Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.05.2012, 12:37   #16
gnossing
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Konnte ursprüngliches Log nicht uploaden, weil das Log mehr als 100000 Zeichen hatte.
Habe darum das Log auf 14 Tage begrenzt (das Problem ist erst eine Woche alt).
Geschafft! Hier dann endlich der Scan:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/8/2012 1:18:38 PM - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = D:\Install\Internet\Antivirus
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
4.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 36.88% Memory free
8.00 Gb Paging File | 5.66 Gb Available in Paging File | 70.72% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 315.25 Gb Total Space | 219.25 Gb Free Space | 69.55% Space Free | Partition Type: NTFS
Drive D: | 345.33 Gb Total Space | 150.35 Gb Free Space | 43.54% Space Free | Partition Type: NTFS
Drive X: | 259.15 Gb Total Space | 212.81 Gb Free Space | 82.12% Space Free | Partition Type: NTFS
Drive Y: | 100.00 Mb Total Space | 70.17 Mb Free Space | 70.17% Space Free | Partition Type: NTFS
Drive Z: | 11.68 Gb Total Space | 1.42 Gb Free Space | 12.17% Space Free | Partition Type: NTFS
 
Computer Name: GERD-HP | User Name: Gerd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012/05/08 10:51:01 | 000,595,456 | ---- | M] (OldTimer Tools) -- D:\Install\Internet\Antivirus\OTL.exe
PRC - [2012/05/02 13:28:42 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/01 09:28:19 | 000,400,344 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/20 12:20:52 | 000,571,320 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/03/13 06:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Gerd\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/01/12 15:53:01 | 000,046,376 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMediaInfoPDVD12.exe
PRC - [2012/01/12 15:52:57 | 000,296,232 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2012/01/12 15:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
PRC - [2012/01/12 15:52:55 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2012/01/12 14:58:47 | 000,371,256 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
PRC - [2011/11/10 11:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/08/24 18:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- D:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- D:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- D:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- D:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/10/01 14:59:38 | 000,884,736 | ---- | M] () -- C:\Program Files (x86)\MFP Server Utilities\MFPAgent.exe
PRC - [2010/01/25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/01/25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/01/18 19:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/09/14 08:02:10 | 001,080,264 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\totalcmd\TOTALCMD.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/02 13:28:42 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/01 09:28:19 | 001,952,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2012/05/01 09:28:19 | 000,162,776 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012/05/01 09:28:19 | 000,021,976 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012/01/29 18:29:07 | 000,985,088 | ---- | M] () -- D:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/01/12 14:55:29 | 000,075,048 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\subsys\DLNA\DMS\_PyDMSCtrl.pyd
MOD - [2011/08/24 04:39:11 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd
MOD - [2011/08/24 04:39:11 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ctypes.pyd
MOD - [2011/08/24 04:39:11 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd
MOD - [2010/10/01 14:59:38 | 000,884,736 | ---- | M] () -- C:\Program Files (x86)\MFP Server Utilities\MFPAgent.exe
MOD - [2010/01/18 19:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/01/26 19:01:28 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/01/26 13:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2010/11/20 15:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2010/09/27 17:42:04 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2010/06/17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2010/03/10 16:29:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV - [2012/05/02 13:28:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/29 09:54:55 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/27 19:06:59 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/03/20 13:49:22 | 001,118,648 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/03/20 12:20:52 | 000,571,320 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/03/20 11:11:50 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/12 15:52:57 | 000,296,232 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012/01/12 15:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012/01/12 15:52:55 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- D:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011/08/03 08:24:47 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/28 22:36:46 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 13:50:48 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2012/03/20 13:50:18 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012/03/20 13:43:36 | 000,339,608 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2012/03/20 12:21:14 | 000,085,192 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012/03/16 12:15:42 | 000,426,104 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012/03/14 19:23:00 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2012/01/08 11:40:54 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/04 21:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/09/27 17:42:04 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2010/09/27 17:42:00 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2010/09/27 17:41:58 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2010/03/10 18:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/10 16:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/10 15:34:06 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/04 16:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/28 07:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/19 21:44:32 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2009/10/19 23:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/08 02:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/08 02:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/12 09:05:32 | 000,039,552 | ---- | M] (None) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mfpec.sys -- (ALIWEHCD)
DRV:64bit: - [2009/09/12 09:05:32 | 000,013,184 | ---- | M] (None) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfpcomp.sys -- (AliWGP)
DRV:64bit: - [2009/09/12 09:05:32 | 000,012,416 | ---- | M] (None) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfpvbus.sys -- (WUSBVBus)
DRV:64bit: - [2009/08/26 08:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:02 | 000,244,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1q60x64.sys -- (e1qexpress) Stuurprogramma Q voor Intel(R)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009/03/13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009/03/04 09:48:50 | 000,213,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/01/08 11:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV - [2012/01/11 23:57:42 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/02/22 13:39:57] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011/10/27 08:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {40373B9D-88C1-4F6E-9B57-E9534E4CC3A0}
IE:64bit: - HKLM\..\SearchScopes\{40373B9D-88C1-4F6E-9B57-E9534E4CC3A0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE - HKLM\..\SearchScopes,DefaultScope = {40373B9D-88C1-4F6E-9B57-E9534E4CC3A0}
IE - HKLM\..\SearchScopes\{40373B9D-88C1-4F6E-9B57-E9534E4CC3A0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\SearchScopes,DefaultScope = {3C2010D6-0CF4-40DB-8BC0-DE8A292879E3}
IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\SearchScopes\{3C2010D6-0CF4-40DB-8BC0-DE8A292879E3}: "URL" = hxxp://www.google.nl/search?hl=nl&q={searchTerms}
IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2012/05/07 10:29:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/02 13:28:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/19 18:33:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/16 21:39:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/01/05 23:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Extensions
[2011/01/05 23:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/05/05 18:15:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\a9ua28ft.default\extensions
[2012/05/05 18:15:03 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\a9ua28ft.default\extensions\foxmarks@kei.com
[2011/09/23 21:48:29 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\a9ua28ft.default\extensions\maps@ovi.com
[2012/05/05 13:04:11 | 000,002,354 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\a9ua28ft.default\searchplugins\aol-web-search.xml
[2012/05/02 20:12:29 | 000,002,354 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\a9ua28ft.default\searchplugins\locked-aol-web-search.xml.wlrp
[2012/04/12 16:22:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/12 16:22:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/05 13:04:11 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\GERD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A9UA28FT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/02 13:28:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/05 00:42:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/11 14:09:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/11 14:09:58 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2012/02/11 14:09:58 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012/02/11 14:09:58 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3:64bit: - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MFP Manager] C:\Program Files (x86)\MFP Server Utilities\MFPAgent.exe ()
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe File not found
O4 - HKLM..\Run: [PMBVolumeWatcher] D:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001..\Run: [Akamai NetSession Interface] C:\Users\Gerd\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson London Advent Calendar.lnk =  File not found
O4 - Startup: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Manager for Skype.lnk = D:\ProgramFiles (x86)\Manager for Skype\ManagerForSkype.exe ()
O4 - Startup: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = D:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E54B6F9-0701-4446-A286-C1DA3BBC7DB0}: DhcpNameServer = 192.168.123.254
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2} - C:\Windows\SysWow64\WDShell.DLL (PC SOFT)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - Y:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - Z:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/07 15:25:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/05/07 10:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/05/04 22:40:35 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\Malwarebytes
[2012/05/04 22:40:27 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/04 22:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/04 22:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/04 22:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/04 03:09:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/05/02 19:46:10 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\Ujshrilvp
[2012/05/02 13:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/02 13:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/12 16:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/12 16:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/08 12:50:06 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/08 12:25:04 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/08 11:06:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 11:06:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 11:03:51 | 001,833,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/08 11:03:51 | 000,810,998 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012/05/08 11:03:51 | 000,708,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/08 11:03:51 | 000,177,570 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012/05/08 11:03:51 | 000,139,172 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/08 10:56:41 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/08 10:56:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/08 10:55:50 | 3220,660,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/07 10:32:42 | 000,014,776 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012/05/05 22:57:57 | 004,209,334 | ---- | M] () -- C:\Users\Gerd\Desktop\OBI-keukens.pdf
[2012/05/05 17:09:24 | 000,000,000 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012/05/05 16:25:40 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2012/05/05 16:25:30 | 000,008,192 | ---- | M] () -- C:\BOOTSECT.BAK
[2012/05/05 16:10:39 | 000,000,334 | ---- | M] () -- C:\Users\Gerd\Desktop\WD SAAS remote admin.url
[2012/05/05 13:39:22 | 000,000,730 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/05/05 13:38:58 | 000,000,623 | ---- | M] () -- C:\Users\Gerd\Desktop\WoW.exe.lnk
[2012/05/05 13:04:37 | 000,832,658 | ---- | M] () -- C:\Users\Gerd\Documents\Dachgeschoss.xar
[2012/05/05 13:04:37 | 000,795,196 | ---- | M] () -- C:\Users\Gerd\Documents\Afzuigkap_koolstoffilter.emf
[2012/05/05 13:04:37 | 000,215,955 | ---- | M] () -- C:\Users\Gerd\Desktop\64691_xm3_de_UM.pdf
[2012/05/05 13:04:37 | 000,151,334 | ---- | M] () -- C:\Users\Gerd\Desktop\Noresund-Bed-Side.jpg2511ae93-c869-4db2-a592-20ba7b19f76cLarger.jpg
[2012/05/05 13:04:37 | 000,054,249 | ---- | M] () -- C:\Users\Gerd\Documents\Oberwiesenthal_plattegrond.xar
[2012/05/05 13:04:37 | 000,002,158 | ---- | M] () -- C:\Users\Gerd\Desktop\WebDev-server Chris.rdp
[2012/05/05 13:04:37 | 000,002,028 | ---- | M] () -- C:\Users\Gerd\Documents\Default.rdp
[2012/05/05 13:04:37 | 000,000,867 | ---- | M] () -- C:\Users\Gerd\Documents\everest_HP_Gerd.rpf
[2012/05/05 13:04:37 | 000,000,332 | ---- | M] () -- C:\Users\Gerd\Desktop\WebDev remote admin.url
[2012/05/05 13:04:37 | 000,000,328 | ---- | M] () -- C:\Users\Gerd\Desktop\WebDev remote admin - kopie.url
[2012/05/05 12:58:45 | 000,007,605 | ---- | M] () -- C:\Users\Gerd\AppData\Local\Resmon.ResmonCfg
[2012/05/05 12:57:19 | 000,000,738 | ---- | M] () -- C:\Users\Gerd\.recently-used.xbel
[2012/05/04 20:57:31 | 007,401,821 | ---- | M] () -- C:\Users\Gerd\AppData\Local\census.cache
[2012/05/04 20:51:40 | 000,113,378 | ---- | M] () -- C:\Users\Gerd\AppData\Local\ars.cache
[2012/05/03 19:24:16 | 000,129,024 | ---- | M] () -- C:\Windows\RegBootClean64.exe
[2012/05/02 20:14:19 | 000,832,658 | ---- | M] () -- C:\Users\Gerd\Documents\locked-Dachgeschoss.xar.jdzp
[2012/05/02 20:14:19 | 000,054,249 | ---- | M] () -- C:\Users\Gerd\Documents\locked-Oberwiesenthal_plattegrond.xar.oyyj
[2012/05/02 20:14:19 | 000,002,028 | ---- | M] () -- C:\Users\Gerd\Documents\locked-Default.rdp.quhz
[2012/05/02 20:14:19 | 000,000,867 | ---- | M] () -- C:\Users\Gerd\Documents\locked-everest_HP_Gerd.rpf.rmqi
[2012/05/02 20:14:15 | 000,795,196 | ---- | M] () -- C:\Users\Gerd\Documents\locked-Afzuigkap_koolstoffilter.emf.ybos
[2012/05/02 20:07:12 | 000,007,605 | ---- | M] () -- C:\Users\Gerd\AppData\Local\locked-Resmon.ResmonCfg.kprg
[2012/05/02 20:06:21 | 000,000,738 | ---- | M] () -- C:\Users\Gerd\locked-.recently-used.xbel.xfpd
[2012/05/01 22:27:16 | 000,000,335 | ---- | M] () -- C:\Windows\HFREP.INI
[2012/04/30 17:29:50 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh321
[2012/04/30 17:29:30 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh320
[2012/04/30 17:28:00 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh323
[2012/04/30 17:26:42 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh322
[2012/04/30 10:21:57 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/04/26 18:38:10 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh325
[2012/04/26 18:37:48 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh324
[2012/04/14 17:55:36 | 000,000,191 | ---- | M] () -- C:\Windows\topmeeting.INI
[2012/04/13 00:58:35 | 002,062,860 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/04/08 16:26:40 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\WDStatistic_WebServer_Chris.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/05/05 22:57:56 | 004,209,334 | ---- | C] () -- C:\Users\Gerd\Desktop\OBI-keukens.pdf
[2012/05/05 17:09:24 | 000,000,312 | ---- | C] () -- C:\Users\Gerd\Desktop\Curse Client.appref-ms
[2012/05/05 17:09:24 | 000,000,000 | ---- | C] () -- C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012/05/05 13:04:37 | 000,832,658 | ---- | C] () -- C:\Users\Gerd\Documents\Dachgeschoss.xar
[2012/05/05 13:04:37 | 000,795,196 | ---- | C] () -- C:\Users\Gerd\Documents\Afzuigkap_koolstoffilter.emf
[2012/05/05 13:04:37 | 000,215,955 | ---- | C] () -- C:\Users\Gerd\Desktop\64691_xm3_de_UM.pdf
[2012/05/05 13:04:37 | 000,151,334 | ---- | C] () -- C:\Users\Gerd\Desktop\Noresund-Bed-Side.jpg2511ae93-c869-4db2-a592-20ba7b19f76cLarger.jpg
[2012/05/05 13:04:37 | 000,054,249 | ---- | C] () -- C:\Users\Gerd\Documents\Oberwiesenthal_plattegrond.xar
[2012/05/05 13:04:37 | 000,002,158 | ---- | C] () -- C:\Users\Gerd\Desktop\WebDev-server Chris.rdp
[2012/05/05 13:04:37 | 000,002,028 | ---- | C] () -- C:\Users\Gerd\Documents\Default.rdp
[2012/05/05 13:04:37 | 000,000,867 | ---- | C] () -- C:\Users\Gerd\Documents\everest_HP_Gerd.rpf
[2012/05/05 13:04:37 | 000,000,334 | ---- | C] () -- C:\Users\Gerd\Desktop\WD SAAS remote admin.url
[2012/05/05 13:04:37 | 000,000,332 | ---- | C] () -- C:\Users\Gerd\Desktop\WebDev remote admin.url
[2012/05/05 13:04:37 | 000,000,328 | ---- | C] () -- C:\Users\Gerd\Desktop\WebDev remote admin - kopie.url
[2012/05/05 12:57:20 | 000,007,605 | ---- | C] () -- C:\Users\Gerd\AppData\Local\Resmon.ResmonCfg
[2012/05/05 12:57:19 | 000,000,738 | ---- | C] () -- C:\Users\Gerd\.recently-used.xbel
[2012/05/03 19:24:16 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh325
[2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh324
[2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh323
[2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh322
[2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh321
[2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh320
[2012/04/29 09:54:56 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/14 17:55:25 | 000,000,191 | ---- | C] () -- C:\Windows\topmeeting.INI
[2012/04/04 12:21:50 | 000,417,792 | ---- | C] () -- C:\Windows\SysWow64\MFPBot.dll
[2012/04/04 12:21:49 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\InstallMFPPS.dll
[2012/04/04 12:21:48 | 000,229,376 | ---- | C] () -- C:\Windows\SysWow64\Install98MFPPS.dll
[2012/04/04 12:21:48 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ddschk.dll
[2012/04/04 12:21:48 | 000,000,235 | ---- | C] () -- C:\Windows\SysWow64\Config.ini
[2012/03/06 23:23:24 | 000,008,192 | ---- | C] () -- C:\Users\Gerd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/13 23:27:27 | 000,212,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/27 22:18:14 | 000,000,296 | ---- | C] () -- C:\Windows\topbudget.ini
[2011/08/14 12:41:47 | 007,401,821 | ---- | C] () -- C:\Users\Gerd\AppData\Local\census.cache
[2011/08/14 12:40:34 | 000,113,378 | ---- | C] () -- C:\Users\Gerd\AppData\Local\ars.cache
[2011/08/14 12:26:41 | 000,000,036 | ---- | C] () -- C:\Users\Gerd\AppData\Local\housecall.guid.cache
[2011/05/25 12:57:38 | 000,000,335 | ---- | C] () -- C:\Windows\HFREP.INI
[2011/05/19 16:49:34 | 000,030,736 | ---- | C] () -- C:\Users\Gerd\AppData\Roaming\mdbu.bin
[2011/04/07 16:13:54 | 000,000,059 | ---- | C] () -- C:\Windows\LTDLG13N.INI
[2011/03/20 00:04:08 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011/03/19 16:14:07 | 001,720,480 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/28 22:32:45 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/28 21:33:04 | 000,000,392 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/27 18:10:28 | 000,007,605 | ---- | C] () -- C:\Users\Gerd\AppData\Local\locked-Resmon.ResmonCfg.kprg
[2011/01/08 00:21:22 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll1126.old
[2011/01/08 00:21:22 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0506.old
[2011/01/08 00:21:22 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0222.old
[2011/01/08 00:21:22 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/01/06 01:08:19 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/01/05 13:43:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/05 02:19:15 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010/10/19 16:48:51 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/10/19 16:46:52 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/10/19 16:14:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011/08/25 22:28:29 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Applications WinDev
[2011/05/08 22:54:34 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Canon
[2012/01/13 23:25:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/22 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\com.adobe.newhope.NHProject.prod.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012/05/05 12:58:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\DAEMON Tools Lite
[2012/05/05 12:58:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GHISLER
[2011/06/27 21:00:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant
[2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\inkscape
[2011/11/19 22:20:15 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\JLAdventCalendarLondon2011
[2012/05/07 15:39:01 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\KeePass
[2012/01/29 15:14:54 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\MAGIX
[2011/03/19 23:42:23 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Manager for Skype
[2012/05/05 13:04:07 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\MB-Ruler Pro special
[2012/05/05 13:04:12 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Notepad++
[2012/01/29 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\OpenOffice.org
[2011/08/23 21:15:46 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PC SOFT
[2012/01/05 17:44:32 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PCTools
[2012/05/05 13:04:20 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\RCP 6
[2011/03/20 00:04:11 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Red Alert 3
[2012/03/06 23:51:50 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Serif
[2011/06/09 21:35:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\streamripper
[2012/05/05 13:04:35 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TestApp
[2011/01/05 23:03:15 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Thunderbird
[2012/05/03 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Ujshrilvp
[2011/01/06 14:19:49 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\WinBatch
[2011/09/14 20:46:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Zoner
[2012/05/05 13:04:37 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\_MDLogs
[2012/04/30 10:21:57 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/03/15 11:12:39 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/08 16:26:40 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\WDStatistic_WebServer_Chris.job
[2011/07/06 15:58:32 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\WDStatistique_WebServer_Chris.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012/05/05 12:58:08 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Adobe
[2011/08/25 22:28:29 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Applications WinDev
[2011/01/05 01:26:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\ATI
[2011/05/08 22:54:34 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Canon
[2012/01/13 23:25:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/22 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\com.adobe.newhope.NHProject.prod.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012/02/26 13:34:18 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\CyberLink
[2012/05/05 12:58:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\DAEMON Tools Lite
[2012/05/05 12:58:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GHISLER
[2011/06/27 21:00:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant
[2011/01/08 01:04:00 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Hewlett-Packard
[2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\HP Support Assistant
[2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\hpqLog
[2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\HpUpdate
[2011/01/05 01:22:57 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Identities
[2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\inkscape
[2012/04/04 12:21:05 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\InstallShield
[2011/11/19 22:20:15 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\JLAdventCalendarLondon2011
[2012/05/07 15:39:01 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\KeePass
[2011/01/05 01:56:37 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Macromedia
[2012/01/29 15:14:54 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\MAGIX
[2012/05/04 22:40:35 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Malwarebytes
[2011/03/19 23:42:23 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Manager for Skype
[2012/05/05 13:04:07 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\MB-Ruler Pro special
[2009/07/14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Media Center Programs
[2012/02/07 22:44:00 | 000,000,000 | --SD | M] -- C:\Users\Gerd\AppData\Roaming\Microsoft
[2011/03/19 18:59:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Microsoft Web Folders
[2011/01/05 13:43:29 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Mozilla
[2012/05/05 13:04:12 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Notepad++
[2012/01/29 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\OpenOffice.org
[2011/08/23 21:15:46 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PC SOFT
[2011/01/08 00:12:33 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PC Tools
[2012/01/05 17:44:32 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PCTools
[2012/05/05 13:04:20 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\RCP 6
[2011/03/20 00:04:11 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Red Alert 3
[2012/03/06 23:51:50 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Serif
[2012/05/08 12:44:31 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Skype
[2012/01/31 23:20:19 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Sony Corporation
[2011/06/09 21:35:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\streamripper
[2012/05/05 13:04:35 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TestApp
[2011/01/05 23:03:15 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Thunderbird
[2012/05/03 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Ujshrilvp
[2012/05/05 13:04:36 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Winamp
[2011/01/06 14:19:49 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\WinBatch
[2011/09/14 20:46:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Zoner
[2012/05/05 13:04:37 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\_MDLogs
 
