|
Plagegeister aller Art und deren Bekämpfung: Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.05.2012, 12:37 | #16 |
| Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Konnte ursprüngliches Log nicht uploaden, weil das Log mehr als 100000 Zeichen hatte. Habe darum das Log auf 14 Tage begrenzt (das Problem ist erst eine Woche alt). Geschafft! Hier dann endlich der Scan: OTL Logfile: Code:
ATTFilter OTL logfile created on: 5/8/2012 1:18:38 PM - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = D:\Install\Internet\Antivirus 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 4.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 36.88% Memory free 8.00 Gb Paging File | 5.66 Gb Available in Paging File | 70.72% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 315.25 Gb Total Space | 219.25 Gb Free Space | 69.55% Space Free | Partition Type: NTFS Drive D: | 345.33 Gb Total Space | 150.35 Gb Free Space | 43.54% Space Free | Partition Type: NTFS Drive X: | 259.15 Gb Total Space | 212.81 Gb Free Space | 82.12% Space Free | Partition Type: NTFS Drive Y: | 100.00 Mb Total Space | 70.17 Mb Free Space | 70.17% Space Free | Partition Type: NTFS Drive Z: | 11.68 Gb Total Space | 1.42 Gb Free Space | 12.17% Space Free | Partition Type: NTFS Computer Name: GERD-HP | User Name: Gerd | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012/05/08 10:51:01 | 000,595,456 | ---- | M] (OldTimer Tools) -- D:\Install\Internet\Antivirus\OTL.exe PRC - [2012/05/02 13:28:42 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/05/01 09:28:19 | 000,400,344 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/20 12:20:52 | 000,571,320 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe PRC - [2012/03/13 06:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Gerd\AppData\Local\Akamai\netsession_win.exe PRC - [2012/01/12 15:53:01 | 000,046,376 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMediaInfoPDVD12.exe PRC - [2012/01/12 15:52:57 | 000,296,232 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe PRC - [2012/01/12 15:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe PRC - [2012/01/12 15:52:55 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe PRC - [2012/01/12 14:58:47 | 000,371,256 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe PRC - [2011/11/10 11:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2011/08/24 18:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- D:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- D:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- D:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- D:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010/10/01 14:59:38 | 000,884,736 | ---- | M] () -- C:\Program Files (x86)\MFP Server Utilities\MFPAgent.exe PRC - [2010/01/25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/01/25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/01/18 19:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe PRC - [2007/09/14 08:02:10 | 001,080,264 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\totalcmd\TOTALCMD.EXE ========== Modules (No Company Name) ========== MOD - [2012/05/02 13:28:42 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/05/01 09:28:19 | 001,952,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2012/05/01 09:28:19 | 000,162,776 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll MOD - [2012/05/01 09:28:19 | 000,021,976 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll MOD - [2012/01/29 18:29:07 | 000,985,088 | ---- | M] () -- D:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2012/01/12 14:55:29 | 000,075,048 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\subsys\DLNA\DMS\_PyDMSCtrl.pyd MOD - [2011/08/24 04:39:11 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd MOD - [2011/08/24 04:39:11 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ctypes.pyd MOD - [2011/08/24 04:39:11 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd MOD - [2010/10/01 14:59:38 | 000,884,736 | ---- | M] () -- C:\Program Files (x86)\MFP Server Utilities\MFPAgent.exe MOD - [2010/01/18 19:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/01/26 19:01:28 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011/01/26 13:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc) SRV:64bit: - [2010/11/20 15:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN) SRV:64bit: - [2010/09/27 17:42:04 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:64bit: - [2010/06/17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV:64bit: - [2010/03/10 16:29:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 03:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC) SRV - [2012/05/02 13:28:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/29 09:54:55 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/27 19:06:59 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai) SRV - [2012/03/20 13:49:22 | 001,118,648 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2012/03/20 12:20:52 | 000,571,320 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2012/03/20 11:11:50 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/01/12 15:52:57 | 000,296,232 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service) SRV - [2012/01/12 15:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12) SRV - [2012/01/12 15:52:55 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service) SRV - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- D:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2011/08/03 08:24:47 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/01/28 22:36:46 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/11/20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010/11/20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010/11/20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/20 13:50:48 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg) DRV:64bit: - [2012/03/20 13:50:18 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD) DRV:64bit: - [2012/03/20 13:43:36 | 000,339,608 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi) DRV:64bit: - [2012/03/20 12:21:14 | 000,085,192 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD) DRV:64bit: - [2012/03/16 12:15:42 | 000,426,104 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore) DRV:64bit: - [2012/03/14 19:23:00 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA) DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS) DRV:64bit: - [2012/01/08 11:40:54 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011/03/04 21:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010/09/27 17:42:04 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp) DRV:64bit: - [2010/09/27 17:42:00 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb) DRV:64bit: - [2010/09/27 17:41:58 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl) DRV:64bit: - [2010/03/10 18:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2010/03/10 16:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010/03/10 15:34:06 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/03/04 16:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010/01/28 07:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010/01/19 21:44:32 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) DRV:64bit: - [2009/10/19 23:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009/10/08 02:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/10/08 02:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/09/12 09:05:32 | 000,039,552 | ---- | M] (None) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mfpec.sys -- (ALIWEHCD) DRV:64bit: - [2009/09/12 09:05:32 | 000,013,184 | ---- | M] (None) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfpcomp.sys -- (AliWGP) DRV:64bit: - [2009/09/12 09:05:32 | 000,012,416 | ---- | M] (None) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfpvbus.sys -- (WUSBVBus) DRV:64bit: - [2009/08/26 08:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 22:35:02 | 000,244,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1q60x64.sys -- (e1qexpress) Stuurprogramma Q voor Intel(R) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009/03/13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2009/03/04 09:48:50 | 000,213,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/01/08 11:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV - [2012/01/11 23:57:42 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/02/22 13:39:57] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2011/10/27 08:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {40373B9D-88C1-4F6E-9B57-E9534E4CC3A0} IE:64bit: - HKLM\..\SearchScopes\{40373B9D-88C1-4F6E-9B57-E9534E4CC3A0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN IE - HKLM\..\SearchScopes,DefaultScope = {40373B9D-88C1-4F6E-9B57-E9534E4CC3A0} IE - HKLM\..\SearchScopes\{40373B9D-88C1-4F6E-9B57-E9534E4CC3A0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\SearchScopes,DefaultScope = {3C2010D6-0CF4-40DB-8BC0-DE8A292879E3} IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\SearchScopes\{3C2010D6-0CF4-40DB-8BC0-DE8A292879E3}: "URL" = hxxp://www.google.nl/search?hl=nl&q={searchTerms} IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2012/05/07 10:29:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/02 13:28:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/19 18:33:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/16 21:39:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/01/05 23:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Extensions [2011/01/05 23:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/05/05 18:15:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\a9ua28ft.default\extensions [2012/05/05 18:15:03 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\a9ua28ft.default\extensions\foxmarks@kei.com [2011/09/23 21:48:29 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\a9ua28ft.default\extensions\maps@ovi.com [2012/05/05 13:04:11 | 000,002,354 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\a9ua28ft.default\searchplugins\aol-web-search.xml [2012/05/02 20:12:29 | 000,002,354 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\a9ua28ft.default\searchplugins\locked-aol-web-search.xml.wlrp [2012/04/12 16:22:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/04/12 16:22:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/05/05 13:04:11 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\GERD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A9UA28FT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012/05/02 13:28:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/03/05 00:42:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/02/11 14:09:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/02/11 14:09:58 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml [2012/02/11 14:09:58 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml [2012/02/11 14:09:58 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O3:64bit: - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MFP Manager] C:\Program Files (x86)\MFP Server Utilities\MFPAgent.exe () O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe File not found O4 - HKLM..\Run: [PMBVolumeWatcher] D:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001..\Run: [Akamai NetSession Interface] C:\Users\Gerd\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson London Advent Calendar.lnk = File not found O4 - Startup: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Manager for Skype.lnk = D:\ProgramFiles (x86)\Manager for Skype\ManagerForSkype.exe () O4 - Startup: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = D:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E54B6F9-0701-4446-A286-C1DA3BBC7DB0}: DhcpNameServer = 192.168.123.254 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2} - C:\Windows\SysWow64\WDShell.DLL (PC SOFT) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - Y:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - Z:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/05/07 15:25:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/05/07 10:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security [2012/05/04 22:40:35 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\Malwarebytes [2012/05/04 22:40:27 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/05/04 22:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/04 22:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/05/04 22:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/04 03:09:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/05/02 19:46:10 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\Ujshrilvp [2012/05/02 13:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/05/02 13:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/04/12 16:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/04/12 16:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/05/08 12:50:06 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/05/08 12:25:04 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/05/08 11:06:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/08 11:06:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/08 11:03:51 | 001,833,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/05/08 11:03:51 | 000,810,998 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2012/05/08 11:03:51 | 000,708,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/05/08 11:03:51 | 000,177,570 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2012/05/08 11:03:51 | 000,139,172 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/05/08 10:56:41 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/05/08 10:56:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/08 