (bc76bc7129b2206098ac220b656f15b7) C:\Windows\system32\drivers\mfehidk.sys
22:40:30.0953 7196	mfehidk - ok
22:40:30.0984 7196	mferkdet        (c7c15d125aa697be97087d197c9fad08) C:\Windows\system32\drivers\mferkdet.sys
22:40:30.0984 7196	mferkdet - ok
22:40:31.0016 7196	mfetdik         (41ca4c4292004486d004d357b9c19718) C:\Windows\system32\drivers\mfetdik.sys
22:40:31.0016 7196	mfetdik - ok
22:40:31.0047 7196	mfevtp          (c39855495e82ec6b02e6190c34a1b752) C:\Windows\system32\mfevtps.exe
22:40:31.0062 7196	mfevtp - ok
22:40:31.0140 7196	Microsoft SharePoint Workspace Audit Service - ok
22:40:31.0187 7196	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:40:31.0187 7196	MMCSS - ok
22:40:31.0234 7196	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:40:31.0234 7196	Modem - ok
22:40:31.0265 7196	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:40:31.0265 7196	monitor - ok
22:40:31.0328 7196	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:40:31.0328 7196	mouclass - ok
22:40:31.0359 7196	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:40:31.0359 7196	mouhid - ok
22:40:31.0421 7196	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:40:31.0421 7196	mountmgr - ok
22:40:31.0452 7196	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:40:31.0452 7196	mpio - ok
22:40:31.0484 7196	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:40:31.0484 7196	mpsdrv - ok
22:40:31.0577 7196	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:40:31.0593 7196	MpsSvc - ok
22:40:31.0624 7196	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:40:31.0624 7196	MRxDAV - ok
22:40:31.0671 7196	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:40:31.0686 7196	mrxsmb - ok
22:40:31.0718 7196	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:40:31.0718 7196	mrxsmb10 - ok
22:40:31.0749 7196	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:40:31.0764 7196	mrxsmb20 - ok
22:40:31.0796 7196	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:40:31.0796 7196	msahci - ok
22:40:31.0842 7196	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:40:31.0842 7196	msdsm - ok
22:40:31.0889 7196	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:40:31.0889 7196	MSDTC - ok
22:40:31.0936 7196	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:40:31.0936 7196	Msfs - ok
22:40:31.0967 7196	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:40:31.0967 7196	mshidkmdf - ok
22:40:31.0983 7196	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:40:31.0983 7196	msisadrv - ok
22:40:32.0030 7196	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:40:32.0030 7196	MSiSCSI - ok
22:40:32.0045 7196	msiserver - ok
22:40:32.0092 7196	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:40:32.0092 7196	MSKSSRV - ok
22:40:32.0123 7196	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:40:32.0123 7196	MSPCLOCK - ok
22:40:32.0123 7196	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:40:32.0139 7196	MSPQM - ok
22:40:32.0186 7196	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:40:32.0186 7196	MsRPC - ok
22:40:32.0217 7196	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:40:32.0217 7196	mssmbios - ok
22:40:32.0248 7196	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:40:32.0248 7196	MSTEE - ok
22:40:32.0264 7196	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:40:32.0279 7196	MTConfig - ok
22:40:32.0295 7196	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:40:32.0295 7196	Mup - ok
22:40:32.0342 7196	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:40:32.0357 7196	napagent - ok
22:40:32.0420 7196	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:40:32.0435 7196	NativeWifiP - ok
22:40:32.0560 7196	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:40:32.0576 7196	NDIS - ok
22:40:32.0607 7196	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:40:32.0607 7196	NdisCap - ok
22:40:32.0638 7196	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:40:32.0638 7196	NdisTapi - ok
22:40:32.0716 7196	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:40:32.0716 7196	Ndisuio - ok
22:40:32.0763 7196	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:40:32.0763 7196	NdisWan - ok
22:40:32.0810 7196	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:40:32.0825 7196	NDProxy - ok
22:40:32.0856 7196	Netaapl         (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