< %APPDATA%\*.exe /s >
[2012/05/05 12:58:20 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\0E912997-236E-47E2-95F5-A48D23849954\AutoRunCE.exe
[2012/05/05 12:58:21 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\0E912997-236E-47E2-95F5-A48D23849954\0\module.exe
[2012/05/05 12:58:21 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\0E912997-236E-47E2-95F5-A48D23849954\1\module.exe
[2012/05/05 12:58:29 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\14401177-16D2-4E73-B83C-41971CFCE4D4\AutoRunCE.exe
[2012/05/05 12:58:29 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\14401177-16D2-4E73-B83C-41971CFCE4D4\1\module.exe
[2012/05/05 12:58:45 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\2003BB59-1C52-4F0A-BA35-A2B95067BE31\AutoRunCE.exe
[2012/05/05 12:58:46 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\2003BB59-1C52-4F0A-BA35-A2B95067BE31\0\module.exe
[2012/05/05 12:58:53 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\2003BB59-1C52-4F0A-BA35-A2B95067BE31\1\module.exe
[2012/05/05 12:59:09 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\331D4C06-4E59-487C-BB56-41058B8622B6\AutoRunCE.exe
[2012/05/05 12:59:11 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\331D4C06-4E59-487C-BB56-41058B8622B6\1\module.exe
[2012/05/05 12:59:16 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\378D0E99-C488-41AF-AE17-DD09DC6F0E94\AutoRunCE.exe
[2012/05/05 12:59:16 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\378D0E99-C488-41AF-AE17-DD09DC6F0E94\0\module.exe
[2012/05/05 12:59:17 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\378D0E99-C488-41AF-AE17-DD09DC6F0E94\1\module.exe
[2012/05/05 12:59:46 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\47DF284F-9584-4592-AA9D-04F8AF344305\AutoRunCE.exe
[2012/05/05 12:59:46 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\47DF284F-9584-4592-AA9D-04F8AF344305\0\module.exe
[2012/05/05 12:59:47 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\47DF284F-9584-4592-AA9D-04F8AF344305\1\module.exe
[2012/05/05 12:59:47 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\49FEC15D-61D1-4674-AC7D-A2A1F3AE1E65\AutoRunCE.exe
[2012/05/05 12:59:47 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\49FEC15D-61D1-4674-AC7D-A2A1F3AE1E65\0\module.exe
[2012/05/05 12:59:49 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\49FEC15D-61D1-4674-AC7D-A2A1F3AE1E65\1\module.exe
[2012/05/05 12:59:55 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\4FD0BE5A-BFA7-43EB-B54D-437602A85E82\AutoRunCE.exe
[2012/05/05 12:59:55 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\4FD0BE5A-BFA7-43EB-B54D-437602A85E82\0\module.exe
[2012/05/05 12:59:56 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\4FD0BE5A-BFA7-43EB-B54D-437602A85E82\1\module.exe
[2012/05/05 13:00:01 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\58896A8A-81B1-42A0-AE34-2011D084E08C\AutoRunCE.exe
[2012/05/05 13:00:02 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\58896A8A-81B1-42A0-AE34-2011D084E08C\1\module.exe
[2012/05/05 13:00:25 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\709330FD-59B0-4916-B4C5-8DE7DDE4DFB1\AutoRunCE.exe
[2012/05/05 13:00:26 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\709330FD-59B0-4916-B4C5-8DE7DDE4DFB1\0\module.exe
[2012/05/05 13:00:26 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\709330FD-59B0-4916-B4C5-8DE7DDE4DFB1\1\module.exe
[2012/05/05 13:00:28 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72913EB9-EEF8-4CA2-98A7-81E5D92A3AAA\AutoRunCE.exe
[2012/05/05 13:00:28 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72913EB9-EEF8-4CA2-98A7-81E5D92A3AAA\0\module.exe
[2012/05/05 13:00:29 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72913EB9-EEF8-4CA2-98A7-81E5D92A3AAA\1\module.exe
[2012/05/05 13:00:29 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72E3FFB6-30CD-401E-ABD1-17666B48AA06\AutoRunCE.exe
[2012/05/05 13:00:30 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72E3FFB6-30CD-401E-ABD1-17666B48AA06\1\module.exe
[2012/05/05 13:00:42 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\86CCC2EC-9AED-4ACC-AB8B-4C920DA18322\AutoRunCE.exe
[2012/05/05 13:00:43 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\86CCC2EC-9AED-4ACC-AB8B-4C920DA18322\0\module.exe
[2012/05/05 13:00:43 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\86CCC2EC-9AED-4ACC-AB8B-4C920DA18322\1\module.exe
[2012/05/05 13:00:43 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\876F365A-1E2C-46BA-99AB-B798D77FE0A3\AutoRunCE.exe
[2012/05/05 13:00:44 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\876F365A-1E2C-46BA-99AB-B798D77FE0A3\1\module.exe
[2012/05/05 13:01:21 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\97B98C68-CBCE-433D-9B6B-5B74C3B4CF92\AutoRunCE.exe
[2012/05/05 13:01:21 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\97B98C68-CBCE-433D-9B6B-5B74C3B4CF92\0\module.exe
[2012/05/05 13:01:24 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\97B98C68-CBCE-433D-9B6B-5B74C3B4CF92\1\module.exe
[2012/05/05 13:01:24 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9835DC98-D031-4AFF-9C1E-2FD56B467E9C\AutoRunCE.exe
[2012/05/05 13:01:25 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9835DC98-D031-4AFF-9C1E-2FD56B467E9C\1\module.exe
[2012/05/05 13:01:26 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9912DBF6-CA70-41A2-AE0E-1DD3EBE25B73\AutoRunCE.exe
[2012/05/05 13:01:26 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9912DBF6-CA70-41A2-AE0E-1DD3EBE25B73\1\module.exe
[2012/05/05 13:01:29 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\99552AAE-107D-45C3-8303-6FCF2A575A00\AutoRunCE.exe
[2012/05/05 13:01:30 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\99552AAE-107D-45C3-8303-6FCF2A575A00\1\module.exe
[2012/05/05 13:01:35 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9DC15144-F0D8-474B-B6B1-C9BBA2F0FFF9\AutoRunCE.exe
[2012/05/05 13:01:35 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9DC15144-F0D8-474B-B6B1-C9BBA2F0FFF9\1\module.exe
[2012/05/05 13:02:00 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\AFEEC91E-5160-4B03-BBE2-199CE05689F6\AutoRunCE.exe
[2012/05/05 13:02:00 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\AFEEC91E-5160-4B03-BBE2-199CE05689F6\0\module.exe
[2012/05/05 13:02:01 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\AFEEC91E-5160-4B03-BBE2-199CE05689F6\1\module.exe
[2012/05/05 13:02:34 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\C16FD898-E0BC-468C-AAB3-419F580788F2\AutoRunCE.exe
[2012/05/05 13:02:35 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\C16FD898-E0BC-468C-AAB3-419F580788F2\1\module.exe
[2012/05/05 13:02:44 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\C32B8022-D512-4087-9CB8-EACB5751598C\AutoRunCE.exe
[2012/05/05 13:02:48 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\C32B8022-D512-4087-9CB8-EACB5751598C\1\module.exe
[2012/05/05 13:02:52 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CC4D79E3-301F-4142-A5D1-C7B18E5667D4\AutoRunCE.exe
[2012/05/05 13:02:52 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CC4D79E3-301F-4142-A5D1-C7B18E5667D4\0\module.exe
[2012/05/05 13:02:53 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CC4D79E3-301F-4142-A5D1-C7B18E5667D4\1\module.exe
[2012/05/05 13:02:53 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CCC3E6A7-55E6-4383-B44F-C3D562B8A64C\AutoRunCE.exe
[2012/05/05 13:02:53 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CCC3E6A7-55E6-4383-B44F-C3D562B8A64C\1\module.exe
[2012/05/05 13:03:07 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\D93DB5ED-300A-47B8-B3BE-D3B6394128B6\AutoRunCE.exe
[2012/05/05 13:03:08 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\D93DB5ED-300A-47B8-B3BE-D3B6394128B6\1\module.exe
[2012/05/05 13:03:09 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\DCF63542-BB44-433F-971B-52FFBC501A13\AutoRunCE.exe
[2012/05/05 13:03:09 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\DCF63542-BB44-433F-971B-52FFBC501A13\1\module.exe
[2012/05/05 13:03:10 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\DCFF7B1D-742C-42B9-BF82-8251F722A070\AutoRunCE.exe
[2012/05/05 13:03:11 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\DCFF7B1D-742C-42B9-BF82-8251F722A070\1\module.exe
[2012/05/05 13:03:21 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E0EC9F7F-74F9-4DAF-BDAA-76F6F3669856\AutoRunCE.exe
[2012/05/05 13:03:21 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E0EC9F7F-74F9-4DAF-BDAA-76F6F3669856\0\module.exe
[2012/05/05 13:03:22 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E0EC9F7F-74F9-4DAF-BDAA-76F6F3669856\1\module.exe
[2012/05/05 13:03:23 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E2FFF65A-C686-4994-BE8A-AA5C4B122391\AutoRunCE.exe
[2012/05/05 13:03:24 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E2FFF65A-C686-4994-BE8A-AA5C4B122391\1\module.exe
[2012/05/05 13:03:25 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E341699C-641C-4C95-B926-EC6B70872360\AutoRunCE.exe
[2012/05/05 13:03:25 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E341699C-641C-4C95-B926-EC6B70872360\1\module.exe
[2012/05/05 13:03:26 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E3F63653-7C45-4D1C-ACB9-AA56DE482C89\AutoRunCE.exe
[2012/05/05 13:03:26 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E3F63653-7C45-4D1C-ACB9-AA56DE482C89\0\module.exe
[2012/05/05 13:03:27 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E3F63653-7C45-4D1C-ACB9-AA56DE482C89\1\module.exe
[2012/05/05 13:03:27 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E55DF6D4-8095-4EBA-A61B-2771BB99366E\AutoRunCE.exe
[2012/05/05 13:03:27 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E55DF6D4-8095-4EBA-A61B-2771BB99366E\0\module.exe
[2012/05/05 13:03:29 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E55DF6D4-8095-4EBA-A61B-2771BB99366E\1\module.exe
[2012/05/05 13:03:29 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E6650664-052B-4970-8424-B681B49292CA\AutoRunCE.exe
[2012/05/05 13:03:29 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E6650664-052B-4970-8424-B681B49292CA\0\module.exe
[2012/05/05 13:03:30 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E6650664-052B-4970-8424-B681B49292CA\1\module.exe
[2012/05/05 13:03:36 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EB904842-620C-4422-8B40-6EFC26DAA6A1\AutoRunCE.exe
[2012/05/05 13:03:36 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EB904842-620C-4422-8B40-6EFC26DAA6A1\0\module.exe
[2012/05/05 13:03:37 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EB904842-620C-4422-8B40-6EFC26DAA6A1\1\module.exe
[2012/05/05 13:03:37 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EBF0E2DD-C4FA-437E-B07C-5480CA2E7AD6\AutoRunCE.exe
[2012/05/05 13:03:37 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EBF0E2DD-C4FA-437E-B07C-5480CA2E7AD6\0\module.exe
[2012/05/05 13:03:38 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EBF0E2DD-C4FA-437E-B07C-5480CA2E7AD6\1\module.exe
[2012/05/05 13:03:51 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\F7DA528A-685F-4DF5-9B05-745EE5D7315E\AutoRunCE.exe
[2012/05/05 13:03:52 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\F7DA528A-685F-4DF5-9B05-745EE5D7315E\0\module.exe
[2012/05/05 13:03:52 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\F7DA528A-685F-4DF5-9B05-745EE5D7315E\1\module.exe
[2012/05/05 13:03:57 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\FCD0DB2E-0BCC-49AC-B440-C7254DC65DE2\AutoRunCE.exe
[2012/05/05 13:03:57 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\FCD0DB2E-0BCC-49AC-B440-C7254DC65DE2\1\module.exe
[2011/12/31 19:07:25 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Gerd\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008/06/06 23:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >
         
