| |
| |||||||
Log-Analyse und Auswertung: Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.06.2012, 11:36
| #1 |
 |  Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? Hallo, habe mir gestern diesen flirt-fever Verschlüsselungstrojaner eingefangen. Meine Dateien konnte ich soweit wiederherstellen und der Computer funktioniert auch wieder, aber woher weiß ich, dass der Trojaner wirklich weg ist? Habe gestern mehrfach einen Avira-Suchdurchlauf gemacht, in denen er gar nicht gefunden wurde, dann - nach dem Recherchieren hier im Forum habe ich mir das Malwarebytes- Programm runtergeladen, welches gestern Abend zwei (Quick-Suchlauf) und heute (vollständiger Suchlauf) eine Trojanerdatei gefunden hat (Trojan.Agent, Trojan.Spyeyes, Trojan.FakeAlert). Den letzten hat es auf einer Speicherkarte gefunden, auf die ich gestern so ein Entschlüsselungsprogramm von hier runtergeladen habe, was mir aber gar nichts nützt. - So. Die sind nun jedenfalls in Quarantäne...Und jetzt ist alles gut? Oder was muss ich jetzt noch machen, damit mein Computer wieder sicher ist? Hier sind die Logdateien... 08.06.2012 23:58:12 mbam-log-2012-06-08 (23-58-12).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 209728 Laufzeit: 16 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Recycle.Bin (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 1 C:\Users\AppData\Roaming\Gmpdfruvg\wmpawecv.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 09.06.2012 08:47:28 mbam-log-2012-06-09 (08-47-28).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 455386 Laufzeit: 3 Stunde(n), 8 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 D:\Download\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Schonmal vielen Dank für die Hilfe... |
|
11.06.2012, 21:18
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? Warum postest du die Logs von Malwarebytes unvollständig?
__________________Der Kopf mit den Versionsinfos fehlt!
__________________ |
|
11.06.2012, 21:57
| #3 |
| | Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? Sorry, sah unbedeutsam aus. Also nochmal:
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.08.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Phie :: PHIE-HP [Administrator] 08.06.2012 23:58:12 mbam-log-2012-06-08 (23-58-12).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 209728 Laufzeit: 16 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Recycle.Bin (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 1 C:\Users\Phie\AppData\Roaming\Gmpdfruvg\wmpawecv.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.08.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Phie :: PHIE-HP [Administrator] 09.06.2012 08:47:28 mbam-log-2012-06-09 (08-47-28).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 455386 Laufzeit: 3 Stunde(n), 8 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 D:\Studium\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.10.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Phie :: PHIE-HP [Administrator] 10.06.2012 16:31:49 mbam-log-2012-06-10 (16-31-49).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211208 Laufzeit: 11 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
11.06.2012, 22:01
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? Führ bitte auch ESET aus, danach sehen wir weiter. Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
 + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Code:
ATTFilter "%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.06.2012, 01:07
| #5 |
| | Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7208f263e01f3545bdd5fb4e436bab47
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-12 12:05:40
# local_time=2012-06-12 02:05:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 19462204 19462204 0 0
# compatibility_mode=5893 16776573 100 94 214478 91080869 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=268386
# found=2
# cleaned=0
# scan_time=9862
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
|
|
12.06.2012, 11:02
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?Zitat:
Finger weg von Registry-Cleanern!! Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen. Zerstörst Du die Registry, zerstörst Du Windows.
