Exploit:HTML/IframeRef.Z wird immer wieder aufs neue gefunden

Gnorf · 06.12.2011, 00:25

Erst mal vorab, ich finde es toll, dass es Leute wie euch gibt die einem bei Sicherheitsproblemen helfen!

Mein Problem besteht darin, dass mein Virenscenner (Microsoft Security Essentials) nunmehr innerhalb von einer Woche zum dritten Mal folgendes Schadprogramm gefunden hat:

Exploit:HTML/IframeRef.Z

Der Fundort war jeweils:

file:C:\Users\Borion\AppData\Local\Mozilla\Firefox\Profiles\a8iofrr6.default\Cache\E\A5\927D3d01

Lt. meinem Virenscenner wurde das Schadprogramm jeweils entfernt. Zusätzlich habe ich anschließend noch den CCleaner zwecks Löschung des Cache angewendet und meinen Rechner noch über einen Internet-Onlinescanner (Eset) überprüft (ohne Fund). Ich finde es allerdings langsam etwas beunruhigend, dass innerhalb so kurzer Zeit immer wieder das gleiche Schadprogramm an der gleichen Stelle auftaucht. Mich würde daher mal eure Expertenmeinung interessieren.

Ich habe versucht eure Hinweise für Hilfesuchende zu befolgen.

Bei Schritt 1 (defogger) habe ich nach dem Scan die Meldung "Finished" mit OK bestätigt. Es folgte dann jedoch keine Aufforderung zum Neustart?! Ich habe dann selbst einen Neustart veranlasst. In dem defogger disable Log steht folgendes:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:55 on 05/12/2011 (Borion)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Bei Schritt 3 (Gmer) brach der Scan jeweils nach ca. 2 Minuten mit folgendem Hinweis ab:

"35exvmse.exe funktioniert nicht mehr. Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und sie werden benachrichtigt, wenn eine Lösung vorhanden ist."

Eure Hinweise habe ich alle beachtet, also Verbindung zum Internet unterbrochen, Virenscanner und Antilogger ausgeschaltet und alle anderen Programme vorher beendet. Ich habe auch ein 32 Bit System.

Bei Schritt 2 (OTL) gabs keine Probleme. Hier die OTL.txt

OTL logfile created on: 05.12.2011 23:03:50 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Borion\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 70,86% Memory free
6,68 Gb Paging File | 5,77 Gb Available in Paging File | 86,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,09 Gb Total Space | 466,67 Gb Free Space | 80,31% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 8,99 Gb Free Space | 59,92% Space Free | Partition Type: NTFS

Computer Name: BORION-PC | User Name: Borion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.12.05 22:52:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Borion\Desktop\OTL.exe
PRC - [2011.11.20 09:50:05 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Programme\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2011.07.02 08:00:17 | 002,856,392 | ---- | M] (Zemana Ltd.) -- C:\Programme\AntiLogger\AntiLogger.exe
PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.12.18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.12.04 15:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008.07.18 13:42:10 | 006,246,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.07.18 13:42:08 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.03.02 16:48:00 | 000,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe

========== Modules (No Company Name) ==========

MOD - [2011.10.16 07:21:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011.10.16 07:21:42 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011.10.16 07:21:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011.10.16 07:20:04 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.10.16 07:19:49 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.10.16 07:19:41 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.10.16 07:18:38 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.16 07:18:31 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2009.06.12 17:52:46 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3021.38476__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l
MOD - [2009.06.12 17:52:46 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3021.38434__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:46 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3021.38488__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009.06.12 17:52:46 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3021.38664__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:46 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3021.38629__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3021.38468__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009.06.12 17:52:46 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3021.38587__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l
MOD - [2009.06.12 17:52:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3021.38455__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll
MOD - [2009.06.12 17:52:45 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3021.38696__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009.06.12 17:52:38 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3021.38720__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2009.06.12 17:52:38 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3021.38636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009.06.12 17:52:38 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3021.38702__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009.06.12 17:52:38 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3021.38643__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009.06.12 17:52:38 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3021.38448__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009.06.12 17:52:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3021.38719__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:38 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3021.38636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3021.38695__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:37 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3021.38595__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009.06.12 17:52:37 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3021.38501__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll
MOD - [2009.06.12 17:52:37 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3021.38588__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009.06.12 17:52:37 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3021.38581__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009.06.12 17:52:37 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3021.38456__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashbo ard.dll
MOD - [2009.06.12 17:52:37 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3021.38656__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009.06.12 17:52:37 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3021.38495__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009.06.12 17:52:37 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3021.38608__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll
MOD - [2009.06.12 17:52:37 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3021.38595__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:37 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3021.38587__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3021.38507__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll
MOD - [2009.06.12 17:52:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3021.38594__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:37 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3021.38608__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll
MOD - [2009.06.12 17:52:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3021.38622__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3005.17490__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009.06.12 17:52:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3005.17473__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009.06.12 17:52:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3005.17516__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3005.17553__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3005.17468__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009.06.12 17:52:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3005.17493__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3005.17540__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009.06.12 17:52:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3005.17465__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009.06.12 17:52:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3005.17466__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009.06.12 17:52:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3005.17608__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009.06.12 17:52:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3005.17518__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009.06.12 17:52:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2009.06.12 17:52:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3005.17496__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3005.17491__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3005.17479__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3005.17510__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3005.17517__90ba9c70f846762e\DEM.OS.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3005.17519__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3005.17488__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3005.17530__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3005.17562__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3005.17512__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3005.17563__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009.06.12 17:52:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3005.17541__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3005.17536__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3005.17539__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3005.17506__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3005.17531__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l
MOD - [2009.06.12 17:52:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3005.17537__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l
MOD - [2009.06.12 17:52:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3005.17514__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3005.17522__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l
MOD - [2009.06.12 17:52:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3005.17511__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009.06.12 17:52:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3005.17489__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009.06.12 17:52:33 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3021.38687__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009.06.12 17:52:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3021.38712__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009.06.12 17:52:33 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3005.17484__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009.06.12 17:52:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3005.17481__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2009.06.12 17:52:33 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3021.38723__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2009.06.12 17:52:33 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3021.38426__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009.06.12 17:52:33 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3021.38678_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2009.06.12 17:52:32 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3021.38442__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009.06.12 17:52:32 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3021.38463__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009.06.12 17:52:32 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3021.38678__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009.06.12 17:52:32 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3021.38426__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009.06.12 17:52:32 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3021.38686__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009.06.12 17:52:32 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3021.38426__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009.06.12 17:52:32 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3021.38424__90ba9c70f846762e\APM.Server.dll
MOD - [2009.06.12 17:52:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3005.17514__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009.06.12 17:52:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3021.38425__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.06.12 17:52:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3005.17475__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009.06.12 17:52:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3005.17499__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009.06.12 17:52:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3021.38686__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.06.12 17:52:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009.06.12 17:52:32 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3005.17513__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009.06.12 17:52:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3005.17511__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009.06.12 17:52:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3005.17508__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009.06.12 17:52:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3005.17542__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 05:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.05.21 07:11:06 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009.06.12 17:57:34 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.12.18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.07.18 13:42:08 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011.12.05 23:01:19 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E7EA4327-1B9B-4163-896F-4E0277FF5FAD}\MpKslaf1f9c59.sys -- (MpKslaf1f9c59)
DRV - [2011.07.02 08:00:26 | 000,121,560 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Programme\AntiLogger\AntiLog32.sys -- (AntiLog32)
DRV - [2011.04.27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.06.30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008.07.21 12:18:20 | 000,027,648 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008.05.21 07:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008.05.21 07:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.01.21 03:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://news.google.de/nwshp?hl=de&tab=wn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.finanztreff.de/"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Borion\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011.11.20 09:50:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 21:08:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.24 19:23:09 | 000,000,000 | ---D | M]

[2010.11.13 16:06:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Borion\AppData\Roaming\mozilla\Extensions
[2011.09.28 16:16:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Borion\AppData\Roaming\mozilla\Firefox\Profiles\a8iofrr6.default\extensions
[2011.07.30 06:58:19 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Borion\AppData\Roaming\mozilla\Firefox\Profiles\a8iofrr6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.02.21 19:14:52 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Borion\AppData\Roaming\mozilla\Firefox\Profiles\a8iofrr6.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.09.18 15:52:37 | 000,001,565 | ---- | M] () -- C:\Users\Borion\AppData\Roaming\Mozilla\Firefox\Profiles\a8iofrr6.default\searchplugins\web-search.xml
[2011.11.24 19:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.24 19:18:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\BORION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A8IOFRR6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BORION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A8IOFRR6.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2010.11.14 23:17:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.11.11 21:08:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.24 19:18:35 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [AntiLogger] C:\Program Files\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C931C944-28BF-46FF-848D-1318EEFC5443}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\1600x1200_blue.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\1600x1200_blue.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.12.05 22:52:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Borion\Desktop\OTL.exe
[2011.12.05 20:08:26 | 000,000,000 | ---D | C] -- C:\Users\Borion\AppData\Roaming\Malwarebytes
[2011.12.05 20:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.05 20:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.24 19:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.11.24 19:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.11.20 09:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2011.11.17 19:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

========== Files - Modified Within 30 Days ==========

[2011.12.05 23:01:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.05 23:01:22 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2011.12.05 23:01:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.05 23:01:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.05 23:01:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.05 23:01:12 | 3486,740,480 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.05 22:52:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Borion\Desktop\OTL.exe
[2011.12.05 22:40:04 | 000,000,000 | ---- | M] () -- C:\Users\Borion\defogger_reenable
[2011.12.05 22:39:00 | 000,050,477 | ---- | M] () -- C:\Users\Borion\Desktop\Defogger.exe
[2011.12.05 22:23:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.05 22:14:44 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011.12.04 19:39:34 | 000,017,408 | ---- | M] () -- C:\Users\Borion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.04 19:39:09 | 000,630,604 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.04 19:39:09 | 000,597,898 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.04 19:39:09 | 000,127,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.04 19:39:09 | 000,104,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.22 21:25:14 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