--- --- ---

Ganz schön lange Liste geworden!
Falls Du Fragen hast, lass es bitte wissen.
MfG,
Gerd

Alt 08.05.2012, 16:03   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3:64bit: - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - Y:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - Z:\autorun.inf -- [ NTFS ]
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
:Files
C:\Users\Gerd\AppData\Roaming\Ujshrilvp
C:\Windows\SysWow64\winsh32?
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________

__________________

Alt 08.05.2012, 20:22   #18
gnossing
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Hallo Arne,
Geschafft! Hier ist das Log vom OTL-fix:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
C:\Program Files (x86)\Winamp Toolbar\winamptb.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
File C:\Program Files (x86)\Winamp Toolbar\winamptb.dll not found.
64bit-Registry value HKEY_USERS\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_USERS\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
File C:\Program Files (x86)\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autorun.inf moved successfully.
D:\autorun.inf moved successfully.
Y:\autorun.inf moved successfully.
Z:\autorun.inf moved successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Temp:430C6D84 deleted successfully.
========== FILES ==========
C:\Users\Gerd\AppData\Roaming\Ujshrilvp folder moved successfully.
C:\Windows\SysWow64\winsh320 moved successfully.
C:\Windows\SysWow64\winsh321 moved successfully.
C:\Windows\SysWow64\winsh322 moved successfully.
C:\Windows\SysWow64\winsh323 moved successfully.
C:\Windows\SysWow64\winsh324 moved successfully.
C:\Windows\SysWow64\winsh325 moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gerd
->Temp folder emptied: 201854029 bytes
->Temporary Internet Files folder emptied: 19254804 bytes
->Java cache emptied: 11565884 bytes
->FireFox cache emptied: 270608160 bytes
->Flash cache emptied: 147910 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 231185843 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67753 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 701.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Gerd
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.3 log created on 05082012_210415

Files\Folders moved on Reboot...
C:\Users\Gerd\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Gerd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N58ZN033\addons-v4[1].htm moved successfully.
C:\Users\Gerd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJQCL4IB\addons-tracker-v4[1].htm moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
Ist nun alles wieder in Ordnung?
Vielen, vielen Dank für deine Hilfe!
MfG,
Gerd
__________________