__________________ --> Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? |
|
12.06.2012, 16:58
| #7 |
| | Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? Okay, ich habe das gelöscht. Keine Ahnung, in welchem Zusammenhang ich das mal gebraucht oder benutzt haben könnte... Ist denn nun sonst noch etwas auffällig, oder bin ich jetzt erstmal frei von Trojanern? |
|
12.06.2012, 21:49
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.06.2012, 11:49
| #9 |
| | Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/13/2012 12:08:43 PM - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Phie\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.75 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 34.45% Memory free 3.49 Gb Paging File | 1.91 Gb Available in Paging File | 54.54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 280.80 Gb Total Space | 165.40 Gb Free Space | 58.90% Space Free | Partition Type: NTFS Drive E: | 1.99 Gb Total Space | 1.99 Gb Free Space | 100.00% Space Free | Partition Type: FAT32 Computer Name: PHIE-HP | User Name: Phie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/10 19:25:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Phie\Downloads\OTL.exe PRC - [2012/05/09 20:42:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/09 20:42:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/09 20:42:19 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/05/09 20:42:18 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/02/01 09:11:34 | 001,083,264 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe PRC - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2012/01/04 14:32:18 | 000,173,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2012/01/04 14:32:06 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/01/25 17:38:44 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/12/03 20:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe PRC - [2009/08/04 08:52:00 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009/08/04 08:51:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009/07/30 17:49:34 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe PRC - [2009/07/30 17:49:34 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009/07/30 17:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009/07/28 01:32:56 | 000,076,344 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe PRC - [2009/07/14 01:56:02 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2009/07/14 01:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe PRC - [2009/06/18 19:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/03/02 23:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2012/05/13 19:07:52 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012/05/11 11:32:56 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012/05/11 11:32:36 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll MOD - [2012/05/11 11:32:25 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/05/11 11:32:20 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\7bc1e5196772dfcdc597401cc08098c8\System.Data.ni.dll MOD - [2012/05/11 11:31:55 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll MOD - [2012/05/11 11:31:19 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012/05/11 11:31:02 | 001,590,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012/05/11 11:30:59 | 000,185,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll MOD - [2012/05/11 11:30:57 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll MOD - [2012/05/11 11:30:39 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/11 11:30:30 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/11 11:30:22 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/11 11:30:21 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/11 11:29:39 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/02/01 09:12:34 | 000,423,808 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll MOD - [2012/02/01 09:12:32 | 000,058,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll MOD - [2012/02/01 09:12:30 | 000,095,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\qjson.dll MOD - [2012/02/01 09:12:14 | 000,384,896 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QxtCore.dll MOD - [2012/02/01 09:12:14 | 000,165,248 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QxtWeb.dll MOD - [2012/02/01 09:11:28 | 000,437,632 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll MOD - [2012/01/10 19:38:32 | 000,272,768 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll MOD - [2012/01/10 19:37:58 | 002,557,312 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll MOD - [2012/01/10 19:37:56 | 000,346,496 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll MOD - [2012/01/10 19:37:54 | 010,843,520 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll MOD - [2012/01/10 19:37:48 | 000,196,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll MOD - [2012/01/10 19:37:46 | 001,294,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll MOD - [2012/01/10 19:37:44 | 000,682,880 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll MOD - [2012/01/10 19:37:42 | 000,919,936 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll MOD - [2012/01/10 19:37:40 | 000,517,504 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll MOD - [2012/01/10 19:37:38 | 008,172,928 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll MOD - [2012/01/10 19:37:36 | 002,252,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll MOD - [2012/01/10 19:37:34 | 002,288,512 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll MOD - [2012/01/10 19:37:32 | 000,422,272 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll MOD - [2012/01/10 19:37:22 | 000,202,624 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll MOD - [2012/01/10 19:37:20 | 000,034,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll MOD - [2012/01/10 19:37:18 | 000,032,640 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll MOD - [2012/01/10 19:36:38 | 000,388,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\OviShareLib.dll MOD - [2012/01/10 19:36:02 | 001,037,696 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Maps Service API.dll MOD - [2012/01/10 19:35:06 | 000,758,656 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll MOD - [2012/01/05 17:00:24 | 000,112,640 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll MOD - [2011/06/17 21:50:20 | 000,123,448 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll MOD - [2010/11/13 02:02:22 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/03/17 01:57:06 | 001,732,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3503.18374__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2010/03/17 01:57:06 | 000,339,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3503.18350__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010/03/17 01:57:06 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3503.18376__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010/03/17 01:57:06 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3503.18446__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010/03/17 01:57:06 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3503.18369__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010/03/17 01:57:06 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3503.18406__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010/03/17 01:57:06 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3503.18360__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010/03/17 01:57:05 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3503.18471__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010/03/17 01:57:05 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3503.18427__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010/03/17 01:57:05 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3503.18360__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010/03/17 01:57:05 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3503.18419__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010/03/17 01:57:05 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3503.18472__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010/03/17 01:57:04 | 000,331,776 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3503.18426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010/03/17 01:57:04 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3503.18471__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2010/03/17 01:57:04 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3503.18426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010/03/17 01:57:04 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3503.18470__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2010/03/17 01:57:03 | 000,782,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3503.18409__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010/03/17 01:57:03 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3503.18377__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010/03/17 01:57:03 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3503.18439__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010/03/17 01:57:03 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3503.18363__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2010/03/17 01:57:03 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3503.18376__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010/03/17 01:57:03 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3503.18415__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010/03/17 01:57:03 | 000,081,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3503.18408__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010/03/17 01:57:03 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3503.18382__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010/03/17 01:57:03 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3503.18415__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010/03/17 01:57:02 