22:40:32.0856 7196	Netaapl - ok
22:40:32.0903 7196	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:40:32.0903 7196	NetBIOS - ok
22:40:32.0950 7196	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:40:32.0966 7196	NetBT - ok
22:40:32.0997 7196	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:40:32.0997 7196	Netlogon - ok
22:40:33.0059 7196	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:40:33.0075 7196	Netman - ok
22:40:33.0122 7196	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:40:33.0122 7196	netprofm - ok
22:40:33.0200 7196	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:40:33.0200 7196	NetTcpPortSharing - ok
22:40:33.0480 7196	netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
22:40:33.0605 7196	netw5v64 - ok
22:40:33.0714 7196	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:40:33.0730 7196	nfrd960 - ok
22:40:33.0792 7196	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:40:33.0808 7196	NlaSvc - ok
22:40:33.0824 7196	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:40:33.0824 7196	Npfs - ok
22:40:33.0855 7196	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:40:33.0855 7196	nsi - ok
22:40:33.0870 7196	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:40:33.0870 7196	nsiproxy - ok
22:40:34.0058 7196	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:40:34.0073 7196	Ntfs - ok
22:40:34.0198 7196	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:40:34.0198 7196	Null - ok
22:40:34.0245 7196	nusb3hub        (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
22:40:34.0245 7196	nusb3hub - ok
22:40:34.0276 7196	nusb3xhc        (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:40:34.0292 7196	nusb3xhc - ok
22:40:34.0338 7196	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:40:34.0338 7196	nvraid - ok
22:40:34.0370 7196	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:40:34.0370 7196	nvstor - ok
22:40:34.0416 7196	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:40:34.0416 7196	nv_agp - ok
22:40:34.0448 7196	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:40:34.0448 7196	ohci1394 - ok
22:40:34.0557 7196	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:40:34.0557 7196	ose - ok
22:40:34.0931 7196	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:40:34.0994 7196	osppsvc - ok
22:40:35.0134 7196	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:40:35.0134 7196	p2pimsvc - ok
22:40:35.0181 7196	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:40:35.0181 7196	p2psvc - ok
22:40:35.0228 7196	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:40:35.0228 7196	Parport - ok
22:40:35.0274 7196	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:40:35.0274 7196	partmgr - ok
22:40:35.0321 7196	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:40:35.0321 7196	PcaSvc - ok
22:40:35.0368 7196	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:40:35.0368 7196	pci - ok
22:40:35.0399 7196	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:40:35.0399 7196	pciide - ok
22:40:35.0446 7196	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:40:35.0446 7196	pcmcia - ok
22:40:35.0477 7196	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:40:35.0477 7196	pcw - ok
22:40:35.0540 7196	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:40:35.0555 7196	PEAUTH - ok
22:40:35.0664 7196	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:40:35.0664 7196	PerfHost - ok
22:40:35.0820 7196	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:40:35.0852 7196	pla - ok
22:40:35.0945 7196	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:40:35.0961 7196	PlugPlay - ok
22:40:35.0992 7196	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:40:35.0992 7196	PNRPAutoReg - ok
22:40:36.0039 7196	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:40:36.0054 7196	PNRPsvc - ok
22:40:36.0117 7196	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:40:36.0132 7196	PolicyAgent - ok
22:40:36.0179 7196	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:40:36.0179 7196	Power - ok
22:40:36.0273 7196	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:40:36.0273 7196	PptpMiniport - ok
22:40:36.0304 7196	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:40:36.0304 7196	Processor - ok
22:40:36.0351 7196	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
22:40:36.0351 7196	ProfSvc - ok