Alt 11.05.2012, 09:04   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.05.2012, 10:02   #20
gnossing
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Hallo Arne,
Hier das Ergebnis:
Code:
ATTFilter
10:50:56.0060 6048	TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
10:50:56.0234 6048	============================================================
10:50:56.0234 6048	Current date / time: 2012/05/11 10:50:56.0234
10:50:56.0234 6048	SystemInfo:
10:50:56.0234 6048	
10:50:56.0234 6048	OS Version: 6.1.7601 ServicePack: 1.0
10:50:56.0234 6048	Product type: Workstation
10:50:56.0235 6048	ComputerName: GERD-HP
10:50:56.0235 6048	UserName: Gerd
10:50:56.0235 6048	Windows directory: C:\Windows
10:50:56.0235 6048	System windows directory: C:\Windows
10:50:56.0236 6048	Running under WOW64
10:50:56.0236 6048	Processor architecture: Intel x64
10:50:56.0236 6048	Number of processors: 4
10:50:56.0236 6048	Page size: 0x1000
10:50:56.0236 6048	Boot type: Normal boot
10:50:56.0236 6048	============================================================
10:50:57.0610 6048	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:50:57.0626 6048	============================================================
10:50:57.0626 6048	\Device\Harddisk0\DR0:
10:50:57.0626 6048	MBR partitions:
10:50:57.0626 6048	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:50:57.0626 6048	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x27680800
10:50:57.0644 6048	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x276B3000, BlocksNum 0x2064B000
10:50:57.0644 6048	============================================================
10:50:57.0671 6048	C: <-> \Device\Harddisk0\DR0\Partition1
10:50:57.0704 6048	Y: <-> \Device\Harddisk0\DR0\Partition0
10:50:57.0746 6048	X: <-> \Device\Harddisk0\DR0\Partition2
10:50:57.0747 6048	============================================================
10:50:57.0747 6048	Initialize success
10:50:57.0747 6048	============================================================
10:52:42.0997 3708	============================================================
10:52:42.0997 3708	Scan started
10:52:42.0997 3708	Mode: Manual; SigCheck; TDLFS; 
10:52:42.0997 3708	============================================================
10:52:44.0576 3708	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:52:44.0688 3708	1394ohci - ok
10:52:44.0710 3708	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:52:44.0728 3708	ACPI - ok
10:52:44.0747 3708	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:52:44.0799 3708	AcpiPmi - ok
10:52:44.0826 3708	AdobeActiveFileMonitor10.0 - ok
10:52:44.0918 3708	AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:52:44.0951 3708	AdobeARMservice - ok
10:52:45.0062 3708	AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:52:45.0084 3708	AdobeFlashPlayerUpdateSvc - ok
10:52:45.0123 3708	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:52:45.0145 3708	adp94xx - ok
10:52:45.0163 3708	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:52:45.0182 3708	adpahci - ok
10:52:45.0193 3708	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:52:45.0209 3708	adpu320 - ok
10:52:45.0233 3708	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:52:45.0324 3708	AeLookupSvc - ok
10:52:45.0369 3708	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:52:45.0424 3708	AFD - ok
10:52:45.0450 3708	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:52:45.0464 3708	agp440 - ok
10:52:45.0716 3708	Akamai          (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
10:52:45.0717 3708	Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
10:52:45.0722 3708	Akamai ( HiddenFile.Multi.Generic ) - warning
10:52:45.0723 3708	Akamai - detected HiddenFile.Multi.Generic (1)
10:52:45.0846 3708	aksdf           (89cd44c10d9b4d87725ff07f18a5702f) C:\Windows\system32\drivers\aksdf.sys
10:52:45.0884 3708	aksdf ( UnsignedFile.Multi.Generic ) - warning
10:52:45.0884 3708	aksdf - detected UnsignedFile.Multi.Generic (1)
10:52:45.0897 3708	aksfridge       (ba0b6fd78ae88d39b9d3d984f295a137) C:\Windows\system32\DRIVERS\aksfridge.sys
10:52:45.0937 3708	aksfridge ( UnsignedFile.Multi.Generic ) - warning
10:52:45.0937 3708	aksfridge - detected UnsignedFile.Multi.Generic (1)
10:52:45.0952 3708	akshasp         (a56f1b0f967aef8a82d7771e6d166def) C:\Windows\system32\DRIVERS\akshasp.sys
10:52:45.0989 3708	akshasp - ok
10:52:46.0009 3708	akshhl          (67dff8c8f95cb21c9c3380dd4c0387f2) C:\Windows\system32\DRIVERS\akshhl.sys
10:52:46.0065 3708	akshhl - ok
10:52:46.0083 3708	aksusb          (a9a09bc526e614ce9f29bb23c2a76ced) C:\Windows\system32\DRIVERS\aksusb.sys
10:52:46.0135 3708	aksusb - ok
10:52:46.0159 3708	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:52:46.0234 3708	ALG - ok
10:52:46.0272 3708	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:52:46.0292 3708	aliide - ok
10:52:46.0326 3708	ALIWEHCD        (6c77aaee7ea10f35533d610022f4cce2) C:\Windows\system32\Drivers\mfpec.sys
10:52:46.0383 3708	ALIWEHCD - ok
10:52:46.0394 3708	AliWGP          (db1aca48b42304350667d1c26de2b29d) C:\Windows\system32\DRIVERS\mfpcomp.sys
10:52:46.0419 3708	AliWGP - ok
10:52:46.0453 3708	AMD External Events Utility (0de7bf2a2e64a841f9abf9558870d9c4) C:\Windows\system32\atiesrxx.exe
10:52:46.0516 3708	AMD External Events Utility - ok
10:52:46.0590 3708	AMD FUEL Service - ok
10:52:46.0619 3708	AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
10:52:46.0660 3708	AMD Reservation Manager - ok
10:52:46.0682 3708	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:52:46.0719 3708	amdide - ok
10:52:46.0731 3708	amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
10:52:46.0809 3708	amdiox64 - ok
10:52:46.0833 3708	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:52:46.0880 3708	AmdK8 - ok
10:52:47.0154 3708	amdkmdag        (f284da3156166b45d02acc3c228ade1e) C:\Windows\system32\DRIVERS\atipmdag.sys
10:52:47.0300 3708	amdkmdag - ok
10:52:47.0408 3708	amdkmdap        (91e1daf0193bd2ab90b1b35c987237fe) C:\Windows\system32\DRIVERS\atikmpag.sys
10:52:47.0443 3708	amdkmdap - ok
10:52:47.0464 3708	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:52:47.0495 3708	AmdPPM - ok
10:52:47.0509 3708	amdsata         (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
10:52:47.0527 3708	amdsata - ok
10:52:47.0547 3708	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:52:47.0573 3708	amdsbs - ok
10:52:47.0595 3708	amdxata         (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
10:52:47.0607 3708	amdxata - ok
10:52:47.0668 3708	Apache2.2       (53ea061ecc67223a430f153c3682ad54) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
10:52:47.0700 3708	Apache2.2 ( UnsignedFile.Multi.Generic ) - warning
10:52:47.0700 3708	Apache2.2 - detected UnsignedFile.Multi.Generic (1)
10:52:47.0763 3708	AppHostSvc      (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
10:52:47.0833 3708	AppHostSvc - ok
10:52:47.0876 3708	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:52:48.0010 3708	AppID - ok
10:52:48.0030 3708	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:52:48.0076 3708	AppIDSvc - ok
10:52:48.0099 3708	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:52:48.0137 3708	Appinfo - ok
10:52:48.0146 3708	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:52:48.0161 3708	arc - ok
10:52:48.0170 3708	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:52:48.0185 3708	arcsas - ok
10:52:48.0227 3708	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:52:48.0271 3708	AsyncMac - ok
10:52:48.0311 3708	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:52:48.0324 3708	atapi - ok
10:52:48.0363 3708	AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
10:52:48.0399 3708	AtiHDAudioService - ok
10:52:48.0428 3708	AtiHdmiService  (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
10:52:48.0456 3708	AtiHdmiService - ok
10:52:48.0494 3708	AtiPcie         (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
10:52:48.0528 3708	AtiPcie - ok
10:52:48.0594 3708	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:52:48.0655 3708	AudioEndpointBuilder - ok
10:52:48.0661 3708	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:52:48.0697 3708	AudioSrv - ok
10:52:48.0739 3708	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:52:48.0836 3708	AxInstSV - ok
10:52:48.0900 3708	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:52:48.0959 3708	b06bdrv - ok
10:52:48.0996 3708	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:52:49.0023 3708	b57nd60a - ok
10:52:49.0047 3708	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:52:49.0081 3708	BDESVC - ok
10:52:49.0084 3708	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:52:49.0131 3708	Beep - ok
10:52:49.0190 3708	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:52:49.0243 3708	BFE - ok
10:52:49.0298 3708	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:52:49.0361 3708	BITS - ok
10:52:49.0394 3708	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:52:49.0419 3708	blbdrive - ok
10:52:49.0446 3708	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:52:49.0474 3708	bowser - ok
10:52:49.0486 3708	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:52:49.0562 3708	BrFiltLo - ok
10:52:49.0587 3708	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:52:49.0608 3708	BrFiltUp - ok
10:52:49.0634 3708	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:52:49.0687 3708	Browser - ok
10:52:49.0806 3708	Browser Defender Update Service (9d5fd177db76a7f5d6b8678870820d3c) C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
10:52:49.0847 3708	Browser Defender Update Service - ok
10:52:49.0894 3708	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:52:49.0936 3708	Brserid - ok
10:52:49.0944 3708	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:52:50.0011 3708	BrSerWdm - ok
10:52:50.0028 3708	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:52:50.0061 3708	BrUsbMdm - ok
10:52:50.0066 3708	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:52:50.0108 3708	BrUsbSer - ok
10:52:50.0115 3708	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:52:50.0137 3708	BTHMODEM - ok
10:52:50.0166 3708	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:52:50.0199 3708	bthserv - ok
10:52:50.0208 3708	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:52:50.0271 3708	cdfs - ok
10:52:50.0303 3708	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:52:50.0320 3708	cdrom - ok
10:52:50.0351 3708	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:52:50.0389 3708	CertPropSvc - ok
10:52:50.0394 3708	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:52:50.0414 3708	circlass - ok
10:52:50.0448 3708	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:52:50.0466 3708	CLFS - ok
10:52:50.0580 3708	CLHNServiceForPowerDVD12 (4c6406cf07d4ebb70c5774d55c6688fb) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
10:52:50.0615 3708	CLHNServiceForPowerDVD12 - ok
10:52:50.0676 3708	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:52:50.0709 3708	clr_optimization_v2.0.50727_32 - ok
10:52:50.0754 3708	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:52:50.0774 3708	clr_optimization_v2.0.50727_64 - ok
10:52:50.0833 3708	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:52:50.0864 3708	clr_optimization_v4.0.30319_32 - ok
10:52:50.0877 3708	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:52:50.0893 3708	clr_optimization_v4.0.30319_64 - ok
10:52:50.0916 3708	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:52:50.0930 3708	CmBatt - ok
10:52:50.0951 3708	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:52:50.0965 3708	cmdide - ok
10:52:51.0002 3708	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:52:51.0027 3708	CNG - ok
10:52:51.0055 3708	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:52:51.0076 3708	Compbatt - ok
10:52:51.0102 3708	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:52:51.0159 3708	CompositeBus - ok
10:52:51.0166 3708	COMSysApp - ok
10:52:51.0184 3708	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:52:51.0205 3708	crcdisk - ok
10:52:51.0249 3708	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:52:51.0308 3708	CryptSvc - ok
10:52:51.0405 3708	CyberLink PowerDVD 12 Media Server Monitor Service (ea22bca708b37b82adebc822a171b92e) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
10:52:51.0440 3708	CyberLink PowerDVD 12 Media Server Monitor Service - ok
10:52:51.0475 3708	CyberLink PowerDVD 12 Media Server Service (3168d2f171a64590e7a11355cae60a1e) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
10:52:51.0499 3708	CyberLink PowerDVD 12 Media Server Service - ok
10:52:51.0531 3708	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:52:51.0575 3708	DcomLaunch - ok
10:52:51.0607 3708	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:52:51.0652 3708	defragsvc - ok
10:52:51.0694 3708	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:52:51.0774 3708	DfsC - ok
10:52:51.0798 3708	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:52:51.0842 3708	Dhcp - ok
10:52:51.0868 3708	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:52:51.0949 3708	discache - ok
10:52:51.0964 3708	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:52:51.0981 3708	Disk - ok
10:52:52.0018 3708	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:52:52.0049 3708	Dnscache - ok
10:52:52.0078 3708	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:52:52.0120 3708	dot3svc - ok
10:52:52.0136 3708	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:52:52.0177 3708	DPS - ok
10:52:52.0189 3708	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:52:52.0211 3708	drmkaud - ok
10:52:52.0244 3708	dtsoftbus01     (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:52:52.0260 3708	dtsoftbus01 - ok
10:52:52.0309 3708	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:52:52.0339 3708	DXGKrnl - ok
10:52:52.0379 3708	e1qexpress      (235c3283ddbfad74fb451e268cbf0a5d) C:\Windows\system32\DRIVERS\e1q60x64.sys
10:52:52.0404 3708	e1qexpress - ok
10:52:52.0430 3708	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:52:52.0476 3708	EapHost - ok
10:52:52.0801 3708	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:52:52.0921 3708	ebdrv - ok
10:52:53.0021 3708	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:52:53.0063 3708	EFS - ok
10:52:53.0117 3708	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:52:53.0166 3708	ehRecvr - ok
10:52:53.0202 3708	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:52:53.0244 3708	ehSched - ok
10:52:53.0321 3708	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:52:53.0356 3708	elxstor - ok
10:52:53.0373 3708	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:52:53.0401 3708	ErrDev - ok
10:52:53.0450 3708	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:52:53.0504 3708	EventSystem - ok
10:52:53.0539 3708	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:52:53.0574 3708	exfat - ok
10:52:53.0588 3708	ezSharedSvc - ok
10:52:53.0604 3708	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:52:53.0650 3708	fastfat - ok
10:52:53.0704 3708	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:52:53.0734 3708	Fax - ok
10:52:53.0748 3708	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:52:53.0763 3708	fdc - ok
10:52:53.0774 3708	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:52:53.0820 3708	fdPHost - ok
10:52:53.0837 3708	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:52:53.0876 3708	FDResPub - ok
10:52:53.0888 3708	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:52:53.0902 3708	FileInfo - ok
10:52:53.0916 3708	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:52:53.0960 3708	Filetrace - ok
10:52:54.0059 3708	FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:52:54.0090 3708	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:52:54.0091 3708	FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:52:54.0097 3708	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:52:54.0112 3708	flpydisk - ok
10:52:54.0133 3708	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:52:54.0150 3708	FltMgr - ok
10:52:54.0212 3708	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:52:54.0269 3708	FontCache - ok
10:52:54.0334 3708	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:52:54.0345 3708	FontCache3.0.0.0 - ok
10:52:54.0370 3708	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:52:54.0385 3708	FsDepends - ok
10:52:54.0401 3708	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:52:54.0414 3708	Fs_Rec - ok
10:52:54.0492 3708	ftpsvc          (79179c6f8a3784cc3a20cde998d5bd2c) C:\Windows\system32\inetsrv\ftpsvc.dll
10:52:54.0546 3708	ftpsvc - ok
10:52:54.0576 3708	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:52:54.0606 3708	fvevol - ok
10:52:54.0622 3708	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:52:54.0636 3708	gagp30kx - ok
10:52:54.0685 3708	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:52:54.0736 3708	gpsvc - ok
10:52:54.0804 3708	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:52:54.0842 3708	gupdate - ok
10:52:54.0858 3708	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:52:54.0876 3708	gupdatem - ok
10:52:54.0926 3708	hardlock        (78fad9117e4527f2ca82259da10f40bd) C:\Windows\system32\drivers\hardlock.sys
10:52:54.0965 3708	hardlock - ok
10:52:54.0969 3708	hasplms - ok
10:52:54.0982 3708	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:52:55.0033 3708	hcw85cir - ok