10:55:50 | 3220,660,224 | -HS- | M] () -- C:\hiberfil.sys [2012/05/07 10:32:42 | 000,014,776 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys [2012/05/05 22:57:57 | 004,209,334 | ---- | M] () -- C:\Users\Gerd\Desktop\OBI-keukens.pdf [2012/05/05 17:09:24 | 000,000,000 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2012/05/05 16:25:40 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2012/05/05 16:25:30 | 000,008,192 | ---- | M] () -- C:\BOOTSECT.BAK [2012/05/05 16:10:39 | 000,000,334 | ---- | M] () -- C:\Users\Gerd\Desktop\WD SAAS remote admin.url [2012/05/05 13:39:22 | 000,000,730 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012/05/05 13:38:58 | 000,000,623 | ---- | M] () -- C:\Users\Gerd\Desktop\WoW.exe.lnk [2012/05/05 13:04:37 | 000,832,658 | ---- | M] () -- C:\Users\Gerd\Documents\Dachgeschoss.xar [2012/05/05 13:04:37 | 000,795,196 | ---- | M] () -- C:\Users\Gerd\Documents\Afzuigkap_koolstoffilter.emf [2012/05/05 13:04:37 | 000,215,955 | ---- | M] () -- C:\Users\Gerd\Desktop\64691_xm3_de_UM.pdf [2012/05/05 13:04:37 | 000,151,334 | ---- | M] () -- C:\Users\Gerd\Desktop\Noresund-Bed-Side.jpg2511ae93-c869-4db2-a592-20ba7b19f76cLarger.jpg [2012/05/05 13:04:37 | 000,054,249 | ---- | M] () -- C:\Users\Gerd\Documents\Oberwiesenthal_plattegrond.xar [2012/05/05 13:04:37 | 000,002,158 | ---- | M] () -- C:\Users\Gerd\Desktop\WebDev-server Chris.rdp [2012/05/05 13:04:37 | 000,002,028 | ---- | M] () -- C:\Users\Gerd\Documents\Default.rdp [2012/05/05 13:04:37 | 000,000,867 | ---- | M] () -- C:\Users\Gerd\Documents\everest_HP_Gerd.rpf [2012/05/05 13:04:37 | 000,000,332 | ---- | M] () -- C:\Users\Gerd\Desktop\WebDev remote admin.url [2012/05/05 13:04:37 | 000,000,328 | ---- | M] () -- C:\Users\Gerd\Desktop\WebDev remote admin - kopie.url [2012/05/05 12:58:45 | 000,007,605 | ---- | M] () -- C:\Users\Gerd\AppData\Local\Resmon.ResmonCfg [2012/05/05 12:57:19 | 000,000,738 | ---- | M] () -- C:\Users\Gerd\.recently-used.xbel [2012/05/04 20:57:31 | 007,401,821 | ---- | M] () -- C:\Users\Gerd\AppData\Local\census.cache [2012/05/04 20:51:40 | 000,113,378 | ---- | M] () -- C:\Users\Gerd\AppData\Local\ars.cache [2012/05/03 19:24:16 | 000,129,024 | ---- | M] () -- C:\Windows\RegBootClean64.exe [2012/05/02 20:14:19 | 000,832,658 | ---- | M] () -- C:\Users\Gerd\Documents\locked-Dachgeschoss.xar.jdzp [2012/05/02 20:14:19 | 000,054,249 | ---- | M] () -- C:\Users\Gerd\Documents\locked-Oberwiesenthal_plattegrond.xar.oyyj [2012/05/02 20:14:19 | 000,002,028 | ---- | M] () -- C:\Users\Gerd\Documents\locked-Default.rdp.quhz [2012/05/02 20:14:19 | 000,000,867 | ---- | M] () -- C:\Users\Gerd\Documents\locked-everest_HP_Gerd.rpf.rmqi [2012/05/02 20:14:15 | 000,795,196 | ---- | M] () -- C:\Users\Gerd\Documents\locked-Afzuigkap_koolstoffilter.emf.ybos [2012/05/02 20:07:12 | 000,007,605 | ---- | M] () -- C:\Users\Gerd\AppData\Local\locked-Resmon.ResmonCfg.kprg [2012/05/02 20:06:21 | 000,000,738 | ---- | M] () -- C:\Users\Gerd\locked-.recently-used.xbel.xfpd [2012/05/01 22:27:16 | 000,000,335 | ---- | M] () -- C:\Windows\HFREP.INI [2012/04/30 17:29:50 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh321 [2012/04/30 17:29:30 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh320 [2012/04/30 17:28:00 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh323 [2012/04/30 17:26:42 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh322 [2012/04/30 10:21:57 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job [2012/04/26 18:38:10 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh325 [2012/04/26 18:37:48 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh324 [2012/04/14 17:55:36 | 000,000,191 | ---- | M] () -- C:\Windows\topmeeting.INI [2012/04/13 00:58:35 | 002,062,860 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2012/04/08 16:26:40 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\WDStatistic_WebServer_Chris.job [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/05/05 22:57:56 | 004,209,334 | ---- | C] () -- C:\Users\Gerd\Desktop\OBI-keukens.pdf [2012/05/05 17:09:24 | 000,000,312 | ---- | C] () -- C:\Users\Gerd\Desktop\Curse Client.appref-ms [2012/05/05 17:09:24 | 000,000,000 | ---- | C] () -- C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2012/05/05 13:04:37 | 000,832,658 | ---- | C] () -- C:\Users\Gerd\Documents\Dachgeschoss.xar [2012/05/05 13:04:37 | 000,795,196 | ---- | C] () -- C:\Users\Gerd\Documents\Afzuigkap_koolstoffilter.emf [2012/05/05 13:04:37 | 000,215,955 | ---- | C] () -- C:\Users\Gerd\Desktop\64691_xm3_de_UM.pdf [2012/05/05 13:04:37 | 000,151,334 | ---- | C] () -- C:\Users\Gerd\Desktop\Noresund-Bed-Side.jpg2511ae93-c869-4db2-a592-20ba7b19f76cLarger.jpg [2012/05/05 13:04:37 | 000,054,249 | ---- | C] () -- C:\Users\Gerd\Documents\Oberwiesenthal_plattegrond.xar [2012/05/05 13:04:37 | 000,002,158 | ---- | C] () -- C:\Users\Gerd\Desktop\WebDev-server Chris.rdp [2012/05/05 13:04:37 | 000,002,028 | ---- | C] () -- C:\Users\Gerd\Documents\Default.rdp [2012/05/05 13:04:37 | 000,000,867 | ---- | C] () -- C:\Users\Gerd\Documents\everest_HP_Gerd.rpf [2012/05/05 13:04:37 | 000,000,334 | ---- | C] () -- C:\Users\Gerd\Desktop\WD SAAS remote admin.url [2012/05/05 13:04:37 | 000,000,332 | ---- | C] () -- C:\Users\Gerd\Desktop\WebDev remote admin.url [2012/05/05 13:04:37 | 000,000,328 | ---- | C] () -- C:\Users\Gerd\Desktop\WebDev remote admin - kopie.url [2012/05/05 12:57:20 | 000,007,605 | ---- | C] () -- C:\Users\Gerd\AppData\Local\Resmon.ResmonCfg [2012/05/05 12:57:19 | 000,000,738 | ---- | C] () -- C:\Users\Gerd\.recently-used.xbel [2012/05/03 19:24:16 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe [2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh325 [2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh324 [2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh323 [2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh322 [2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh321 [2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh320 [2012/04/29 09:54:56 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/14 17:55:25 | 000,000,191 | ---- | C] () -- C:\Windows\topmeeting.INI [2012/04/04 12:21:50 | 000,417,792 | ---- | C] () -- C:\Windows\SysWow64\MFPBot.dll [2012/04/04 12:21:49 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\InstallMFPPS.dll [2012/04/04 12:21:48 | 000,229,376 | ---- | C] () -- C:\Windows\SysWow64\Install98MFPPS.dll [2012/04/04 12:21:48 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ddschk.dll [2012/04/04 12:21:48 | 000,000,235 | ---- | C] () -- C:\Windows\SysWow64\Config.ini [2012/03/06 23:23:24 | 000,008,192 | ---- | C] () -- C:\Users\Gerd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/13 23:27:27 | 000,212,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/09/27 22:18:14 | 000,000,296 | ---- | C] () -- C:\Windows\topbudget.ini [2011/08/14 12:41:47 | 007,401,821 | ---- | C] () -- C:\Users\Gerd\AppData\Local\census.cache [2011/08/14 12:40:34 | 000,113,378 | ---- | C] () -- C:\Users\Gerd\AppData\Local\ars.cache [2011/08/14 12:26:41 | 000,000,036 | ---- | C] () -- C:\Users\Gerd\AppData\Local\housecall.guid.cache [2011/05/25 12:57:38 | 000,000,335 | ---- | C] () -- C:\Windows\HFREP.INI [2011/05/19 16:49:34 | 000,030,736 | ---- | C] () -- C:\Users\Gerd\AppData\Roaming\mdbu.bin [2011/04/07 16:13:54 | 000,000,059 | ---- | C] () -- C:\Windows\LTDLG13N.INI [2011/03/20 00:04:08 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2011/03/19 16:14:07 | 001,720,480 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/01/28 22:32:45 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011/01/28 21:33:04 | 000,000,392 | ---- | C] () -- C:\Windows\ODBC.INI [2011/01/27 18:10:28 | 000,007,605 | ---- | C] () -- C:\Users\Gerd\AppData\Local\locked-Resmon.ResmonCfg.kprg [2011/01/08 00:21:22 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll1126.old [2011/01/08 00:21:22 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0506.old [2011/01/08 00:21:22 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0222.old [2011/01/08 00:21:22 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll [2011/01/06 01:08:19 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/01/05 13:43:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/01/05 02:19:15 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2010/10/19 16:48:51 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2010/10/19 16:46:52 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010/10/19 16:14:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011/08/25 22:28:29 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Applications WinDev [2011/05/08 22:54:34 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Canon [2012/01/13 23:25:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/03/22 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\com.adobe.newhope.NHProject.prod.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 [2012/05/05 12:58:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\DAEMON Tools Lite [2012/05/05 12:58:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GHISLER [2011/06/27 21:00:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant [2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\inkscape [2011/11/19 22:20:15 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\JLAdventCalendarLondon2011 [2012/05/07 15:39:01 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\KeePass [2012/01/29 15:14:54 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\MAGIX [2011/03/19 23:42:23 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Manager for Skype [2012/05/05 13:04:07 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\MB-Ruler Pro special [2012/05/05 13:04:12 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Notepad++ [2012/01/29 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\OpenOffice.org [2011/08/23 21:15:46 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PC SOFT [2012/01/05 17:44:32 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PCTools [2012/05/05 13:04:20 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\RCP 6 [2011/03/20 00:04:11 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Red Alert 3 [2012/03/06 23:51:50 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Serif [2011/06/09 21:35:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\streamripper [2012/05/05 13:04:35 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TestApp [2011/01/05 23:03:15 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Thunderbird [2012/05/03 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Ujshrilvp [2011/01/06 14:19:49 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\WinBatch [2011/09/14 20:46:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Zoner [2012/05/05 13:04:37 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\_MDLogs [2012/04/30 10:21:57 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job [2012/03/15 11:12:39 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/04/08 16:26:40 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\WDStatistic_WebServer_Chris.job [2011/07/06 15:58:32 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\WDStatistique_WebServer_Chris.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012/05/05 12:58:08 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Adobe [2011/08/25 22:28:29 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Applications WinDev [2011/01/05 01:26:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\ATI [2011/05/08 22:54:34 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Canon [2012/01/13 23:25:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/03/22 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\com.adobe.newhope.NHProject.prod.