========== Files Created - No Company Name ==========

[2011.12.05 22:40:04 | 000,000,000 | ---- | C] () -- C:\Users\Borion\defogger_reenable
[2011.12.05 22:38:59 | 000,050,477 | ---- | C] () -- C:\Users\Borion\Desktop\Defogger.exe
[2011.07.24 18:54:17 | 000,276,966 | ---- | C] () -- C:\Users\Borion\AppData\Local\census.cache
[2011.07.24 18:54:12 | 000,172,097 | ---- | C] () -- C:\Users\Borion\AppData\Local\ars.cache
[2011.07.24 18:48:29 | 000,000,036 | ---- | C] () -- C:\Users\Borion\AppData\Local\housecall.guid.cache
[2011.05.30 18:55:21 | 000,034,704 | ---- | C] () -- C:\Windows\syscall.dat
[2011.03.06 09:54:38 | 000,000,680 | ---- | C] () -- C:\Users\Borion\AppData\Local\d3d9caps.dat
[2011.01.23 16:54:18 | 000,000,101 | ---- | C] () -- C:\Windows\SAWReg.ini
[2010.12.25 12:51:19 | 000,017,408 | ---- | C] () -- C:\Users\Borion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.15 21:34:54 | 000,000,526 | ---- | C] () -- C:\Users\Borion\AppData\Roaming\wklnhst.dat
[2010.11.15 19:47:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.11.15 19:47:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.11.13 17:21:34 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.11.13 17:21:34 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.11.13 16:58:47 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2010.11.13 16:55:40 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.06.13 03:32:11 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.06.13 03:32:11 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.06.13 03:32:11 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.06.13 03:32:11 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009.06.13 03:32:11 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.06.13 03:32:11 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009.06.13 03:28:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.06.12 19:37:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.01.21 08:15:58 | 000,630,604 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,127,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,381,400 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,597,898 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011.01.23 16:55:13 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\apm
[2011.08.12 13:21:39 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\ASCOMP Software
[2011.03.20 08:33:46 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\f-secure
[2011.08.12 14:07:43 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\JAM Software
[2011.01.29 13:03:44 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\Octoshape
[2010.12.03 17:23:03 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\Opera
[2011.03.02 20:18:30 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\PCDr
[2011.01.16 18:21:05 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\Philipp Winterberg
[2011.09.18 18:19:22 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\QuickScan
[2011.03.04 15:48:16 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\S.A.D
[2011.02.21 19:15:00 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\SoftGrid Client
[2011.02.21 19:15:00 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\Template
[2010.11.16 19:30:04 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\TP
[2011.11.22 21:25:14 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011.12.05 23:01:22 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2011.12.05 22:59:16 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.05 22:14:44 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

========== Custom Scans ==========

< defogger_disable by jpshortstuff (23.02.10.1) >

< Log created at 22:55 on 05/12/2011 (Borion) >
Invalid Switch: 2011 (Borion)

< >

< Checking for autostart values... >

< HKCU\~\Run values retrieved. >

< HKLM\~\Run values retrieved. >

< >

< Checking for services/drivers... >
Invalid Switch: drivers...

< >

< >

< -=E.O.F=- >

< End of report >

cosinus · 06.12.2011, 10:48

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Gnorf · 07.12.2011, 01:27

Okay, habe ich gemacht. Logs aus älteren Scans mit Malwarebytes hab ich nicht.

Logfile Malwarebytes

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8325

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

07.12.2011 00:20:41
mbam-log-2011-12-07 (00-20-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 270963
Laufzeit: 50 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Logfile Eset

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=15386be16623bd41b7c97f68e6e15da3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-12 05:02:05
# local_time=2011-11-12 06:02:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 22805028 158646094 0 0
# compatibility_mode=8192 67108863 100 0 4751814 4751814 0 0
# scanned=147030
# found=1
# cleaned=1
# scan_time=3958
C:\Users\Borion\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\3233160d-3e49ad60	Java/TrojanDownloader.OpenStream.NBW trojan (deleted - quarantined)	00000000000000000000000000000000	C
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=15386be16623bd41b7c97f68e6e15da3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-12 06:21:56
# local_time=2011-11-12 07:21:56 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 22810915 158651981 0 0
# compatibility_mode=8192 67108863 100 0 4757701 4757701 0 0
# scanned=131076
# found=0
# cleaned=0
# scan_time=2863
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=15386be16623bd41b7c97f68e6e15da3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-20 02:56:22
# local_time=2011-11-20 03:56:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 23489079 159330145 0 0
# compatibility_mode=8192 67108863 100 0 5435865 5435865 0 0
# scanned=131415
# found=0
# cleaned=0
# scan_time=3565
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=15386be16623bd41b7c97f68e6e15da3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-28 10:13:51
# local_time=2011-11-28 11:13:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 24206397 160047463 0 0
# compatibility_mode=8192 67108863 100 0 6153183 6153183 0 0
# scanned=139950
# found=0
# cleaned=0
# scan_time=3696
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=15386be16623bd41b7c97f68e6e15da3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-07 12:13:01
# local_time=2011-12-07 01:13:01 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 24905917 160746983 0 0
# compatibility_mode=8192 67108863 100 0 6852703 6852703 0 0
# scanned=125926
# found=0
# cleaned=0
# scan_time=2525

cosinus · 07.12.2011, 12:28

Bei OTL ist dir ein Fehler unterlaufen, mach ein neues Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Gnorf · 07.12.2011, 20:56

Hi Arne!

Okay, hier der neue und hoffentlich korrekte OTL.txt Log:

Code:

ATTFilter

OTL logfile created on: 07.12.2011 20:38:49 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Borion\Downloads\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 66,75% Memory free
6,72 Gb Paging File | 5,64 Gb Available in Paging File | 83,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,09 Gb Total Space | 468,57 Gb Free Space | 80,64% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 8,99 Gb Free Space | 59,92% Space Free | Partition Type: NTFS
 
Computer Name: BORION-PC | User Name: Borion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.07 20:36:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Borion\Downloads\Desktop\OTL.exe
PRC - [2011.11.20 09:50:05 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Programme\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2011.07.02 08:00:17 | 002,856,392 | ---- | M] (Zemana Ltd.) -- C:\Programme\AntiLogger\AntiLogger.exe
PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.12.18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.12.04 15:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008.07.18 13:42:10 | 006,246,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.07.18 13:42:08 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.03.02 16:48:00 | 000,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.16 07:21:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011.10.16 07:21:42 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011.10.16 07:21:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011.10.16 07:20:04 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.10.16 07:19:49 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.10.16 07:19:41 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.10.16 07:18:38 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.16 07:18:31 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2009.06.12 17:52:46 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3021.38476__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009.06.12 17:52:46 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3021.38434__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:46 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3021.38488__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009.06.12 17:52:46 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3021.38664__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:46 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3021.38629__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3021.38468__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009.06.12 17:52:46 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3021.38587__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3021.38455__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:45 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3021.38696__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009.06.12 17:52:38 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3021.38720__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2009.06.12 17:52:38 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3021.38636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009.06.12 17:52:38 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3021.38702__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009.06.12 17:52:38 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3021.38643__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009.06.12 17:52:38 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3021.38448__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009.06.12 17:52:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3021.38719__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:38 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3021.38636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3021.38695__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:37 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3021.38595__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009.06.12 17:52:37 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3021.38501__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009.06.12 17:52:37 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3021.38588__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009.06.12 17:52:37 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3021.38581__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009.06.12 17:52:37 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3021.38456__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009.06.12 17:52:37 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3021.38656__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009.06.12 17:52:37 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3021.38495__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009.06.12 17:52:37 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3021.38608__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009.06.12 17:52:37 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3021.38595__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:37 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3021.38587__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3021.38507__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3021.38594__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:37 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3021.38608__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3021.38622__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009.06.12 17:52:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3005.17490__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009.06.12 17:52:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3005.17473__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009.06.12 17:52:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3005.17516__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3005.17553__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3005.17468__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009.06.12 17:52:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3005.17493__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3005.17540__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009.06.12 17:52:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3005.17465__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009.06.12 17:52:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3005.17466__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009.06.12 17:52:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3005.17608__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009.06.12 17:52:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3005.17518__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009.06.12 17:52:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2009.06.12 17:52:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3005.17496__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3005.17491__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3005.17479__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3005.17510__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3005.17517__90ba9c70f846762e\DEM.OS.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3005.17519__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3005.17488__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3005.17530__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3005.17562__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3005.17512__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3005.17563__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009.06.12 17:52:36 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009.06.12 17:52:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3005.17541__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3005.17536__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3005.17539__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3005.17506__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3005.17531__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3005.17537__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3005.17514__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3005.17522__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009.06.12 17:52:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3005.17511__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009.06.12 17:52:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3005.17489__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009.06.12 17:52:33 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3021.38687__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009.06.12 17:52:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3021.38712__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009.06.12 17:52:33 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3005.17484__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009.06.12 17:52:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3005.17481__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2009.06.12 17:52:33 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3021.38723__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2009.06.12 17:52:33 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3021.38426__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009.06.12 17:52:33 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3021.38678_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2009.06.12 17:52:32 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3021.38442__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009.06.12 17:52:32 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3021.38463__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009.06.12 17:52:32 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3021.38678__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009.06.12 17:52:32 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3021.38426__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009.06.12 17:52:32 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3021.38686__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009.06.12 17:52:32 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3021.38426__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009.06.12 17:52:32 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3021.38424__90ba9c70f846762e\APM.Server.dll
MOD - [2009.06.12 17:52:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3005.17514__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009.06.12 17:52:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3021.38425__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.06.12 17:52:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3005.17475__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009.06.12 17:52:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3005.17499__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009.06.12 17:52:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3021.38686__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.06.12 17:52:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009.06.12 17:52:32 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3005.17513__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009.06.12 17:52:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3005.17511__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009.06.12 17:52:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3005.17508__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009.06.12 17:52:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3005.17542__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 05:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.05.21 07:11:06 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.02.12 11:50:40 | 000,688,128 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009.06.12 17:57:34 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.12.18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.07.18 13:42:08 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.07 20:30:57 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E9B3CEF-F80C-4896-AF14-141B9EB360B9}\MpKsl983471bd.sys -- (MpKsl983471bd)
DRV - [2011.07.02 08:00:26 | 000,121,560 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Programme\AntiLogger\AntiLog32.sys -- (AntiLog32)
DRV - [2011.04.27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.07.21 12:18:20 | 000,027,648 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008.05.21 07:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008.05.21 07:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.01.21 03:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://news.google.de/nwshp?hl=de&tab=wn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.finanztreff.de/"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Borion\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011.11.20 09:50:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 21:08:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.06 22:22:00 | 000,000,000 | ---D | M]
 
[2010.11.13 16:06:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Borion\AppData\Roaming\mozilla\Extensions
[2011.09.28 16:16:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Borion\AppData\Roaming\mozilla\Firefox\Profiles\a8iofrr6.default\extensions
[2011.07.30 06:58:19 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Borion\AppData\Roaming\mozilla\Firefox\Profiles\a8iofrr6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.02.21 19:14:52 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Borion\AppData\Roaming\mozilla\Firefox\Profiles\a8iofrr6.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.09.18 15:52:37 | 000,001,565 | ---- | M] () -- C:\Users\Borion\AppData\Roaming\Mozilla\Firefox\Profiles\a8iofrr6.default\searchplugins\web-search.xml
[2011.11.24 19:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.24 19:18:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\BORION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A8IOFRR6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BORION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A8IOFRR6.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2010.11.14 23:17:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.11.11 21:08:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.24 19:18:35 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [AntiLogger] C:\Program Files\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C931C944-28BF-46FF-848D-1318EEFC5443}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\1600x1200_blue.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\1600x1200_blue.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.07 20:36:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Borion\Downloads\Desktop\OTL.exe
[2011.12.07 19:56:07 | 000,000,000 | ---D | C] -- C:\Users\Borion\AppData\Roaming\LibreOffice
[2011.12.07 19:54:57 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.4
[2011.12.07 19:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\LibreOffice 3.4
[2011.12.06 23:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.06 23:27:55 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.06 23:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.05 23:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.12.05 23:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011.12.05 20:08:26 | 000,000,000 | ---D | C] -- C:\Users\Borion\AppData\Roaming\Malwarebytes
[2011.12.05 20:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.24 19:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.11.24 19:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.11.20 09:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2011.11.17 19:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.07 20:36:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Borion\Downloads\Desktop\OTL.exe
[2011.12.07 20:23:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.07 20:18:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.07 20:18:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.07 20:18:40 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.07 20:18:39 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2011.12.07 20:18:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.07 20:18:32 | 3488,800,768 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.07 20:09:11 | 000,409,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.07 20:08:55 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011.12.07 19:54:57 | 000,001,003 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 3.4.lnk
[2011.12.06 23:27:59 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.04 19:39:34 | 000,017,408 | ---- | M] () -- C:\Users\Borion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.04 19:39:09 | 000,630,604 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.04 19:39:09 | 000,597,898 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.04 19:39:09 | 000,127,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.04 19:39:09 | 000,104,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.22 21:25:14 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
 