10:52:55.0084 3708	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:52:55.0125 3708	HdAudAddService - ok
10:52:55.0154 3708	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:52:55.0192 3708	HDAudBus - ok
10:52:55.0198 3708	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:52:55.0236 3708	HidBatt - ok
10:52:55.0245 3708	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:52:55.0264 3708	HidBth - ok
10:52:55.0270 3708	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:52:55.0288 3708	HidIr - ok
10:52:55.0318 3708	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:52:55.0399 3708	hidserv - ok
10:52:55.0419 3708	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:52:55.0438 3708	HidUsb - ok
10:52:55.0469 3708	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:52:55.0527 3708	hkmsvc - ok
10:52:55.0554 3708	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:52:55.0595 3708	HomeGroupListener - ok
10:52:55.0641 3708	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:52:55.0689 3708	HomeGroupProvider - ok
10:52:55.0709 3708	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:52:55.0731 3708	HpSAMD - ok
10:52:55.0785 3708	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:52:55.0840 3708	HTTP - ok
10:52:55.0867 3708	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:52:55.0880 3708	hwpolicy - ok
10:52:55.0894 3708	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:52:55.0911 3708	i8042prt - ok
10:52:55.0932 3708	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:52:55.0952 3708	iaStorV - ok
10:52:56.0059 3708	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:52:56.0090 3708	idsvc - ok
10:52:56.0124 3708	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:52:56.0137 3708	iirsp - ok
10:52:56.0183 3708	IISADMIN        (ab55b8a9b13130f638546881ce4425f8) C:\Windows\system32\inetsrv\inetinfo.exe
10:52:56.0244 3708	IISADMIN - ok
10:52:56.0329 3708	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:52:56.0386 3708	IKEEXT - ok
10:52:56.0531 3708	IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
10:52:56.0604 3708	IntcAzAudAddService - ok
10:52:56.0697 3708	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:52:56.0724 3708	intelide - ok
10:52:56.0747 3708	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:52:56.0779 3708	intelppm - ok
10:52:56.0805 3708	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:52:56.0879 3708	IPBusEnum - ok
10:52:56.0898 3708	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:52:56.0944 3708	IpFilterDriver - ok
10:52:56.0979 3708	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:52:57.0025 3708	iphlpsvc - ok
10:52:57.0049 3708	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:52:57.0065 3708	IPMIDRV - ok
10:52:57.0075 3708	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:52:57.0121 3708	IPNAT - ok
10:52:57.0137 3708	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:52:57.0209 3708	IRENUM - ok
10:52:57.0228 3708	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:52:57.0245 3708	isapnp - ok
10:52:57.0272 3708	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:52:57.0294 3708	iScsiPrt - ok
10:52:57.0322 3708	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:52:57.0339 3708	kbdclass - ok
10:52:57.0346 3708	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:52:57.0378 3708	kbdhid - ok
10:52:57.0408 3708	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:52:57.0425 3708	KeyIso - ok
10:52:57.0457 3708	KMWDFILTER      (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
10:52:57.0471 3708	KMWDFILTER - ok
10:52:57.0488 3708	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:52:57.0506 3708	KSecDD - ok
10:52:57.0533 3708	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:52:57.0548 3708	KSecPkg - ok
10:52:57.0562 3708	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:52:57.0607 3708	ksthunk - ok
10:52:57.0714 3708	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:52:57.0807 3708	KtmRm - ok
10:52:57.0836 3708	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:52:57.0884 3708	LanmanServer - ok
10:52:57.0913 3708	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:52:57.0946 3708	LanmanWorkstation - ok
10:52:58.0022 3708	LightScribeService (3503f257b3203f824b1567238ebe17e2) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:52:58.0044 3708	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:52:58.0045 3708	LightScribeService - detected UnsignedFile.Multi.Generic (1)
10:52:58.0080 3708	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:52:58.0146 3708	lltdio - ok
10:52:58.0180 3708	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:52:58.0222 3708	lltdsvc - ok
10:52:58.0237 3708	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:52:58.0270 3708	lmhosts - ok
10:52:58.0297 3708	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:52:58.0312 3708	LSI_FC - ok
10:52:58.0323 3708	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:52:58.0338 3708	LSI_SAS - ok
10:52:58.0345 3708	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:52:58.0360 3708	LSI_SAS2 - ok
10:52:58.0370 3708	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:52:58.0386 3708	LSI_SCSI - ok
10:52:58.0412 3708	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:52:58.0453 3708	luafv - ok
10:52:58.0496 3708	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
10:52:58.0510 3708	MBAMProtector - ok
10:52:58.0597 3708	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:52:58.0620 3708	MBAMService - ok
10:52:58.0643 3708	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:52:58.0666 3708	Mcx2Svc - ok
10:52:58.0765 3708	MDM             (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
10:52:58.0810 3708	MDM - ok
10:52:58.0816 3708	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:52:58.0838 3708	megasas - ok
10:52:58.0863 3708	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:52:58.0892 3708	MegaSR - ok
10:52:58.0921 3708	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:52:58.0969 3708	MMCSS - ok
10:52:58.0974 3708	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:52:59.0012 3708	Modem - ok
10:52:59.0033 3708	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:52:59.0061 3708	monitor - ok
10:52:59.0089 3708	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:52:59.0134 3708	mouclass - ok
10:52:59.0154 3708	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:52:59.0186 3708	mouhid - ok
10:52:59.0217 3708	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:52:59.0240 3708	mountmgr - ok
10:52:59.0278 3708	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:52:59.0302 3708	MozillaMaintenance - ok
10:52:59.0334 3708	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:52:59.0358 3708	mpio - ok
10:52:59.0384 3708	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:52:59.0436 3708	mpsdrv - ok
10:52:59.0494 3708	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:52:59.0537 3708	MpsSvc - ok
10:52:59.0563 3708	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:52:59.0597 3708	MRxDAV - ok
10:52:59.0630 3708	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:52:59.0664 3708	mrxsmb - ok
10:52:59.0701 3708	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:52:59.0719 3708	mrxsmb10 - ok
10:52:59.0735 3708	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:52:59.0761 3708	mrxsmb20 - ok
10:52:59.0774 3708	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:52:59.0787 3708	msahci - ok
10:52:59.0813 3708	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:52:59.0829 3708	msdsm - ok
10:52:59.0853 3708	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:52:59.0870 3708	MSDTC - ok
10:52:59.0894 3708	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:52:59.0926 3708	Msfs - ok
10:52:59.0938 3708	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:52:59.0983 3708	mshidkmdf - ok
10:52:59.0998 3708	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:53:00.0011 3708	msisadrv - ok
10:53:00.0038 3708	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:53:00.0074 3708	MSiSCSI - ok
10:53:00.0077 3708	msiserver - ok
10:53:00.0092 3708	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:53:00.0136 3708	MSKSSRV - ok
10:53:00.0140 3708	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:53:00.0185 3708	MSPCLOCK - ok
10:53:00.0189 3708	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:53:00.0231 3708	MSPQM - ok
10:53:00.0266 3708	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:53:00.0285 3708	MsRPC - ok
10:53:00.0297 3708	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:53:00.0310 3708	mssmbios - ok
10:53:00.0314 3708	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:53:00.0360 3708	MSTEE - ok
10:53:00.0364 3708	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:53:00.0387 3708	MTConfig - ok
10:53:00.0421 3708	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:53:00.0435 3708	Mup - ok
10:53:00.0463 3708	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:53:00.0507 3708	napagent - ok
10:53:00.0541 3708	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:53:00.0570 3708	NativeWifiP - ok
10:53:00.0614 3708	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:53:00.0643 3708	NDIS - ok
10:53:00.0660 3708	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:53:00.0705 3708	NdisCap - ok
10:53:00.0728 3708	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:53:00.0760 3708	NdisTapi - ok
10:53:00.0795 3708	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:53:00.0828 3708	Ndisuio - ok
10:53:00.0851 3708	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:53:00.0898 3708	NdisWan - ok
10:53:00.0920 3708	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:53:00.0965 3708	NDProxy - ok
10:53:00.0977 3708	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:53:01.0016 3708	NetBIOS - ok
10:53:01.0041 3708	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:53:01.0086 3708	NetBT - ok
10:53:01.0104 3708	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:53:01.0118 3708	Netlogon - ok
10:53:01.0154 3708	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:53:01.0200 3708	Netman - ok
10:53:01.0245 3708	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:53:01.0304 3708	netprofm - ok
10:53:01.0376 3708	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:53:01.0413 3708	NetTcpPortSharing - ok
10:53:01.0446 3708	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:53:01.0467 3708	nfrd960 - ok
10:53:01.0504 3708	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:53:01.0548 3708	NlaSvc - ok
10:53:01.0561 3708	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:53:01.0606 3708	Npfs - ok
10:53:01.0621 3708	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:53:01.0670 3708	nsi - ok
10:53:01.0687 3708	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:53:01.0726 3708	nsiproxy - ok
10:53:01.0814 3708	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:53:01.0867 3708	Ntfs - ok
10:53:02.0015 3708	ntk_PowerDVD12  (eaac965642ef5f818aed508cadf83e4b) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
10:53:02.0051 3708	ntk_PowerDVD12 - ok
10:53:02.0149 3708	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:53:02.0216 3708	Null - ok
10:53:02.0241 3708	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:53:02.0256 3708	nvraid - ok
10:53:02.0265 3708	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:53:02.0281 3708	nvstor - ok
10:53:02.0311 3708	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:53:02.0326 3708	nv_agp - ok
10:53:02.0335 3708	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:53:02.0358 3708	ohci1394 - ok
10:53:02.0435 3708	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:53:02.0469 3708	ose - ok
10:53:02.0703 3708	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:53:02.0870 3708	osppsvc - ok
10:53:02.0964 3708	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:53:03.0005 3708	p2pimsvc - ok
10:53:03.0049 3708	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:53:03.0070 3708	p2psvc - ok
10:53:03.0105 3708	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:53:03.0121 3708	Parport - ok
10:53:03.0144 3708	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:53:03.0158 3708	partmgr - ok
10:53:03.0177 3708	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:53:03.0212 3708	PcaSvc - ok
10:53:03.0338 3708	PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
10:53:03.0635 3708	PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
10:53:03.0684 3708	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:53:03.0728 3708	pci - ok
10:53:03.0739 3708	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:53:03.0756 3708	pciide - ok
10:53:03.0774 3708	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:53:03.0793 3708	pcmcia - ok
10:53:03.0841 3708	PCTBD           (99a3a277a99c437283324067970e1d37) C:\Windows\system32\Drivers\PCTBD64.sys
10:53:03.0874 3708	PCTBD - ok
10:53:03.0934 3708	PCTCore         (dbb55b4da79a6f59b63e233907ba6bae) C:\Windows\system32\drivers\PCTCore64.sys
10:53:03.0963 3708	PCTCore - ok
10:53:04.0034 3708	pctDS           (ba1f42a42f405f62ceff6b69a2797f7c) C:\Windows\system32\drivers\pctDS64.sys
10:53:04.0073 3708	pctDS - ok
10:53:04.0134 3708	pctEFA          (146cc91c93ced13e7fe40e8d8615be39) C:\Windows\system32\drivers\pctEFA64.sys
10:53:04.0175 3708	pctEFA - ok
10:53:04.0197 3708	pctgntdi        (5b4b9d0e748aa06a8887fe79351c91f3) C:\Windows\System32\drivers\pctgntdi64.sys
10:53:04.0215 3708	pctgntdi - ok
10:53:04.0228 3708	pctplsg         (db1f94051396af34fe521bfeececdb53) C:\Windows\System32\drivers\pctplsg64.sys
10:53:04.0242 3708	pctplsg - ok
10:53:04.0293 3708	PCTSD           (afa19eff0197c474379ed904e25a995d) C:\Windows\system32\Drivers\PCTSD64.sys
10:53:04.0309 3708	PCTSD - ok
10:53:04.0322 3708	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:53:04.0335 3708	pcw - ok
10:53:04.0367 3708	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:53:04.0416 3708	PEAUTH - ok
10:53:04.0480 3708	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:53:04.0504 3708	PerfHost - ok
10:53:04.0637 3708	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:53:04.0709 3708	pla - ok
10:53:04.0761 3708	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:53:04.0786 3708	PlugPlay - ok
10:53:04.0793 3708	PMBDeviceInfoProvider - ok
10:53:04.0819 3708	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:53:04.0847 3708	PNRPAutoReg - ok
10:53:04.0871 3708	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:53:04.0887 3708	PNRPsvc - ok
10:53:04.0916 3708	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:53:04.0954 3708	PolicyAgent - ok
10:53:04.0970 3708	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:53:05.0011 3708	Power - ok
10:53:05.0054 3708	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:53:05.0133 3708	PptpMiniport - ok
10:53:05.0158 3708	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:53:05.0182 3708	Processor - ok
10:53:05.0202 3708	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:53:05.0243 3708	ProfSvc - ok
10:53:05.0259 3708	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:53:05.0273 3708	ProtectedStorage - ok
10:53:05.0307 3708	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:53:05.0340 3708	Psched - ok
10:53:05.0354 3708	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:53:05.0366 3708	PxHlpa64 - ok
10:53:05.0442 3708	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:53:05.0495 3708	ql2300 - ok
10:53:05.0563 3708	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:53:05.0579 3708	ql40xx - ok
10:53:05.0608 3708	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:53:05.0630 3708	QWAVE - ok
10:53:05.0645 3708	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:53:05.0663 3708	QWAVEdrv - ok
10:53:05.0723 3708	RapiMgr         (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
10:53:05.0767 3708	RapiMgr - ok
10:53:05.0771 3708	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:53:05.0808 3708	RasAcd - ok
10:53:05.0824 3708	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:53:05.0858 3708	RasAgileVpn - ok
10:53:05.0869 3708	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:53:05.0904 3708	RasAuto - ok
10:53:05.0916 3708	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:53:05.0959 3708	Rasl2tp - ok
10:53:05.0988 3708	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:53:06.0025 3708	RasMan - ok
10:53:06.0040 3708	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:53:06.0087 3708	RasPppoe - ok
10:53:06.0102 3708	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:53:06.0136 3708	RasSstp - ok
10:53:06.0161 3708	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:53:06.0196 3708	rdbss - ok
10:53:06.0200 3708	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:53:06.0218 3708	rdpbus - ok
10:53:06.0227 3708	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:53:06.0260 3708	RDPCDD - ok
10:53:06.0272 3708	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:53:06.0316 3708	RDPENCDD - ok
10:53:06.0327 3708	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:53:06.0359 3708	RDPREFMP - ok
10:53:06.0380 3708	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
10:53:06.0418 3708	RDPWD - ok
10:53:06.0453 3708	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:53:06.0469 3708	rdyboost - ok