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 [2012/02/26 13:34:18 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\CyberLink [2012/05/05 12:58:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\DAEMON Tools Lite [2012/05/05 12:58:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GHISLER [2011/06/27 21:00:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant [2011/01/08 01:04:00 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Hewlett-Packard [2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\HP Support Assistant [2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\hpqLog [2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\HpUpdate [2011/01/05 01:22:57 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Identities [2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\inkscape [2012/04/04 12:21:05 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\InstallShield [2011/11/19 22:20:15 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\JLAdventCalendarLondon2011 [2012/05/07 15:39:01 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\KeePass [2011/01/05 01:56:37 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Macromedia [2012/01/29 15:14:54 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\MAGIX [2012/05/04 22:40:35 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Malwarebytes [2011/03/19 23:42:23 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Manager for Skype [2012/05/05 13:04:07 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\MB-Ruler Pro special [2009/07/14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Media Center Programs [2012/02/07 22:44:00 | 000,000,000 | --SD | M] -- C:\Users\Gerd\AppData\Roaming\Microsoft [2011/03/19 18:59:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Microsoft Web Folders [2011/01/05 13:43:29 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Mozilla [2012/05/05 13:04:12 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Notepad++ [2012/01/29 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\OpenOffice.org [2011/08/23 21:15:46 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PC SOFT [2011/01/08 00:12:33 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PC Tools [2012/01/05 17:44:32 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PCTools [2012/05/05 13:04:20 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\RCP 6 [2011/03/20 00:04:11 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Red Alert 3 [2012/03/06 23:51:50 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Serif [2012/05/08 12:44:31 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Skype [2012/01/31 23:20:19 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Sony Corporation [2011/06/09 21:35:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\streamripper [2012/05/05 13:04:35 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TestApp [2011/01/05 23:03:15 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Thunderbird [2012/05/03 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Ujshrilvp [2012/05/05 13:04:36 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Winamp [2011/01/06 14:19:49 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\WinBatch [2011/09/14 20:46:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Zoner [2012/05/05 13:04:37 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\_MDLogs < %APPDATA%\*.exe /s > [2012/05/05 12:58:20 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\0E912997-236E-47E2-95F5-A48D23849954\AutoRunCE.exe [2012/05/05 12:58:21 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\0E912997-236E-47E2-95F5-A48D23849954\0\module.exe [2012/05/05 12:58:21 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\0E912997-236E-47E2-95F5-A48D23849954\1\module.exe [2012/05/05 12:58:29 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\14401177-16D2-4E73-B83C-41971CFCE4D4\AutoRunCE.exe [2012/05/05 12:58:29 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\14401177-16D2-4E73-B83C-41971CFCE4D4\1\module.exe [2012/05/05 12:58:45 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\2003BB59-1C52-4F0A-BA35-A2B95067BE31\AutoRunCE.exe [2012/05/05 12:58:46 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\2003BB59-1C52-4F0A-BA35-A2B95067BE31\0\module.exe [2012/05/05 12:58:53 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\2003BB59-1C52-4F0A-BA35-A2B95067BE31\1\module.exe [2012/05/05 12:59:09 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\331D4C06-4E59-487C-BB56-41058B8622B6\AutoRunCE.exe [2012/05/05 12:59:11 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\331D4C06-4E59-487C-BB56-41058B8622B6\1\module.exe [2012/05/05 12:59:16 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\378D0E99-C488-41AF-AE17-DD09DC6F0E94\AutoRunCE.exe [2012/05/05 12:59:16 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\378D0E99-C488-41AF-AE17-DD09DC6F0E94\0\module.exe [2012/05/05 12:59:17 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\378D0E99-C488-41AF-AE17-DD09DC6F0E94\1\module.exe [2012/05/05 12:59:46 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\47DF284F-9584-4592-AA9D-04F8AF344305\AutoRunCE.exe [2012/05/05 12:59:46 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\47DF284F-9584-4592-AA9D-04F8AF344305\0\module.exe [2012/05/05 12:59:47 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\47DF284F-9584-4592-AA9D-04F8AF344305\1\module.exe [2012/05/05 12:59:47 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\49FEC15D-61D1-4674-AC7D-A2A1F3AE1E65\AutoRunCE.exe [2012/05/05 12:59:47 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\49FEC15D-61D1-4674-AC7D-A2A1F3AE1E65\0\module.exe [2012/05/05 12:59:49 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\49FEC15D-61D1-4674-AC7D-A2A1F3AE1E65\1\module.exe [2012/05/05 12:59:55 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\4FD0BE5A-BFA7-43EB-B54D-437602A85E82\AutoRunCE.exe [2012/05/05 12:59:55 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\4FD0BE5A-BFA7-43EB-B54D-437602A85E82\0\module.exe [2012/05/05 12:59:56 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\4FD0BE5A-BFA7-43EB-B54D-437602A85E82\1\module.exe [2012/05/05 13:00:01 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\58896A8A-81B1-42A0-AE34-2011D084E08C\AutoRunCE.exe [2012/05/05 13:00:02 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\58896A8A-81B1-42A0-AE34-2011D084E08C\1\module.exe [2012/05/05 13:00:25 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\709330FD-59B0-4916-B4C5-8DE7DDE4DFB1\AutoRunCE.exe [2012/05/05 13:00:26 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\709330FD-59B0-4916-B4C5-8DE7DDE4DFB1\0\module.exe [2012/05/05 13:00:26 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\709330FD-59B0-4916-B4C5-8DE7DDE4DFB1\1\module.exe [2012/05/05 13:00:28 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72913EB9-EEF8-4CA2-98A7-81E5D92A3AAA\AutoRunCE.exe [2012/05/05 13:00:28 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72913EB9-EEF8-4CA2-98A7-81E5D92A3AAA\0\module.exe [2012/05/05 13:00:29 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72913EB9-EEF8-4CA2-98A7-81E5D92A3AAA\1\module.exe [2012/05/05 13:00:29 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72E3FFB6-30CD-401E-ABD1-17666B48AA06\AutoRunCE.exe [2012/05/05 13:00:30 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72E3FFB6-30CD-401E-ABD1-17666B48AA06\1\module.exe [2012/05/05 13:00:42 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\86CCC2EC-9AED-4ACC-AB8B-4C920DA18322\AutoRunCE.exe [2012/05/05 13:00:43 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\86CCC2EC-9AED-4ACC-AB8B-4C920DA18322\0\module.exe [2012/05/05 13:00:43 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\86CCC2EC-9AED-4ACC-AB8B-4C920DA18322\1\module.exe [2012/05/05 13:00:43 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\876F365A-1E2C-46BA-99AB-B798D77FE0A3\AutoRunCE.exe [2012/05/05 13:00:44 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\876F365A-1E2C-46BA-99AB-B798D77FE0A3\1\module.exe [2012/05/05 13:01:21 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\97B98C68-CBCE-433D-9B6B-5B74C3B4CF92\AutoRunCE.exe [2012/05/05 13:01:21 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\97B98C68-CBCE-433D-9B6B-5B74C3B4CF92\0\module.exe [2012/05/05 13:01:24 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\97B98C68-CBCE-433D-9B6B-5B74C3B4CF92\1\module.exe [2012/05/05 13:01:24 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9835DC98-D031-4AFF-9C1E-2FD56B467E9C\AutoRunCE.exe [2012/05/05 13:01:25 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9835DC98-D031-4AFF-9C1E-2FD56B467E9C\1\module.exe [2012/05/05 13:01:26 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9912DBF6-CA70-41A2-AE0E-1DD3EBE25B73\AutoRunCE.exe [2012/05/05 13:01:26 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9912DBF6-CA70-41A2-AE0E-1DD3EBE25B73\1\module.exe [2012/05/05 13:01:29 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\99552AAE-107D-45C3-8303-6FCF2A575A00\AutoRunCE.exe [2012/05/05 13:01:30 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\99552AAE-107D-45C3-8303-6FCF2A575A00\1\module.exe [2012/05/05 13:01:35 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9DC15144-F0D8-474B-B6B1-C9BBA2F0FFF9\AutoRunCE.exe [2012/05/05 13:01:35 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9DC15144-F0D8-474B-B6B1-C9BBA2F0FFF9\1\module.exe [2012/05/05 13:02:00 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\AFEEC91E-5160-4B03-BBE2-199CE05689F6\AutoRunCE.exe [2012/05/05 13:02:00 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\AFEEC91E-5160-4B03-BBE2-199CE05689F6\0\module.exe [2012/05/05 13:02:01 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\AFEEC91E-5160-4B03-BBE2-199CE05689F6\1\module.exe [2012/05/05 13:02:34 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\C16FD898-E0BC-468C-AAB3-419F580788F2\AutoRunCE.exe [2012/05/05 13:02:35 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\C16FD898-E0BC-468C-AAB3-419F580788F2\1\module.exe [2012/05/05 13:02:44 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\C32B8022-D512-4087-9CB8-EACB5751598C\AutoRunCE.exe [2012/05/05 13:02:48 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\C32B8022-D512-4087-9CB8-EACB5751598C\1\module.exe [2012/05/05 13:02:52 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CC4D79E3-301F-4142-A5D1-C7B18E5667D4\AutoRunCE.exe [2012/05/05 13:02:52 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CC4D79E3-301F-4142-A5D1-C7B18E5667D4\0\module.exe [2012/05/05 13:02:53 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CC4D79E3-301F-4142-A5D1-C7B18E5667D4\1\module.exe [2012/05/05 13:02:53 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CCC3E6A7-55E6-4383-B44F-C3D562B8A64C\AutoRunCE.exe [2012/05/05 13:02:53 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CCC3E6A7-55E6-4383-B44F-C3D562B8A64C\1\module.exe [2012/05/05 13:03:07 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\D93DB5ED-300A-47B8-B3BE-D3B6394128B6\AutoRunCE.exe [2012/05/05 13:03:08 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\D93DB5ED-300A-47B8-B3BE-D3B6394128B6\1\module.exe [2012/05/05 13:03:09 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\DCF63542-BB44-433F-971B-52FFBC501A13\AutoRunCE.exe [2012/05/05 13:03:09 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\DCF63542-BB44-433F-971B-52FFBC501A13\1\module.exe [2012/05/05 13:03:10 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\DCFF7B1D-742C-42B9-BF82-8251F722A070\AutoRunCE.exe [2012/05/05 13:03:11 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\DCFF7B1D-742C-42B9-BF82-8251F722A070\1\module.exe [2012/05/05 13:03:21 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E0EC9F7F-74F9-4DAF-BDAA-76F6F3669856\AutoRunCE.exe [2012/05/05 13:03:21 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E0EC9F7F-74F9-4DAF-BDAA-76F6F3669856\0\module.exe [2012/05/05 13:03:22 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E0EC9F7F-74F9-4DAF-BDAA-76F6F3669856\1\module.exe [2012/05/05 13:03:23 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E2FFF65A-C686-4994-BE8A-AA5C4B122391\AutoRunCE.exe [2012/05/05 13:03:24 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E2FFF65A-C686-4994-BE8A-AA5C4B122391\1\module.exe [2012/05/05 13:03:25 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E341699C-641C-4C95-B926-EC6B70872360\AutoRunCE.exe [2012/05/05 13:03:25 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E341699C-641C-4C95-B926-EC6B70872360\1\module.exe [2012/05/05 13:03:26 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E3F63653-7C45-4D1C-ACB9-AA56DE482C89\AutoRunCE.exe [2012/05/05 13:03:26 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E3F63653-7C45-4D1C-ACB9-AA56DE482C89\0\module.exe [2012/05/05 13:03:27 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E3F63653-7C45-4D1C-ACB9-AA56DE482C89\1\module.exe [2012/05/05 13:03:27 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E55DF6D4-8095-4EBA-A61B-2771BB99366E\AutoRunCE.exe [2012/05/05 13:03:27 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E55DF6D4-8095-4EBA-A61B-2771BB99366E\0\module.exe [2012/05/05 13:03:29 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E55DF6D4-8095-4EBA-A61B-2771BB99366E\1\module.exe [2012/05/05 13:03:29 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E6650664-052B-4970-8424-B681B49292CA\AutoRunCE.exe [2012/05/05 13:03:29 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E6650664-052B-4970-8424-B681B49292CA\0\module.exe [2012/05/05 13:03:30 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E6650664-052B-4970-8424-B681B49292CA\1\module.exe [2012/05/05 13:03:36 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EB904842-620C-4422-8B40-6EFC26DAA6A1\AutoRunCE.exe [2012/05/05 13:03:36 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EB904842-620C-4422-8B40-6EFC26DAA6A1\0\module.exe [2012/05/05 13:03:37 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EB904842-620C-4422-8B40-6EFC26DAA6A1\1\module.exe [2012/05/05 13:03:37 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EBF0E2DD-C4FA-437E-B07C-5480CA2E7AD6\AutoRunCE.exe [2012/05/05 13:03:37 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EBF0E2DD-C4FA-437E-B07C-5480CA2E7AD6\0\module.exe [2012/05/05 13:03:38 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EBF0E2DD-C4FA-437E-B07C-5480CA2E7AD6\1\module.exe [2012/05/05 13:03:51 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\F7DA528A-685F-4DF5-9B05-745EE5D7315E\AutoRunCE.exe [2012/05/05 13:03:52 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\F7DA528A-685F-4DF5-9B05-745EE5D7315E\0\module.exe [2012/05/05 13:03:52 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\F7DA528A-685F-4DF5-9B05-745EE5D7315E\1\module.exe [2012/05/05 13:03:57 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\FCD0DB2E-0BCC-49AC-B440-C7254DC65DE2\AutoRunCE.exe [2012/05/05 13:03:57 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\FCD0DB2E-0BCC-49AC-B440-C7254DC65DE2\1\module.exe [2011/12/31 19:07:25 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Gerd\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008/06/06 23:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\wininit.exe [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe < MD5 for: WINLOGON.EXE > [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84 < End of report > Ganz schön lange Liste geworden! Falls Du Fragen hast, lass es bitte wissen. MfG, Gerd |
08.05.2012, 16:03 | #17 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O3:64bit: - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O4 - HKLM..\Run: [] File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - Y:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - Z:\autorun.inf -- [ NTFS ] @Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84 :Files C:\Users\Gerd\AppData\Roaming\Ujshrilvp C:\Windows\SysWow64\winsh32? :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
