Trojaner-Board - probleme mit der internetverbindung

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - probleme mit der internetverbindung (https://www.trojaner-board.de/112636-probleme-internetverbindung.html)

probleme mit der internetverbindung

hab probleme mit der internetverbindung (startseite verändert bzw wird gar keine vebindung hergestellt )

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.23.02
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

lenovo :: LENOVO-PC [Administrator]
 

Schutz: Deaktiviert
 

23.03.2012 23:04:28

mbam-log-2012-03-23 (23-04-28).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P

Deaktivierte Suchlaufeinstellungen: 

Durchsuchte Objekte: 289949

Laufzeit: 16 Minute(n), 13 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 13

HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\funmoodsApp.appCore.1 (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\funmoodsApp.appCore (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\f (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\funmoods.dskBnd.1 (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\funmoods.dskBnd (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PDF Reader (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 1

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.FunMoods) -> Daten: Funmoods Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 7

C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsApp.dll (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsEng.dll (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodssrv.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\uninstall.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files (x86)\PDFReader\Uninstall\Uninstall.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\lenovo\Downloads\PDFReaderSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

seitdem hab ich das problem. wäre echt klasse wenn mir jemand helfen könnte. danke im voraus!
mfg christian

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hallo Arne, danke das du mir erneut hilfst. :daumenhoc
Kann den browser nicht als admin starten. Hab mir den Müll auch mit dem admin Konto eingefangen:headbang:

Und was soll da nicht gehen? Rechtsklick auf FF => als Admin ausführen

:confused:

Gestern Abend gings nicht, bekam Meldungen wie z.B. "Can not get update. Is proxy configured" oder "Unexpected Error 2002". Habe
es
eben wieder versucht, oh wunder es klappte. Eset hat aber nichts gefunden. Im Google Browser wird immernoch Funmoods als Startseite angezeigt u die Verbindung hat sich auch nicht verbessert.Wie gehts weiter?

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Code:

OTL logfile created on: 02.04.2012 21:09:46 - Run 13

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\christian\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

5,98 Gb Total Physical Memory | 4,58 Gb Available Physical Memory | 76,63% Memory free

11,96 Gb Paging File | 10,37 Gb Available in Paging File | 86,67% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 906,34 Gb Total Space | 827,83 Gb Free Space | 91,34% Space Free | Partition Type: NTFS

Drive D: | 702,82 Mb Total Space | 675,87 Mb Free Space | 96,17% Space Free | Partition Type: UDF

Drive E: | 15,55 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: LENOVO-PC | User Name: lenovo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\christian\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe (Advanced Micro Devices, Inc.)

PRC - C:\Windows\jmesoft\JME_LOAD.exe ()

PRC - C:\Windows\jmesoft\hotkey.exe (Lenovo)

PRC - C:\Windows\jmesoft\Service.exe ()

PRC - C:\Programme\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Programme\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo)

PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

PRC - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()

MOD - C:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()

MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Programme\Lenovo\Lenovo Brightness System\ddcHelperWraper.dll ()

MOD - C:\Programme\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll ()

MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dll ()

MOD - C:\Programme\Lenovo\Lenovo Eye Distance System\VideoPlayer.dll ()

MOD - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll ()

MOD - C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll ()

MOD - C:\Windows\jmesoft\VistaVolume.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)

SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (JME Keyboard) -- C:\Windows\jmesoft\Service.exe ()

SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x64\Sandra.sys File not found

DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()

DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)

DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (ewusbmbb) -- C:\Windows\SysNative\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (e1cexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)

DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (WinI2C-DDC) -- C:\Windows\SysNative\drivers\ddcdrv.sys (Nicomsoft Ltd.)

DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (WinI2C-DDC) -- C:\Windows\SysWOW64\drivers\ddcdrv.sys (Nicomsoft Ltd.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND

IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data]

IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 99 F3 71 AF 91 CE CC 01  [binary data]

IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LEND_de__464

IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND

IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data]

IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 20 03 0A 18 F7 CC 01  [binary data]

IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found

IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 03:23:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012.03.04 04:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lenovo\AppData\Roaming\Mozilla\Extensions

[2012.03.24 08:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\extensions

[2012.03.24 13:08:05 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\extensions\ffxtlbr@funmoods.com

[2012.03.23 23:08:47 | 000,001,800 | ---- | M] () -- C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\searchplugins\funmoods.xml

[2012.03.04 04:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.03.18 03:23:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Search (Enabled)

CHR - default_search_provider: search_url = hxxp://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}

CHR - default_search_provider: suggest_url = 

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

 

O1 HOSTS File: ([2012.01.15 10:58:47 | 000,000,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo)

O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe ()

O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo)

O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1475071530-2637788333-518923065-1001..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)

O4 - HKU\S-1-5-21-1475071530-2637788333-518923065-1001..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-1475071530-2637788333-518923065-1002..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\lenovo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\lenovo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Free YouTube Download - C:\Users\lenovo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\lenovo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACDB1B37-0C37-4216-A783-09D154660FE9}: NameServer = 212.23.115.148 212.23.97.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB83DF5F-F9AD-499A-A299-95C8071DDE3E}: NameServer = 212.23.115.148 212.23.97.3

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2008.09.19 03:12:34 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{67467fd0-408f-11e1-8d3c-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{67467fd0-408f-11e1-8d3c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{8514c23f-349f-11e1-a42f-001e101f9843}\Shell - "" = AutoRun

O33 - MountPoints2\{8514c23f-349f-11e1-a42f-001e101f9843}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{9fcf2571-333d-11e1-9a5e-c89cdc7604d6}\Shell - "" = AutoRun

O33 - MountPoints2\{9fcf2571-333d-11e1-9a5e-c89cdc7604d6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{9fcf2580-333d-11e1-9a5e-c89cdc7604d6}\Shell - "" = AutoRun

O33 - MountPoints2\{9fcf2580-333d-11e1-9a5e-c89cdc7604d6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

MsConfig:64bit - StartUpReg: mcui_exe - hkey= - key= -  File not found

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MCODS - Reg Error: Value error.

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found

SafeBootNet:64bit: MCODS - Reg Error: Value error.

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: MCODS - Reg Error: Value error.

SafeBootNet: Messenger - Service

SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.26 23:01:47 | 000,000,000 | ---D | C] -- C:\music

[2012.03.23 23:10:43 | 000,000,000 | ---D | C] -- C:\Users\lenovo\AppData\Roaming\SumatraPDF

[2012.03.17 00:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012.03.17 00:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012.03.10 07:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)

[2012.03.04 04:41:58 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed

[2012.03.04 04:27:38 | 000,000,000 | ---D | C] -- C:\Users\lenovo\AppData\Roaming\Mozilla

[2012.03.04 04:27:38 | 000,000,000 | ---D | C] -- C:\Users\lenovo\AppData\Local\Mozilla

[2012.03.04 04:27:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2011.10.22 01:25:37 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.02 20:56:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012.04.02 20:40:27 | 000,028,112 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.04.02 20:40:27 | 000,028,112 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.04.02 20:40:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.04.02 20:37:34 | 001,506,546 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012.04.02 20:37:34 | 000,656,472 | ---- | M] () -- C:\windows\SysNative\perfh007.dat

[2012.04.02 20:37:34 | 000,618,354 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012.04.02 20:37:34 | 000,130,986 | ---- | M] () -- C:\windows\SysNative\perfc007.dat

[2012.04.02 20:37:34 | 000,107,376 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012.04.02 20:35:17 | 000,122,567 | ---- | M] () -- C:\windows\SysNative\fastboot.set

[2012.04.02 20:34:41 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.04.02 20:33:10 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat

[2012.04.02 20:33:02 | 523,018,239 | -HS- | M] () -- C:\hiberfil.sys

[2012.03.31 04:46:58 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.03.17 00:20:53 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.03.15 18:05:32 | 000,283,104 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012.03.04 04:27:33 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.17 00:20:53 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.03.04 04:27:32 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011.12.31 04:06:01 | 001,532,588 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011.12.31 03:55:39 | 000,007,597 | ---- | C] () -- C:\Users\lenovo\AppData\Local\Resmon.ResmonCfg