10:53:06.0501 3708	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:53:06.0535 3708	RemoteAccess - ok
10:53:06.0581 3708	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:53:06.0627 3708	RemoteRegistry - ok
10:53:06.0642 3708	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:53:06.0687 3708	RpcEptMapper - ok
10:53:06.0712 3708	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:53:06.0755 3708	RpcLocator - ok
10:53:06.0787 3708	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:53:06.0822 3708	RpcSs - ok
10:53:06.0838 3708	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:53:06.0882 3708	rspndr - ok
10:53:06.0926 3708	RSUSBSTOR       (ace55328a7f65b7dbd1870b1642b4018) C:\Windows\system32\Drivers\RtsUStor.sys
10:53:06.0951 3708	RSUSBSTOR - ok
10:53:06.0997 3708	RTL8167         (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:53:07.0015 3708	RTL8167 - ok
10:53:07.0029 3708	Rts516xIR - ok
10:53:07.0049 3708	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:53:07.0062 3708	SamSs - ok
10:53:07.0085 3708	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:53:07.0100 3708	sbp2port - ok
10:53:07.0123 3708	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:53:07.0172 3708	SCardSvr - ok
10:53:07.0198 3708	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:53:07.0265 3708	scfilter - ok
10:53:07.0319 3708	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:53:07.0387 3708	Schedule - ok
10:53:07.0409 3708	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:53:07.0441 3708	SCPolicySvc - ok
10:53:07.0539 3708	sdAuxService    (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
10:53:07.0578 3708	sdAuxService - ok
10:53:07.0637 3708	sdCoreService   (697e0a2a300ee8719cafae55b4771053) C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
10:53:07.0674 3708	sdCoreService - ok
10:53:07.0762 3708	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:53:07.0806 3708	SDRSVC - ok
10:53:07.0848 3708	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:53:07.0902 3708	secdrv - ok
10:53:07.0926 3708	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:53:07.0968 3708	seclogon - ok
10:53:07.0992 3708	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:53:08.0038 3708	SENS - ok
10:53:08.0058 3708	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:53:08.0096 3708	SensrSvc - ok
10:53:08.0115 3708	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:53:08.0129 3708	Serenum - ok
10:53:08.0136 3708	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:53:08.0152 3708	Serial - ok
10:53:08.0178 3708	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:53:08.0194 3708	sermouse - ok
10:53:08.0223 3708	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:53:08.0263 3708	SessionEnv - ok
10:53:08.0275 3708	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:53:08.0306 3708	sffdisk - ok
10:53:08.0310 3708	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:53:08.0335 3708	sffp_mmc - ok
10:53:08.0339 3708	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:53:08.0358 3708	sffp_sd - ok
10:53:08.0362 3708	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:53:08.0383 3708	sfloppy - ok
10:53:08.0421 3708	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:53:08.0459 3708	SharedAccess - ok
10:53:08.0482 3708	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:53:08.0518 3708	ShellHWDetection - ok
10:53:08.0524 3708	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:53:08.0538 3708	SiSRaid2 - ok
10:53:08.0547 3708	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:53:08.0562 3708	SiSRaid4 - ok
10:53:08.0632 3708	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
10:53:08.0647 3708	SkypeUpdate - ok
10:53:08.0666 3708	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:53:08.0713 3708	Smb - ok
10:53:08.0743 3708	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:53:08.0759 3708	SNMPTRAP - ok
10:53:08.0771 3708	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:53:08.0784 3708	spldr - ok
10:53:08.0826 3708	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:53:08.0864 3708	Spooler - ok
10:53:09.0031 3708	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:53:09.0179 3708	sppsvc - ok
10:53:09.0264 3708	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:53:09.0362 3708	sppuinotify - ok
10:53:09.0419 3708	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:53:09.0486 3708	srv - ok
10:53:09.0519 3708	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:53:09.0547 3708	srv2 - ok
10:53:09.0562 3708	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:53:09.0579 3708	srvnet - ok
10:53:09.0605 3708	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:53:09.0640 3708	SSDPSRV - ok
10:53:09.0657 3708	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:53:09.0692 3708	SstpSvc - ok
10:53:09.0761 3708	Steam Client Service - ok
10:53:09.0793 3708	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:53:09.0814 3708	stexstor - ok
10:53:09.0877 3708	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:53:09.0927 3708	stisvc - ok
10:53:09.0970 3708	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:53:10.0009 3708	swenum - ok
10:53:10.0051 3708	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:53:10.0102 3708	swprv - ok
10:53:10.0195 3708	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:53:10.0261 3708	SysMain - ok
10:53:10.0335 3708	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:53:10.0356 3708	TabletInputService - ok
10:53:10.0375 3708	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:53:10.0419 3708	TapiSrv - ok
10:53:10.0435 3708	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:53:10.0469 3708	TBS - ok
10:53:10.0588 3708	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:53:10.0650 3708	Tcpip - ok
10:53:10.0785 3708	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:53:10.0819 3708	TCPIP6 - ok
10:53:10.0908 3708	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:53:10.0980 3708	tcpipreg - ok
10:53:11.0001 3708	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:53:11.0026 3708	TDPIPE - ok
10:53:11.0065 3708	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:53:11.0093 3708	TDTCP - ok
10:53:11.0127 3708	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:53:11.0173 3708	tdx - ok
10:53:11.0191 3708	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:53:11.0206 3708	TermDD - ok
10:53:11.0247 3708	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:53:11.0287 3708	TermService - ok
10:53:11.0307 3708	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:53:11.0336 3708	Themes - ok
10:53:11.0359 3708	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:53:11.0391 3708	THREADORDER - ok
10:53:11.0406 3708	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:53:11.0440 3708	TrkWks - ok
10:53:11.0480 3708	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:53:11.0526 3708	TrustedInstaller - ok
10:53:11.0547 3708	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:53:11.0579 3708	tssecsrv - ok
10:53:11.0616 3708	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:53:11.0670 3708	TsUsbFlt - ok
10:53:11.0724 3708	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:53:11.0772 3708	tunnel - ok
10:53:11.0791 3708	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:53:11.0805 3708	uagp35 - ok
10:53:11.0832 3708	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:53:11.0867 3708	udfs - ok
10:53:11.0890 3708	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:53:11.0906 3708	UI0Detect - ok
10:53:11.0942 3708	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:53:11.0978 3708	uliagpkx - ok
10:53:11.0991 3708	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:53:12.0027 3708	umbus - ok
10:53:12.0033 3708	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:53:12.0078 3708	UmPass - ok
10:53:12.0116 3708	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:53:12.0167 3708	upnphost - ok
10:53:12.0185 3708	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:53:12.0203 3708	usbaudio - ok
10:53:12.0227 3708	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:53:12.0252 3708	usbccgp - ok
10:53:12.0282 3708	USBCCID - ok
10:53:12.0306 3708	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:53:12.0325 3708	usbcir - ok
10:53:12.0339 3708	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:53:12.0364 3708	usbehci - ok
10:53:12.0392 3708	usbfilter       (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys
10:53:12.0422 3708	usbfilter - ok
10:53:12.0454 3708	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:53:12.0492 3708	usbhub - ok
10:53:12.0505 3708	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
10:53:12.0541 3708	usbohci - ok
10:53:12.0566 3708	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:53:12.0590 3708	usbprint - ok
10:53:12.0618 3708	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:53:12.0664 3708	usbscan - ok
10:53:12.0683 3708	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:53:12.0739 3708	USBSTOR - ok
10:53:12.0776 3708	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:53:12.0803 3708	usbuhci - ok
10:53:12.0818 3708	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:53:12.0851 3708	UxSms - ok
10:53:12.0868 3708	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:53:12.0881 3708	VaultSvc - ok
10:53:12.0914 3708	VBoxDrv         (81952471021f6a6f56dda6ed6b5dd638) C:\Windows\system32\DRIVERS\VBoxDrv.sys
10:53:12.0931 3708	VBoxDrv - ok
10:53:13.0084 3708	VBoxNetAdp      (c9f86aeb504355541ec9820e3155e253) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
10:53:13.0100 3708	VBoxNetAdp - ok
10:53:13.0124 3708	VBoxNetFlt      (64715ce639d05d753bcd86f5abf4d82a) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
10:53:13.0140 3708	VBoxNetFlt - ok
10:53:13.0169 3708	VBoxUSBMon      (edeb78b6a969107a66a5af145ac0a43f) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
10:53:13.0184 3708	VBoxUSBMon - ok
10:53:13.0200 3708	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:53:13.0214 3708	vdrvroot - ok
10:53:13.0255 3708	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:53:13.0294 3708	vds - ok
10:53:13.0320 3708	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:53:13.0359 3708	vga - ok
10:53:13.0377 3708	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:53:13.0424 3708	VgaSave - ok
10:53:13.0443 3708	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:53:13.0460 3708	vhdmp - ok
10:53:13.0472 3708	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:53:13.0486 3708	viaide - ok
10:53:13.0499 3708	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:53:13.0513 3708	volmgr - ok
10:53:13.0557 3708	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:53:13.0576 3708	volmgrx - ok
10:53:13.0609 3708	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:53:13.0626 3708	volsnap - ok
10:53:13.0644 3708	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:53:13.0660 3708	vsmraid - ok
10:53:13.0744 3708	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:53:13.0826 3708	VSS - ok
10:53:13.0925 3708	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:53:13.0972 3708	vwifibus - ok
10:53:14.0007 3708	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:53:14.0044 3708	W32Time - ok
10:53:14.0109 3708	W3SVC           (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
10:53:14.0166 3708	W3SVC - ok
10:53:14.0172 3708	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:53:14.0200 3708	WacomPen - ok
10:53:14.0222 3708	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:53:14.0267 3708	WANARP - ok
10:53:14.0270 3708	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:53:14.0301 3708	Wanarpv6 - ok
10:53:14.0315 3708	WAS             (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
10:53:14.0333 3708	WAS - ok
10:53:14.0414 3708	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:53:14.0456 3708	WatAdminSvc - ok
10:53:14.0536 3708	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:53:14.0594 3708	wbengine - ok
10:53:14.0672 3708	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:53:14.0694 3708	WbioSrvc - ok
10:53:14.0749 3708	WcesComm        (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
10:53:14.0770 3708	WcesComm - ok
10:53:14.0802 3708	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:53:14.0833 3708	wcncsvc - ok
10:53:14.0851 3708	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:53:14.0883 3708	WcsPlugInService - ok
10:53:14.0918 3708	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:53:14.0952 3708	Wd - ok
10:53:15.0002 3708	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:53:15.0026 3708	Wdf01000 - ok
10:53:15.0039 3708	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:53:15.0094 3708	WdiServiceHost - ok
10:53:15.0097 3708	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:53:15.0116 3708	WdiSystemHost - ok
10:53:15.0133 3708	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:53:15.0164 3708	WebClient - ok
10:53:15.0183 3708	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:53:15.0228 3708	Wecsvc - ok
10:53:15.0237 3708	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:53:15.0271 3708	wercplsupport - ok
10:53:15.0289 3708	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:53:15.0324 3708	WerSvc - ok
10:53:15.0340 3708	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:53:15.0373 3708	WfpLwf - ok
10:53:15.0381 3708	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:53:15.0395 3708	WIMMount - ok
10:53:15.0444 3708	WinDefend - ok
10:53:15.0459 3708	WinHttpAutoProxySvc - ok
10:53:15.0516 3708	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:53:15.0581 3708	Winmgmt - ok
10:53:15.0687 3708	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:53:15.0760 3708	WinRM - ok
10:53:15.0866 3708	WINUSB          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.SYS
10:53:15.0893 3708	WINUSB - ok
10:53:15.0978 3708	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:53:16.0020 3708	Wlansvc - ok
10:53:16.0050 3708	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:53:16.0086 3708	WmiAcpi - ok
10:53:16.0115 3708	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:53:16.0151 3708	wmiApSrv - ok
10:53:16.0190 3708	WMPNetworkSvc - ok
10:53:16.0241 3708	WMSVC           (b5bd872122a2ce82d196abf2d5d8d80a) C:\Windows\system32\inetsrv\wmsvc.exe
10:53:16.0301 3708	WMSVC - ok
10:53:16.0324 3708	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:53:16.0351 3708	WPCSvc - ok
10:53:16.0378 3708	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:53:16.0421 3708	WPDBusEnum - ok
10:53:16.0432 3708	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:53:16.0487 3708	ws2ifsl - ok
10:53:16.0506 3708	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:53:16.0534 3708	wscsvc - ok
10:53:16.0537 3708	WSearch - ok
10:53:16.0663 3708	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:53:16.0756 3708	wuauserv - ok
10:53:16.0874 3708	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:53:16.0944 3708	WudfPf - ok
10:53:16.0963 3708	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:53:16.0997 3708	WUDFRd - ok
10:53:17.0016 3708	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:53:17.0049 3708	wudfsvc - ok
10:53:17.0075 3708	WUSBVBus        (28de9164f5d74cfd2466778ba1d93f30) C:\Windows\system32\DRIVERS\mfpvbus.sys
10:53:17.0099 3708	WUSBVBus - ok
10:53:17.0119 3708	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:53:17.0141 3708	WwanSvc - ok
10:53:17.0264 3708	{329F96B6-DF1E-4328-BFDA-39EA953C1312} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
10:53:17.0286 3708	{329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
10:53:17.0320 3708	MBR (0x1B8)     (972d200618aaa26eb1ecfa8e9645c503) \Device\Harddisk0\DR0
10:53:17.0595 3708	\Device\Harddisk0\DR0 - ok
10:53:17.0603 3708	Boot (0x1200)   (7f8f39dd896c7ca09ca092d56cb5e537) \Device\Harddisk0\DR0\Partition0
10:53:17.0606 3708	\Device\Harddisk0\DR0\Partition0 - ok
10:53:17.0646 3708	Boot (0x1200)   (ebd710701b3ac661dead5102a1f801da) \Device\Harddisk0\DR0\Partition1
10:53:17.0650 3708	\Device\Harddisk0\DR0\Partition1 - ok
10:53:17.0673 3708	Boot (0x1200)   (b5f709ba380e44516ddfc353785c53ea) \Device\Harddisk0\DR0\Partition2
10:53:17.0676 3708	\Device\Harddisk0\DR0\Partition2 - ok
10:53:17.0677 3708	============================================================
10:53:17.0677 3708	Scan finished
10:53:17.0677 3708	============================================================
10:53:17.0704 4704	Detected object count: 6
10:53:17.0705 4704	Actual detected object count: 6
10:53:53.0416 4704	Akamai ( HiddenFile.Multi.Generic ) - skipped by user
10:53:53.0416 4704	Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
10:53:53.0418 4704	aksdf ( UnsignedFile.Multi.Generic ) - skipped by user
10:53:53.0418 4704	aksdf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:53:53.0421 4704	aksfridge ( UnsignedFile.Multi.Generic ) - skipped by user
10:53:53.0421 4704	aksfridge ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:53:53.0423 4704	Apache2.2 ( UnsignedFile.Multi.Generic ) - skipped by user
10:53:53.0423 4704	Apache2.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:53:53.0425 4704	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:53:53.0425 4704	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:53:53.0427 4704	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
10:53:53.0428 4704	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
MfG, Gerd