22:40:36.0382 7196	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:40:36.0382 7196	ProtectedStorage - ok
22:40:36.0444 7196	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:40:36.0444 7196	Psched - ok
22:40:36.0491 7196	PxHlpa64        (bc08f7f3c53cbee68670ed1314e290fd) C:\Windows\system32\Drivers\PxHlpa64.sys
22:40:36.0491 7196	PxHlpa64 - ok
22:40:36.0647 7196	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:40:36.0678 7196	ql2300 - ok
22:40:36.0834 7196	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:40:36.0834 7196	ql40xx - ok
22:40:36.0881 7196	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:40:36.0897 7196	QWAVE - ok
22:40:36.0912 7196	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:40:36.0912 7196	QWAVEdrv - ok
22:40:36.0928 7196	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:40:36.0944 7196	RasAcd - ok
22:40:36.0990 7196	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:40:36.0990 7196	RasAgileVpn - ok
22:40:37.0037 7196	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:40:37.0037 7196	RasAuto - ok
22:40:37.0084 7196	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:40:37.0084 7196	Rasl2tp - ok
22:40:37.0162 7196	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:40:37.0162 7196	RasMan - ok
22:40:37.0209 7196	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:40:37.0209 7196	RasPppoe - ok
22:40:37.0224 7196	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:40:37.0224 7196	RasSstp - ok
22:40:37.0287 7196	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:40:37.0287 7196	rdbss - ok
22:40:37.0318 7196	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:40:37.0318 7196	rdpbus - ok
22:40:37.0349 7196	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:40:37.0349 7196	RDPCDD - ok
22:40:37.0349 7196	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:40:37.0349 7196	RDPENCDD - ok
22:40:37.0365 7196	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:40:37.0380 7196	RDPREFMP - ok
22:40:37.0412 7196	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
22:40:37.0427 7196	RDPWD - ok
22:40:37.0490 7196	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:40:37.0490 7196	rdyboost - ok
22:40:37.0521 7196	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:40:37.0521 7196	RemoteAccess - ok
22:40:37.0583 7196	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:40:37.0583 7196	RemoteRegistry - ok
22:40:37.0630 7196	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:40:37.0630 7196	RFCOMM - ok
22:40:37.0661 7196	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:40:37.0661 7196	RpcEptMapper - ok
22:40:37.0677 7196	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:40:37.0692 7196	RpcLocator - ok
22:40:37.0755 7196	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:40:37.0770 7196	RpcSs - ok
22:40:37.0833 7196	RSPCIESTOR      (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys
22:40:37.0833 7196	RSPCIESTOR - ok
22:40:37.0880 7196	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:40:37.0880 7196	rspndr - ok
22:40:37.0942 7196	RTL8167         (5d6a444bd37b52ff846387c87dcdf98a) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:40:37.0942 7196	RTL8167 - ok
22:40:37.0973 7196	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:40:37.0973 7196	SamSs - ok
22:40:38.0004 7196	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:40:38.0004 7196	sbp2port - ok
22:40:38.0051 7196	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:40:38.0051 7196	SCardSvr - ok
22:40:38.0098 7196	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:40:38.0098 7196	scfilter - ok
22:40:38.0192 7196	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:40:38.0207 7196	Schedule - ok
22:40:38.0238 7196	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:40:38.0254 7196	SCPolicySvc - ok
22:40:38.0285 7196	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
22:40:38.0301 7196	sdbus - ok
22:40:38.0332 7196	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:40:38.0348 7196	SDRSVC - ok
22:40:38.0426 7196	SeaPort         (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:40:38.0426 7196	SeaPort - ok
22:40:38.0457 7196	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:40:38.0457 7196	secdrv - ok
22:40:38.0504 7196	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:40:38.0504 7196	seclogon - ok