========== Files Created - No Company Name ==========
 
[2011.12.07 19:54:57 | 000,001,003 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 3.4.lnk
[2011.12.06 23:27:59 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.24 18:54:17 | 000,276,966 | ---- | C] () -- C:\Users\Borion\AppData\Local\census.cache
[2011.07.24 18:54:12 | 000,172,097 | ---- | C] () -- C:\Users\Borion\AppData\Local\ars.cache
[2011.07.24 18:48:29 | 000,000,036 | ---- | C] () -- C:\Users\Borion\AppData\Local\housecall.guid.cache
[2011.05.30 18:55:21 | 000,034,704 | ---- | C] () -- C:\Windows\syscall.dat
[2011.03.06 09:54:38 | 000,000,680 | ---- | C] () -- C:\Users\Borion\AppData\Local\d3d9caps.dat
[2011.01.23 16:54:18 | 000,000,101 | ---- | C] () -- C:\Windows\SAWReg.ini
[2010.12.25 12:51:19 | 000,017,408 | ---- | C] () -- C:\Users\Borion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.15 21:34:54 | 000,000,526 | ---- | C] () -- C:\Users\Borion\AppData\Roaming\wklnhst.dat
[2010.11.15 19:47:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.11.15 19:47:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.11.13 17:21:34 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.11.13 17:21:34 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.11.13 16:58:47 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2010.11.13 16:55:40 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.06.13 03:32:11 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.06.13 03:32:11 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.06.13 03:32:11 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.06.13 03:32:11 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009.06.13 03:32:11 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.06.13 03:32:11 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009.06.13 03:28:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.06.12 19:37:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.01.21 08:15:58 | 000,630,604 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,127,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,409,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,597,898 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.01.23 16:55:13 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\apm
[2011.08.12 13:21:39 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\ASCOMP Software
[2011.03.20 08:33:46 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\f-secure
[2011.08.12 14:07:43 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\JAM Software
[2011.12.07 19:56:07 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\LibreOffice
[2011.01.29 13:03:44 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\Octoshape
[2010.12.03 17:23:03 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\Opera
[2011.03.02 20:18:30 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\PCDr
[2011.12.07 19:30:20 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\Philipp Winterberg
[2011.09.18 18:19:22 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\QuickScan
[2011.03.04 15:48:16 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\S.A.D
[2011.02.21 19:15:00 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\SoftGrid Client
[2011.02.21 19:15:00 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\Template
[2010.11.16 19:30:04 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\TP
[2011.11.22 21:25:14 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011.12.07 20:18:39 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2011.12.07 20:16:32 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.07 20:08:55 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.01.09 18:01:48 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\Adobe
[2011.01.23 16:55:13 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\apm
[2011.08.12 13:21:39 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\ASCOMP Software
[2010.11.13 15:29:32 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\ATI
[2011.05.07 16:06:22 | 000,000,000 | R--D | M] -- C:\Users\Borion\AppData\Roaming\Brother
[2011.05.25 17:21:32 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\Dell
[2011.03.20 08:33:46 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\f-secure
[2010.11.13 15:28:37 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\Identities
[2010.11.13 16:56:24 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\InstallShield
[2011.08.12 14:07:43 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\JAM Software
[2011.12.07 19:56:07 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\LibreOffice
[2010.11.13 15:31:25 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\Macromedia
[2011.12.05 20:08:26 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\Media Center Programs
[2011.02.05 13:23:33 | 000,000,000 | --SD | M] -- C:\Users\Borion\AppData\Roaming\Microsoft
[2011.01.29 13:03:45 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\Mozilla
[2011.01.29 13:03:44 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\Octoshape
[2010.12.03 17:23:03 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\Opera
[2011.03.02 20:18:30 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\PCDr
[2011.12.07 19:30:20 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\Philipp Winterberg
[2011.09.18 18:19:22 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\QuickScan
[2011.03.04 15:48:16 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\S.A.D
[2011.02.21 19:15:00 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\SoftGrid Client
[2011.02.21 19:15:00 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\Template
[2010.11.16 19:30:04 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\TP
[2011.11.02 19:49:35 | 000,000,000 | ---D | M] -- C:\Users\Borion\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2011.11.19 21:30:29 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Borion\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\01efd462-af0e-49c5-8686-b616f0778051\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\02265c87-20cb-46e6-8c06-7c2ee3ecbd1a\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\02e3a35b-6681-44ce-bbe6-936f543d3de3\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\03f560cd-4786-42de-a4c4-9c7f81aad88d\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\060d297b-e7e8-44fe-ba23-313dbd909995\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\0878ed05-5b9d-474a-b4a8-015bb1aa8aae\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\08c0d517-a26b-431d-a40d-d10e833107f9\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\1089c687-7b2a-4d80-b7fe-916e17375fc4\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\10b50775-6ea5-4cd6-a977-1a2b377e4c85\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\114464a6-0b3e-4532-a15b-707d1d9f67b1\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\1a63c1f0-daa0-46dc-a2d5-a01a984b6ea7\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\1aeeeaa6-8892-4390-a871-0981fd7cbd11\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\1d9074e3-fcfa-4459-8047-2fdd4b66377c\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\1dedd8c7-6be7-47db-ae47-b4856ed07cfa\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\1e1c014f-549a-440e-ad6d-4b7197f4adb8\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\1ee202a4-dce1-4037-88b6-740e7cef8f72\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\23bae478-35b5-4d93-bd78-a8d5b19eb6a1\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\2440e018-b0b9-460a-a37c-7895a57aa646\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\27de83da-809b-43b6-ad54-620312188d3c\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\2960fee9-ed26-4c99-81a5-1eba11ea3afe\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\2b51aac5-2282-4414-9fb7-b824dbcce728\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\2d0e754f-673b-406f-87d1-e7183ca1ec35\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\2dfca4df-75fb-46cb-81f4-a9f84ab85e72\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\2e43cc2e-51aa-497e-9acb-0d8803ce745d\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\2e674af3-d7c5-4c99-a77b-cdeb2c255bc6\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\30241a3f-375c-46b6-9fe2-f3d6da2751cd\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\316439e5-da22-4397-8567-344c792b6397\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\3702bae9-0144-47fd-ae11-5de44609d020\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\39050b5b-822e-4796-a377-9caf05942d57\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\3bcf04c7-dfce-4ec8-927e-8667c064f165\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\40e443ab-c794-49c2-8027-3fa231b07b47\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\43c83f1f-edec-4d2b-9f7d-eafaf6993125\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\46877d18-005d-402e-b019-1c693693d30f\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\47d5a8d6-a78f-4d08-ad7e-38a0913a9330\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\48b68c2e-58bf-46da-a641-93a6120bca3f\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\49fbbfad-9a6d-41b3-85e5-0db69e2e8839\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\4ba88d1d-3fea-4f67-a4ed-59a81d0b40a8\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\4e7bcd8a-f1f2-4b7a-98e0-aaa9b3de8614\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\4f1fec4e-92f7-445a-a952-9eac4765d234\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\4fdfc8eb-6dca-42c4-a0c1-3bafd09b04d1\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\51a6375b-27aa-48a9-a0c6-893e38c7936f\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\53ae7afa-db48-4ed9-a37c-2c8ea2a9dd7e\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\55586151-23d5-4ee4-ae68-1d31eb954ec6\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\557f2b4d-27cc-4922-8827-2123dbf677d9\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\564faa8c-d07a-4079-8499-5e24f0cc5557\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\58df6d05-3951-4680-acf6-92faaf50188d\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\593dd33f-1f81-4db7-9e1f-79f4950558e6\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\61bc2c40-c40c-44d0-a06e-11924e992e5f\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\61fbcbf1-78f3-4668-b0b6-b69d407aab8f\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\650613f9-0eb8-4259-8b7e-6d1c4033c296\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\65ef01f4-0569-496b-a733-f8e745907506\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\69af407c-7a7a-42ab-aae1-388c4958bc62\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\6a59cd62-bd93-4c3d-b6f7-f035659f7cda\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\6a6e0fe8-4325-416d-b99b-b5a072ee7814\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\6ad02ec0-1dd1-44da-bba1-2693da1f125e\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\6e9879aa-9e42-4cee-ba0d-53c552400c2d\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\6fedbcee-56b9-4fdf-ab4d-4376e8bd08b4\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\703d0d81-abd4-4609-876e-ecb8952b8629\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\72135325-44c2-4b69-aa36-3c257ccd2894\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\7b1e2441-b10d-450a-b8de-97df494d0880\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\7b7a3698-8084-495c-b82a-7c78bb6915d1\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\81a31a1c-1ab3-472c-b003-f3d6f007cc3f\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\82abd0d8-1e52-4572-a5ff-98219f75ac2a\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\836b19d7-0d9a-4237-bb59-7a8ef664a01c\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\86450fa2-58e1-4273-8f54-2f529e41ecab\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\885faf67-c030-4b21-bc74-e723ffc1c20d\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\887305a3-c32f-4136-8f5b-0d822317d8b3\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\8a362d30-6cd5-4b40-b914-8add1afc484a\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\8c861772-5be9-4ad4-b6f7-674c04cedd3c\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\8f8bfb86-a554-493f-94cc-c5bb9fc72a59\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\8ff59299-0c23-4cf6-bbc4-706d3706b78d\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\90be13e5-4eed-4867-87f4-53408a244501\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\9428c1ae-3da6-47a4-ae05-8346670a8de4\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\94df38c5-05ca-48cf-b188-2eeda67d853d\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\95e54d56-1f5f-4d19-944a-8b618fee5185\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\96db8aba-9a61-4731-94f9-f88de6f04c63\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\97a3c13d-d685-434a-9030-d2f6404f37f3\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\98501a5a-9b6f-491a-998b-d0df8d260727\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\9c4041e5-a350-4b5b-a8b4-80f2d00794ec\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\9dfb146b-4415-4aaf-b902-1fb9d373d013\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\a2547547-3e54-4011-afd2-cb2f42dc5098\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\a3bca139-7332-4682-b1e7-4436d779088c\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\a60cc99e-1d88-44ee-9efe-57d50b048215\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\a83f17df-df2b-4f15-b22e-b5d7ff0d0fcc\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\a861a5c6-f9aa-4400-acb5-68be803e296b\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\a9d718eb-0ba4-4592-afe1-42a4c10d08f3\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\aa066209-f660-4050-a5a0-608df9ec00a0\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\aacd8619-420c-4640-8743-f5e27206226e\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\aaeb6822-a91d-4c6e-be36-ef66e5597163\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\b0255a84-6f48-4b1f-ba04-b6179e44eeb8\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\b1451d69-3740-43f9-bc57-4f1a2c7c8683\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\b216255e-bb50-4316-a42d-6d25051d42c7\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\b221e131-a951-453d-a121-61ce610aeeab\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\b4e65b4c-e4ce-4d89-baa4-4a61b36055da\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\b52cd98e-aa58-4a88-976d-5aa27748a4a0\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\b76ae107-f031-4535-8e89-704cd25910a1\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\b7efd47a-0ba9-4300-b6c6-b5faa6ba384a\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\baa27e31-ed6a-4dbe-a439-41c13146cc30\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\bb311bb0-e7bb-41b8-84fb-a4a3404f25ed\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\bb6987da-102e-4c02-beec-d95c69019b73\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\bfd3f125-be52-48cc-8414-1f3f744577ff\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\c2890cbd-6094-4e0f-b403-ce022cb9bbac\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\c3556cf9-1f63-4ea4-8f57-045cce3b80d3\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\c7ea8134-ecab-4815-9da5-7023acaec677\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\c9af2674-2332-4e0a-a1c3-3ebe2380c7a9\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\ca51295b-2677-4a86-8c2f-88bfeec48fa8\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\cad24044-b94d-4d4e-baf7-9e190549dd87\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\cb3ffd0f-488b-4f7c-8a79-e8bb5551e824\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\cd8a7651-9527-4594-a88d-a58e6b176dd1\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\cdb78cd4-fcc8-4b51-8192-f2b26020b812\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\ce5917b2-5ad2-428c-bf3e-a7242ef65eca\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\ceff5a87-366d-45a8-938e-7e3660db8266\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\d1ddd4d9-0db3-4446-98d8-7c7963e8c24b\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\d4fc451a-4d8d-4005-b03f-7f4709e16f4c\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\d4ffd600-ea1f-48a2-ae43-9c2f5e2e76ee\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\d75742bc-e503-4ec2-904a-699b486633fa\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\da566ca7-8b14-4093-8b80-ffec3b1d2ce5\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\da9d52e6-05b9-40f8-8253-d0319641663d\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\db51646a-8f06-430e-876d-99f025932b3e\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\dd7d3ceb-1388-4eaf-bac0-20de7eb92b98\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\e00fd28e-9067-4140-8147-2878bf440f9f\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\e0511625-144d-44af-af10-0dab63b5a721\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\e1d3cf34-ecf6-4ed6-81d1-6ded62ee5847\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\e200b3e5-e883-4642-8cfa-9cc1689d73f2\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\e4124aa2-25a6-4eb0-a8ff-3ed756678230\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\e42a95c3-bf15-45af-bf72-bce83a929efb\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\e5456543-9788-4028-89df-9706e27fdf16\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\e55c0428-eefe-49ad-9e31-afc432e56f01\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\e65ab6fe-8848-41af-b9e0-94ecef5497e2\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\ec40ceaf-7263-4fba-a8a4-19da398ff877\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\ecb7160f-5b82-4852-8ba5-91d74b6534ac\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\ed379915-77ac-4fb0-a98a-1ae96e45ced3\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\ed42cb21-eb8f-4bb6-b0ea-6cb3a4fe7d71\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\edc976b0-9296-45c7-bb25-761703e2356f\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\ef49c580-398a-40fd-861d-0536b54842c3\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\f1664b14-30e9-4a7c-b46a-d5b85275aad4\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\f28fb4b2-5032-44e8-be8e-f01ecfc4c33b\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\f362e655-15d4-43bb-9009-c70bf72676f3\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\f4e54047-fea8-4e0b-8347-5a1ce72042ba\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\f695c325-3fcb-4334-88af-de1c80b98612\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\f6da2710-a49d-47f5-a51f-923d43fd4d78\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\fa6699e8-61a2-42dd-9b7f-a8640f8edf41\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\fc741d3f-808e-42dd-94bc-a33ac41cf2ad\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\fd6832cc-b6c8-4970-a499-935245742424\au_5899_rules\AddCertificate.exe
[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Borion\AppData\Roaming\PCDr\Update\Rules\fdd4a07f-7c37-457c-a7ec-4ab0ba168804\au_5899_rules\AddCertificate.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.06.13 03:17:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009.06.13 03:17:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.06.13 03:17:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.07.15 13:10:00 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Drivers\storage\R191902\IaStor.sys
[2008.07.15 13:10:00 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.07.15 13:10:00 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
[2008.07.15 13:10:00 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_054cd65f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.05.21 07:10:58 | 000,397,312 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2011.04.29 13:08:54 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.04.29 13:08:54 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll

< End of report >

Gnorf · 07.12.2011, 21:19

Folgender ergänzender Hinweis:

Ich bekam gerade zum vierten Mal die Meldung meines Virenscanners, dass das Element: "Exploit:HTML/IframeRef.Z" erkannt und entfernt wurde.

Kurz bevor ich die Meldung erhielt, habe ich die Seite hxxp://zattoo.com/view aufgerufen. Soweit ich das beurteilen kann, ist diese Seite doch legal und sollte risikolos aufgerufen werden können, oder?!!?

cosinus · 08.12.2011, 11:27

Zitat:

Soweit ich das beurteilen kann, ist diese Seite doch legal und sollte risikolos aufgerufen werden können, oder?!!?

Was hat ein Virenwarnung mit der Legalität einer Seite zu tun?
Es ist völlig schnuppe ob auf der Seite legaler oder illegaler content liegt, jede Seite könnte Schadcode enthalten. Natürlich ist aber das Risiko bei offensichtlich illegalen/dubiosen Seiten höher.
Ebenso gut kann der Virenscanner hier aber einen Fehlalarm haben.

Das OTL-Log ist soweit ok.

Bitte nun (im normalen Modus!) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Gnorf · 08.12.2011, 19:48

Zitat:

Zitat von cosinus

Was hat ein Virenwarnung mit der Legalität einer Seite zu tun?
Es ist völlig schnuppe ob auf der Seite legaler oder illegaler content liegt, jede Seite könnte Schadcode enthalten. Natürlich ist aber das Risiko bei offensichtlich illegalen/dubiosen Seiten höher.
Ebenso gut kann der Virenscanner hier aber einen Fehlalarm haben.

stimmt natürlich, man wiegt sich da immer in einer nicht vorhandenen Sicherheit...

Hier der Kaspersky-Log:

Code:

ATTFilter

19:40:26.0185 10940	TDSS rootkit removing tool 2.6.22.0 Dec  7 2011 13:21:06
19:40:26.0487 10940	============================================================
19:40:26.0487 10940	Current date / time: 2011/12/08 19:40:26.0487
19:40:26.0487 10940	SystemInfo:
19:40:26.0487 10940	
19:40:26.0487 10940	OS Version: 6.0.6002 ServicePack: 2.0
19:40:26.0487 10940	Product type: Workstation
19:40:26.0487 10940	ComputerName: BORION-PC
19:40:26.0487 10940	UserName: Borion
19:40:26.0487 10940	Windows directory: C:\Windows
19:40:26.0487 10940	System windows directory: C:\Windows
19:40:26.0487 10940	Processor architecture: Intel x86
19:40:26.0487 10940	Number of processors: 4
19:40:26.0487 10940	Page size: 0x1000
19:40:26.0487 10940	Boot type: Normal boot
19:40:26.0487 10940	============================================================
19:40:27.0642 10940	Initialize success
19:40:59.0514 11040	============================================================
19:40:59.0514 11040	Scan started
19:40:59.0514 11040	Mode: Manual; SigCheck; TDLFS; 
19:40:59.0514 11040	============================================================
19:40:59.0757 11040	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:40:59.0852 11040	ACPI - ok
19:40:59.0891 11040	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:40:59.0911 11040	adp94xx - ok
19:40:59.0941 11040	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:40:59.0956 11040	adpahci - ok
19:40:59.0973 11040	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:40:59.0984 11040	adpu160m - ok
19:41:00.0072 11040	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:41:00.0083 11040	adpu320 - ok
19:41:00.0147 11040	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:41:00.0179 11040	AFD - ok
19:41:00.0266 11040	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:41:00.0276 11040	agp440 - ok
19:41:00.0301 11040	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:41:00.0312 11040	aic78xx - ok
19:41:00.0361 11040	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:41:00.0370 11040	aliide - ok
19:41:00.0388 11040	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:41:00.0397 11040	amdagp - ok
19:41:00.0422 11040	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:41:00.0431 11040	amdide - ok
19:41:00.0520 11040	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:41:00.0588 11040	AmdK7 - ok
19:41:00.0604 11040	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:41:00.0628 11040	AmdK8 - ok
19:41:00.0714 11040	AntiLog32       (773cd942b23f922ad3e93639f7736519) C:\Program Files\AntiLogger\AntiLog32.sys
19:41:00.0740 11040	AntiLog32 - ok
19:41:00.0809 11040	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:41:00.0819 11040	arc - ok
19:41:00.0854 11040	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:41:00.0864 11040	arcsas - ok
19:41:00.0904 11040	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:41:00.0927 11040	AsyncMac - ok
19:41:00.0950 11040	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:41:00.0960 11040	atapi - ok
19:41:01.0077 11040	atikmdag        (ba0e84dd556761ae095b58dc165351c3) C:\Windows\system32\DRIVERS\atikmdag.sys
19:41:01.0188 11040	atikmdag - ok
19:41:01.0287 11040	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:41:01.0310 11040	Beep - ok
19:41:01.0337 11040	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:41:01.0361 11040	blbdrive - ok
19:41:01.0394 11040	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:41:01.0420 11040	bowser - ok
19:41:01.0461 11040	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:41:01.0479 11040	BrFiltLo - ok
19:41:01.0501 11040	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:41:01.0520 11040	BrFiltUp - ok
19:41:01.0592 11040	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:41:01.0706 11040	Brserid - ok
19:41:01.0800 11040	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:41:01.0843 11040	BrSerWdm - ok
19:41:01.0869 11040	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:41:01.0910 11040	BrUsbMdm - ok
19:41:01.0925 11040	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:41:01.0967 11040	BrUsbSer - ok
19:41:02.0000 11040	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:41:02.0042 11040	BTHMODEM - ok
19:41:02.0133 11040	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:41:02.0157 11040	cdfs - ok
19:41:02.0186 11040	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:41:02.0205 11040	cdrom - ok
19:41:02.0226 11040	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:41:02.0257 11040	circlass - ok
19:41:02.0288 11040	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:41:02.0302 11040	CLFS - ok
19:41:02.0357 11040	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:41:02.0367 11040	cmdide - ok
19:41:02.0403 11040	Compbatt        (4fc0a44da7603229e1a9454126a59efd) C:\Windows\system32\drivers\compbatt.sys
19:41:02.0413 11040	Compbatt - ok
19:41:02.0439 11040	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:41:02.0448 11040	crcdisk - ok
19:41:02.0468 11040	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:41:02.0492 11040	Crusoe - ok
19:41:02.0566 11040	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:41:02.0584 11040	DfsC - ok
19:41:02.0625 11040	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:41:02.0636 11040	disk - ok
19:41:02.0674 11040	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:41:02.0693 11040	drmkaud - ok
19:41:02.0754 11040	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:41:02.0777 11040	DXGKrnl - ok
19:41:02.0823 11040	e1express       (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
19:41:02.0849 11040	e1express - ok
19:41:02.0884 11040	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:41:02.0923 11040	E1G60 - ok
19:41:02.0986 11040	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:41:02.0998 11040	Ecache - ok
19:41:03.0079 11040	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:41:03.0095 11040	elxstor - ok
19:41:03.0139 11040	ErrDev          (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
19:41:03.0163 11040	ErrDev - ok
19:41:03.0213 11040	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:41:03.0242 11040	exfat - ok
19:41:03.0312 11040	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:41:03.0332 11040	fastfat - ok
19:41:03.0363 11040	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:41:03.0387 11040	fdc - ok
19:41:03.0419 11040	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:41:03.0428 11040	FileInfo - ok
19:41:03.0440 11040	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:41:03.0463 11040	Filetrace - ok
19:41:03.0514 11040	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:41:03.0538 11040	flpydisk - ok
19:41:03.0573 11040	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:41:03.0585 11040	FltMgr - ok
19:41:03.0622 11040	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:41:03.0641 11040	Fs_Rec - ok
19:41:03.0670 11040	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:41:03.0680 11040	gagp30kx - ok
19:41:03.0781 11040	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
19:41:03.0818 11040	HdAudAddService - ok
19:41:03.0864 11040	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:41:03.0907 11040	HDAudBus - ok
19:41:03.0935 11040	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:41:03.0977 11040	HidBth - ok
19:41:04.0037 11040	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:41:04.0079 11040	HidIr - ok
19:41:04.0123 11040	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:41:04.0141 11040	HidUsb - ok
19:41:04.0173 11040	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:41:04.0183 11040	HpCISSs - ok
19:41:04.0223 11040	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:41:04.0255 11040	HTTP - ok
19:41:04.0342 11040	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:41:04.0351 11040	i2omp - ok
19:41:04.0391 11040	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:41:04.0412 11040	i8042prt - ok
19:41:04.0450 11040	iaStor          (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\drivers\iastor.sys
19:41:04.0462 11040	iaStor - ok
19:41:04.0519 11040	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:41:04.0532 11040	iaStorV - ok
19:41:04.0549 11040	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:41:04.0558 11040	iirsp - ok
19:41:04.0619 11040	IntcAzAudAddService (32abc54d0dde1a8885c9439537dd3bad) C:\Windows\system32\drivers\RTKVHDA.sys
19:41:04.0665 11040	IntcAzAudAddService - ok
19:41:04.0703 11040	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
19:41:04.0712 11040	intelide - ok
19:41:04.0766 11040	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:41:04.0790 11040	intelppm - ok
19:41:04.0808 11040	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:41:04.0832 11040	IpFilterDriver - ok
19:41:04.0841 11040	IpInIp - ok
19:41:04.0867 11040	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:41:04.0891 11040	IPMIDRV - ok
19:41:04.0914 11040	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:41:04.0939 11040	IPNAT - ok
19:41:04.0982 11040	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:41:05.0005 11040	IRENUM - ok
19:41:05.0048 11040	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:41:05.0057 11040	isapnp - ok
19:41:05.0114 11040	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:41:05.0127 11040	iScsiPrt - ok
19:41:05.0154 11040	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:41:05.0163 11040	iteatapi - ok
19:41:05.0210 11040	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:41:05.0219 11040	iteraid - ok
19:41:05.0255 11040	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:41:05.0264 11040	kbdclass - ok
19:41:05.0314 11040	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:41:05.0332 11040	kbdhid - ok
19:41:05.0362 11040	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
19:41:05.0380 11040	KSecDD - ok
19:41:05.0421 11040	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:41:05.0445 11040	lltdio - ok
19:41:05.0489 11040	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:41:05.0500 11040	LSI_FC - ok
19:41:05.0566 11040	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:41:05.0577 11040	LSI_SAS - ok
19:41:05.0622 11040	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:41:05.0632 11040	LSI_SCSI - ok
19:41:05.0662 11040	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:41:05.0686 11040	luafv - ok
19:41:05.0724 11040	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:41:05.0734 11040	megasas - ok
19:41:05.0806 11040	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:41:05.0823 11040	MegaSR - ok
19:41:05.0851 11040	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:41:05.0875 11040	Modem - ok
19:41:05.0910 11040	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:41:05.0933 11040	monitor - ok
19:41:05.0945 11040	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:41:05.0954 11040	mouclass - ok
19:41:05.0974 11040	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:41:05.0997 11040	mouhid - ok
19:41:06.0038 11040	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:41:06.0048 11040	MountMgr - ok
19:41:06.0093 11040	MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
19:41:06.0106 11040	MpFilter - ok
19:41:06.0189 11040	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:41:06.0201 11040	mpio - ok
19:41:06.0264 11040	MpKsl6313c76a - ok
19:41:06.0313 11040	MpKsl70dfa8bb   (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E9B3CEF-F80C-4896-AF14-141B9EB360B9}\MpKsl70dfa8bb.sys
19:41:06.0322 11040	MpKsl70dfa8bb - ok
19:41:06.0394 11040	MpNWMon         (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:41:06.0403 11040	MpNWMon - ok
19:41:06.0422 11040	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:41:06.0441 11040	mpsdrv - ok
19:41:06.0461 11040	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:41:06.0470 11040	Mraid35x - ok
19:41:06.0495 11040	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:41:06.0522 11040	MRxDAV - ok
19:41:06.0585 11040	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:41:06.0615 11040	mrxsmb - ok
19:41:06.0662 11040	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:41:06.0675 11040	mrxsmb10 - ok
19:41:06.0690 11040	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:41:06.0702 11040	mrxsmb20 - ok
19:41:06.0735 11040	msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
19:41:06.0744 11040	msahci - ok
19:41:06.0791 11040	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:41:06.0802 11040	msdsm - ok
19:41:06.0839 11040	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:41:06.0862 11040	Msfs - ok
19:41:06.0894 11040	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:41:06.0903 11040	msisadrv - ok
19:41:06.0961 11040	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:41:06.0992 11040	MSKSSRV - ok
19:41:07.0033 11040	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:41:07.0056 11040	MSPCLOCK - ok
19:41:07.0087 11040	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:41:07.0111 11040	MSPQM - ok
19:41:07.0181 11040	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:41:07.0193 11040	MsRPC - ok
19:41:07.0207 11040	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:41:07.0216 11040	mssmbios - ok
19:41:07.0248 11040	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:41:07.0272 11040	MSTEE - ok
19:41:07.0297 11040	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:41:07.0308 11040	Mup - ok
19:41:07.0386 11040	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:41:07.0418 11040	NativeWifiP - ok
19:41:07.0453 11040	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:41:07.0472 11040	NDIS - ok
19:41:07.0494 11040	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:41:07.0512 11040	NdisTapi - ok
19:41:07.0580 11040	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:41:07.0604 11040	Ndisuio - ok
19:41:07.0648 11040	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:41:07.0667 11040	NdisWan - ok
19:41:07.0682 11040	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:41:07.0701 11040	NDProxy - ok
19:41:07.0724 11040	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:41:07.0748 11040	NetBIOS - ok
19:41:07.0822 11040	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:41:07.0842 11040	netbt - ok
19:41:07.0869 11040	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:41:07.0878 11040	nfrd960 - ok
19:41:07.0908 11040	NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:41:07.0916 11040	NisDrv - ok
19:41:07.0944 11040	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:41:07.0962 11040	Npfs - ok
19:41:08.0034 11040	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:41:08.0058 11040	nsiproxy - ok
19:41:08.0097 11040	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:41:08.0127 11040	Ntfs - ok
19:41:08.0151 11040	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:41:08.0193 11040	ntrigdigi - ok
19:41:08.0219 11040	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:41:08.0242 11040	Null - ok
19:41:08.0317 11040	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:41:08.0327 11040	nvraid - ok
19:41:08.0356 11040	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:41:08.0365 11040	nvstor - ok
19:41:08.0392 11040	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:41:08.0403 11040	nv_agp - ok
19:41:08.0409 11040	NwlnkFlt - ok
19:41:08.0418 11040	NwlnkFwd - ok
19:41:08.0471 11040	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:41:08.0490 11040	ohci1394 - ok
19:41:08.0572 11040	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:41:08.0615 11040	Parport - ok
19:41:08.0654 11040	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:41:08.0665 11040	partmgr - ok
19:41:08.0679 11040	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:41:08.0721 11040	Parvdm - ok
19:41:08.0749 11040	PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok
19:41:08.0828 11040	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:41:08.0840 11040	pci - ok
19:41:08.0856 11040	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:41:08.0866 11040	pciide - ok
19:41:08.0900 11040	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:41:08.0912 11040	pcmcia - ok
19:41:08.0996 11040	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:41:09.0050 11040	PEAUTH - ok
19:41:09.0097 11040	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:41:09.0121 11040	PptpMiniport - ok
19:41:09.0139 11040	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:41:09.0163 11040	Processor - ok
19:41:09.0208 11040	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:41:09.0227 11040	PSched - ok
19:41:09.0309 11040	PxHelp20        (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
19:41:09.0317 11040	PxHelp20 - ok
19:41:09.0355 11040	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:41:09.0390 11040	ql2300 - ok
19:41:09.0407 11040	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:41:09.0417 11040	ql40xx - ok
19:41:09.0434 11040	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:41:09.0454 11040	QWAVEdrv - ok
19:41:09.0583 11040	R300            (ba0e84dd556761ae095b58dc165351c3) C:\Windows\system32\DRIVERS\atikmdag.sys
19:41:09.0647 11040	R300 - ok
19:41:09.0680 11040	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:41:09.0703 11040	RasAcd - ok