08.05.2012, 20:22 | #18 |
| Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Hallo Arne,
__________________Geschafft! Hier ist das Log vom OTL-fix: Code:
ATTFilter All processes killed ========== OTL ========== HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully. C:\Program Files (x86)\Winamp Toolbar\winamptb.dll moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully. C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully. C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully. File C:\Program Files (x86)\Winamp Toolbar\winamptb.dll not found. 64bit-Registry value HKEY_USERS\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found. Registry value HKEY_USERS\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found. Registry value HKEY_USERS\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found. File C:\Program Files (x86)\Winamp Toolbar\winamptb.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autorun.inf moved successfully. D:\autorun.inf moved successfully. Y:\autorun.inf moved successfully. Z:\autorun.inf moved successfully. ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully. ADS C:\ProgramData\Temp:430C6D84 deleted successfully. ========== FILES ========== C:\Users\Gerd\AppData\Roaming\Ujshrilvp folder moved successfully. C:\Windows\SysWow64\winsh320 moved successfully. C:\Windows\SysWow64\winsh321 moved successfully. C:\Windows\SysWow64\winsh322 moved successfully. C:\Windows\SysWow64\winsh323 moved successfully. C:\Windows\SysWow64\winsh324 moved successfully. C:\Windows\SysWow64\winsh325 moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gerd ->Temp folder emptied: 201854029 bytes ->Temporary Internet Files folder emptied: 19254804 bytes ->Java cache emptied: 11565884 bytes ->FireFox cache emptied: 270608160 bytes ->Flash cache emptied: 147910 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 231185843 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67753 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 701.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Gerd ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.42.3 log created on 05082012_210415 Files\Folders moved on Reboot... C:\Users\Gerd\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Gerd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N58ZN033\addons-v4[1].htm moved successfully. C:\Users\Gerd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJQCL4IB\addons-tracker-v4[1].htm moved successfully. File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... Vielen, vielen Dank für deine Hilfe! MfG, Gerd |
11.05.2012, 09:04 | #19 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
11.05.2012, 10:02 | #20 |
| Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Hallo Arne, Hier das Ergebnis: Code:
ATTFilter 10:50:56.0060 6048 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 10:50:56.0234 6048 ============================================================ 10:50:56.0234 6048 Current date / time: 2012/05/11 10:50:56.0234 10:50:56.0234 6048 SystemInfo: 10:50:56.0234 6048 10:50:56.0234 6048 OS Version: 6.1.7601 ServicePack: 1.0 10:50:56.0234 6048 Product type: Workstation 10:50:56.0235 6048 ComputerName: GERD-HP 10:50:56.0235 6048 UserName: Gerd 10:50:56.0235 6048 Windows directory: C:\Windows 10:50:56.0235 6048 System windows directory: C:\Windows 10:50:56.0236 6048 Running under WOW64 10:50:56.0236 6048 Processor architecture: Intel x64 10:50:56.0236 6048 Number of processors: 4 10:50:56.0236 6048 Page size: 0x1000 10:50:56.0236 6048 Boot type: Normal boot 10:50:56.0236 6048 ============================================================ 10:50:57.0610 6048 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 10:50:57.0626 6048 ============================================================ 10:50:57.0626 6048 \Device\Harddisk0\DR0: 10:50:57.0626 6048 MBR partitions: 10:50:57.0626 6048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 10:50:57.0626 6048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x27680800 10:50:57.0644 6048 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x276B3000, BlocksNum 0x2064B000 10:50:57.0644 6048 ============================================================ 10:50:57.0671 6048 C: <-> \Device\Harddisk0\DR0\Partition1 10:50:57.0704 6048 Y: <-> \Device\Harddisk0\DR0\Partition0 10:50:57.0746 6048 X: <-> \Device\Harddisk0\DR0\Partition2 10:50:57.0747 6048 ============================================================ 10:50:57.0747 6048 Initialize success 10:50:57.0747 6048 ============================================================ 10:52:42.0997 3708 ============================================================ 10:52:42.0997 3708 Scan started 10:52:42.0997 3708 Mode: Manual; SigCheck; TDLFS; 10:52:42.0997 3708 ============================================================ 10:52:44.0576 3708 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 10:52:44.0688 3708 1394ohci - ok 10:52:44.0710 3708 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 10:52:44.0728 3708 ACPI - ok 10:52:44.0747 3708 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 10:52:44.0799 3708 AcpiPmi - ok 10:52:44.0826 3708 AdobeActiveFileMonitor10.0 - ok 10:52:44.0918 3708 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 10:52:44.0951 3708 AdobeARMservice - ok 10:52:45.0062 3708 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 10:52:45.0084 3708 AdobeFlashPlayerUpdateSvc - ok 10:52:45.0123 3708 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 10:52:45.0145 3708 adp94xx - ok 10:52:45.0163 3708 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 10:52:45.0182 3708 adpahci - ok 10:52:45.0193 3708 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 10:52:45.0209 3708 adpu320 - ok 10:52:45.0233 3708 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 10:52:45.0324 3708 AeLookupSvc - ok 10:52:45.0369 3708 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 10:52:45.0424 3708 AFD - ok 10:52:45.0450 3708 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 10:52:45.0464 3708 agp440 - ok 10:52:45.0716 3708 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll 10:52:45.0717 3708 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7 10:52:45.0722 3708 Akamai ( HiddenFile.Multi.Generic ) - warning 10:52:45.0723 3708 Akamai - detected HiddenFile.Multi.Generic (1) 10:52:45.0846 3708 aksdf (89cd44c10d9b4d87725ff07f18a5702f) C:\Windows\system32\drivers\aksdf.sys 10:52:45.0884 3708 aksdf ( UnsignedFile.Multi.Generic ) - warning 10:52:45.0884 3708 aksdf - detected UnsignedFile.Multi.Generic (1) 10:52:45.0897 3708 aksfridge (ba0b6fd78ae88d39b9d3d984f295a137) C:\Windows\system32\DRIVERS\aksfridge.sys 10:52:45.0937 3708 aksfridge ( UnsignedFile.Multi.Generic ) - warning 10:52:45.0937 3708 aksfridge - detected UnsignedFile.Multi.Generic (1) 10:52:45.0952 3708 akshasp (a56f1b0f967aef8a82d7771e6d166def) C:\Windows\system32\DRIVERS\akshasp.sys 10:52:45.0989 3708 akshasp - ok 10:52:46.0009 3708 akshhl (67dff8c8f95cb21c9c3380dd4c0387f2) C:\Windows\system32\DRIVERS\akshhl.sys 10:52:46.0065 3708 akshhl - ok 10:52:46.0083 3708 aksusb (a9a09bc526e614ce9f29bb23c2a76ced) C:\Windows\system32\DRIVERS\aksusb.sys 10:52:46.0135 3708 aksusb - ok 10:52:46.0159 3708 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 10:52:46.0234 3708 ALG - ok 10:52:46.0272 3708 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 10:52:46.0292 3708 aliide - ok 10:52:46.0326 3708 ALIWEHCD (6c77aaee7ea10f35533d610022f4cce2) C:\Windows\system32\Drivers\mfpec.sys 10:52:46.0383 3708 ALIWEHCD - ok 10:52:46.0394 3708 AliWGP (db1aca48b42304350667d1c26de2b29d) C:\Windows\system32\DRIVERS\mfpcomp.sys 10:52:46.0419 3708 AliWGP - ok 10:52:46.0453 3708 AMD External Events Utility (0de7bf2a2e64a841f9abf9558870d9c4) C:\Windows\system32\atiesrxx.exe 10:52:46.0516 3708 AMD External Events Utility - ok 10:52:46.0590 3708 AMD FUEL Service - ok 10:52:46.0619 3708 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe 10:52:46.0660 3708 AMD Reservation Manager - ok 10:52:46.0682 3708 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 10:52:46.0719 3708 amdide - ok 10:52:46.0731 3708 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys 10:52:46.0809 3708 amdiox64 - ok 10:52:46.0833 3708 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 10:52:46.0880 3708 AmdK8 - ok 10:52:47.0154 3708 amdkmdag (f284da3156166b45d02acc3c228ade1e) C:\Windows\system32\DRIVERS\atipmdag.sys 10:52:47.0300 3708 amdkmdag - ok 10:52:47.0408 3708 amdkmdap (91e1daf0193bd2ab90b1b35c987237fe) C:\Windows\system32\DRIVERS\atikmpag.sys 10:52:47.0443 3708 amdkmdap - ok 10:52:47.0464 3708 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 10:52:47.0495 3708 AmdPPM - ok 10:52:47.0509 3708 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys 10:52:47.0527 3708 amdsata - ok 10:52:47.0547 3708 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 10:52:47.0573 3708 amdsbs - ok 10:52:47.0595 3708 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys 10:52:47.0607 3708 amdxata - ok 10:52:47.0668 3708 Apache2.2 (53ea061ecc67223a430f153c3682ad54) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe 10:52:47.0700 3708 Apache2.2 ( UnsignedFile.Multi.Generic ) - warning 10:52:47.0700 3708 Apache2.2 - detected UnsignedFile.Multi.Generic (1) 10:52:47.0763 3708 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll 10:52:47.0833 3708 AppHostSvc - ok 10:52:47.0876 3708 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 10:52:48.0010 3708 AppID - ok 10:52:48.0030 3708 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 10:52:48.0076 3708 AppIDSvc - ok 10:52:48.0099 3708 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 10:52:48.0137 3708 Appinfo - ok 10:52:48.0146 3708 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 10:52:48.0161 3708 arc - ok 10:52:48.0170 3708 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 10:52:48.0185 3708 arcsas - ok 10:52:48.0227 3708 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 10:52:48.0271 3708 AsyncMac - ok 10:52:48.0311 3708 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 10:52:48.0324 3708 atapi - ok 10:52:48.0363 3708 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys 10:52:48.0399 3708 AtiHDAudioService - ok 10:52:48.0428 3708 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys 10:52:48.0456 3708 AtiHdmiService - ok 10:52:48.0494 3708 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys 10:52:48.0528 3708 AtiPcie - ok 10:52:48.0594 3708 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 10:52:48.0655 3708 AudioEndpointBuilder - ok 10:52:48.0661 3708 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 10:52:48.0697 3708 AudioSrv - ok 10:52:48.0739 3708 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 10:52:48.0836 3708 AxInstSV - ok 10:52:48.0900 3708 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 10:52:48.0959 3708 b06bdrv - ok 10:52:48.0996 3708 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 10:52:49.0023 3708 b57nd60a - ok 10:52:49.0047 3708 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 10:52:49.0081 3708 BDESVC - ok 10:52:49.0084 3708 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 10:52:49.0131 3708 Beep - ok 10:52:49.0190 3708 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 10:52:49.0243 3708 BFE - ok 10:52:49.0298 3708 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 10:52:49.0361 3708 BITS - ok 10:52:49.0394 3708 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 10:52:49.0419 3708 blbdrive - ok 10:52:49.0446 3708 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 10:52:49.0474 3708 bowser - ok 10:52:49.0486 3708 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 10:52:49.0562 3708 BrFiltLo - ok 10:52:49.0587 3708 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 10:52:49.0608 3708 BrFiltUp - ok 10:52:49.0634 3708 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 10:52:49.0687 3708 Browser - ok 10:52:49.0806 3708 Browser Defender Update Service (9d5fd177db76a7f5d6b8678870820d3c) C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe 10:52:49.0847 3708 Browser Defender Update Service - ok 10:52:49.0894 3708 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 10:52:49.0936 3708 Brserid - ok 10:52:49.0944 3708 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 10:52:50.0011 3708 BrSerWdm - ok 10:52:50.0028 3708 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 10:52:50.0061 3708 BrUsbMdm - ok 10:52:50.0066 3708 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 10:52:50.0108 3708 BrUsbSer - ok 10:52:50.0115 3708 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 10:52:50.0137 3708 BTHMODEM - ok 10:52:50.0166 3708 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 10:52:50.0199 3708 bthserv - ok 10:52:50.0208 3708 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 10:52:50.0271 3708 cdfs - ok 10:52:50.0303 3708 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 10:52:50.0320 3708 cdrom - ok 10:52:50.0351 3708 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 10:52:50.0389 3708 CertPropSvc - ok 10:52:50.0394 3708 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 10:52:50.0414 3708 circlass - ok 10:52:50.0448 3708 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 10:52:50.0466 3708 CLFS - ok 10:52:50.0580 3708 CLHNServiceForPowerDVD12 (4c6406cf07d4ebb70c5774d55c6688fb) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe 10:52:50.0615 3708 CLHNServiceForPowerDVD12 - ok 10:52:50.0676 3708 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:52:50.0709 3708 clr_optimization_v2.0.50727_32 - ok 10:52:50.0754 3708 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 