22:40:38.0550 7196	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:40:38.0550 7196	SENS - ok
22:40:38.0566 7196	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:40:38.0566 7196	SensrSvc - ok
22:40:38.0597 7196	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:40:38.0597 7196	Serenum - ok
22:40:38.0644 7196	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:40:38.0644 7196	Serial - ok
22:40:38.0691 7196	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:40:38.0691 7196	sermouse - ok
22:40:38.0753 7196	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:40:38.0753 7196	SessionEnv - ok
22:40:38.0784 7196	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:40:38.0784 7196	sffdisk - ok
22:40:38.0816 7196	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:40:38.0816 7196	sffp_mmc - ok
22:40:38.0816 7196	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:40:38.0816 7196	sffp_sd - ok
22:40:38.0862 7196	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:40:38.0862 7196	sfloppy - ok
22:40:38.0925 7196	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:40:38.0925 7196	SharedAccess - ok
22:40:38.0987 7196	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:40:39.0003 7196	ShellHWDetection - ok
22:40:39.0050 7196	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:40:39.0050 7196	SiSRaid2 - ok
22:40:39.0081 7196	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:40:39.0081 7196	SiSRaid4 - ok
22:40:39.0096 7196	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:40:39.0096 7196	Smb - ok
22:40:39.0143 7196	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:40:39.0143 7196	SNMPTRAP - ok
22:40:39.0268 7196	speedfan        (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
22:40:39.0284 7196	speedfan - ok
22:40:39.0299 7196	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:40:39.0299 7196	spldr - ok
22:40:39.0362 7196	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:40:39.0377 7196	Spooler - ok
22:40:39.0564 7196	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:40:39.0596 7196	sppsvc - ok
22:40:39.0720 7196	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:40:39.0720 7196	sppuinotify - ok
22:40:39.0798 7196	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:40:39.0814 7196	srv - ok
22:40:39.0876 7196	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:40:39.0892 7196	srv2 - ok
22:40:39.0939 7196	SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:40:39.0954 7196	SrvHsfHDA - ok
22:40:40.0095 7196	SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:40:40.0126 7196	SrvHsfV92 - ok
22:40:40.0298 7196	SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:40:40.0313 7196	SrvHsfWinac - ok
22:40:40.0376 7196	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:40:40.0376 7196	srvnet - ok
22:40:40.0438 7196	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:40:40.0438 7196	SSDPSRV - ok
22:40:40.0469 7196	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:40:40.0469 7196	SstpSvc - ok
22:40:40.0547 7196	STacSV          (7c49a5e1943afda4672d80726af3bae4) C:\Program Files\IDT\WDM\STacSV64.exe
22:40:40.0547 7196	STacSV - ok
22:40:40.0578 7196	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:40:40.0578 7196	stexstor - ok
22:40:40.0641 7196	STHDA           (0aad250a31a7ee96e0945ab9e1f3baa7) C:\Windows\system32\DRIVERS\stwrt64.sys
22:40:40.0641 7196	STHDA - ok
22:40:40.0703 7196	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:40:40.0719 7196	stisvc - ok
22:40:40.0750 7196	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:40:40.0750 7196	swenum - ok
22:40:40.0906 7196	SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:40:40.0922 7196	SwitchBoard - ok
22:40:40.0984 7196	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:40:41.0000 7196	swprv - ok
22:40:41.0078 7196	SynTP           (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
22:40:41.0078 7196	SynTP - ok
22:40:41.0249 7196	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:40:41.0280 7196	SysMain - ok
22:40:41.0374 7196	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:40:41.0390 7196	TabletInputService - ok
22:40:41.0421 7196	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:40:41.0436 7196	TapiSrv - ok
22:40:41.0468 7196	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:40:41.0468 7196	TBS - ok
22:40:41.0624 7196	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:40:41.0655 7196	Tcpip - ok