19:41:09.0780 11040	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:41:09.0804 11040	Rasl2tp - ok
19:41:09.0826 11040	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:41:09.0845 11040	RasPppoe - ok
19:41:09.0861 11040	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:41:09.0873 11040	RasSstp - ok
19:41:09.0897 11040	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:41:09.0917 11040	rdbss - ok
19:41:09.0986 11040	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:41:10.0010 11040	RDPCDD - ok
19:41:10.0037 11040	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:41:10.0063 11040	rdpdr - ok
19:41:10.0071 11040	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:41:10.0094 11040	RDPENCDD - ok
19:41:10.0123 11040	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:41:10.0144 11040	RDPWD - ok
19:41:10.0172 11040	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:41:10.0196 11040	rspndr - ok
19:41:10.0279 11040	RTL8169         (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:41:10.0289 11040	RTL8169 - ok
19:41:10.0307 11040	RtNdPt60        (7f8d15ee000577be703537849d4f9397) C:\Windows\system32\DRIVERS\RtNdPt60.sys
19:41:10.0326 11040	RtNdPt60 - ok
19:41:10.0369 11040	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:41:10.0378 11040	sbp2port - ok
19:41:10.0468 11040	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:41:10.0509 11040	secdrv - ok
19:41:10.0535 11040	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:41:10.0578 11040	Serenum - ok
19:41:10.0591 11040	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:41:10.0635 11040	Serial - ok
19:41:10.0668 11040	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:41:10.0691 11040	sermouse - ok
19:41:10.0718 11040	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:41:10.0738 11040	sffdisk - ok
19:41:10.0772 11040	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:41:10.0793 11040	sffp_mmc - ok
19:41:10.0866 11040	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:41:10.0887 11040	sffp_sd - ok
19:41:10.0904 11040	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:41:10.0941 11040	sfloppy - ok
19:41:10.0959 11040	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:41:10.0968 11040	sisagp - ok
19:41:10.0993 11040	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:41:11.0001 11040	SiSRaid2 - ok
19:41:11.0047 11040	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:41:11.0056 11040	SiSRaid4 - ok
19:41:11.0143 11040	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:41:11.0162 11040	Smb - ok
19:41:11.0181 11040	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:41:11.0190 11040	spldr - ok
19:41:11.0224 11040	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:41:11.0252 11040	srv - ok
19:41:11.0300 11040	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:41:11.0321 11040	srv2 - ok
19:41:11.0345 11040	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:41:11.0357 11040	srvnet - ok
19:41:11.0403 11040	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:41:11.0412 11040	swenum - ok
19:41:11.0465 11040	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:41:11.0474 11040	Symc8xx - ok
19:41:11.0498 11040	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:41:11.0507 11040	Sym_hi - ok
19:41:11.0534 11040	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:41:11.0543 11040	Sym_u3 - ok
19:41:11.0595 11040	Tcpip           (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
19:41:11.0620 11040	Tcpip - ok
19:41:11.0679 11040	Tcpip6          (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
19:41:11.0703 11040	Tcpip6 - ok
19:41:11.0721 11040	tcpipreg        (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
19:41:11.0738 11040	tcpipreg - ok
19:41:11.0769 11040	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:41:11.0790 11040	TDPIPE - ok
19:41:11.0808 11040	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:41:11.0835 11040	TDTCP - ok
19:41:11.0899 11040	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:41:11.0916 11040	tdx - ok
19:41:11.0935 11040	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:41:11.0945 11040	TermDD - ok
19:41:12.0000 11040	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:41:12.0022 11040	tssecsrv - ok
19:41:12.0035 11040	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:41:12.0052 11040	tunmp - ok
19:41:12.0059 11040	tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
19:41:12.0077 11040	tunnel - ok
19:41:12.0149 11040	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:41:12.0159 11040	uagp35 - ok
19:41:12.0201 11040	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:41:12.0221 11040	udfs - ok
19:41:12.0268 11040	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:41:12.0278 11040	uliagpkx - ok
19:41:12.0293 11040	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:41:12.0306 11040	uliahci - ok
19:41:12.0339 11040	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:41:12.0349 11040	UlSata - ok
19:41:12.0433 11040	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:41:12.0444 11040	ulsata2 - ok
19:41:12.0472 11040	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:41:12.0496 11040	umbus - ok
19:41:12.0534 11040	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:41:12.0553 11040	usbccgp - ok
19:41:12.0573 11040	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:41:12.0616 11040	usbcir - ok
19:41:12.0682 11040	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:41:12.0701 11040	usbehci - ok
19:41:12.0718 11040	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:41:12.0739 11040	usbhub - ok
19:41:12.0766 11040	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:41:12.0809 11040	usbohci - ok
19:41:12.0824 11040	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:41:12.0848 11040	usbprint - ok
19:41:12.0873 11040	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:41:12.0892 11040	usbscan - ok
19:41:12.0962 11040	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:41:12.0981 11040	USBSTOR - ok
19:41:12.0998 11040	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:41:13.0017 11040	usbuhci - ok
19:41:13.0051 11040	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:41:13.0075 11040	vga - ok
19:41:13.0094 11040	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:41:13.0118 11040	VgaSave - ok
19:41:13.0142 11040	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:41:13.0151 11040	viaagp - ok
19:41:13.0218 11040	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:41:13.0241 11040	ViaC7 - ok
19:41:13.0284 11040	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:41:13.0293 11040	viaide - ok
19:41:13.0330 11040	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:41:13.0340 11040	volmgr - ok
19:41:13.0372 11040	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:41:13.0386 11040	volmgrx - ok
19:41:13.0455 11040	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:41:13.0468 11040	volsnap - ok
19:41:13.0496 11040	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:41:13.0507 11040	vsmraid - ok
19:41:13.0567 11040	VSTHWBS2        (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
19:41:13.0594 11040	VSTHWBS2 - ok
19:41:13.0674 11040	VST_DPV         (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:41:13.0715 11040	VST_DPV - ok
19:41:13.0750 11040	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:41:13.0792 11040	WacomPen - ok
19:41:13.0815 11040	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:41:13.0834 11040	Wanarp - ok
19:41:13.0845 11040	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:41:13.0865 11040	Wanarpv6 - ok
19:41:13.0927 11040	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:41:13.0937 11040	Wd - ok
19:41:13.0992 11040	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:41:14.0009 11040	Wdf01000 - ok
19:41:14.0064 11040	winachsf        (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:41:14.0100 11040	winachsf - ok
19:41:14.0142 11040	WmiAcpi         (48ca581c12022ac60fe82e2b96fbf5d4) C:\Windows\system32\drivers\wmiacpi.sys
19:41:14.0154 11040	WmiAcpi - ok
19:41:14.0199 11040	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:41:14.0222 11040	ws2ifsl - ok
19:41:14.0271 11040	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:41:14.0295 11040	WUDFRd - ok
19:41:14.0311 11040	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:41:14.0388 11040	\Device\Harddisk0\DR0 - ok
19:41:14.0421 11040	Boot (0x1200)   (e836f36ceffb4d886d76ae42f4f1b41d) \Device\Harddisk0\DR0\Partition0
19:41:14.0422 11040	\Device\Harddisk0\DR0\Partition0 - ok
19:41:14.0425 11040	Boot (0x1200)   (9f47b043ef7c2cbc1726a44dc4cd376b) \Device\Harddisk0\DR0\Partition1
19:41:14.0426 11040	\Device\Harddisk0\DR0\Partition1 - ok
19:41:14.0428 11040	============================================================
19:41:14.0428 11040	Scan finished
19:41:14.0428 11040	============================================================
19:41:14.0441 11032	Detected object count: 0
19:41:14.0441 11032	Actual detected object count: 0
19:41:54.0055 11200	============================================================
19:41:54.0055 11200	Scan started
19:41:54.0055 11200	Mode: Manual; SigCheck; TDLFS; 
19:41:54.0055 11200	============================================================
19:41:54.0273 11200	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:41:54.0304 11200	ACPI - ok
19:41:54.0335 11200	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:41:54.0351 11200	adp94xx - ok
19:41:54.0382 11200	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:41:54.0398 11200	adpahci - ok
19:41:54.0413 11200	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:41:54.0413 11200	adpu160m - ok
19:41:54.0445 11200	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:41:54.0460 11200	adpu320 - ok
19:41:54.0554 11200	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:41:54.0569 11200	AFD - ok
19:41:54.0601 11200	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:41:54.0601 11200	agp440 - ok
19:41:54.0632 11200	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:41:54.0647 11200	aic78xx - ok
19:41:54.0694 11200	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:41:54.0694 11200	aliide - ok
19:41:54.0788 11200	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:41:54.0803 11200	amdagp - ok
19:41:54.0819 11200	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:41:54.0835 11200	amdide - ok
19:41:54.0866 11200	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:41:54.0897 11200	AmdK7 - ok
19:41:54.0913 11200	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:41:54.0944 11200	AmdK8 - ok
19:41:54.0991 11200	AntiLog32       (773cd942b23f922ad3e93639f7736519) C:\Program Files\AntiLogger\AntiLog32.sys
19:41:55.0006 11200	AntiLog32 - ok
19:41:55.0100 11200	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:41:55.0100 11200	arc - ok
19:41:55.0131 11200	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:41:55.0147 11200	arcsas - ok
19:41:55.0162 11200	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:41:55.0178 11200	AsyncMac - ok
19:41:55.0209 11200	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:41:55.0209 11200	atapi - ok
19:41:55.0287 11200	atikmdag        (ba0e84dd556761ae095b58dc165351c3) C:\Windows\system32\DRIVERS\atikmdag.sys
19:41:55.0349 11200	atikmdag - ok
19:41:55.0443 11200	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:41:55.0474 11200	Beep - ok
19:41:55.0490 11200	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:41:55.0521 11200	blbdrive - ok
19:41:55.0537 11200	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:41:55.0552 11200	bowser - ok
19:41:55.0568 11200	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:41:55.0599 11200	BrFiltLo - ok
19:41:55.0615 11200	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:41:55.0630 11200	BrFiltUp - ok
19:41:55.0646 11200	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:41:55.0693 11200	Brserid - ok
19:41:55.0786 11200	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:41:55.0817 11200	BrSerWdm - ok
19:41:55.0833 11200	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:41:55.0880 11200	BrUsbMdm - ok
19:41:55.0895 11200	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:41:55.0927 11200	BrUsbSer - ok
19:41:55.0958 11200	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:41:55.0989 11200	BTHMODEM - ok
19:41:56.0020 11200	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:41:56.0036 11200	cdfs - ok
19:41:56.0098 11200	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:41:56.0114 11200	cdrom - ok
19:41:56.0145 11200	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:41:56.0161 11200	circlass - ok
19:41:56.0192 11200	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:41:56.0207 11200	CLFS - ok
19:41:56.0239 11200	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:41:56.0239 11200	cmdide - ok
19:41:56.0301 11200	Compbatt        (4fc0a44da7603229e1a9454126a59efd) C:\Windows\system32\drivers\compbatt.sys
19:41:56.0317 11200	Compbatt - ok
19:41:56.0348 11200	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:41:56.0363 11200	crcdisk - ok
19:41:56.0379 11200	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:41:56.0410 11200	Crusoe - ok
19:41:56.0441 11200	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:41:56.0457 11200	DfsC - ok
19:41:56.0473 11200	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:41:56.0488 11200	disk - ok
19:41:56.0535 11200	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:41:56.0551 11200	drmkaud - ok
19:41:56.0597 11200	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:41:56.0613 11200	DXGKrnl - ok
19:41:56.0644 11200	e1express       (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
19:41:56.0675 11200	e1express - ok
19:41:56.0675 11200	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:41:56.0707 11200	E1G60 - ok
19:41:56.0722 11200	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:41:56.0738 11200	Ecache - ok
19:41:56.0816 11200	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:41:56.0816 11200	elxstor - ok
19:41:56.0863 11200	ErrDev          (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
19:41:56.0878 11200	ErrDev - ok
19:41:56.0925 11200	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:41:56.0925 11200	exfat - ok
19:41:56.0956 11200	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:41:56.0972 11200	fastfat - ok
19:41:57.0003 11200	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:41:57.0019 11200	fdc - ok
19:41:57.0081 11200	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:41:57.0081 11200	FileInfo - ok
19:41:57.0112 11200	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:41:57.0143 11200	Filetrace - ok
19:41:57.0159 11200	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:41:57.0190 11200	flpydisk - ok
19:41:57.0206 11200	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:41:57.0221 11200	FltMgr - ok
19:41:57.0237 11200	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:41:57.0268 11200	Fs_Rec - ok
19:41:57.0331 11200	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:41:57.0331 11200	gagp30kx - ok
19:41:57.0409 11200	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
19:41:57.0424 11200	HdAudAddService - ok
19:41:57.0440 11200	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:41:57.0471 11200	HDAudBus - ok
19:41:57.0487 11200	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:41:57.0533 11200	HidBth - ok
19:41:57.0596 11200	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:41:57.0627 11200	HidIr - ok
19:41:57.0674 11200	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:41:57.0689 11200	HidUsb - ok
19:41:57.0721 11200	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:41:57.0736 11200	HpCISSs - ok
19:41:57.0783 11200	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:41:57.0799 11200	HTTP - ok
19:41:57.0861 11200	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:41:57.0861 11200	i2omp - ok
19:41:57.0908 11200	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:41:57.0939 11200	i8042prt - ok
19:41:57.0986 11200	iaStor          (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\drivers\iastor.sys
19:41:57.0986 11200	iaStor - ok
19:41:58.0001 11200	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:41:58.0017 11200	iaStorV - ok
19:41:58.0048 11200	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:41:58.0064 11200	iirsp - ok
19:41:58.0173 11200	IntcAzAudAddService (32abc54d0dde1a8885c9439537dd3bad) C:\Windows\system32\drivers\RTKVHDA.sys
19:41:58.0220 11200	IntcAzAudAddService - ok
19:41:58.0267 11200	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
19:41:58.0282 11200	intelide - ok
19:41:58.0329 11200	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:41:58.0360 11200	intelppm - ok
19:41:58.0376 11200	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:41:58.0391 11200	IpFilterDriver - ok
19:41:58.0407 11200	IpInIp - ok
19:41:58.0423 11200	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:41:58.0454 11200	IPMIDRV - ok
19:41:58.0485 11200	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:41:58.0501 11200	IPNAT - ok