Alt 11.05.2012, 10:30   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
--> Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!

Alt 11.05.2012, 15:13   #22
gnossing
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Hallo Arne,
Hier der Log von ComboFix:
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-05-11.02 - Gerd 11-05-2012  13:11:06.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.4095.2531 [GMT 2:00]
Gestart vanuit: d:\install\Internet\Antivirus\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Nieuw herstelpunt werd aangemaakt
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\Config.ini
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2012-04-11 to 2012-05-11  ))))))))))))))))))))))))))))))
.
.
2012-05-11 11:23 . 2012-05-11 11:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-07 13:25 . 2012-05-07 13:25	--------	d-----w-	c:\program files (x86)\ESET
2012-05-04 20:40 . 2012-05-04 20:40	--------	d-----w-	c:\users\Gerd\AppData\Roaming\Malwarebytes
2012-05-04 20:40 . 2012-05-04 20:40	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-04 20:40 . 2012-05-04 20:40	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-04 20:40 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-03 17:24 . 2012-05-03 17:24	129024	----a-w-	c:\windows\RegBootClean64.exe
2012-05-02 11:28 . 2012-05-02 11:28	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-05-02 11:28 . 2012-05-02 11:28	157352	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-02 11:28 . 2012-05-02 11:28	129976	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-29 07:54 . 2012-04-29 07:54	418464	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-12 22:55 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-12 22:55 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-12 22:55 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-04-12 22:55 . 2012-03-01 06:38	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-04-12 22:55 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2012-04-12 22:55 . 2012-03-01 05:37	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-04-12 22:55 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-04-12 14:22 . 2012-04-12 14:22	--------	d-----w-	c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 08:32 . 2011-11-21 07:56	14776	----a-w-	c:\windows\system32\drivers\pctBTFix64.sys
2012-04-29 07:54 . 2011-05-25 07:59	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 11:50 . 2011-01-07 22:12	92896	----a-w-	c:\windows\system32\drivers\pctplsg64.sys
2012-03-20 11:50 . 2011-11-21 07:56	251528	----a-w-	c:\windows\system32\drivers\PCTSD64.sys
2012-03-20 11:43 . 2011-01-07 22:12	145432	----a-w-	c:\windows\system32\drivers\pctwfpfilter64.sys
2012-03-20 11:43 . 2011-01-07 22:12	339608	----a-w-	c:\windows\system32\drivers\pctgntdi64.sys
2012-03-20 10:21 . 2011-11-21 07:56	85192	----a-w-	c:\windows\system32\drivers\PCTBD64.sys
2012-03-20 10:21 . 2011-01-07 22:21	149432	----a-w-	c:\windows\SGDetectionTool.dll
2012-03-20 10:21 . 2011-01-07 22:21	2271160	----a-w-	c:\windows\PCTBDCore.dll
2012-03-20 10:21 . 2011-01-07 22:21	1681336	----a-w-	c:\windows\PCTBDRes.dll
2012-03-20 10:20 . 2011-01-07 22:21	767928	----a-w-	c:\windows\BDTSupport.dll
2012-03-20 09:39 . 2011-01-07 22:21	3488	----a-w-	c:\windows\UDB.zip
2012-03-20 09:39 . 2011-01-07 22:21	131	----a-w-	c:\windows\IDB.zip
2012-03-16 10:15 . 2011-01-07 22:12	426104	----a-w-	c:\windows\system32\drivers\PCTCore64.sys
2012-03-14 17:23 . 2012-03-14 17:23	147248	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2012-03-14 17:22 . 2012-03-14 17:22	166192	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys
2012-03-14 17:22 . 2012-03-14 22:21	130864	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2012-03-14 17:22 . 2012-03-14 22:21	224048	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2012-03-14 17:22 . 2012-03-14 17:22	320816	----a-w-	c:\windows\system32\VBoxNetFltNobj.dll
2012-03-04 22:42 . 2011-03-21 11:57	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-02-28 09:43 . 2011-01-07 22:12	1096176	----a-w-	c:\windows\system32\drivers\pctEFA64.sys
2012-02-28 09:43 . 2011-01-07 22:12	453896	----a-w-	c:\windows\system32\drivers\pctDS64.sys
2012-02-17 06:38 . 2012-03-14 07:35	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 07:35	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 07:35	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 07:35	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-02-14 10:09 . 2012-02-14 10:09	1070352	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Gerd\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-04-10 1733120]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"PMBVolumeWatcher"="d:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-01-12 371256]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MFP Manager"="c:\program files (x86)\MFP Server Utilities\MFPAgent.exe" [2010-10-01 884736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-5-5 0]
Jacquie Lawson London Advent Calendar.lnk - c:\program files (x86)\Jacquie Lawson London Advent Calendar\Jacquie Lawson London Advent Calendar.exe [N/A]
Manager for Skype.lnk - d:\programfiles (x86)\Manager for Skype\ManagerForSkype.exe [2008-4-15 688128]
OpenOffice.org 3.3.lnk - d:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-10-18 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2}"= "WDSHELL.DLL" [2010-11-30 208896]
.
R2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 253088]
R3 AliWGP;Composite Device;c:\windows\system32\DRIVERS\mfpcomp.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2010-01-19 23536]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
R3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2012-03-20 402336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMSVC;Web Management-service;c:\windows\system32\inetsrv\wmsvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/02/22 13:39];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-01-11 21:57 146928]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;d:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\Drivers\mfpec.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-10-17 20549]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2012-03-20 571320]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-01-12 87336]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-01-12 75048]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-01-12 296232]
S2 ftpsvc;Microsoft FTP-service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;d:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 e1qexpress;Stuurprogramma Q voor Intel(R) PRO/1000 PCI Express-netwerkverbinding;c:\windows\system32\DRIVERS\e1q60x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 WUSBVBus;MFP Server Detector;c:\windows\system32\DRIVERS\mfpvbus.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
Akamai	REG_MULTI_SZ   	Akamai
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 07:54]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 17:54]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 17:54]
.
2012-04-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
.
2012-04-08 c:\windows\Tasks\WDStatistic_WebServer_Chris.job
- d:\webdev 16\Programs\WDStatistic.exe [2011-01-20 10:04]
.
2011-07-06 c:\windows\Tasks\WDStatistique_WebServer_Chris.job
- d:\webdev 16\Programs\WDStatistic.exe [2011-01-20 10:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/webhp?hl=nl
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: &Verzenden naar OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.123.254
FF - ProfilePath - c:\users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\a9ua28ft.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
Wow6432Node-HKLM-Run-PCTools FGuard - c:\program files (x86)\PC Tools Security\BDT\FGuard.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Streamripper - c:\program files (x86)\Streamripper\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-05-11  13:47:23
ComboFix-quarantined-files.txt  2012-05-11 11:47
.
Pre-Run: 236.484.005.888 bytes beschikbaar
Post-Run: 235.977.572.352 bytes beschikbaar
.
- - End Of File - - A5A1F9B9EB1B4FF61699F5E3F869989C
         