22:40:41.0951 7196	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:40:41.0982 7196	TCPIP6 - ok
22:40:42.0107 7196	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:40:42.0107 7196	tcpipreg - ok
22:40:42.0138 7196	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:40:42.0154 7196	TDPIPE - ok
22:40:42.0185 7196	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:40:42.0185 7196	TDTCP - ok
22:40:42.0248 7196	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:40:42.0248 7196	tdx - ok
22:40:42.0279 7196	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:40:42.0279 7196	TermDD - ok
22:40:42.0357 7196	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:40:42.0372 7196	TermService - ok
22:40:42.0404 7196	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:40:42.0404 7196	Themes - ok
22:40:42.0435 7196	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:40:42.0435 7196	THREADORDER - ok
22:40:42.0466 7196	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:40:42.0466 7196	TrkWks - ok
22:40:42.0544 7196	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:40:42.0560 7196	TrustedInstaller - ok
22:40:42.0591 7196	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:40:42.0606 7196	tssecsrv - ok
22:40:42.0653 7196	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:40:42.0653 7196	TsUsbFlt - ok
22:40:42.0700 7196	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:40:42.0716 7196	tunnel - ok
22:40:42.0747 7196	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:40:42.0747 7196	uagp35 - ok
22:40:42.0809 7196	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:40:42.0809 7196	udfs - ok
22:40:42.0856 7196	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:40:42.0856 7196	UI0Detect - ok
22:40:42.0903 7196	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:40:42.0903 7196	uliagpkx - ok
22:40:42.0950 7196	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:40:42.0950 7196	umbus - ok
22:40:42.0996 7196	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:40:42.0996 7196	UmPass - ok
22:40:43.0308 7196	UNS             (3a1ecef8d49fc1a786a6ccd5a86a8878) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:40:43.0324 7196	UNS - ok
22:40:43.0480 7196	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:40:43.0480 7196	upnphost - ok
22:40:43.0542 7196	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
22:40:43.0542 7196	USBAAPL64 - ok
22:40:43.0589 7196	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:40:43.0589 7196	usbccgp - ok
22:40:43.0636 7196	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:40:43.0636 7196	usbcir - ok
22:40:43.0667 7196	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:40:43.0667 7196	usbehci - ok
22:40:43.0714 7196	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:40:43.0730 7196	usbhub - ok
22:40:43.0745 7196	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:40:43.0745 7196	usbohci - ok
22:40:43.0792 7196	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:40:43.0792 7196	usbprint - ok
22:40:43.0823 7196	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:40:43.0823 7196	USBSTOR - ok
22:40:43.0854 7196	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:40:43.0854 7196	usbuhci - ok
22:40:43.0901 7196	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:40:43.0917 7196	usbvideo - ok
22:40:43.0948 7196	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:40:43.0948 7196	UxSms - ok
22:40:43.0979 7196	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:40:43.0979 7196	VaultSvc - ok
22:40:44.0026 7196	vdrive          (c4c2644516e569f98ffe362c22c4011c) C:\Windows\system32\DRIVERS\vdrive.sys
22:40:44.0026 7196	vdrive - ok
22:40:44.0073 7196	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:40:44.0088 7196	vdrvroot - ok
22:40:44.0166 7196	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:40:44.0182 7196	vds - ok
22:40:44.0213 7196	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:40:44.0213 7196	vga - ok
22:40:44.0229 7196	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:40:44.0244 7196	VgaSave - ok
22:40:44.0276 7196	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:40:44.0291 7196	vhdmp - ok
22:40:44.0307 7196	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:40:44.0322 7196	viaide - ok
22:40:44.0354 7196	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:40:44.0354 7196	volmgr - ok