10:52:50.0774 3708 clr_optimization_v2.0.50727_64 - ok 10:52:50.0833 3708 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 10:52:50.0864 3708 clr_optimization_v4.0.30319_32 - ok 10:52:50.0877 3708 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 10:52:50.0893 3708 clr_optimization_v4.0.30319_64 - ok 10:52:50.0916 3708 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 10:52:50.0930 3708 CmBatt - ok 10:52:50.0951 3708 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 10:52:50.0965 3708 cmdide - ok 10:52:51.0002 3708 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 10:52:51.0027 3708 CNG - ok 10:52:51.0055 3708 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 10:52:51.0076 3708 Compbatt - ok 10:52:51.0102 3708 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 10:52:51.0159 3708 CompositeBus - ok 10:52:51.0166 3708 COMSysApp - ok 10:52:51.0184 3708 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 10:52:51.0205 3708 crcdisk - ok 10:52:51.0249 3708 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 10:52:51.0308 3708 CryptSvc - ok 10:52:51.0405 3708 CyberLink PowerDVD 12 Media Server Monitor Service (ea22bca708b37b82adebc822a171b92e) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe 10:52:51.0440 3708 CyberLink PowerDVD 12 Media Server Monitor Service - ok 10:52:51.0475 3708 CyberLink PowerDVD 12 Media Server Service (3168d2f171a64590e7a11355cae60a1e) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe 10:52:51.0499 3708 CyberLink PowerDVD 12 Media Server Service - ok 10:52:51.0531 3708 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 10:52:51.0575 3708 DcomLaunch - ok 10:52:51.0607 3708 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 10:52:51.0652 3708 defragsvc - ok 10:52:51.0694 3708 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 10:52:51.0774 3708 DfsC - ok 10:52:51.0798 3708 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 10:52:51.0842 3708 Dhcp - ok 10:52:51.0868 3708 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 10:52:51.0949 3708 discache - ok 10:52:51.0964 3708 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 10:52:51.0981 3708 Disk - ok 10:52:52.0018 3708 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 10:52:52.0049 3708 Dnscache - ok 10:52:52.0078 3708 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 10:52:52.0120 3708 dot3svc - ok 10:52:52.0136 3708 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 10:52:52.0177 3708 DPS - ok 10:52:52.0189 3708 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 10:52:52.0211 3708 drmkaud - ok 10:52:52.0244 3708 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 10:52:52.0260 3708 dtsoftbus01 - ok 10:52:52.0309 3708 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 10:52:52.0339 3708 DXGKrnl - ok 10:52:52.0379 3708 e1qexpress (235c3283ddbfad74fb451e268cbf0a5d) C:\Windows\system32\DRIVERS\e1q60x64.sys 10:52:52.0404 3708 e1qexpress - ok 10:52:52.0430 3708 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 10:52:52.0476 3708 EapHost - ok 10:52:52.0801 3708 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 10:52:52.0921 3708 ebdrv - ok 10:52:53.0021 3708 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 10:52:53.0063 3708 EFS - ok 10:52:53.0117 3708 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 10:52:53.0166 3708 ehRecvr - ok 10:52:53.0202 3708 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 10:52:53.0244 3708 ehSched - ok 10:52:53.0321 3708 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 10:52:53.0356 3708 elxstor - ok 10:52:53.0373 3708 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 10:52:53.0401 3708 ErrDev - ok 10:52:53.0450 3708 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 10:52:53.0504 3708 EventSystem - ok 10:52:53.0539 3708 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 10:52:53.0574 3708 exfat - ok 10:52:53.0588 3708 ezSharedSvc - ok 10:52:53.0604 3708 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 10:52:53.0650 3708 fastfat - ok 10:52:53.0704 3708 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 10:52:53.0734 3708 Fax - ok 10:52:53.0748 3708 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 10:52:53.0763 3708 fdc - ok 10:52:53.0774 3708 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 10:52:53.0820 3708 fdPHost - ok 10:52:53.0837 3708 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 10:52:53.0876 3708 FDResPub - ok 10:52:53.0888 3708 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 10:52:53.0902 3708 FileInfo - ok 10:52:53.0916 3708 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 10:52:53.0960 3708 Filetrace - ok 10:52:54.0059 3708 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 10:52:54.0090 3708 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning 10:52:54.0091 3708 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1) 10:52:54.0097 3708 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 10:52:54.0112 3708 flpydisk - ok 10:52:54.0133 3708 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 10:52:54.0150 3708 FltMgr - ok 10:52:54.0212 3708 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 10:52:54.0269 3708 FontCache - ok 10:52:54.0334 3708 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 10:52:54.0345 3708 FontCache3.0.0.0 - ok 10:52:54.0370 3708 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 10:52:54.0385 3708 FsDepends - ok 10:52:54.0401 3708 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 10:52:54.0414 3708 Fs_Rec - ok 10:52:54.0492 3708 ftpsvc (79179c6f8a3784cc3a20cde998d5bd2c) C:\Windows\system32\inetsrv\ftpsvc.dll 10:52:54.0546 3708 ftpsvc - ok 10:52:54.0576 3708 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 10:52:54.0606 3708 fvevol - ok 10:52:54.0622 3708 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 10:52:54.0636 3708 gagp30kx - ok 10:52:54.0685 3708 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 10:52:54.0736 3708 gpsvc - ok 10:52:54.0804 3708 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 10:52:54.0842 3708 gupdate - ok 10:52:54.0858 3708 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 10:52:54.0876 3708 gupdatem - ok 10:52:54.0926 3708 hardlock (78fad9117e4527f2ca82259da10f40bd) C:\Windows\system32\drivers\hardlock.sys 10:52:54.0965 3708 hardlock - ok 10:52:54.0969 3708 hasplms - ok 10:52:54.0982 3708 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 10:52:55.0033 3708 hcw85cir - ok 10:52:55.0084 3708 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 10:52:55.0125 3708 HdAudAddService - ok 10:52:55.0154 3708 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 10:52:55.0192 3708 HDAudBus - ok 10:52:55.0198 3708 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 10:52:55.0236 3708 HidBatt - ok 10:52:55.0245 3708 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 10:52:55.0264 3708 HidBth - ok 10:52:55.0270 3708 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 10:52:55.0288 3708 HidIr - ok 10:52:55.0318 3708 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 10:52:55.0399 3708 hidserv - ok 10:52:55.0419 3708 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 10:52:55.0438 3708 HidUsb - ok 10:52:55.0469 3708 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 10:52:55.0527 3708 hkmsvc - ok 10:52:55.0554 3708 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 10:52:55.0595 3708 HomeGroupListener - ok 10:52:55.0641 3708 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 10:52:55.0689 3708 HomeGroupProvider - ok 10:52:55.0709 3708 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 10:52:55.0731 3708 HpSAMD - ok 10:52:55.0785 3708 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 10:52:55.0840 3708 HTTP - ok 10:52:55.0867 3708 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 10:52:55.0880 3708 hwpolicy - ok 10:52:55.0894 3708 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 10:52:55.0911 3708 i8042prt - ok 10:52:55.0932 3708 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 10:52:55.0952 3708 iaStorV - ok 10:52:56.0059 3708 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 10:52:56.0090 3708 idsvc - ok 10:52:56.0124 3708 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 10:52:56.0137 3708 iirsp - ok 10:52:56.0183 3708 IISADMIN (ab55b8a9b13130f638546881ce4425f8) C:\Windows\system32\inetsrv\inetinfo.exe 10:52:56.0244 3708 IISADMIN - ok 10:52:56.0329 3708 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 10:52:56.0386 3708 IKEEXT - ok 10:52:56.0531 3708 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys 10:52:56.0604 3708 IntcAzAudAddService - ok 10:52:56.0697 3708 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 10:52:56.0724 3708 intelide - ok 10:52:56.0747 3708 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 10:52:56.0779 3708 intelppm - ok 10:52:56.0805 3708 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 10:52:56.0879 3708 IPBusEnum - ok 10:52:56.0898 3708 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:52:56.0944 3708 IpFilterDriver - ok 10:52:56.0979 3708 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 10:52:57.0025 3708 iphlpsvc - ok 10:52:57.0049 3708 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 10:52:57.0065 3708 IPMIDRV - ok 10:52:57.0075 3708 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 10:52:57.0121 3708 IPNAT - ok 10:52:57.0137 3708 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 10:52:57.0209 3708 IRENUM - ok 10:52:57.0228 3708 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 10:52:57.0245 3708 isapnp - ok 10:52:57.0272 3708 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 10:52:57.0294 3708 iScsiPrt - ok 10:52:57.0322 3708 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 10:52:57.0339 3708 kbdclass - ok 10:52:57.0346 3708 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 10:52:57.0378 3708 kbdhid - ok 10:52:57.0408 3708 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:52:57.0425 3708 KeyIso - ok 10:52:57.0457 3708 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys 10:52:57.0471 3708 KMWDFILTER - ok 10:52:57.0488 3708 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 10:52:57.0506 3708 KSecDD - ok 10:52:57.0533 3708 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 10:52:57.0548 3708 KSecPkg - ok 10:52:57.0562 3708 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 10:52:57.0607 3708 ksthunk - ok 10:52:57.0714 3708 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 10:52:57.0807 3708 KtmRm - ok 10:52:57.0836 3708 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 10:52:57.0884 3708 LanmanServer - ok 10:52:57.0913 3708 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 10:52:57.0946 3708 LanmanWorkstation - ok 10:52:58.0022 3708 LightScribeService (3503f257b3203f824b1567238ebe17e2) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 10:52:58.0044 3708 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 10:52:58.0045 3708 LightScribeService - detected UnsignedFile.Multi.Generic (1) 10:52:58.0080 3708 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 10:52:58.0146 3708 lltdio - ok 10:52:58.0180 3708 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 10:52:58.0222 3708 lltdsvc - ok 10:52:58.0237 3708 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 10:52:58.0270 3708 lmhosts - ok 10:52:58.0297 3708 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 10:52:58.0312 3708 LSI_FC - ok 10:52:58.0323 3708 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 10:52:58.0338 3708 LSI_SAS - ok 10:52:58.0345 3708 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 10:52:58.0360 3708 LSI_SAS2 - ok 10:52:58.0370 3708 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 10:52:58.0386 3708 LSI_SCSI - ok 10:52:58.0412 3708 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 10:52:58.0453 3708 luafv - ok 10:52:58.0496 3708 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 10:52:58.0510 3708 MBAMProtector - ok 10:52:58.0597 3708 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 10:52:58.0620 3708 MBAMService - ok 10:52:58.0643 3708 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 10:52:58.0666 3708 Mcx2Svc - ok 10:52:58.0765 3708 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 10:52:58.0810 3708 MDM - ok 10:52:58.0816 3708 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 10:52:58.0838 3708 megasas - ok 10:52:58.0863 3708 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 10:52:58.0892 3708 MegaSR - ok 10:52:58.0921 3708 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 10:52:58.0969 3708 MMCSS - ok 10:52:58.0974 3708 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 10:52:59.0012 3708 Modem - ok 10:52:59.0033 3708 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 10:52:59.0061 3708 monitor - ok 10:52:59.0089 3708 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 10:52:59.0134 3708 mouclass - ok 10:52:59.0154 3708 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 10:52:59.0186 3708 mouhid - ok 10:52:59.0217 3708 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 10:52:59.0240 3708 mountmgr - ok 10:52:59.0278 3708 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 10:52:59.0302 3708 MozillaMaintenance - ok 10:52:59.0334 3708 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 10:52:59.0358 3708 mpio - ok 10:52:59.0384 3708 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 10:52:59.0436 3708 mpsdrv - ok 10:52:59.0494 3708 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 10:52:59.0537 3708 MpsSvc - ok 10:52:59.0563 3708 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 10:52:59.0597 3708 MRxDAV - ok 10:52:59.0630 3708 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 10:52:59.0664 3708 mrxsmb - ok 10:52:59.0701 3708 