[2011.10.22 01:55:06 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe

[2011.10.22 01:55:06 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe

[2011.10.22 01:01:43 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll

[2011.07.15 04:44:54 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

[2011.06.11 08:45:16 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll

[2011.02.12 21:35:47 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

 
 ========== LOP Check ==========

 

[2012.01.12 16:58:11 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\DVDVideoSoft

[2012.02.11 20:50:20 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\LSoft Technologies

[2012.01.24 19:22:15 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\SoftGrid Client

[2012.02.06 18:30:08 | 000,000,000 | ---D | M] -- C:\Users\christian\AppData\Roaming\WinPatrol

[2012.01.15 14:42:51 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\DVDVideoSoft

[2012.01.12 16:55:23 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.01.06 02:24:44 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\GlarySoft

[2012.01.24 09:06:50 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\SoftGrid Client

[2012.03.23 23:10:43 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\SumatraPDF

[2012.01.24 08:57:10 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\TP

[2012.02.05 19:53:51 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\WinPatrol

[2012.03.04 12:05:49 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.12.31 04:09:40 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\Adobe

[2011.12.24 20:06:47 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\ATI

[2011.12.31 12:43:02 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\CyberLink

[2012.01.15 14:42:51 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\DVDVideoSoft

[2012.01.12 16:55:23 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.01.06 02:24:44 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\GlarySoft

[2012.01.01 19:53:53 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\Google

[2011.12.24 20:04:15 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\Identities

[2011.12.31 04:09:40 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\Macromedia

[2011.12.31 15:57:48 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\Malwarebytes

[2011.02.15 12:41:29 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\Media Center Programs

[2012.02.13 18:42:00 | 000,000,000 | --SD | M] -- C:\Users\lenovo\AppData\Roaming\Microsoft

[2012.03.04 04:27:44 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\Mozilla

[2012.01.24 09:06:50 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\SoftGrid Client

[2012.03.23 23:10:43 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\SumatraPDF

[2012.01.29 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\SUPERAntiSpyware.com

[2012.01.24 08:57:10 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\TP

[2012.03.24 13:08:07 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\vlc

[2012.02.05 19:53:51 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\WinPatrol

[2012.01.07 16:19:26 | 000,000,000 | ---D | M] -- C:\Users\lenovo\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

[2012.01.08 07:15:44 | 000,458,608 | ---- | M] (McAfee Inc.) -- C:\MVTInstaller.exe

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\lenovo\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120116T204809774251\internal_ide_channel\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\lenovo\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120119T195636948898\internal_ide_channel\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\lenovo\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120123T184238514081\internal_ide_channel\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\lenovo\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120124T110313659123\internal_ide_channel\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.10.22 01:39:06 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.10.22 01:39:06 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys

[2011.10.22 01:39:06 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.10.22 01:39:06 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.10.22 01:39:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.10.22 01:39:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys

[2011.10.22 01:39:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.10.22 01:39:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34
 

< End of report >

Danke das du dir die Zeit nimmst

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

CHR - default_search_provider: search_url = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}

[2012.03.24 13:08:05 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\extensions\ffxtlbr@funmoods.com

[2012.03.23 23:08:47 | 000,001,800 | ---- | M] () -- C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\searchplugins\funmoods.xml

O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1475071530-2637788333-518923065-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-1475071530-2637788333-518923065-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKU\S-1-5-21-1475071530-2637788333-518923065-1002..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]

O33 - MountPoints2\{67467fd0-408f-11e1-8d3c-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{67467fd0-408f-11e1-8d3c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{8514c23f-349f-11e1-a42f-001e101f9843}\Shell - "" = AutoRun

O33 - MountPoints2\{8514c23f-349f-11e1-a42f-001e101f9843}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{9fcf2571-333d-11e1-9a5e-c89cdc7604d6}\Shell - "" = AutoRun

O33 - MountPoints2\{9fcf2571-333d-11e1-9a5e-c89cdc7604d6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{9fcf2580-333d-11e1-9a5e-c89cdc7604d6}\Shell - "" = AutoRun

O33 - MountPoints2\{9fcf2580-333d-11e1-9a5e-c89cdc7604d6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

So hier der Log bitte:

Code:

All processes killed

========== OTL ==========

Unable to fix default_search_provider items.

C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs folder moved successfully.

C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\extensions\ffxtlbr@funmoods.com\content\imgs folder moved successfully.

C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\extensions\ffxtlbr@funmoods.com\content folder moved successfully.

C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\extensions\ffxtlbr@funmoods.com folder moved successfully.

C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\searchplugins\funmoods.xml moved successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1475071530-2637788333-518923065-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_USERS\S-1-5-21-1475071530-2637788333-518923065-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_USERS\S-1-5-21-1475071530-2637788333-518923065-1002\Software\Microsoft\Windows\CurrentVersion\Run\\SandboxieControl deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

File move failed. E:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67467fd0-408f-11e1-8d3c-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67467fd0-408f-11e1-8d3c-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67467fd0-408f-11e1-8d3c-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67467fd0-408f-11e1-8d3c-806e6f6e6963}\ not found.

File move failed. E:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8514c23f-349f-11e1-a42f-001e101f9843}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8514c23f-349f-11e1-a42f-001e101f9843}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8514c23f-349f-11e1-a42f-001e101f9843}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8514c23f-349f-11e1-a42f-001e101f9843}\ not found.

File move failed. E:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fcf2571-333d-11e1-9a5e-c89cdc7604d6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9fcf2571-333d-11e1-9a5e-c89cdc7604d6}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fcf2571-333d-11e1-9a5e-c89cdc7604d6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9fcf2571-333d-11e1-9a5e-c89cdc7604d6}\ not found.

File move failed. E:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fcf2580-333d-11e1-9a5e-c89cdc7604d6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9fcf2580-333d-11e1-9a5e-c89cdc7604d6}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fcf2580-333d-11e1-9a5e-c89cdc7604d6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9fcf2580-333d-11e1-9a5e-c89cdc7604d6}\ not found.

File move failed. E:\AutoRun.exe scheduled to be moved on reboot.

ADS C:\ProgramData\Temp:5C321E34 deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: christian

->Temp folder emptied: 604797 bytes

->Temporary Internet Files folder emptied: 1223121 bytes

->FireFox cache emptied: 195845406 bytes

->Google Chrome cache emptied: 102678346 bytes

->Flash cache emptied: 2416 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: lenovo

->Temp folder emptied: 561 bytes

->Temporary Internet Files folder emptied: 124763 bytes

->FireFox cache emptied: 50422629 bytes

->Google Chrome cache emptied: 10649793 bytes

->Flash cache emptied: 470 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 445857 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 345,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: christian

->Flash cache emptied: 0 bytes

 

User: Default

 

User: Default User

 

User: lenovo

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.39.2 log created on 04032012_173407
 

Files\Folders moved on Reboot...

File move failed. E:\AutoRun.exe scheduled to be moved on reboot.

File move failed. C:\Users\christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

C:\Users\lenovo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hier der Log bitte:

Code:

21:22:18.0219 5584        TDSS rootkit removing tool 2.7.25.0 Apr  3 2012 13:42:32

21:22:18.0225 5584        ============================================================

21:22:18.0225 5584        Current date / time: 2012/04/03 21:22:18.0225

21:22:18.0225 5584        SystemInfo:

21:22:18.0225 5584        

21:22:18.0225 5584        OS Version: 6.1.7601 ServicePack: 1.0

21:22:18.0225 5584        Product type: Workstation

21:22:18.0225 5584        ComputerName: LENOVO-PC

21:22:18.0225 5584        UserName: lenovo

21:22:18.0225 5584        Windows directory: C:\windows

21:22:18.0225 5584        System windows directory: C:\windows

21:22:18.0225 5584        Running under WOW64

21:22:18.0225 5584        Processor architecture: Intel x64

21:22:18.0225 5584        Number of processors: 4

21:22:18.0225 5584        Page size: 0x1000

21:22:18.0225 5584        Boot type: Normal boot

21:22:18.0225 5584        ============================================================

21:22:19.0197 5584        Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:22:19.0208 5584        \Device\Harddisk0\DR0:

21:22:19.0208 5584        MBR used

21:22:19.0208 5584        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

21:22:19.0208 5584        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x714AE800