22:40:44.0432 7196	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:40:44.0432 7196	volmgrx - ok
22:40:44.0494 7196	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:40:44.0494 7196	volsnap - ok
22:40:44.0572 7196	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:40:44.0588 7196	vsmraid - ok
22:40:44.0759 7196	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:40:44.0790 7196	VSS - ok
22:40:44.0915 7196	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:40:44.0915 7196	vwifibus - ok
22:40:44.0946 7196	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:40:44.0946 7196	vwififlt - ok
22:40:45.0024 7196	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:40:45.0024 7196	W32Time - ok
22:40:45.0056 7196	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:40:45.0071 7196	WacomPen - ok
22:40:45.0134 7196	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:40:45.0134 7196	WANARP - ok
22:40:45.0149 7196	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:40:45.0149 7196	Wanarpv6 - ok
22:40:45.0305 7196	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:40:45.0336 7196	wbengine - ok
22:40:45.0477 7196	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:40:45.0477 7196	WbioSrvc - ok
22:40:45.0539 7196	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:40:45.0555 7196	wcncsvc - ok
22:40:45.0570 7196	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:40:45.0586 7196	WcsPlugInService - ok
22:40:45.0633 7196	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:40:45.0633 7196	Wd - ok
22:40:45.0695 7196	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:40:45.0711 7196	Wdf01000 - ok
22:40:45.0742 7196	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:40:45.0742 7196	WdiServiceHost - ok
22:40:45.0742 7196	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:40:45.0758 7196	WdiSystemHost - ok
22:40:45.0789 7196	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:40:45.0804 7196	WebClient - ok
22:40:45.0836 7196	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:40:45.0836 7196	Wecsvc - ok
22:40:45.0867 7196	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:40:45.0867 7196	wercplsupport - ok
22:40:45.0945 7196	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:40:45.0945 7196	WerSvc - ok
22:40:45.0992 7196	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:40:45.0992 7196	WfpLwf - ok
22:40:46.0023 7196	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:40:46.0023 7196	WIMMount - ok
22:40:46.0070 7196	WinDefend - ok
22:40:46.0085 7196	WinHttpAutoProxySvc - ok
22:40:46.0148 7196	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:40:46.0163 7196	Winmgmt - ok
22:40:46.0319 7196	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:40:46.0350 7196	WinRM - ok
22:40:46.0506 7196	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
22:40:46.0506 7196	WinUsb - ok
22:40:46.0569 7196	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:40:46.0600 7196	Wlansvc - ok
22:40:46.0647 7196	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:40:46.0647 7196	wlcrasvc - ok
22:40:46.0865 7196	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:40:46.0881 7196	wlidsvc - ok
22:40:47.0006 7196	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:40:47.0006 7196	WmiAcpi - ok
22:40:47.0099 7196	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:40:47.0099 7196	wmiApSrv - ok
22:40:47.0146 7196	WMPNetworkSvc - ok
22:40:47.0177 7196	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:40:47.0193 7196	WPCSvc - ok
22:40:47.0224 7196	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:40:47.0240 7196	WPDBusEnum - ok
22:40:47.0255 7196	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:40:47.0255 7196	ws2ifsl - ok
22:40:47.0302 7196	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:40:47.0302 7196	wscsvc - ok
22:40:47.0318 7196	WSearch - ok
22:40:47.0458 7196	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:40:47.0474 7196	wuauserv - ok
22:40:47.0614 7196	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:40:47.0614 7196	WudfPf - ok
22:40:47.0645 7196	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:40:47.0645 7196	WUDFRd - ok
22:40:47.0692 7196	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:40:47.0692 7196	wudfsvc - ok
22:40:47.0739 7196	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:40:47.0739 7196	WwanSvc - ok