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:52:59.0719 3708 mrxsmb10 - ok 10:52:59.0735 3708 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:52:59.0761 3708 mrxsmb20 - ok 10:52:59.0774 3708 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 10:52:59.0787 3708 msahci - ok 10:52:59.0813 3708 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 10:52:59.0829 3708 msdsm - ok 10:52:59.0853 3708 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 10:52:59.0870 3708 MSDTC - ok 10:52:59.0894 3708 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 10:52:59.0926 3708 Msfs - ok 10:52:59.0938 3708 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 10:52:59.0983 3708 mshidkmdf - ok 10:52:59.0998 3708 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 10:53:00.0011 3708 msisadrv - ok 10:53:00.0038 3708 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 10:53:00.0074 3708 MSiSCSI - ok 10:53:00.0077 3708 msiserver - ok 10:53:00.0092 3708 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 10:53:00.0136 3708 MSKSSRV - ok 10:53:00.0140 3708 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 10:53:00.0185 3708 MSPCLOCK - ok 10:53:00.0189 3708 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 10:53:00.0231 3708 MSPQM - ok 10:53:00.0266 3708 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 10:53:00.0285 3708 MsRPC - ok 10:53:00.0297 3708 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 10:53:00.0310 3708 mssmbios - ok 10:53:00.0314 3708 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 10:53:00.0360 3708 MSTEE - ok 10:53:00.0364 3708 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 10:53:00.0387 3708 MTConfig - ok 10:53:00.0421 3708 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 10:53:00.0435 3708 Mup - ok 10:53:00.0463 3708 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 10:53:00.0507 3708 napagent - ok 10:53:00.0541 3708 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 10:53:00.0570 3708 NativeWifiP - ok 10:53:00.0614 3708 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 10:53:00.0643 3708 NDIS - ok 10:53:00.0660 3708 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 10:53:00.0705 3708 NdisCap - ok 10:53:00.0728 3708 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 10:53:00.0760 3708 NdisTapi - ok 10:53:00.0795 3708 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 10:53:00.0828 3708 Ndisuio - ok 10:53:00.0851 3708 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 10:53:00.0898 3708 NdisWan - ok 10:53:00.0920 3708 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 10:53:00.0965 3708 NDProxy - ok 10:53:00.0977 3708 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 10:53:01.0016 3708 NetBIOS - ok 10:53:01.0041 3708 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 10:53:01.0086 3708 NetBT - ok 10:53:01.0104 3708 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:53:01.0118 3708 Netlogon - ok 10:53:01.0154 3708 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 10:53:01.0200 3708 Netman - ok 10:53:01.0245 3708 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 10:53:01.0304 3708 netprofm - ok 10:53:01.0376 3708 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 10:53:01.0413 3708 NetTcpPortSharing - ok 10:53:01.0446 3708 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 10:53:01.0467 3708 nfrd960 - ok 10:53:01.0504 3708 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 10:53:01.0548 3708 NlaSvc - ok 10:53:01.0561 3708 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 10:53:01.0606 3708 Npfs - ok 10:53:01.0621 3708 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 10:53:01.0670 3708 nsi - ok 10:53:01.0687 3708 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 10:53:01.0726 3708 nsiproxy - ok 10:53:01.0814 3708 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 10:53:01.0867 3708 Ntfs - ok 10:53:02.0015 3708 ntk_PowerDVD12 (eaac965642ef5f818aed508cadf83e4b) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys 10:53:02.0051 3708 ntk_PowerDVD12 - ok 10:53:02.0149 3708 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 10:53:02.0216 3708 Null - ok 10:53:02.0241 3708 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 10:53:02.0256 3708 nvraid - ok 10:53:02.0265 3708 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 10:53:02.0281 3708 nvstor - ok 10:53:02.0311 3708 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 10:53:02.0326 3708 nv_agp - ok 10:53:02.0335 3708 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 10:53:02.0358 3708 ohci1394 - ok 10:53:02.0435 3708 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 10:53:02.0469 3708 ose - ok 10:53:02.0703 3708 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 10:53:02.0870 3708 osppsvc - ok 10:53:02.0964 3708 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 10:53:03.0005 3708 p2pimsvc - ok 10:53:03.0049 3708 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 10:53:03.0070 3708 p2psvc - ok 10:53:03.0105 3708 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 10:53:03.0121 3708 Parport - ok 10:53:03.0144 3708 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 10:53:03.0158 3708 partmgr - ok 10:53:03.0177 3708 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 10:53:03.0212 3708 PcaSvc - ok 10:53:03.0338 3708 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms 10:53:03.0635 3708 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok 10:53:03.0684 3708 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 10:53:03.0728 3708 pci - ok 10:53:03.0739 3708 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 10:53:03.0756 3708 pciide - ok 10:53:03.0774 3708 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 10:53:03.0793 3708 pcmcia - ok 10:53:03.0841 3708 PCTBD (99a3a277a99c437283324067970e1d37) C:\Windows\system32\Drivers\PCTBD64.sys 10:53:03.0874 3708 PCTBD - ok 10:53:03.0934 3708 PCTCore (dbb55b4da79a6f59b63e233907ba6bae) C:\Windows\system32\drivers\PCTCore64.sys 10:53:03.0963 3708 PCTCore - ok 10:53:04.0034 3708 pctDS (ba1f42a42f405f62ceff6b69a2797f7c) C:\Windows\system32\drivers\pctDS64.sys 10:53:04.0073 3708 pctDS - ok 10:53:04.0134 3708 pctEFA (146cc91c93ced13e7fe40e8d8615be39) C:\Windows\system32\drivers\pctEFA64.sys 10:53:04.0175 3708 pctEFA - ok 10:53:04.0197 3708 pctgntdi (5b4b9d0e748aa06a8887fe79351c91f3) C:\Windows\System32\drivers\pctgntdi64.sys 10:53:04.0215 3708 pctgntdi - ok 10:53:04.0228 3708 pctplsg (db1f94051396af34fe521bfeececdb53) C:\Windows\System32\drivers\pctplsg64.sys 10:53:04.0242 3708 pctplsg - ok 10:53:04.0293 3708 PCTSD (afa19eff0197c474379ed904e25a995d) C:\Windows\system32\Drivers\PCTSD64.sys 10:53:04.0309 3708 PCTSD - ok 10:53:04.0322 3708 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 10:53:04.0335 3708 pcw - ok 10:53:04.0367 3708 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 10:53:04.0416 3708 PEAUTH - ok 10:53:04.0480 3708 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 10:53:04.0504 3708 PerfHost - ok 10:53:04.0637 3708 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 10:53:04.0709 3708 pla - ok 10:53:04.0761 3708 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 10:53:04.0786 3708 PlugPlay - ok 10:53:04.0793 3708 PMBDeviceInfoProvider - ok 10:53:04.0819 3708 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 10:53:04.0847 3708 PNRPAutoReg - ok 10:53:04.0871 3708 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 10:53:04.0887 3708 PNRPsvc - ok 10:53:04.0916 3708 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 10:53:04.0954 3708 PolicyAgent - ok 10:53:04.0970 3708 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 10:53:05.0011 3708 Power - ok 10:53:05.0054 3708 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 10:53:05.0133 3708 PptpMiniport - ok 10:53:05.0158 3708 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 10:53:05.0182 3708 Processor - ok 10:53:05.0202 3708 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 10:53:05.0243 3708 ProfSvc - ok 10:53:05.0259 3708 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:53:05.0273 3708 ProtectedStorage - ok 10:53:05.0307 3708 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 10:53:05.0340 3708 Psched - ok 10:53:05.0354 3708 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys 10:53:05.0366 3708 PxHlpa64 - ok 10:53:05.0442 3708 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 10:53:05.0495 3708 ql2300 - ok 10:53:05.0563 3708 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 10:53:05.0579 3708 ql40xx - ok 10:53:05.0608 3708 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 10:53:05.0630 3708 QWAVE - ok 10:53:05.0645 3708 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 10:53:05.0663 3708 QWAVEdrv - ok 10:53:05.0723 3708 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll 10:53:05.0767 3708 RapiMgr - ok 10:53:05.0771 3708 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 10:53:05.0808 3708 RasAcd - ok 10:53:05.0824 3708 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 10:53:05.0858 3708 RasAgileVpn - ok 10:53:05.0869 3708 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 10:53:05.0904 3708 RasAuto - ok 10:53:05.0916 3708 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 10:53:05.0959 3708 Rasl2tp - ok 10:53:05.0988 3708 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 10:53:06.0025 3708 RasMan - ok 10:53:06.0040 3708 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 10:53:06.0087 3708 RasPppoe - ok 10:53:06.0102 3708 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 10:53:06.0136 3708 RasSstp - ok 10:53:06.0161 3708 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 10:53:06.0196 3708 rdbss - ok 10:53:06.0200 3708 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 10:53:06.0218 3708 rdpbus - ok 10:53:06.0227 3708 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 10:53:06.0260 3708 RDPCDD - ok 10:53:06.0272 3708 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 10:53:06.0316 3708 RDPENCDD - ok 10:53:06.0327 3708 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 10:53:06.0359 3708 RDPREFMP - ok 10:53:06.0380 3708 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 10:53:06.0418 3708 RDPWD - ok 10:53:06.0453 3708 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 10:53:06.0469 3708 rdyboost - ok 10:53:06.0501 3708 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 10:53:06.0535 3708 RemoteAccess - ok 10:53:06.0581 3708 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 10:53:06.0627 3708 RemoteRegistry - ok 10:53:06.0642 3708 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 10:53:06.0687 3708 RpcEptMapper - ok 10:53:06.0712 3708 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 10:53:06.0755 3708 RpcLocator - ok 10:53:06.0787 3708 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 10:53:06.0822 3708 RpcSs - ok 10:53:06.0838 3708 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 10:53:06.0882 3708 rspndr - ok 10:53:06.0926 3708 RSUSBSTOR (ace55328a7f65b7dbd1870b1642b4018) C:\Windows\system32\Drivers\RtsUStor.sys 10:53:06.0951 3708 RSUSBSTOR - ok 10:53:06.0997 3708 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys 10:53:07.0015 3708 RTL8167 - ok 10:53:07.0029 3708 Rts516xIR - ok 10:53:07.0049 3708 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:53:07.0062 3708 SamSs - ok 10:53:07.0085 3708 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 10:53:07.0100 3708 sbp2port - ok 10:53:07.0123 3708 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 10:53:07.0172 3708 SCardSvr - ok 10:53:07.0198 3708 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 10:53:07.0265 3708 scfilter - ok 10:53:07.0319 3708 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 10:53:07.0387 3708 Schedule - ok 10:53:07.0409 3708 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 10:53:07.0441 3708 SCPolicySvc - ok 10:53:07.0539 3708 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe 10:53:07.0578 3708 sdAuxService - ok 10:53:07.0637 3708 sdCoreService (697e0a2a300ee8719cafae55b4771053) C:\Program Files (x86)\PC Tools Security\pctsSvc.exe 10:53:07.0674 3708 sdCoreService - ok 10:53:07.0762 3708 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 10:53:07.0806 3708 SDRSVC - ok 10:53:07.0848 3708 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 10:53:07.0902 3708 secdrv - ok 10:53:07.0926 3708 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 10:53:07.0968 3708 seclogon - ok 10:53:07.0992 3708 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 10:53:08.0038 3708 SENS - ok 10:53:08.0058 3708 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 10:53:08.0096 3708 SensrSvc - ok 10:53:08.0115 3708 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 10:53:08.0129 3708 Serenum - ok 10:53:08.0136 3708 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 10:53:08.0152 3708 Serial - ok 10:53:08.0178 3708 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 10:53:08.0194 3708 sermouse - ok 10:53:08.0223 3708 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 10:53:08.0263 3708 SessionEnv - ok 10:53:08.0275 3708 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 10:53:08.0306 3708 sffdisk - ok 10:53:08.0310 3708 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 10:53:08.0335 3708 sffp_mmc - ok 10:53:08.0339 3708 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 10:53:08.0358 3708 sffp_sd - ok 10:53:08.0362 3708 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 10:53:08.0383 3708 sfloppy - ok 10:53:08.0421 3708 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 10:53:08.0459 3708 SharedAccess - ok 10:53:08.0482 3708 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 10:53:08.0518 3708 ShellHWDetection - ok 10:53:08.0524 3708 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 10:53:08.0538 