21:22:19.0217 5584        Initialize success

21:22:19.0217 5584        ============================================================

21:23:46.0481 4184        ============================================================

21:23:46.0481 4184        Scan started

21:23:46.0481 4184        Mode: Manual; SigCheck; TDLFS; 

21:23:46.0481 4184        ============================================================

21:23:46.0680 4184        !SASCORE        (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

21:23:46.0727 4184        !SASCORE - ok

21:23:46.0806 4184        1394ohci        (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

21:23:46.0839 4184        1394ohci - ok

21:23:46.0864 4184        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

21:23:46.0878 4184        ACPI - ok

21:23:46.0896 4184        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

21:23:46.0924 4184        AcpiPmi - ok

21:23:47.0007 4184        AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

21:23:47.0020 4184        AdobeFlashPlayerUpdateSvc - ok

21:23:47.0095 4184        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys

21:23:47.0114 4184        adp94xx - ok

21:23:47.0154 4184        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys

21:23:47.0168 4184        adpahci - ok

21:23:47.0184 4184        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys

21:23:47.0195 4184        adpu320 - ok

21:23:47.0225 4184        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

21:23:47.0274 4184        AeLookupSvc - ok

21:23:47.0342 4184        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

21:23:47.0360 4184        AFD - ok

21:23:47.0384 4184        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

21:23:47.0389 4184        agp440 - ok

21:23:47.0407 4184        ALG             (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

21:23:47.0414 4184        ALG - ok

21:23:47.0456 4184        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

21:23:47.0462 4184        aliide - ok

21:23:47.0495 4184        AMD External Events Utility (bced2ac6f52aedf56ed91790981eee93) C:\windows\system32\atiesrxx.exe

21:23:47.0525 4184        AMD External Events Utility - ok

21:23:47.0571 4184        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

21:23:47.0577 4184        amdide - ok

21:23:47.0612 4184        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys

21:23:47.0647 4184        AmdK8 - ok

21:23:47.0796 4184        amdkmdag        (cc21dd0277eb60a509fb7c88c512e852) C:\windows\system32\DRIVERS\atikmdag.sys

21:23:47.0937 4184        amdkmdag - ok

21:23:47.0996 4184        amdkmdap        (f3de27fec3c674ff24104673682b7b31) C:\windows\system32\DRIVERS\atikmpag.sys

21:23:48.0027 4184        amdkmdap - ok

21:23:48.0076 4184        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys

21:23:48.0094 4184        AmdPPM - ok

21:23:48.0122 4184        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

21:23:48.0131 4184        amdsata - ok

21:23:48.0146 4184        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys

21:23:48.0156 4184        amdsbs - ok

21:23:48.0169 4184        amdxata         (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

21:23:48.0174 4184        amdxata - ok

21:23:48.0235 4184        AppID           (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

21:23:48.0275 4184        AppID - ok

21:23:48.0312 4184        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

21:23:48.0362 4184        AppIDSvc - ok

21:23:48.0387 4184        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

21:23:48.0421 4184        Appinfo - ok

21:23:48.0481 4184        arc             (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys

21:23:48.0489 4184        arc - ok

21:23:48.0515 4184        arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys

21:23:48.0524 4184        arcsas - ok

21:23:48.0548 4184        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

21:23:48.0587 4184        AsyncMac - ok

21:23:48.0600 4184        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

21:23:48.0604 4184        atapi - ok

21:23:48.0663 4184        AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\windows\system32\drivers\AtihdW76.sys

21:23:48.0700 4184        AtiHDAudioService - ok

21:23:48.0879 4184        atikmdag        (cc21dd0277eb60a509fb7c88c512e852) C:\windows\system32\DRIVERS\atikmdag.sys

21:23:48.0954 4184        atikmdag - ok

21:23:48.0998 4184        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

21:23:49.0060 4184        AudioEndpointBuilder - ok

21:23:49.0070 4184        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

21:23:49.0096 4184        AudioSrv - ok

21:23:49.0168 4184        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

21:23:49.0204 4184        AxInstSV - ok

21:23:49.0246 4184        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys

21:23:49.0275 4184        b06bdrv - ok

21:23:49.0310 4184        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

21:23:49.0333 4184        b57nd60a - ok

21:23:49.0410 4184        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

21:23:49.0431 4184        BDESVC - ok

21:23:49.0462 4184        Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

21:23:49.0504 4184        Beep - ok

21:23:49.0541 4184        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll

21:23:49.0580 4184        BFE - ok

21:23:49.0612 4184        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll

21:23:49.0656 4184        BITS - ok

21:23:49.0732 4184        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

21:23:49.0752 4184        blbdrive - ok

21:23:49.0794 4184        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

21:23:49.0818 4184        bowser - ok

21:23:49.0858 4184        BPntDrv         (aaa4f992f879977a000fe8b8c730cd2c) C:\windows\system32\drivers\BPntDrv.sys

21:23:49.0866 4184        BPntDrv - ok

21:23:49.0880 4184        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys

21:23:49.0902 4184        BrFiltLo - ok

21:23:49.0922 4184        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys

21:23:49.0936 4184        BrFiltUp - ok

21:23:49.0993 4184        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

21:23:50.0039 4184        Browser - ok

21:23:50.0081 4184        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

21:23:50.0104 4184        Brserid - ok

21:23:50.0127 4184        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

21:23:50.0150 4184        BrSerWdm - ok

21:23:50.0172 4184        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

21:23:50.0197 4184        BrUsbMdm - ok

21:23:50.0243 4184        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

21:23:50.0261 4184        BrUsbSer - ok

21:23:50.0277 4184        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys

21:23:50.0303 4184        BTHMODEM - ok

21:23:50.0342 4184        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

21:23:50.0374 4184        bthserv - ok

21:23:50.0414 4184        cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

21:23:50.0459 4184        cdfs - ok

21:23:50.0527 4184        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

21:23:50.0551 4184        cdrom - ok

21:23:50.0585 4184        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

21:23:50.0632 4184        CertPropSvc - ok

21:23:50.0666 4184        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys

21:23:50.0686 4184        circlass - ok

21:23:50.0710 4184        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

21:23:50.0725 4184        CLFS - ok

21:23:50.0766 4184        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:23:50.0775 4184        clr_optimization_v2.0.50727_32 - ok

21:23:50.0819 4184        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:23:50.0827 4184        clr_optimization_v2.0.50727_64 - ok

21:23:50.0871 4184        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:23:50.0882 4184        clr_optimization_v4.0.30319_32 - ok

21:23:50.0910 4184        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

21:23:50.0920 4184        clr_optimization_v4.0.30319_64 - ok

21:23:50.0976 4184        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys

21:23:50.0996 4184        CmBatt - ok

21:23:51.0032 4184        cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

21:23:51.0039 4184        cmdide - ok

21:23:51.0076 4184        CNG             (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

21:23:51.0109 4184        CNG - ok

21:23:51.0124 4184        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys

21:23:51.0130 4184        Compbatt - ok

21:23:51.0187 4184        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys

21:23:51.0210 4184        CompositeBus - ok

21:23:51.0246 4184        COMSysApp - ok

21:23:51.0269 4184        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys

21:23:51.0276 4184        crcdisk - ok

21:23:51.0309 4184        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll

21:23:51.0357 4184        CryptSvc - ok

21:23:51.0434 4184        cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

21:23:51.0458 4184        cvhsvc - ok

21:23:51.0525 4184        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

21:23:51.0569 4184        DcomLaunch - ok

21:23:51.0603 4184        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

21:23:51.0636 4184        defragsvc - ok

21:23:51.0670 4184        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

21:23:51.0707 4184        DfsC - ok

21:23:51.0767 4184        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

21:23:51.0821 4184        Dhcp - ok

21:23:51.0847 4184        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

21:23:51.0893 4184        discache - ok

21:23:51.0941 4184        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys

21:23:51.0948 4184        Disk - ok

21:23:52.0005 4184        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

21:23:52.0017 4184        Dnscache - ok

21:23:52.0047 4184        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

21:23:52.0100 4184        dot3svc - ok

21:23:52.0121 4184        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

21:23:52.0152 4184        DPS - ok

21:23:52.0196 4184        drmkaud         (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