22:40:47.0817 7196	yukonw7         (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
22:40:47.0832 7196	yukonw7 - ok
22:40:47.0895 7196	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:40:48.0082 7196	\Device\Harddisk0\DR0 - ok
22:40:50.0500 7196	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
22:40:50.0516 7196	\Device\Harddisk1\DR1 - ok
22:40:50.0594 7196	Boot (0x1200)   (2164d0924c8b2f01aa0c53b2ec672e42) \Device\Harddisk0\DR0\Partition0
22:40:50.0594 7196	\Device\Harddisk0\DR0\Partition0 - ok
22:40:50.0625 7196	Boot (0x1200)   (0ca335f5908b0c04d90672fed90c5e8a) \Device\Harddisk0\DR0\Partition1
22:40:50.0625 7196	\Device\Harddisk0\DR0\Partition1 - ok
22:40:50.0656 7196	Boot (0x1200)   (d104f88d37821a7d6a1fd6b903497080) \Device\Harddisk0\DR0\Partition2
22:40:50.0656 7196	\Device\Harddisk0\DR0\Partition2 - ok
22:40:50.0672 7196	Boot (0x1200)   (ce8c4ada90184a2c21d6e9b79509d6b3) \Device\Harddisk0\DR0\Partition3
22:40:50.0672 7196	\Device\Harddisk0\DR0\Partition3 - ok
22:40:50.0687 7196	Boot (0x1200)   (f168cd0a5462f42e135035775938b31c) \Device\Harddisk1\DR1\Partition0
22:40:50.0687 7196	\Device\Harddisk1\DR1\Partition0 - ok
22:40:50.0703 7196	============================================================
22:40:50.0703 7196	Scan finished
22:40:50.0703 7196	============================================================
22:40:50.0718 6136	Detected object count: 0
22:40:50.0718 6136	Actual detected object count: 0
22:41:01.0872 3380	Deinitialize success
         

Alt 21.07.2012, 23:04   #15
t'john
/// Helfer-Team
 
Live Security Platinum Virus - Standard

Live Security Platinum Virus



Sehr gut!

ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Live Security Platinum Virus
adobe, autorun, bho, bingbar, bonjour, document, error, explorer, firefox, flash player, format, google, helper, home, igdpmd64.sys, launch, live security platinum entfernen, logfile, photoshop, programme, pup.bundleinstaller.bi, realtek, recycle.bin, registry, searchscopes, security, services.exe, software, systemwiederherstellung, updates, usb, usb 3.0, virus, windows, windows 7 64 bit



Ähnliche Themen: Live Security Platinum Virus


  1. troj zero acces in: Live Security Platinum und Microsoft\Security Center|
    Log-Analyse und Auswertung - 10.12.2012 (7)
  2. Virenbefall: Live Security Platinum Virus
    Log-Analyse und Auswertung - 15.11.2012 (32)
  3. Was tun nach "Live Security Platinum" Virus
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (28)
  4. Und das ausgerechnet jetzt: Live Security Platinum Virus
    Log-Analyse und Auswertung - 18.10.2012 (8)
  5. Live Security Platinum Virus bin schon im Abgesichertem Modus und 1. Log erstellt - wie weiter?
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (3)
  6. Virus Live Security Platinum auf meinem Laptop
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (2)
  7. Live Security Platinum Virus
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (15)
  8. Live Security Platinum Virus immer noch da
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (3)
  9. Virus: Live Security Platinum - Der nächste Fall
    Log-Analyse und Auswertung - 06.09.2012 (3)
  10. Live Security Platinum Virus - wirklich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (35)
  11. (2x) Live Security Platinum Virus
    Mülltonne - 17.08.2012 (1)
  12. Live Security Platinum Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (28)
  13. Live Security Platinum Virus / Sicherung von Daten auf USB-Stick möglich?
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (1)
  14. Live Security Platinum Virus - Probleme bei den ersten Schritten
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (1)
  15. Live Security Platinum Virus
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (3)
  16. Live Security Platinum - Virus eingefangen
    Log-Analyse und Auswertung - 01.08.2012 (5)
  17. Live Security Platinum-Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (6)

Zum Thema Live Security Platinum Virus - Hallo, auf meinem Laptop hat sich am Wochenende (15.07) das Virus "Live Security Platinum" eingeschleust. Dieses Virus ist ja bereits bekannt, dutzende Fehlermeldungen, Anwendungen funktionieren nicht mehr (Anti-Virus, CCleaner, Internet-Browser... - Live Security Platinum Virus...
Archiv
Du betrachtest: Live Security Platinum Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.