19:41:58.0547 11200	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:41:58.0563 11200	IRENUM - ok
19:41:58.0641 11200	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:41:58.0657 11200	isapnp - ok
19:41:58.0688 11200	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:41:58.0703 11200	iScsiPrt - ok
19:41:58.0719 11200	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:41:58.0719 11200	iteatapi - ok
19:41:58.0766 11200	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:41:58.0781 11200	iteraid - ok
19:41:58.0844 11200	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:41:58.0859 11200	kbdclass - ok
19:41:58.0875 11200	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:41:58.0891 11200	kbdhid - ok
19:41:58.0922 11200	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
19:41:58.0937 11200	KSecDD - ok
19:41:58.0969 11200	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:41:59.0000 11200	lltdio - ok
19:41:59.0078 11200	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:41:59.0093 11200	LSI_FC - ok
19:41:59.0109 11200	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:41:59.0109 11200	LSI_SAS - ok
19:41:59.0140 11200	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:41:59.0156 11200	LSI_SCSI - ok
19:41:59.0171 11200	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:41:59.0203 11200	luafv - ok
19:41:59.0234 11200	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:41:59.0249 11200	megasas - ok
19:41:59.0343 11200	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:41:59.0359 11200	MegaSR - ok
19:41:59.0405 11200	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:41:59.0421 11200	Modem - ok
19:41:59.0452 11200	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:41:59.0468 11200	monitor - ok
19:41:59.0499 11200	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:41:59.0499 11200	mouclass - ok
19:41:59.0561 11200	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:41:59.0577 11200	mouhid - ok
19:41:59.0593 11200	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:41:59.0608 11200	MountMgr - ok
19:41:59.0624 11200	MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
19:41:59.0639 11200	MpFilter - ok
19:41:59.0671 11200	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:41:59.0686 11200	mpio - ok
19:41:59.0749 11200	MpKsl6313c76a - ok
19:41:59.0780 11200	MpKsl70dfa8bb   (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E9B3CEF-F80C-4896-AF14-141B9EB360B9}\MpKsl70dfa8bb.sys
19:41:59.0795 11200	MpKsl70dfa8bb - ok
19:41:59.0842 11200	MpNWMon         (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:41:59.0858 11200	MpNWMon - ok
19:41:59.0889 11200	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:41:59.0905 11200	mpsdrv - ok
19:41:59.0936 11200	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:41:59.0936 11200	Mraid35x - ok
19:41:59.0967 11200	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:41:59.0983 11200	MRxDAV - ok
19:42:00.0029 11200	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:42:00.0029 11200	mrxsmb - ok
19:42:00.0107 11200	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:42:00.0107 11200	mrxsmb10 - ok
19:42:00.0139 11200	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:42:00.0154 11200	mrxsmb20 - ok
19:42:00.0185 11200	msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
19:42:00.0185 11200	msahci - ok
19:42:00.0248 11200	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:42:00.0263 11200	msdsm - ok
19:42:00.0295 11200	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:42:00.0310 11200	Msfs - ok
19:42:00.0326 11200	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:42:00.0341 11200	msisadrv - ok
19:42:00.0404 11200	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:42:00.0435 11200	MSKSSRV - ok
19:42:00.0451 11200	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:42:00.0466 11200	MSPCLOCK - ok
19:42:00.0513 11200	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:42:00.0529 11200	MSPQM - ok
19:42:00.0560 11200	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:42:00.0575 11200	MsRPC - ok
19:42:00.0622 11200	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:42:00.0638 11200	mssmbios - ok
19:42:00.0653 11200	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:42:00.0669 11200	MSTEE - ok
19:42:00.0685 11200	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:42:00.0700 11200	Mup - ok
19:42:00.0747 11200	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:42:00.0763 11200	NativeWifiP - ok
19:42:00.0794 11200	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:42:00.0809 11200	NDIS - ok
19:42:00.0872 11200	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:42:00.0887 11200	NdisTapi - ok
19:42:00.0934 11200	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:42:00.0950 11200	Ndisuio - ok
19:42:00.0981 11200	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:42:01.0012 11200	NdisWan - ok
19:42:01.0028 11200	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:42:01.0043 11200	NDProxy - ok
19:42:01.0090 11200	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:42:01.0106 11200	NetBIOS - ok
19:42:01.0137 11200	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:42:01.0153 11200	netbt - ok
19:42:01.0184 11200	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:42:01.0199 11200	nfrd960 - ok
19:42:01.0231 11200	NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:42:01.0231 11200	NisDrv - ok
19:42:01.0293 11200	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:42:01.0309 11200	Npfs - ok
19:42:01.0340 11200	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:42:01.0371 11200	nsiproxy - ok
19:42:01.0402 11200	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:42:01.0433 11200	Ntfs - ok
19:42:01.0511 11200	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:42:01.0543 11200	ntrigdigi - ok
19:42:01.0574 11200	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:42:01.0605 11200	Null - ok
19:42:01.0621 11200	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:42:01.0636 11200	nvraid - ok
19:42:01.0667 11200	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:42:01.0683 11200	nvstor - ok
19:42:01.0699 11200	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:42:01.0714 11200	nv_agp - ok
19:42:01.0745 11200	NwlnkFlt - ok
19:42:01.0792 11200	NwlnkFwd - ok
19:42:01.0839 11200	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:42:01.0855 11200	ohci1394 - ok
19:42:01.0886 11200	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:42:01.0933 11200	Parport - ok
19:42:01.0964 11200	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:42:01.0964 11200	partmgr - ok
19:42:01.0995 11200	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:42:02.0042 11200	Parvdm - ok
19:42:02.0073 11200	PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok
19:42:02.0120 11200	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:42:02.0135 11200	pci - ok
19:42:02.0151 11200	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:42:02.0167 11200	pciide - ok
19:42:02.0198 11200	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:42:02.0213 11200	pcmcia - ok
19:42:02.0245 11200	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:42:02.0307 11200	PEAUTH - ok
19:42:02.0385 11200	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:42:02.0401 11200	PptpMiniport - ok
19:42:02.0447 11200	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:42:02.0463 11200	Processor - ok
19:42:02.0494 11200	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:42:02.0510 11200	PSched - ok
19:42:02.0525 11200	PxHelp20        (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
19:42:02.0541 11200	PxHelp20 - ok
19:42:02.0603 11200	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:42:02.0635 11200	ql2300 - ok
19:42:02.0666 11200	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:42:02.0681 11200	ql40xx - ok
19:42:02.0697 11200	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:42:02.0713 11200	QWAVEdrv - ok
19:42:02.0775 11200	R300            (ba0e84dd556761ae095b58dc165351c3) C:\Windows\system32\DRIVERS\atikmdag.sys
19:42:02.0837 11200	R300 - ok
19:42:02.0931 11200	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:42:02.0947 11200	RasAcd - ok
19:42:02.0978 11200	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:42:03.0009 11200	Rasl2tp - ok
19:42:03.0025 11200	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:42:03.0056 11200	RasPppoe - ok
19:42:03.0071 11200	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:42:03.0071 11200	RasSstp - ok
19:42:03.0149 11200	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:42:03.0165 11200	rdbss - ok
19:42:03.0196 11200	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:42:03.0212 11200	RDPCDD - ok
19:42:03.0243 11200	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:42:03.0274 11200	rdpdr - ok
19:42:03.0274 11200	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:42:03.0305 11200	RDPENCDD - ok
19:42:03.0321 11200	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:42:03.0352 11200	RDPWD - ok
19:42:03.0415 11200	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:42:03.0446 11200	rspndr - ok
19:42:03.0477 11200	RTL8169         (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:42:03.0493 11200	RTL8169 - ok
19:42:03.0508 11200	RtNdPt60        (7f8d15ee000577be703537849d4f9397) C:\Windows\system32\DRIVERS\RtNdPt60.sys
19:42:03.0508 11200	RtNdPt60 - ok
19:42:03.0555 11200	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:42:03.0571 11200	sbp2port - ok
19:42:03.0633 11200	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:42:03.0680 11200	secdrv - ok
19:42:03.0711 11200	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:42:03.0742 11200	Serenum - ok
19:42:03.0758 11200	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:42:03.0805 11200	Serial - ok
19:42:03.0820 11200	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:42:03.0836 11200	sermouse - ok
19:42:03.0851 11200	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:42:03.0883 11200	sffdisk - ok
19:42:03.0898 11200	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:42:03.0929 11200	sffp_mmc - ok
19:42:03.0992 11200	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:42:04.0007 11200	sffp_sd - ok
19:42:04.0039 11200	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:42:04.0070 11200	sfloppy - ok
19:42:04.0085 11200	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:42:04.0101 11200	sisagp - ok
19:42:04.0117 11200	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:42:04.0132 11200	SiSRaid2 - ok
19:42:04.0179 11200	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:42:04.0195 11200	SiSRaid4 - ok
19:42:04.0273 11200	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:42:04.0288 11200	Smb - ok
19:42:04.0304 11200	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:42:04.0319 11200	spldr - ok
19:42:04.0351 11200	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:42:04.0366 11200	srv - ok
19:42:04.0382 11200	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:42:04.0397 11200	srv2 - ok
19:42:04.0444 11200	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:42:04.0460 11200	srvnet - ok
19:42:04.0507 11200	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:42:04.0522 11200	swenum - ok
19:42:04.0538 11200	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:42:04.0553 11200	Symc8xx - ok
19:42:04.0585 11200	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:42:04.0585 11200	Sym_hi - ok
19:42:04.0600 11200	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:42:04.0616 11200	Sym_u3 - ok
19:42:04.0694 11200	Tcpip           (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
19:42:04.0725 11200	Tcpip - ok
19:42:04.0772 11200	Tcpip6          (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
19:42:04.0803 11200	Tcpip6 - ok
19:42:04.0819 11200	tcpipreg        (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
19:42:04.0834 11200	tcpipreg - ok
19:42:04.0850 11200	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:42:04.0865 11200	TDPIPE - ok
19:42:04.0928 11200	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:42:04.0943 11200	TDTCP - ok
19:42:04.0975 11200	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:42:04.0990 11200	tdx - ok
19:42:05.0037 11200	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:42:05.0037 11200	TermDD - ok
19:42:05.0099 11200	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:42:05.0115 11200	tssecsrv - ok
19:42:05.0177 11200	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:42:05.0193 11200	tunmp - ok
19:42:05.0193 11200	tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
19:42:05.0224 11200	tunnel - ok
19:42:05.0240 11200	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:42:05.0255 11200	uagp35 - ok
19:42:05.0318 11200	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:42:05.0333 11200	udfs - ok
19:42:05.0380 11200	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:42:05.0380 11200	uliagpkx - ok
19:42:05.0443 11200	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:42:05.0458 11200	uliahci - ok
19:42:05.0474 11200	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:42:05.0489 11200	UlSata - ok
19:42:05.0552 11200	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:42:05.0552 11200	ulsata2 - ok
19:42:05.0583 11200	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:42:05.0614 11200	umbus - ok
19:42:05.0645 11200	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:42:05.0661 11200	usbccgp - ok
19:42:05.0708 11200	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:42:05.0739 11200	usbcir - ok
19:42:05.0770 11200	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:42:05.0786 11200	usbehci - ok
19:42:05.0817 11200	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:42:05.0848 11200	usbhub - ok
19:42:05.0864 11200	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:42:05.0911 11200	usbohci - ok
19:42:05.0926 11200	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:42:05.0942 11200	usbprint - ok
19:42:06.0004 11200	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:42:06.0020 11200	usbscan - ok
19:42:06.0051 11200	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:42:06.0067 11200	USBSTOR - ok
19:42:06.0098 11200	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:42:06.0113 11200	usbuhci - ok
19:42:06.0145 11200	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:42:06.0176 11200	vga - ok
19:42:06.0223 11200	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:42:06.0238 11200	VgaSave - ok
19:42:06.0269 11200	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:42:06.0269 11200	viaagp - ok
19:42:06.0285 11200	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:42:06.0316 11200	ViaC7 - ok
19:42:06.0363 11200	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:42:06.0363 11200	viaide - ok
19:42:06.0425 11200	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:42:06.0441 11200	volmgr - ok
19:42:06.0488 11200	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:42:06.0503 11200	volmgrx - ok
19:42:06.0535 11200	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:42:06.0550 11200	volsnap - ok
19:42:06.0613 11200	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:42:06.0628 11200	vsmraid - ok
19:42:06.0691 11200	VSTHWBS2        (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
19:42:06.0722 11200	VSTHWBS2 - ok
19:42:06.0753 11200	VST_DPV         (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:42:06.0784 11200	VST_DPV - ok
19:42:06.0815 11200	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:42:06.0862 11200	WacomPen - ok
19:42:06.0909 11200	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:42:06.0925 11200	Wanarp - ok
19:42:06.0940 11200	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:42:06.0956 11200	Wanarpv6 - ok
19:42:07.0003 11200	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:42:07.0003 11200	Wd - ok
19:42:07.0018 11200	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:42:07.0034 11200	Wdf01000 - ok
19:42:07.0081 11200	winachsf        (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:42:07.0127 11200	winachsf - ok
19:42:07.0159 11200	WmiAcpi         (48ca581c12022ac60fe82e2b96fbf5d4) C:\Windows\system32\drivers\wmiacpi.sys
19:42:07.0174 11200	WmiAcpi - ok
19:42:07.0205 11200	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:42:07.0221 11200	ws2ifsl - ok
19:42:07.0299 11200	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:42:07.0330 11200	WUDFRd - ok
19:42:07.0346 11200	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:42:07.0424 11200	\Device\Harddisk0\DR0 - ok
19:42:07.0455 11200	Boot (0x1200)   (e836f36ceffb4d886d76ae42f4f1b41d) \Device\Harddisk0\DR0\Partition0
19:42:07.0455 11200	\Device\Harddisk0\DR0\Partition0 - ok
19:42:07.0455 11200	Boot (0x1200)   (9f47b043ef7c2cbc1726a44dc4cd376b) \Device\Harddisk0\DR0\Partition1
19:42:07.0455 11200	\Device\Harddisk0\DR0\Partition1 - ok
19:42:07.0455 11200	============================================================
19:42:07.0455 11200	Scan finished
19:42:07.0455 11200	============================================================
19:42:07.0471 11192	Detected object count: 0
19:42:07.0471 11192	Actual detected object count: 0