21:23:52.0221 4184        drmkaud - ok

21:23:52.0283 4184        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

21:23:52.0306 4184        DXGKrnl - ok

21:23:52.0336 4184        e1cexpress      (6bafd9819d9fec2edbaebc8493c711a4) C:\windows\system32\DRIVERS\e1c62x64.sys

21:23:52.0344 4184        e1cexpress - ok

21:23:52.0370 4184        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

21:23:52.0420 4184        EapHost - ok

21:23:52.0503 4184        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys

21:23:52.0563 4184        ebdrv - ok

21:23:52.0618 4184        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

21:23:52.0640 4184        EFS - ok

21:23:52.0689 4184        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

21:23:52.0712 4184        ehRecvr - ok

21:23:52.0732 4184        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

21:23:52.0744 4184        ehSched - ok

21:23:52.0792 4184        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys

21:23:52.0811 4184        elxstor - ok

21:23:52.0822 4184        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

21:23:52.0840 4184        ErrDev - ok

21:23:52.0913 4184        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

21:23:52.0971 4184        EventSystem - ok

21:23:53.0025 4184        ewusbmbb        (f673e476eae320ad07278396a05b4aac) C:\windows\system32\DRIVERS\ewusbwwan.sys

21:23:53.0039 4184        ewusbmbb - ok

21:23:53.0081 4184        ewusbnet - ok

21:23:53.0106 4184        ew_hwusbdev     (86f7951bbcee4a86e79a97306bd14318) C:\windows\system32\DRIVERS\ew_hwusbdev.sys

21:23:53.0121 4184        ew_hwusbdev - ok

21:23:53.0191 4184        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

21:23:53.0224 4184        exfat - ok

21:23:53.0243 4184        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

21:23:53.0282 4184        fastfat - ok

21:23:53.0320 4184        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

21:23:53.0351 4184        Fax - ok

21:23:53.0381 4184        fbfmon          (3191aca33088ee2481044fc0db736442) C:\windows\system32\drivers\fbfmon.sys

21:23:53.0390 4184        fbfmon - ok

21:23:53.0445 4184        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys

21:23:53.0463 4184        fdc - ok

21:23:53.0487 4184        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

21:23:53.0533 4184        fdPHost - ok

21:23:53.0557 4184        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

21:23:53.0579 4184        FDResPub - ok

21:23:53.0590 4184        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

21:23:53.0595 4184        FileInfo - ok

21:23:53.0609 4184        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

21:23:53.0635 4184        Filetrace - ok

21:23:53.0686 4184        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys

21:23:53.0695 4184        flpydisk - ok

21:23:53.0711 4184        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

21:23:53.0722 4184        FltMgr - ok

21:23:53.0755 4184        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

21:23:53.0790 4184        FontCache - ok

21:23:53.0841 4184        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:23:53.0848 4184        FontCache3.0.0.0 - ok

21:23:53.0912 4184        FsDepends       (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

21:23:53.0920 4184        FsDepends - ok

21:23:53.0962 4184        fssfltr         (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\windows\system32\DRIVERS\fssfltr.sys

21:23:53.0969 4184        fssfltr - ok

21:23:54.0040 4184        fsssvc          (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

21:23:54.0073 4184        fsssvc - ok

21:23:54.0138 4184        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

21:23:54.0144 4184        Fs_Rec - ok

21:23:54.0167 4184        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

21:23:54.0179 4184        fvevol - ok

21:23:54.0203 4184        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys

21:23:54.0209 4184        gagp30kx - ok

21:23:54.0235 4184        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

21:23:54.0277 4184        gpsvc - ok

21:23:54.0319 4184        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:23:54.0327 4184        gupdate - ok

21:23:54.0372 4184        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:23:54.0380 4184        gupdatem - ok

21:23:54.0446 4184        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

21:23:54.0463 4184        hcw85cir - ok

21:23:54.0488 4184        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

21:23:54.0517 4184        HdAudAddService - ok

21:23:54.0564 4184        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys

21:23:54.0587 4184        HDAudBus - ok

21:23:54.0655 4184        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys

21:23:54.0665 4184        HidBatt - ok

21:23:54.0679 4184        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys

21:23:54.0706 4184        HidBth - ok

21:23:54.0725 4184        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys

21:23:54.0738 4184        HidIr - ok

21:23:54.0752 4184        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll

21:23:54.0784 4184        hidserv - ok

21:23:54.0858 4184        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

21:23:54.0867 4184        HidUsb - ok

21:23:54.0882 4184        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

21:23:54.0930 4184        hkmsvc - ok

21:23:54.0948 4184        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

21:23:54.0968 4184        HomeGroupListener - ok

21:23:54.0997 4184        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

21:23:55.0017 4184        HomeGroupProvider - ok

21:23:55.0090 4184        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

21:23:55.0098 4184        HpSAMD - ok

21:23:55.0120 4184        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

21:23:55.0175 4184        HTTP - ok

21:23:55.0221 4184        hwdatacard      (48bd20f0d9de15000d2f4fe1a927aea2) C:\windows\system32\DRIVERS\ewusbmdm.sys

21:23:55.0246 4184        hwdatacard - ok

21:23:55.0324 4184        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

21:23:55.0330 4184        hwpolicy - ok

21:23:55.0339 4184        hwusbdev - ok

21:23:55.0391 4184        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

21:23:55.0402 4184        i8042prt - ok

21:23:55.0421 4184        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

21:23:55.0437 4184        iaStorV - ok

21:23:55.0500 4184        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:23:55.0526 4184        idsvc - ok

21:23:55.0588 4184        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys

21:23:55.0595 4184        iirsp - ok

21:23:55.0632 4184        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

21:23:55.0695 4184        IKEEXT - ok

21:23:55.0767 4184        IntcAzAudAddService (62c93abec0f8a9a235bf7a86b9fc3a0c) C:\windows\system32\drivers\RTKVHD64.sys

21:23:55.0806 4184        IntcAzAudAddService - ok

21:23:55.0866 4184        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

21:23:55.0873 4184        intelide - ok

21:23:55.0894 4184        intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

21:23:55.0914 4184        intelppm - ok

21:23:55.0960 4184        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

21:23:56.0009 4184        IPBusEnum - ok

21:23:56.0028 4184        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

21:23:56.0054 4184        IpFilterDriver - ok

21:23:56.0071 4184        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll

21:23:56.0111 4184        iphlpsvc - ok

21:23:56.0182 4184        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

21:23:56.0206 4184        IPMIDRV - ok

21:23:56.0215 4184        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

21:23:56.0248 4184        IPNAT - ok

21:23:56.0274 4184        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

21:23:56.0289 4184        IRENUM - ok

21:23:56.0311 4184        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

21:23:56.0317 4184        isapnp - ok

21:23:56.0382 4184        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

21:23:56.0395 4184        iScsiPrt - ok

21:23:56.0433 4184        JME Keyboard    (1ded0d0aa513e2a5862b20a520d3a1e1) C:\Windows\jmesoft\Service.exe

21:23:56.0448 4184        JME Keyboard ( UnsignedFile.Multi.Generic ) - warning

21:23:56.0448 4184        JME Keyboard - detected UnsignedFile.Multi.Generic (1)

21:23:56.0479 4184        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

21:23:56.0486 4184        kbdclass - ok

21:23:56.0508 4184        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys

21:23:56.0527 4184        kbdhid - ok

21:23:56.0593 4184        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

21:23:56.0602 4184        KeyIso - ok

21:23:56.0625 4184        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

21:23:56.0633 4184        KSecDD - ok

21:23:56.0650 4184        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

21:23:56.0658 4184        KSecPkg - ok

21:23:56.0681 4184        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

21:23:56.0729 4184        ksthunk - ok

21:23:56.0754 4184        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

21:23:56.0792 4184        KtmRm - ok

21:23:56.0867 4184        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll

21:23:56.0905 4184        LanmanServer - ok

21:23:56.0944 4184        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

21:23:56.0996 4184        LanmanWorkstation - ok

21:23:57.0050 4184        lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

21:23:57.0104 4184        lltdio - ok

21:23:57.0167 4184        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

21:23:57.0224 4184        lltdsvc - ok

21:23:57.0241 4184        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

21:23:57.0274 4184        lmhosts - ok

21:23:57.0350 4184        LMS             (926eba26a8b49d1597751ced06b50862) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