3708 SiSRaid2 - ok 10:53:08.0547 3708 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 10:53:08.0562 3708 SiSRaid4 - ok 10:53:08.0632 3708 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe 10:53:08.0647 3708 SkypeUpdate - ok 10:53:08.0666 3708 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 10:53:08.0713 3708 Smb - ok 10:53:08.0743 3708 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 10:53:08.0759 3708 SNMPTRAP - ok 10:53:08.0771 3708 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 10:53:08.0784 3708 spldr - ok 10:53:08.0826 3708 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 10:53:08.0864 3708 Spooler - ok 10:53:09.0031 3708 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 10:53:09.0179 3708 sppsvc - ok 10:53:09.0264 3708 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 10:53:09.0362 3708 sppuinotify - ok 10:53:09.0419 3708 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 10:53:09.0486 3708 srv - ok 10:53:09.0519 3708 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 10:53:09.0547 3708 srv2 - ok 10:53:09.0562 3708 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 10:53:09.0579 3708 srvnet - ok 10:53:09.0605 3708 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 10:53:09.0640 3708 SSDPSRV - ok 10:53:09.0657 3708 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 10:53:09.0692 3708 SstpSvc - ok 10:53:09.0761 3708 Steam Client Service - ok 10:53:09.0793 3708 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 10:53:09.0814 3708 stexstor - ok 10:53:09.0877 3708 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 10:53:09.0927 3708 stisvc - ok 10:53:09.0970 3708 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 10:53:10.0009 3708 swenum - ok 10:53:10.0051 3708 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 10:53:10.0102 3708 swprv - ok 10:53:10.0195 3708 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 10:53:10.0261 3708 SysMain - ok 10:53:10.0335 3708 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 10:53:10.0356 3708 TabletInputService - ok 10:53:10.0375 3708 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 10:53:10.0419 3708 TapiSrv - ok 10:53:10.0435 3708 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 10:53:10.0469 3708 TBS - ok 10:53:10.0588 3708 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 10:53:10.0650 3708 Tcpip - ok 10:53:10.0785 3708 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 10:53:10.0819 3708 TCPIP6 - ok 10:53:10.0908 3708 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 10:53:10.0980 3708 tcpipreg - ok 10:53:11.0001 3708 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 10:53:11.0026 3708 TDPIPE - ok 10:53:11.0065 3708 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 10:53:11.0093 3708 TDTCP - ok 10:53:11.0127 3708 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 10:53:11.0173 3708 tdx - ok 10:53:11.0191 3708 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 10:53:11.0206 3708 TermDD - ok 10:53:11.0247 3708 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 10:53:11.0287 3708 TermService - ok 10:53:11.0307 3708 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 10:53:11.0336 3708 Themes - ok 10:53:11.0359 3708 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 10:53:11.0391 3708 THREADORDER - ok 10:53:11.0406 3708 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 10:53:11.0440 3708 TrkWks - ok 10:53:11.0480 3708 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 10:53:11.0526 3708 TrustedInstaller - ok 10:53:11.0547 3708 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 10:53:11.0579 3708 tssecsrv - ok 10:53:11.0616 3708 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 10:53:11.0670 3708 TsUsbFlt - ok 10:53:11.0724 3708 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 10:53:11.0772 3708 tunnel - ok 10:53:11.0791 3708 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 10:53:11.0805 3708 uagp35 - ok 10:53:11.0832 3708 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 10:53:11.0867 3708 udfs - ok 10:53:11.0890 3708 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 10:53:11.0906 3708 UI0Detect - ok 10:53:11.0942 3708 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 10:53:11.0978 3708 uliagpkx - ok 10:53:11.0991 3708 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 10:53:12.0027 3708 umbus - ok 10:53:12.0033 3708 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 10:53:12.0078 3708 UmPass - ok 10:53:12.0116 3708 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 10:53:12.0167 3708 upnphost - ok 10:53:12.0185 3708 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 10:53:12.0203 3708 usbaudio - ok 10:53:12.0227 3708 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 10:53:12.0252 3708 usbccgp - ok 10:53:12.0282 3708 USBCCID - ok 10:53:12.0306 3708 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 10:53:12.0325 3708 usbcir - ok 10:53:12.0339 3708 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 10:53:12.0364 3708 usbehci - ok 10:53:12.0392 3708 usbfilter (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys 10:53:12.0422 3708 usbfilter - ok 10:53:12.0454 3708 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 10:53:12.0492 3708 usbhub - ok 10:53:12.0505 3708 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 10:53:12.0541 3708 usbohci - ok 10:53:12.0566 3708 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 10:53:12.0590 3708 usbprint - ok 10:53:12.0618 3708 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 10:53:12.0664 3708 usbscan - ok 10:53:12.0683 3708 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:53:12.0739 3708 USBSTOR - ok 10:53:12.0776 3708 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 10:53:12.0803 3708 usbuhci - ok 10:53:12.0818 3708 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 10:53:12.0851 3708 UxSms - ok 10:53:12.0868 3708 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 10:53:12.0881 3708 VaultSvc - ok 10:53:12.0914 3708 VBoxDrv (81952471021f6a6f56dda6ed6b5dd638) C:\Windows\system32\DRIVERS\VBoxDrv.sys 10:53:12.0931 3708 VBoxDrv - ok 10:53:13.0084 3708 VBoxNetAdp (c9f86aeb504355541ec9820e3155e253) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 10:53:13.0100 3708 VBoxNetAdp - ok 10:53:13.0124 3708 VBoxNetFlt (64715ce639d05d753bcd86f5abf4d82a) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys 10:53:13.0140 3708 VBoxNetFlt - ok 10:53:13.0169 3708 VBoxUSBMon (edeb78b6a969107a66a5af145ac0a43f) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys 10:53:13.0184 3708 VBoxUSBMon - ok 10:53:13.0200 3708 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 10:53:13.0214 3708 vdrvroot - ok 10:53:13.0255 3708 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 10:53:13.0294 3708 vds - ok 10:53:13.0320 3708 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 10:53:13.0359 3708 vga - ok 10:53:13.0377 3708 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 10:53:13.0424 3708 VgaSave - ok 10:53:13.0443 3708 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 10:53:13.0460 3708 vhdmp - ok 10:53:13.0472 3708 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 10:53:13.0486 3708 viaide - ok 10:53:13.0499 3708 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 10:53:13.0513 3708 volmgr - ok 10:53:13.0557 3708 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 10:53:13.0576 3708 volmgrx - ok 10:53:13.0609 3708 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 10:53:13.0626 3708 volsnap - ok 10:53:13.0644 3708 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 10:53:13.0660 3708 vsmraid - ok 10:53:13.0744 3708 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 10:53:13.0826 3708 VSS - ok 10:53:13.0925 3708 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 10:53:13.0972 3708 vwifibus - ok 10:53:14.0007 3708 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 10:53:14.0044 3708 W32Time - ok 10:53:14.0109 3708 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll 10:53:14.0166 3708 W3SVC - ok 10:53:14.0172 3708 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 10:53:14.0200 3708 WacomPen - ok 10:53:14.0222 3708 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 10:53:14.0267 3708 WANARP - ok 10:53:14.0270 3708 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 10:53:14.0301 3708 Wanarpv6 - ok 10:53:14.0315 3708 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll 10:53:14.0333 3708 WAS - ok 10:53:14.0414 3708 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 10:53:14.0456 3708 WatAdminSvc - ok 10:53:14.0536 3708 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 10:53:14.0594 3708 wbengine - ok 10:53:14.0672 3708 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 10:53:14.0694 3708 WbioSrvc - ok 10:53:14.0749 3708 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll 10:53:14.0770 3708 WcesComm - ok 10:53:14.0802 3708 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 10:53:14.0833 3708 wcncsvc - ok 10:53:14.0851 3708 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 10:53:14.0883 3708 WcsPlugInService - ok 10:53:14.0918 3708 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 10:53:14.0952 3708 Wd - ok 10:53:15.0002 3708 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 10:53:15.0026 3708 Wdf01000 - ok 10:53:15.0039 3708 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 10:53:15.0094 3708 WdiServiceHost - ok 10:53:15.0097 3708 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 10:53:15.0116 3708 WdiSystemHost - ok 10:53:15.0133 3708 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 10:53:15.0164 3708 WebClient - ok 10:53:15.0183 3708 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 10:53:15.0228 3708 Wecsvc - ok 10:53:15.0237 3708 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 10:53:15.0271 3708 wercplsupport - ok 10:53:15.0289 3708 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 10:53:15.0324 3708 WerSvc - ok 10:53:15.0340 3708 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 10:53:15.0373 3708 WfpLwf - ok 10:53:15.0381 3708 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 10:53:15.0395 3708 WIMMount - ok 10:53:15.0444 3708 WinDefend - ok 10:53:15.0459 3708 WinHttpAutoProxySvc - ok 10:53:15.0516 3708 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 10:53:15.0581 3708 Winmgmt - ok 10:53:15.0687 3708 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 10:53:15.0760 3708 WinRM - ok 10:53:15.0866 3708 WINUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.SYS 10:53:15.0893 3708 WINUSB - ok 10:53:15.0978 3708 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 10:53:16.0020 3708 Wlansvc - ok 10:53:16.0050 3708 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 10:53:16.0086 3708 WmiAcpi - ok 10:53:16.0115 3708 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 10:53:16.0151 3708 wmiApSrv - ok 10:53:16.0190 3708 WMPNetworkSvc - ok 10:53:16.0241 3708 WMSVC (b5bd872122a2ce82d196abf2d5d8d80a) C:\Windows\system32\inetsrv\wmsvc.exe 10:53:16.0301 3708 WMSVC - ok 10:53:16.0324 3708 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 10:53:16.0351 3708 WPCSvc - ok 10:53:16.0378 3708 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 10:53:16.0421 3708 WPDBusEnum - ok 10:53:16.0432 3708 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 10:53:16.0487 3708 ws2ifsl - ok 10:53:16.0506 3708 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 10:53:16.0534 3708 wscsvc - ok 10:53:16.0537 3708 WSearch - ok 10:53:16.0663 3708 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 10:53:16.0756 3708 wuauserv - ok 10:53:16.0874 3708 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 10:53:16.0944 3708 WudfPf - ok 10:53:16.0963 3708 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 10:53:16.0997 3708 WUDFRd - ok 10:53:17.0016 3708 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 10:53:17.0049 3708 wudfsvc - ok 10:53:17.0075 3708 WUSBVBus (28de9164f5d74cfd2466778ba1d93f30) C:\Windows\system32\DRIVERS\mfpvbus.sys 10:53:17.0099 3708 WUSBVBus - ok 10:53:17.0119 3708 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 10:53:17.0141 3708 WwanSvc - ok 10:53:17.0264 3708 {329F96B6-DF1E-4328-BFDA-39EA953C1312} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl 10:53:17.0286 3708 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok 10:53:17.0320 3708 MBR (0x1B8) (972d200618aaa26eb1ecfa8e9645c503) \Device\Harddisk0\DR0 10:53:17.0595 3708 \Device\Harddisk0\DR0 - ok 10:53:17.0603 3708 Boot (0x1200) (7f8f39dd896c7ca09ca092d56cb5e537) \Device\Harddisk0\DR0\Partition0 10:53:17.0606 3708 \Device\Harddisk0\DR0\Partition0 - ok 10:53:17.0646 3708 Boot (0x1200) (ebd710701b3ac661dead5102a1f801da) \Device\Harddisk0\DR0\Partition1 10:53:17.0650 3708 \Device\Harddisk0\DR0\Partition1 - ok 10:53:17.0673 3708 Boot (0x1200) (b5f709ba380e44516ddfc353785c53ea) \Device\Harddisk0\DR0\Partition2 10:53:17.0676 3708 \Device\Harddisk0\DR0\Partition2 - ok 10:53:17.0677 3708 ============================================================ 10:53:17.0677 3708 Scan finished 10:53:17.0677 3708 ============================================================ 10:53:17.0704 4704 Detected object count: 6 10:53:17.0705 4704 Actual detected object count: 6 10:53:53.0416 4704 Akamai ( HiddenFile.Multi.Generic ) - skipped by user 10:53:53.0416 4704 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 10:53:53.0418 4704 aksdf ( UnsignedFile.Multi.Generic ) - skipped by user 10:53:53.0418 4704 aksdf ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:53:53.0421 4704 aksfridge ( UnsignedFile.Multi.Generic ) - skipped by user 10:53:53.0421 4704 aksfridge ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:53:53.0423 4704 Apache2.2 ( UnsignedFile.Multi.Generic ) - skipped by user 10:53:53.0423 4704 Apache2.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:53:53.0425 4704 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 10:53:53.0425 4704 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:53:53.0427 4704 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 10:53:53.0428 4704 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip |
11.05.2012, 10:30 | #21 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! |
11.05.2012, 15:13 | #22 |
| Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Hallo Arne, Hier der Log von ComboFix: Combofix Logfile: Code:
ATTFilter ComboFix 12-05-11.02 - Gerd 11-05-2012 13:11:06.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2531 [GMT 2:00] Gestart vanuit: d:\install\Internet\Antivirus\ComboFix.exe AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\SysWow64\Config.ini . . (((((((((((((((((((( Bestanden Gemaakt van 2012-04-11 to 2012-05-11 )))))))))))))))))))))))))))))) . . 2012-05-11 11:23 . 2012-05-11 11:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-07 13:25 . 2012-05-07 13:25 -------- d-----w- c:\program files (x86)\ESET 2012-05-04 20:40 . 2012-05-04 20:40 -------- d-----w- c:\users\Gerd\AppData\Roaming\Malwarebytes 2012-05-04 20:40 . 2012-05-04 20:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-04 20:40 . 2012-05-04 20:40 -------- d-----w- c:\programdata\Malwarebytes 2012-05-04 20:40 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-03 17:24 . 2012-05-03 17:24 129024 ----a-w- c:\windows\RegBootClean64.exe 2012-05-02 11:28 . 2012-05-02 11:28 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-05-02 11:28 . 2012-05-02 11:28 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-02 11:28 . 2012-05-02 11:28 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-04-29 07:54 . 2012-04-29 07:54 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-12 22:55 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-12 22:55 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-12 22:55 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-12 22:55 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-12 22:55 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-12 22:55 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-12 22:55 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-12 14:22 . 2012-04-12 14:22 -------- d-----w- c:\program files (x86)\Common Files\Skype . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-07 08:32 . 2011-11-21 07:56 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys 2012-04-29 07:54 . 2011-05-25 07:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-20 11:50 . 2011-01-07 22:12 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys 2012-03-20 11:50 . 2011-11-21 07:56 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys 2012-03-20 11:43 . 2011-01-07 22:12 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys 2012-03-20 11:43 . 2011-01-07 22:12 339608 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys 2012-03-20 10:21 . 2011-11-21 07:56 85192 ----a-w- c:\windows\system32\drivers\PCTBD64.sys 2012-03-20 10:21 . 2011-01-07 22:21 149432 ----a-w- c:\windows\SGDetectionTool.dll 2012-03-20 10:21 . 2011-01-07 22:21 2271160 ----a-w- c:\windows\PCTBDCore.dll 2012-03-20 10:21 . 2011-01-07 22:21 1681336 ----a-w- c:\windows\PCTBDRes.dll 2012-03-20 10:20 . 2011-01-07 22:21 767928 ----a-w- c:\windows\BDTSupport.dll 2012-03-20 09:39 . 2011-01-07 22:21 3488 ----a-w- c:\windows\UDB.zip 2012-03-20 09:39 . 2011-01-07 22:21 131 ----a-w- c:\windows\IDB.zip 2012-03-16 10:15 . 2011-01-07 22:12 426104 ----a-w- c:\windows\system32\drivers\PCTCore64.sys 2012-03-14 17:23 . 2012-03-14 17:23 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-03-14 17:22 . 2012-03-14 17:22 166192 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2012-03-14 17:22 . 2012-03-14 22:21 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-03-14 17:22 . 2012-03-14 22:21 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-03-14 17:22 . 2012-03-14 17:22 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll 2012-03-04 22:42 . 2011-03-21 11:57 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-02-28 09:43 . 2011-01-07 22:12 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys 2012-02-28 09:43 . 2011-01-07 22:12 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys 2012-02-17 06:38 . 2012-03-14 07:35 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-14 07:35 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-14 07:35 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-14 07:35 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-14 10:09 . 2012-02-14 10:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Akamai NetSession Interface"="c:\users\Gerd\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872] "DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-04-10 1733120] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "PMBVolumeWatcher"="d:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832] "PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-01-12 371256] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "MFP Manager"="c:\program files (x86)\MFP Server Utilities\MFPAgent.exe" [2010-10-01 884736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2012-5-5 0] Jacquie Lawson London Advent Calendar.lnk - c:\program files (x86)\Jacquie Lawson London Advent Calendar\Jacquie Lawson London Advent Calendar.exe [N/A] Manager for Skype.lnk - d:\programfiles (x86)\Manager for Skype\ManagerForSkype.exe [2008-4-15 688128] OpenOffice.org 3.3.lnk - d:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-10-18 41051] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2}"= "WDSHELL.DLL" [2010-11-30 208896] . R2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 253088] R3 AliWGP;Composite Device;c:\windows\system32\DRIVERS\mfpcomp.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2010-01-19 23536] R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x] R3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2012-03-20 402336] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WMSVC;Web Management-service;c:\windows\system32\inetsrv\wmsvc.exe [x] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x] S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x] S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x] S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x] S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/02/22 13:39];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-01-11 21:57 146928] S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;d:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\Drivers\mfpec.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496] S2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-10-17 20549] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2012-03-20 571320] S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-01-12 87336] S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-01-12 75048] S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-01-12 296232] S2 ftpsvc;Microsoft FTP-service;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;d:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 e1qexpress;Stuurprogramma Q voor Intel(R) PRO/1000 PCI Express-netwerkverbinding;c:\windows\system32\DRIVERS\e1q60x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] S3 WUSBVBus;MFP Server Detector;c:\windows\system32\DRIVERS\mfpvbus.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 07:54] . 2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 17:54] . 2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 17:54] . 2012-04-30 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02] . 2012-04-08 c:\windows\Tasks\WDStatistic_WebServer_Chris.job - d:\webdev 16\Programs\WDStatistic.exe [2011-01-20 10:04] . 2011-07-06 c:\windows\Tasks\WDStatistique_WebServer_Chris.job - d:\webdev 16\Programs\WDStatistic.exe [2011-01-20 10:04] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/webhp?hl=nl uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: &Verzenden naar OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 192.168.123.254 FF - ProfilePath - c:\users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\a9ua28ft.default\ FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS VERWIJDERD - - - - . Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe Wow6432Node-HKLM-Run-PCTools FGuard - c:\program files (x86)\PC Tools Security\BDT\FGuard.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Streamripper - c:\program files (x86)\Streamripper\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0] "ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @="IFlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib] @="{6EF568F4-D437-4466-AA63-A3645136D93E}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{6EF568F4-D437-4466-AA63-A3645136D93E}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-05-11 13:47:23 ComboFix-quarantined-files.txt 2012-05-11 11:47 . Pre-Run: 236.484.005.888 bytes beschikbaar Post-Run: 235.977.572.352 bytes beschikbaar . - - End Of File - - A5A1F9B9EB1B4FF61699F5E3F869989C Noch irgend welche Besonderheiten? MfG, Gerd |
11.05.2012, 19:29 | #23 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
11.05.2012, 22:24 | #24 |
| Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Hallo Arne, Was ich auch mache, aber halberwege des Scans bekomme ich die folgende Fehlermeldung: Avast!Antirootkit arbeitet nicht mehr. Es passiert immer an der gleichen Stelle beim scannen: scanning: c:\windows\assambly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.... Was soll ich machen? Kann ich den Directory einfach löschen? Ich brauche VisualStuudio in jedem Fall nicht. MfG, Gerd |
11.05.2012, 23:01 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Deswegen wurde extra das gepostet Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
11.05.2012, 23:18 | #26 |
| Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Hallo Arne, Hab's endlich geschafft, so wie beschrieben: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-05-12 00:13:36 ----------------------------- 00:13:36.968 OS Version: Windows x64 6.1.7601 Service Pack 1 00:13:36.968 Number of processors: 4 586 0x503 00:13:36.968 ComputerName: GERD-HP UserName: Gerd 00:13:41.539 Initialize success 00:13:46.983 AVAST engine defs: 12051100 00:14:06.452 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066 00:14:06.467 Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 11 00:14:06.483 Disk 0 MBR read successfully 00:14:06.499 Disk 0 MBR scan 00:14:06.499 Disk 0 unknown MBR code 00:14:06.514 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 00:14:06.530 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 322817 MB offset 206848 00:14:06.545 Disk 0 Partition - 00 0F Extended LBA 365584 MB offset 1204805632 00:14:06.577 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 265366 MB offset 661336064 00:14:06.623 Disk 0 Partition - 00 05 Extended 353620 MB offset 1204807679 00:14:06.623 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 353620 MB offset 1204807680 00:14:06.639 Disk 0 Partition - 00 05 Extended 11962 MB offset 1929025535 00:14:06.670 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 11961 MB offset 1929025536 00:14:07.232 Disk 0 scanning C:\Windows\system32\drivers 00:14:18.308 Service scanning 00:14:36.694 Modules scanning 00:14:36.704 Disk 0 trace - called modules: 00:14:36.744 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys amdxata.sys storport.sys hal.dll amdsata.sys 00:14:36.744 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049f7790] 00:14:36.754 3 CLASSPNP.SYS[fffff88001ba043f] -> nt!IofCallDriver -> [0xfffffa80048e5bc0] 00:14:36.764 5 PCTCore64.sys[fffff880010ee6f4] -> nt!IofCallDriver -> [0xfffffa80048d0b80] 00:14:36.774 7 amdxata.sys[fffff880010b57a8] -> nt!IofCallDriver -> \Device\00000066[0xfffffa80048c99c0] 00:14:36.774 Scan finished successfully 00:14:56.872 Disk 0 MBR has been saved successfully to "D:\Install\Internet\Antivirus\MBR.dat" 00:14:57.200 The log file has been saved successfully to "D:\Install\Internet\Antivirus\aswMBR.txt" MfG, Gerd |
11.05.2012, 23:53 | #27 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
12.05.2012, 08:55 | #28 |
| Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Hallo Arne, Auf dem PC habe ich "Oracle VM VirtualBox" installiert. Kann dadurch der Bootsector verändert sein? M.a.W. MBR-Fix ausführen oder nicht? MfG, Gerd |
12.05.2012, 20:20 | #29 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Durch eine VirtualBox? Nein
__________________ Logfiles bitte immer in CODE-Tags posten |
12.05.2012, 21:42 | #30 |
| Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Hallo Arne, Gerade fällt mir ein, wieso der MBR verändert ist. Bevor ich die VirtualBox installiert habe (um WindowsXP benutzen zu können), hatte ich erst versucht mit Paragon Partion Manager ein Dual-boot System zu bauen. Weil das aber nicht richtig funktionieren wollte habe ich das aufgegeben und den MBR durch Paragon wieder zurücksetzen lassen. Das scheint aber nicht 100% der alte MBR zu sein. Ich gehe aber davon aus, das Paragon den MBR nicht infiziert hat! Deshalb erwäge ich jetzt um den MBR so zu lassen wie er ist, weil ich nicht gerne das Risiko eingehe, das (jetzt ordentlich) laufende System zu verlieren. Was denken Sie? MfG, Gerd |
Themen zu Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! |
anti-malware, befallen, beitrag, dateien, dateien verschlüsselt, decrypthelper, erstellen, folge, folgende, forum, helper, installiert, interesse, mail, malwarebytes, meldung, nicht mehr, programm, ransomlock, rojaner gefunden, scan, scannen, setzen, thema, trojan.fakealert, trojaner, trojaner gefunden, viren, viren?, wichtige |