cosinus · 08.12.2011, 21:18

Bislang ist alles unauffällig. Entweder ist nur die Seite verseucht (und nicht dein Rechner) oder der Virenscanner haut da einen Fehlalarm raus. Es könnte natürlich auch ein gut versteckter Schädling sein, den wir so noch nicht aufgespürt haben

Gnorf · 08.12.2011, 21:50

Erst mal ein herzliches Dankeschön für die bisherigen Bemühungen!

Also aus meiner Sicht ist das ja eigentlich eine gute Nachricht, dann kann ich ja wieder mein (Online-) Konto aufrufen.

Nachdem ich heute die Zattoo Seite aufgerufen habe, erhielt ich wieder die zwischenzeitlich bekannte Virenmeldung. Diesmal habe ich den "Schadcode" nicht gelöscht sondern in die Quarantäne verschoben.

Ist dies irgendwie hilfreich?!

cosinus · 08.12.2011, 21:52

Du weißt, was eine Quarantäne ist? Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

Gnorf · 08.12.2011, 22:26

Zitat:

Zitat von cosinus

Du weißt, was eine Quarantäne ist?

Nöö, weiß ich nicht wirklich

aber ich lerne gern dazu!

Dann gehe ich jetzt davon aus, dass mein Rechner nicht verseucht ist und nutze ihn wieder für Onlinebanking und ähnliche Dinge.

Ich möchte aber nicht vergessen mich herzlich für deine Bemühungen zu bedanken. Eine kleine Anerkennungs-Spende für deine/eure Arbeit ist veranlasst.

Auch wenns nicht zum eigentlichen Thema gehört, da ich - nicht falsch verstehen - am liebsten niemals mehr hier posten möchte, eine Frage zu meinen ggf. verbesserungswürdigen Sicherheitsvorkehrungen.

Ich besitze einen PC mit Betriebssystem Windows Visa. Bei sämtlichen Anwendungen achte ich darauf, dass diese immer entsprechend aktualisiert werden. Ich nutze als Firewall die normale von Windows, welche bereits standardmäßig vorhanden sind. Als Onlinescanner nutze ich Microsoft Security Essentials. Dann nutze ich derzeit noch den Zemana AntiLogger, allerdings weniger aus Überzeugung sondern mehr, weil er auf einer CD für ein Jahr umsonst verfügbar war.

Vom Typ her bin ich eher ein kritischer bis geiziger Anwender, also ich zahle ungern für Dinge, die es anderswo für umsonst oder wesentlich preiswerter gibt. Falls ein Produkt bzw. eine Software aber tatsächlich einen erheblichen Mehrwert hat, bin ich auch bereit dafür zu bezahlen!

Also wenn du noch Vorschläge hast um mich besser vor Schadsoftware zu schützen, wäre ich dafür sehr dankbar.

Grüße, Gnorf

cosinus · 09.12.2011, 10:13

Zitat:

Also wenn du noch Vorschläge hast um mich besser vor Schadsoftware zu schützen, wäre ich dafür sehr dankbar.

IMHO solltest du ein gutes Konzept haben. Gerade der Punkjt, dass du nicht auf sinnfreie PFWs schwörst, sondern die Windows-Firewall nimmst und immer auf die Aktualität der Programme achtest ist schon sehr löblich!

Ich poste bei solchen Fragen immer das hier:

Halte Dich am besten grob an diese Regeln:

Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
Halte Windows und alle verwendeten Programme immer aktuell - unterstützen kann dich dabei Secunia PSI
Führe regelmäßig Backups auf externe Medien durch
Arbeite mit eingeschränkten Rechten
Nutze sichere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen
automatische Wiedergabe von allen Laufwerken komplett deaktivieren, denn das ist ein unnötiges Sicherheitsrisiko
Bei der Installation von Software möglichst darauf achten, dass die Setups aus offiziellen Quellen stammen und du bei der Installation nach Möglichkeit die benutzerdefinierte Methode wählst - dann hast du die Möglichkeit etwaigen Schrott (wie Toolbars oder sowas wie RegistryBooster) abzuwählen, welcher sonst einfach mitinstalliert wird.
Bösartige bzw. ungewollte Sites von vornherein blockieren lassen mit Hilfe der MVPS Hosts File => Blocking Unwanted Parasites with a Hosts File

Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?

08.12.2011, 21:18	#9
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Exploit:HTML/IframeRef.Z wird immer wieder aufs neue gefunden Bislang ist alles unauffällig. Entweder ist nur die Seite verseucht (und nicht dein Rechner) oder der Virenscanner haut da einen Fehlalarm raus. Es könnte natürlich auch ein gut versteckter Schädling sein, den wir so noch nicht aufgespürt haben __________________ Logfiles bitte immer in CODE-Tags posten

Exploit:HTML/IframeRef.Z wird immer wieder aufs neue gefunden

Log-Analyse und Auswertung: Exploit:HTML/IframeRef.Z wird immer wieder aufs neue gefunden