21:23:57.0363 4184        LMS - ok

21:23:57.0431 4184        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys

21:23:57.0439 4184        LSI_FC - ok

21:23:57.0461 4184        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys

21:23:57.0470 4184        LSI_SAS - ok

21:23:57.0481 4184        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys

21:23:57.0489 4184        LSI_SAS2 - ok

21:23:57.0506 4184        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys

21:23:57.0515 4184        LSI_SCSI - ok

21:23:57.0537 4184        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

21:23:57.0587 4184        luafv - ok

21:23:57.0684 4184        MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys

21:23:57.0693 4184        MBAMProtector - ok

21:23:57.0768 4184        MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

21:23:57.0791 4184        MBAMService - ok

21:23:57.0801 4184        McMPFSvc - ok

21:23:57.0828 4184        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

21:23:57.0835 4184        Mcx2Svc - ok

21:23:57.0863 4184        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys

21:23:57.0874 4184        megasas - ok

21:23:57.0953 4184        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys

21:23:57.0966 4184        MegaSR - ok

21:23:57.0999 4184        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys

21:23:58.0008 4184        MEIx64 - ok

21:23:58.0032 4184        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

21:23:58.0077 4184        MMCSS - ok

21:23:58.0093 4184        Modem           (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

21:23:58.0114 4184        Modem - ok

21:23:58.0180 4184        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

21:23:58.0207 4184        monitor - ok

21:23:58.0241 4184        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

21:23:58.0248 4184        mouclass - ok

21:23:58.0265 4184        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

21:23:58.0290 4184        mouhid - ok

21:23:58.0316 4184        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

21:23:58.0324 4184        mountmgr - ok

21:23:58.0356 4184        MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys

21:23:58.0367 4184        MpFilter - ok

21:23:58.0430 4184        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

21:23:58.0440 4184        mpio - ok

21:23:58.0460 4184        MpNWMon         (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys

21:23:58.0466 4184        MpNWMon - ok

21:23:58.0484 4184        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

21:23:58.0524 4184        mpsdrv - ok

21:23:58.0552 4184        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll

21:23:58.0596 4184        MpsSvc - ok

21:23:58.0618 4184        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

21:23:58.0641 4184        MRxDAV - ok

21:23:58.0709 4184        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

21:23:58.0720 4184        mrxsmb - ok

21:23:58.0747 4184        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

21:23:58.0760 4184        mrxsmb10 - ok

21:23:58.0774 4184        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

21:23:58.0797 4184        mrxsmb20 - ok

21:23:58.0823 4184        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

21:23:58.0830 4184        msahci - ok

21:23:58.0878 4184        msdsm           (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

21:23:58.0887 4184        msdsm - ok

21:23:58.0907 4184        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

21:23:58.0935 4184        MSDTC - ok

21:23:58.0968 4184        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

21:23:59.0005 4184        Msfs - ok

21:23:59.0025 4184        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

21:23:59.0056 4184        mshidkmdf - ok

21:23:59.0138 4184        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

21:23:59.0144 4184        msisadrv - ok

21:23:59.0223 4184        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

21:23:59.0256 4184        MSiSCSI - ok

21:23:59.0261 4184        msiserver - ok

21:23:59.0292 4184        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

21:23:59.0337 4184        MSKSSRV - ok

21:23:59.0388 4184        MsMpSvc         (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

21:23:59.0395 4184        MsMpSvc - ok

21:23:59.0442 4184        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

21:23:59.0477 4184        MSPCLOCK - ok

21:23:59.0484 4184        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

21:23:59.0519 4184        MSPQM - ok

21:23:59.0537 4184        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

21:23:59.0545 4184        MsRPC - ok

21:23:59.0563 4184        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

21:23:59.0567 4184        mssmbios - ok

21:23:59.0578 4184        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

21:23:59.0607 4184        MSTEE - ok

21:23:59.0621 4184        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys

21:23:59.0627 4184        MTConfig - ok

21:23:59.0683 4184        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

21:23:59.0690 4184        Mup - ok

21:23:59.0716 4184        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

21:23:59.0757 4184        napagent - ok

21:23:59.0792 4184        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

21:23:59.0819 4184        NativeWifiP - ok

21:23:59.0851 4184        NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys

21:23:59.0877 4184        NDIS - ok

21:23:59.0947 4184        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

21:23:59.0983 4184        NdisCap - ok

21:23:59.0999 4184        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

21:24:00.0020 4184        NdisTapi - ok

21:24:00.0051 4184        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

21:24:00.0101 4184        Ndisuio - ok

21:24:00.0118 4184        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

21:24:00.0168 4184        NdisWan - ok

21:24:00.0230 4184        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

21:24:00.0266 4184        NDProxy - ok

21:24:00.0290 4184        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

21:24:00.0338 4184        NetBIOS - ok

21:24:00.0362 4184        NetBT           (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

21:24:00.0391 4184        NetBT - ok

21:24:00.0426 4184        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

21:24:00.0431 4184        Netlogon - ok

21:24:00.0505 4184        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

21:24:00.0550 4184        Netman - ok

21:24:00.0577 4184        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

21:24:00.0618 4184        netprofm - ok

21:24:00.0679 4184        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:24:00.0686 4184        NetTcpPortSharing - ok

21:24:00.0765 4184        nfrd960         (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys

21:24:00.0772 4184        nfrd960 - ok

21:24:00.0792 4184        NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys

21:24:00.0799 4184        NisDrv - ok

21:24:00.0839 4184        NisSrv          (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

21:24:00.0854 4184        NisSrv - ok

21:24:00.0887 4184        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

21:24:00.0942 4184        NlaSvc - ok

21:24:00.0959 4184        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

21:24:00.0981 4184        Npfs - ok

21:24:01.0030 4184        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

21:24:01.0077 4184        nsi - ok

21:24:01.0116 4184        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

21:24:01.0155 4184        nsiproxy - ok

21:24:01.0193 4184        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

21:24:01.0221 4184        Ntfs - ok

21:24:01.0234 4184        Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

21:24:01.0254 4184        Null - ok

21:24:01.0316 4184        nusb3hub        (786db821bfd57c0551dbbe4f75384a7d) C:\windows\system32\DRIVERS\nusb3hub.sys

21:24:01.0338 4184        nusb3hub - ok

21:24:01.0364 4184        nusb3xhc        (daa8005caf745042bb427a1ed7433354) C:\windows\system32\DRIVERS\nusb3xhc.sys

21:24:01.0374 4184        nusb3xhc - ok

21:24:01.0403 4184        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

21:24:01.0412 4184        nvraid - ok

21:24:01.0426 4184        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

21:24:01.0436 4184        nvstor - ok

21:24:01.0449 4184        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

21:24:01.0457 4184        nv_agp - ok

21:24:01.0477 4184        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

21:24:01.0502 4184        ohci1394 - ok

21:24:01.0594 4184        ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:24:01.0604 4184        ose - ok

21:24:01.0705 4184        osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

21:24:01.0783 4184        osppsvc - ok

21:24:01.0839 4184        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

21:24:01.0854 4184        p2pimsvc - ok

21:24:01.0872 4184        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

21:24:01.0903 4184        p2psvc - ok

21:24:01.0949 4184        Parport         (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys

21:24:01.0967 4184        Parport - ok

21:24:01.0987 4184        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys

21:24:01.0994 4184        partmgr - ok

21:24:02.0012 4184        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

21:24:02.0044 4184        PcaSvc - ok

21:24:02.0094 4184        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

21:24:02.0104 4184        pci - ok

21:24:02.0117 4184        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

21:24:02.0123 4184        pciide - ok

21:24:02.0144 4184        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys

21:24:02.0154 4184        pcmcia - ok

21:24:02.0189 4184        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

21:24:02.0196 4184        pcw - ok

21:24:02.0218 4184        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

21:24:02.0276 4184        PEAUTH - ok

21:24:02.0339 4184        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

21:24:02.0349 4184        PerfHost - ok

21:24:02.0409 4184        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

21:24:02.0469 4184        pla - ok

21:24:02.0506 4184        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

21:24:02.0526 4184        PlugPlay - ok

21:24:02.0557 4184        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

21:24:02.0575 4184        PNRPAutoReg - ok

21:24:02.0622 4184        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

21:24:02.0635 4184        PNRPsvc - ok

21:24:02.0663 4184        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

21:24:02.0718 4184        PolicyAgent - ok

21:24:02.0737 4184        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

21:24:02.0787 4184        Power - ok

21:24:02.0856 4184        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

21:24:02.0898 4184        PptpMiniport - ok

21:24:02.0913 4184        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys

21:24:02.0939 4184        Processor - ok

21:24:02.0960 4184        ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll

21:24:03.0017 4184        ProfSvc - ok

21:24:03.0042 4184        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

21:24:03.0047 4184        ProtectedStorage - ok

21:24:03.0122 4184        Psched          (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

21:24:03.0153 4184        Psched - ok

21:24:03.0191 4184        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys

21:24:03.0217 4184        ql2300 - ok

21:24:03.0230 4184        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys

21:24:03.0235 4184        ql40xx - ok

21:24:03.0257 4184        QWAVE           (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

21:24:03.0269 4184        QWAVE - ok

21:24:03.0327 4184        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

21:24:03.0352 4184        QWAVEdrv - ok

21:24:03.0371 4184        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

21:24:03.0404 4184        RasAcd - ok

21:24:03.0430 4184        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

21:24:03.0452 4184        RasAgileVpn - ok

21:24:03.0465 4184        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

21:24:03.0503 4184        RasAuto - ok

21:24:03.0577 4184        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

21:24:03.0613 4184        Rasl2tp - ok

21:24:03.0659 4184        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

21:24:03.0695 4184        RasMan - ok

21:24:03.0719 4184        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

21:24:03.0754 4184        RasPppoe - ok

21:24:03.0831 4184        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

21:24:03.0872 4184        RasSstp - ok

21:24:03.0891 4184        rdbss           (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

21:24:03.0927 4184        rdbss - ok

21:24:03.0943 4184        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys

21:24:03.0950 4184        rdpbus - ok

21:24:03.0967 4184        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

21:24:03.0988 4184        RDPCDD - ok

21:24:04.0054 4184        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

21:24:04.0094 4184        RDPENCDD - ok

21:24:04.0111 4184        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

21:24:04.0131 4184        RDPREFMP - ok

21:24:04.0177 4184        RDPWD           (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys

21:24:04.0189 4184        RDPWD - ok

21:24:04.0210 4184        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

21:24:04.0221 4184        rdyboost - ok

21:24:04.0248 4184        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

21:24:04.0285 4184        RemoteAccess - ok

21:24:04.0353 4184        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

21:24:04.0399 4184        RemoteRegistry - ok

21:24:04.0416 4184        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

21:24:04.0447 4184        RpcEptMapper - ok

21:24:04.0467 4184        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

21:24:04.0483 4184        RpcLocator - ok

21:24:04.0506 4184        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

21:24:04.0530 4184        RpcSs - ok

21:24:04.0566 4184        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

21:24:04.0588 4184        rspndr - ok

21:24:04.0645 4184        RSUSBSTOR       (9beb5f18a418ff70659ce2e356829568) C:\windows\system32\Drivers\RtsUStor.sys

21:24:04.0658 4184        RSUSBSTOR - ok

21:24:04.0684 4184        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

21:24:04.0693 4184        SamSs - ok

21:24:04.0725 4184        SANDRA - ok

21:24:04.0783 4184        SASDIFSV        (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

21:24:04.0791 4184        SASDIFSV - ok

21:24:04.0820 4184        SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

21:24:04.0827 4184        SASKUTIL - ok

21:24:04.0888 4184        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

21:24:04.0896 4184        sbp2port - ok

21:24:04.0917 4184        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

21:24:04.0952 4184        SCardSvr - ok

21:24:04.0962 4184        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

21:24:04.0991 4184        scfilter - ok

21:24:05.0018 4184        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

21:24:05.0063 4184        Schedule - ok

21:24:05.0117 4184        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

21:24:05.0143 4184        SCPolicySvc - ok

21:24:05.0169 4184        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

21:24:05.0185 4184        SDRSVC - ok

21:24:05.0224 4184        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

21:24:05.0275 4184        secdrv - ok

21:24:05.0295 4184        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

21:24:05.0315 4184        seclogon - ok

21:24:05.0362 4184        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll

21:24:05.0413 4184        SENS - ok

21:24:05.0445 4184        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

21:24:05.0465 4184        SensrSvc - ok

21:24:05.0513 4184        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys

21:24:05.0530 4184        Serenum - ok

21:24:05.0555 4184        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys

21:24:05.0574 4184        Serial - ok

21:24:05.0622 4184        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys

21:24:05.0631 4184        sermouse - ok

21:24:05.0650 4184        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

21:24:05.0695 4184        SessionEnv - ok

21:24:05.0703 4184        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

21:24:05.0710 4184        sffdisk - ok

21:24:05.0727 4184        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

21:24:05.0736 4184        sffp_mmc - ok

21:24:05.0756 4184        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

21:24:05.0774 4184        sffp_sd - ok

21:24:05.0788 4184        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys

21:24:05.0810 4184        sfloppy - ok

21:24:05.0889 4184        Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys

21:24:05.0907 4184        Sftfs - ok

21:24:05.0978 4184        sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

21:24:05.0996 4184        sftlist - ok

21:24:06.0016 4184        Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys

21:24:06.0025 4184        Sftplay - ok

21:24:06.0071 4184        Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys

21:24:06.0077 4184        Sftredir - ok

21:24:06.0103 4184        Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys

21:24:06.0110 4184        Sftvol - ok

21:24:06.0170 4184        sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

21:24:06.0181 4184        sftvsa - ok

21:24:06.0207 4184        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll

21:24:06.0243 4184        SharedAccess - ok

21:24:06.0301 4184        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

21:24:06.0357 4184        ShellHWDetection - ok

21:24:06.0401 4184        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys

21:24:06.0405 4184        SiSRaid2 - ok

21:24:06.0419 4184        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys

21:24:06.0424 4184        SiSRaid4 - ok

21:24:06.0448 4184        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

21:24:06.0470 4184        Smb - ok

21:24:06.0527 4184        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

21:24:06.0548 4184        SNMPTRAP - ok

21:24:06.0566 4184        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

21:24:06.0572 4184        spldr - ok

21:24:06.0590 4184        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

21:24:06.0631 4184        Spooler - ok

21:24:06.0685 4184        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

21:24:06.0759 4184        sppsvc - ok

21:24:06.0822 4184        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

21:24:06.0861 4184        sppuinotify - ok

21:24:06.0890 4184        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

21:24:06.0916 4184        srv - ok

21:24:06.0945 4184        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

21:24:06.0976 4184        srv2 - ok

21:24:07.0000 4184        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

21:24:07.0011 4184        srvnet - ok

21:24:07.0084 4184        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

21:24:07.0136 4184        SSDPSRV - ok

21:24:07.0150 4184        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

21:24:07.0172 4184        SstpSvc - ok

21:24:07.0197 4184        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys

21:24:07.0201 4184        stexstor - ok

21:24:07.0236 4184        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

21:24:07.0261 4184        stisvc - ok

21:24:07.0327 4184        SWDUMon         (2edb932a7b007f7939229aa8f55385b8) C:\windows\system32\DRIVERS\SWDUMon.sys

21:24:07.0336 4184        SWDUMon - ok

21:24:07.0348 4184        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

21:24:07.0353 4184        swenum - ok

21:24:07.0383 4184        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

21:24:07.0434 4184        swprv - ok

21:24:07.0476 4184        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

21:24:07.0532 4184        SysMain - ok

21:24:07.0579 4184        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

21:24:07.0597 4184        TabletInputService - ok

21:24:07.0638 4184        taphss          (f33fdc72298df4bf9813a55d21f4eb31) C:\windows\system32\DRIVERS\taphss.sys