--- --- ---

Noch irgend welche Besonderheiten?
MfG, Gerd

Alt 11.05.2012, 19:29   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.05.2012, 22:24   #24
gnossing
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Hallo Arne,

Was ich auch mache, aber halberwege des Scans bekomme ich die folgende Fehlermeldung:
Avast!Antirootkit arbeitet nicht mehr.
Es passiert immer an der gleichen Stelle beim scannen:
scanning: c:\windows\assambly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications....
Was soll ich machen? Kann ich den Directory einfach löschen? Ich brauche VisualStuudio in jedem Fall nicht.
MfG, Gerd

Alt 11.05.2012, 23:01   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Deswegen wurde extra das gepostet

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.05.2012, 23:18   #26
gnossing
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Hallo Arne,

Hab's endlich geschafft, so wie beschrieben:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-12 00:13:36
-----------------------------
00:13:36.968    OS Version: Windows x64 6.1.7601 Service Pack 1
00:13:36.968    Number of processors: 4 586 0x503
00:13:36.968    ComputerName: GERD-HP  UserName: Gerd
00:13:41.539    Initialize success
00:13:46.983    AVAST engine defs: 12051100
00:14:06.452    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
00:14:06.467    Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 11
00:14:06.483    Disk 0 MBR read successfully
00:14:06.499    Disk 0 MBR scan
00:14:06.499    Disk 0 unknown MBR code
00:14:06.514    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
00:14:06.530    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       322817 MB offset 206848
00:14:06.545    Disk 0 Partition - 00     0F Extended LBA            365584 MB offset 1204805632
00:14:06.577    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       265366 MB offset 661336064
00:14:06.623    Disk 0 Partition - 00     05     Extended            353620 MB offset 1204807679
00:14:06.623    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       353620 MB offset 1204807680
00:14:06.639    Disk 0 Partition - 00     05     Extended             11962 MB offset 1929025535
00:14:06.670    Disk 0 Partition 5 00     07    HPFS/NTFS NTFS        11961 MB offset 1929025536
00:14:07.232    Disk 0 scanning C:\Windows\system32\drivers
00:14:18.308    Service scanning
00:14:36.694    Modules scanning
00:14:36.704    Disk 0 trace - called modules:
00:14:36.744    ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys amdxata.sys storport.sys hal.dll amdsata.sys 
00:14:36.744    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049f7790]
00:14:36.754    3 CLASSPNP.SYS[fffff88001ba043f] -> nt!IofCallDriver -> [0xfffffa80048e5bc0]
00:14:36.764    5 PCTCore64.sys[fffff880010ee6f4] -> nt!IofCallDriver -> [0xfffffa80048d0b80]
00:14:36.774    7 amdxata.sys[fffff880010b57a8] -> nt!IofCallDriver -> \Device\00000066[0xfffffa80048c99c0]
00:14:36.774    Scan finished successfully
00:14:56.872    Disk 0 MBR has been saved successfully to "D:\Install\Internet\Antivirus\MBR.dat"
00:14:57.200    The log file has been saved successfully to "D:\Install\Internet\Antivirus\aswMBR.txt"
         
Ich habe zwischendurch Spyware Doctor aufräumen lassen, weil aswMBR nicht funktionieren wollte.
MfG, Gerd

Alt 11.05.2012, 23:53   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast


Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.05.2012, 08:55   #28
gnossing
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Hallo Arne,
Auf dem PC habe ich "Oracle VM VirtualBox" installiert. Kann dadurch der Bootsector verändert sein?
M.a.W. MBR-Fix ausführen oder nicht?
MfG, Gerd

Alt 12.05.2012, 20:20   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Durch eine VirtualBox? Nein
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.05.2012, 21:42   #30
gnossing
 
Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Standard

Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!



Hallo Arne,
Gerade fällt mir ein, wieso der MBR verändert ist. Bevor ich die VirtualBox installiert habe (um WindowsXP benutzen zu können), hatte ich erst versucht mit Paragon Partion Manager ein Dual-boot System zu bauen. Weil das aber nicht richtig funktionieren wollte habe ich das aufgegeben und den MBR durch Paragon wieder zurücksetzen lassen. Das scheint aber nicht 100% der alte MBR zu sein.
Ich gehe aber davon aus, das Paragon den MBR nicht infiziert hat!
Deshalb erwäge ich jetzt um den MBR so zu lassen wie er ist, weil ich nicht gerne das Risiko eingehe, das (jetzt ordentlich) laufende System zu verlieren.
Was denken Sie?
MfG, Gerd

Antwort

Themen zu Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!
anti-malware, befallen, beitrag, dateien, dateien verschlüsselt, decrypthelper, erstellen, folge, folgende, forum, helper, installiert, interesse, mail, malwarebytes, meldung, nicht mehr, programm, ransomlock, rojaner gefunden, scan, scannen, setzen, thema, trojan.fakealert, trojaner, trojaner gefunden, viren, viren?, wichtige




Ähnliche Themen: Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!


  1. Windows 7: Malwarebytes Anti-Malware findet Trojan.Agent.RC und setzt SkyDriveSetup.exe in Quarantäne
    Log-Analyse und Auswertung - 12.06.2015 (17)
  2. Malwarebytes Anti-Malware findet auf NAS, nicht aber auf interner HDD
    Log-Analyse und Auswertung - 10.06.2015 (14)
  3. Malwarebytes Anti-Malware findet TowerTilt Adware
    Plagegeister aller Art und deren Bekämpfung - 18.06.2014 (21)
  4. Anti-Malware findet 10 Bedrohungen...
    Plagegeister aller Art und deren Bekämpfung - 09.06.2014 (9)
  5. Malwarebytes Anti-Malware findet infizierte Dateien, was tun?
    Plagegeister aller Art und deren Bekämpfung - 04.02.2014 (9)
  6. Malwarebytes Anti-Malware Scan findet zwei Viren
    Log-Analyse und Auswertung - 07.12.2013 (25)
  7. Malewarebytes Anti Malware findet bei jedem Suchlauf! Win7
    Log-Analyse und Auswertung - 06.12.2013 (10)
  8. Malwarebytes Anti-Malware findet infizierte Objekte
    Log-Analyse und Auswertung - 12.11.2013 (13)
  9. Hartnäckige Tasks (Trojan.FraudPack & Trojan.Downloader lt. Malwarebytes Anti-Malware)
    Log-Analyse und Auswertung - 23.09.2013 (16)
  10. Malwarebytes Anti-Malware findet Malware.NSPack
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (13)
  11. Malwarebytes Anti-Malware findet (PUP.InstallBrain)
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (13)
  12. Malwarebytes Anti-Malware findet Trojan.Ransom.ANC
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (37)
  13. Win XP - Trojan.FakeAlert - Malware.Trace - Hijacker
    Log-Analyse und Auswertung - 10.03.2013 (18)
  14. Anti- Malware findet 37 PUP.Blabbers
    Plagegeister aller Art und deren Bekämpfung - 01.09.2012 (18)
  15. (3x) Malwarebytes Anti-Malware findet den Trojaner bei mir leider nicht!
    Mülltonne - 27.04.2012 (2)
  16. Malwarebytes' Anti-Malware hat Trojan.ZbotR.Gen, Trojan.Agent und Malware.Trace entdeckt - und nun?
    Log-Analyse und Auswertung - 18.07.2011 (32)
  17. Anmeldung am System unmöglich - MBAM findet Trojan.FakeAlert
    Plagegeister aller Art und deren Bekämpfung - 27.03.2011 (12)

Zum Thema Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! - Konnte ursprüngliches Log nicht uploaden, weil das Log mehr als 100000 Zeichen hatte. Habe darum das Log auf 14 Tage begrenzt (das Problem ist erst eine Woche alt). Geschafft! Hier - Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!...
Archiv
Du betrachtest: Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.