21:24:07.0647 4184        taphss - ok

21:24:07.0673 4184        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

21:24:07.0711 4184        TapiSrv - ok

21:24:07.0726 4184        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

21:24:07.0748 4184        TBS - ok

21:24:07.0833 4184        Tcpip           (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys

21:24:07.0872 4184        Tcpip - ok

21:24:07.0913 4184        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys

21:24:07.0936 4184        TCPIP6 - ok

21:24:07.0958 4184        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

21:24:07.0977 4184        tcpipreg - ok

21:24:07.0992 4184        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

21:24:08.0009 4184        TDPIPE - ok

21:24:08.0096 4184        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

21:24:08.0129 4184        TDTCP - ok

21:24:08.0147 4184        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

21:24:08.0186 4184        tdx - ok

21:24:08.0204 4184        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys

21:24:08.0208 4184        TermDD - ok

21:24:08.0238 4184        TermService     (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

21:24:08.0274 4184        TermService - ok

21:24:08.0292 4184        Themes          (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

21:24:08.0302 4184        Themes - ok

21:24:08.0323 4184        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

21:24:08.0344 4184        THREADORDER - ok

21:24:08.0386 4184        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

21:24:08.0416 4184        TrkWks - ok

21:24:08.0443 4184        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

21:24:08.0488 4184        TrustedInstaller - ok

21:24:08.0523 4184        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

21:24:08.0575 4184        tssecsrv - ok

21:24:08.0641 4184        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

21:24:08.0662 4184        TsUsbFlt - ok

21:24:08.0679 4184        TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys

21:24:08.0688 4184        TsUsbGD - ok

21:24:08.0712 4184        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

21:24:08.0757 4184        tunnel - ok

21:24:08.0790 4184        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys

21:24:08.0798 4184        uagp35 - ok

21:24:08.0819 4184        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

21:24:08.0871 4184        udfs - ok

21:24:08.0926 4184        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

21:24:08.0937 4184        UI0Detect - ok

21:24:08.0956 4184        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

21:24:08.0963 4184        uliagpkx - ok

21:24:08.0982 4184        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys

21:24:09.0003 4184        umbus - ok

21:24:09.0047 4184        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys

21:24:09.0071 4184        UmPass - ok

21:24:09.0171 4184        UNS             (fdf92ec84fecee834fb10a2a0a19bcda) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

21:24:09.0217 4184        UNS - ok

21:24:09.0276 4184        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

21:24:09.0326 4184        upnphost - ok

21:24:09.0365 4184        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

21:24:09.0374 4184        usbccgp - ok

21:24:09.0405 4184        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

21:24:09.0418 4184        usbcir - ok

21:24:09.0433 4184        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys

21:24:09.0451 4184        usbehci - ok

21:24:09.0519 4184        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

21:24:09.0548 4184        usbhub - ok

21:24:09.0566 4184        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

21:24:09.0590 4184        usbohci - ok

21:24:09.0615 4184        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys

21:24:09.0636 4184        usbprint - ok

21:24:09.0662 4184        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

21:24:09.0671 4184        USBSTOR - ok

21:24:09.0693 4184        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

21:24:09.0717 4184        usbuhci - ok

21:24:09.0777 4184        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

21:24:09.0831 4184        UxSms - ok

21:24:09.0859 4184        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

21:24:09.0864 4184        VaultSvc - ok

21:24:09.0895 4184        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

21:24:09.0902 4184        vdrvroot - ok

21:24:09.0924 4184        vds             (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

21:24:09.0962 4184        vds - ok

21:24:10.0018 4184        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

21:24:10.0031 4184        vga - ok

21:24:10.0048 4184        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

21:24:10.0093 4184        VgaSave - ok

21:24:10.0116 4184        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

21:24:10.0123 4184        vhdmp - ok

21:24:10.0151 4184        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

21:24:10.0155 4184        viaide - ok

21:24:10.0182 4184        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

21:24:10.0190 4184        volmgr - ok

21:24:10.0212 4184        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

21:24:10.0227 4184        volmgrx - ok

21:24:10.0277 4184        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

21:24:10.0290 4184        volsnap - ok

21:24:10.0307 4184        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys

21:24:10.0317 4184        vsmraid - ok

21:24:10.0358 4184        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

21:24:10.0414 4184        VSS - ok

21:24:10.0487 4184        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\System32\drivers\vwifibus.sys

21:24:10.0514 4184        vwifibus - ok

21:24:10.0546 4184        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

21:24:10.0586 4184        W32Time - ok

21:24:10.0604 4184        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys

21:24:10.0610 4184        WacomPen - ok

21:24:10.0633 4184        WANARP          (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

21:24:10.0653 4184        WANARP - ok

21:24:10.0664 4184        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

21:24:10.0684 4184        Wanarpv6 - ok

21:24:10.0722 4184        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

21:24:10.0754 4184        wbengine - ok

21:24:10.0814 4184        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

21:24:10.0833 4184        WbioSrvc - ok

21:24:10.0848 4184        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

21:24:10.0879 4184        wcncsvc - ok

21:24:10.0887 4184        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

21:24:10.0904 4184        WcsPlugInService - ok

21:24:10.0936 4184        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys

21:24:10.0942 4184        Wd - ok

21:24:10.0998 4184        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

21:24:11.0020 4184        Wdf01000 - ok

21:24:11.0036 4184        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

21:24:11.0054 4184        WdiServiceHost - ok

21:24:11.0058 4184        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

21:24:11.0070 4184        WdiSystemHost - ok

21:24:11.0086 4184        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

21:24:11.0111 4184        WebClient - ok

21:24:11.0133 4184        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

21:24:11.0190 4184        Wecsvc - ok

21:24:11.0209 4184        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

21:24:11.0231 4184        wercplsupport - ok

21:24:11.0253 4184        WerSvc          (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

21:24:11.0275 4184        WerSvc - ok

21:24:11.0335 4184        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

21:24:11.0369 4184        WfpLwf - ok

21:24:11.0386 4184        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

21:24:11.0389 4184        WIMMount - ok

21:24:11.0415 4184        WinDefend - ok

21:24:11.0417 4184        WinHttpAutoProxySvc - ok

21:24:11.0437 4184        WinI2C-DDC      (66c365b542195c1f6e2ff4a7d8f3827c) C:\windows\system32\drivers\DDCDrv.sys

21:24:11.0449 4184        WinI2C-DDC - ok

21:24:11.0483 4184        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

21:24:11.0520 4184        Winmgmt - ok

21:24:11.0609 4184        WinRM           (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

21:24:11.0663 4184        WinRM - ok

21:24:11.0691 4184        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

21:24:11.0725 4184        Wlansvc - ok

21:24:11.0776 4184        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

21:24:11.0784 4184        wlcrasvc - ok

21:24:11.0846 4184        wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

21:24:11.0892 4184        wlidsvc - ok

21:24:11.0982 4184        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

21:24:12.0002 4184        WmiAcpi - ok

21:24:12.0042 4184        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

21:24:12.0071 4184        wmiApSrv - ok

21:24:12.0098 4184        WMPNetworkSvc - ok

21:24:12.0118 4184        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

21:24:12.0128 4184        WPCSvc - ok

21:24:12.0139 4184        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

21:24:12.0153 4184        WPDBusEnum - ok

21:24:12.0171 4184        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

21:24:12.0207 4184        ws2ifsl - ok

21:24:12.0254 4184        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll

21:24:12.0280 4184        wscsvc - ok

21:24:12.0295 4184        WSearch - ok

21:24:12.0332 4184        wsvd            (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys

21:24:12.0343 4184        wsvd - ok

21:24:12.0397 4184        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll

21:24:12.0464 4184        wuauserv - ok

21:24:12.0528 4184        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

21:24:12.0579 4184        WudfPf - ok

21:24:12.0616 4184        WUDFRd          (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

21:24:12.0651 4184        WUDFRd - ok

21:24:12.0674 4184        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

21:24:12.0695 4184        wudfsvc - ok

21:24:12.0745 4184        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

21:24:12.0766 4184        WwanSvc - ok

21:24:12.0800 4184        yukonw7         (b3eeacf62445e24fbb2cd4b0fb4db026) C:\windows\system32\DRIVERS\yk62x64.sys

21:24:12.0823 4184        yukonw7 - ok

21:24:12.0860 4184        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

21:24:12.0984 4184        \Device\Harddisk0\DR0 - ok

21:24:12.0986 4184        Boot (0x1200)   (59d50b237211d17951ac3d570fcbea28) \Device\Harddisk0\DR0\Partition0

21:24:12.0988 4184        \Device\Harddisk0\DR0\Partition0 - ok

21:24:13.0024 4184        Boot (0x1200)   (1f944e4806ee8ae1a30dd00a481cc7af) \Device\Harddisk0\DR0\Partition1

21:24:13.0026 4184        \Device\Harddisk0\DR0\Partition1 - ok

21:24:13.0026 4184        ============================================================

21:24:13.0026 4184        Scan finished

21:24:13.0026 4184        ============================================================

21:24:13.0036 1432        Detected object count: 1

21:24:13.0036 1432        Actual detected object count: 1

21:27:58.0252 1432        JME Keyboard ( UnsignedFile.Multi.Generic ) - skipped by user

21:27:58.0252 1432        JME Keyboard ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:48:21.0569 5740        Deinitialize success

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Code:

ComboFix 12-04-04.02 - lenovo 04.04.2012  18:15:38.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6126.4826 [GMT 2:00]

ausgeführt von:: c:\users\christian\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\xp-AntiSpy

c:\program files (x86)\xp-AntiSpy\Uninstall.exe

c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm

c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe

c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-03-04 bis 2012-04-04  ))))))))))))))))))))))))))))))

.

.

2012-04-04 16:17 . 2012-04-04 16:17        --------        d-----w-        c:\users\lenovo\AppData\Local\temp

2012-04-04 16:17 . 2012-04-04 16:17        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-04-03 19:31 . 2012-03-14 03:27        8669240        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD46D9A8-5774-4661-B191-1F0CA852CD11}\mpengine.dll

2012-04-03 15:34 . 2012-04-03 15:34        --------        d-----w-        C:\_OTL

2012-03-27 16:08 . 2012-03-27 16:08        --------        d-----w-        c:\users\Public\Recorded TV

2012-03-26 21:01 . 2012-03-26 21:24        --------        d-----w-        C:\music

2012-03-23 21:10 . 2012-03-23 21:10        --------        d-----w-        c:\users\lenovo\AppData\Roaming\SumatraPDF

2012-03-23 21:01 . 2012-03-23 21:01        15712        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\1fe390851cd093802\MeshBetaRemover.exe

2012-03-23 21:01 . 2012-03-23 21:01        89944        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\1b8ef33a1cd093801\DSETUP.dll

2012-03-23 21:01 . 2012-03-23 21:01        537432        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\1b8ef33a1cd093801\DXSETUP.exe

2012-03-23 21:01 . 2012-03-23 21:01        1801048        ----a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\1b8ef33a1cd093801\dsetup32.dll

2012-03-18 01:23 . 2012-03-18 01:23        592824        ----a-w-        c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-18 01:23 . 2012-03-18 01:23        44472        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-16 22:20 . 2012-03-16 22:21        --------        d-----w-        c:\program files\SUPERAntiSpyware

2012-03-15 00:42 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-03-15 00:42 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2012-03-15 00:42 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 12:08 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys

2012-03-14 12:08 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll

2012-03-14 12:08 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll

2012-03-14 12:01 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll

2012-03-14 12:01 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll

2012-03-14 12:01 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll

2012-03-14 12:01 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe

2012-03-14 12:01 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll

2012-03-14 12:01 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-03-14 12:01 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys

2012-03-05 17:09 . 2012-03-29 18:08        8738464        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-03 16:56 . 2012-01-16 18:04        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-04-03 16:51 . 2012-01-15 02:52        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-04-03 16:50 . 2012-01-24 06:41        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-04-02 18:27 . 2012-01-15 02:52        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-04-02 18:24 . 2012-01-16 17:57        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-04-01 05:50 . 2012-01-15 02:51        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-03-29 18:08 . 2012-02-10 20:17        418464        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-03-29 18:08 . 2012-01-04 21:10        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-14 03:27 . 2012-01-01 17:03        8669240        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-02-10 20:19 . 2010-06-24 18:33        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-02-10 19:01 . 2012-02-10 19:01        927800        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9913F74E-FB8B-4C56-A4E6-21D7DFCF71B9}\gapaengine.dll

2012-01-31 12:44 . 2010-11-21 03:27        279656        ------w-        c:\windows\system32\MpSigStub.exe

2012-01-24 11:02 . 2012-01-15 02:59        15672        ----a-w-        c:\windows\system32\drivers\SWDUMon.sys

2012-01-08 10:22 . 2012-01-08 10:22        388096        ----a-r-        c:\users\christian\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-01-08 10:07 . 2012-01-08 10:02        1402880        ----a-w-        C:\HiJackThis.msi

2012-01-08 05:15 . 2012-01-08 05:15        458608        ----a-w-        C:\MVTInstaller.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-11 336384]

"jmekey"="c:\windows\jmesoft\hotkey.exe" [2011-03-21 118784]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"Lenovo Eye Distance System"="c:\program files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe" [2010-09-09 265216]

"Lenovo Dynamic Brightness System"="c:\program files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe" [2010-10-08 285696]

"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-12-04 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

"jmesoft"="c:\windows\jmesoft\ServiceLoader.exe" [2011-03-16 28672]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [x]

S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys [2008-04-08 20832]

S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe [2011-03-16 32768]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]

S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-10 18:08]

.

2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 23:25]

.

2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 23:25]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-26 11543656]

"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-10-21 114688]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Free YouTube Download - c:\users\lenovo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\lenovo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: Interfaces\{ACDB1B37-0C37-4216-A783-09D154660FE9}: NameServer = 212.23.115.148 212.23.97.2

TCP: Interfaces\{BB83DF5F-F9AD-499A-A299-95C8071DDE3E}: NameServer = 212.23.115.148 212.23.97.3

FF - ProfilePath - c:\users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\4c06vohd.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-04-04  18:23:12 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-04-04 16:23

.

Vor Suchlauf: 13 Verzeichnis(se), 888.295.202.816 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 887.748.644.864 Bytes frei

.

- - End Of File - - CD314DFF8A270F359D1B3A8DBB1A209F

Danke für deine Hilfe :daumenhoc

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Hallo Arne
hier der Log bitte:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-04-05 05:49:14

-----------------------------

05:49:14.854    OS Version: Windows x64 6.1.7601 Service Pack 1

05:49:14.854    Number of processors: 4 586 0x2A07

05:49:14.854    ComputerName: LENOVO-PC  UserName: lenovo

05:49:18.268    Initialize success

06:32:24.306    AVAST engine defs: 12040401

06:36:09.008    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

06:36:09.011    Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3FE Size: 953869MB BusType: 11

06:36:09.019    Disk 0 MBR read successfully

06:36:09.022    Disk 0 MBR scan

06:36:09.026    Disk 0 Windows 7 default MBR code

06:36:09.034    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

06:36:09.042    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       928093 MB offset 206848

06:36:09.074    Disk 0 Partition 3 00     12  Compaq diag NTFS        25675 MB offset 1900941312

06:36:09.115    Disk 0 scanning C:\windows\system32\drivers

06:36:14.608    Service scanning

06:36:28.843    Modules scanning

06:36:28.851    Disk 0 trace - called modules:

06:36:28.868    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 

06:36:28.874    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006571060]

06:36:28.879    3 CLASSPNP.SYS[fffff880019a043f] -> nt!IofCallDriver -> [0xfffffa8005f61e40]

06:36:28.883    5 ACPI.sys[fffff88000f137a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005f5e060]

06:36:32.167    AVAST engine scan C:\windows

06:36:35.956    AVAST engine scan C:\windows\system32

06:38:06.080    AVAST engine scan C:\windows\system32\drivers

06:38:15.417    AVAST engine scan C:\Users\lenovo

06:38:45.170    AVAST engine scan C:\ProgramData

06:39:05.221    Scan finished successfully

06:39:33.803    Disk 0 MBR has been saved successfully to "C:\Users\christian\Downloads\MBR.dat"

06:39:33.808    The log file has been saved successfully to "C:\Users\christian\Downloads\aswMBR.txt"