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3503.18407__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010/03/17 01:57:02 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3503.18417__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010/03/17 01:57:02 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3503.18383__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010/03/17 01:57:02 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/03/17 01:57:02 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3503.18407__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010/03/17 01:57:02 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3503.18408__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010/03/17 01:57:02 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3503.18417__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010/03/17 01:57:02 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010/03/17 01:57:01 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010/03/17 01:57:01 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010/03/17 01:57:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010/03/17 01:57:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010/03/17 01:57:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010/03/17 01:57:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010/03/17 01:57:01 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010/03/17 01:57:00 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010/03/17 01:57:00 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010/03/17 01:57:00 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010/03/17 01:57:00 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010/03/17 01:57:00 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010/03/17 01:57:00 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010/03/17 01:57:00 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010/03/17 01:57:00 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010/03/17 01:57:00 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010/03/17 01:57:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010/03/17 01:57:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010/03/17 01:57:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010/03/17 01:57:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010/03/17 01:57:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010/03/17 01:57:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010/03/17 01:57:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010/03/17 01:56:59 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010/03/17 01:56:59 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010/03/17 01:56:59 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010/03/17 01:56:59 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010/03/17 01:56:59 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010/03/17 01:56:59 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2010/03/17 01:56:59 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010/03/17 01:56:59 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010/03/17 01:56:59 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010/03/17 01:56:58 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010/03/17 01:56:58 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010/03/17 01:56:58 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3503.18478__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010/03/17 01:56:58 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010/03/17 01:56:58 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010/03/17 01:56:58 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010/03/17 01:56:58 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll MOD - [2010/03/17 01:56:58 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010/03/17 01:56:58 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3503.18344__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010/03/17 01:56:57 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3503.18368__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010/03/17 01:56:57 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3503.18465__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010/03/17 01:56:57 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3503.18463__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010/03/17 01:56:57 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3503.18348__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010/03/17 01:56:57 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3503.18347__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010/03/17 01:56:57 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010/03/17 01:56:57 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010/03/17 01:56:57 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010/03/17 01:56:57 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010/03/17 01:56:57 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010/03/17 01:56:57 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010/03/17 01:56:56 | 001,212,416 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3503.18356__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010/03/17 01:56:56 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010/03/17 01:56:56 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010/03/17 01:56:56 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010/03/17 01:56:56 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010/03/17 01:56:56 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3503.18464__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010/03/17 01:56:55 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3503.18346__90ba9c70f846762e\APM.Server.dll MOD - [2010/03/17 01:56:55 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3503.18345__90ba9c70f846762e\AEM.Server.dll MOD - [2010/01/06 01:46:45 | 000,249,856 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010/01/06 01:46:45 | 000,110,592 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2009/07/16 03:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2009/07/16 03:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll MOD - [2009/07/16 03:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2009/07/16 03:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2009/07/16 03:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2009/07/16 03:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2009/07/16 03:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2009/07/16 03:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll MOD - [2009/06/17 21:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2009/06/17 21:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll MOD - [2009/06/17 21:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2008/12/19 00:03:42 | 000,020,480 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012/06/10 12:33:25 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/06/01 17:37:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/09 20:42:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/09 20:42:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011/11/24 20:40:47 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2009/12/03 20:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2009/08/04 08:51:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009/07/30 17:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/07/14 01:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV) SRV - [2009/06/18 19:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2009/06/13 20:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2009/03/02 23:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - [2012/05/09 20:42:20 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/05/09 20:42:20 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/03/07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012/03/07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012/03/07 01:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012/03/07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012/03/07 01:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012/03/07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011/11/01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011/11/01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011/11/01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011/11/01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2011/11/01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011/11/01 11:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2011/10/11 16:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011/05/18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV - [2011/05/05 19:03:38 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011/05/05 19:03:38 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/06/17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/01/26 17:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009/11/02 15:37:42 | 000,565,440 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700) DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/08/04 09:25:00 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009/07/14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009/07/14 01:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009/07/02 11:40:34 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2009/05/16 04:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/05/16 04:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK) DRV - [2009/05/16 04:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik) DRV - [2009/05/16 04:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK) DRV - [2009/05/16 04:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK) DRV - [2009/05/04 20:30:00 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2009/04/29 18:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\..\SearchScopes,DefaultScope = {77409DB1-BC1B-4652-8DC9-83C158577578} IE - HKLM\..\SearchScopes\{77409DB1-BC1B-4652-8DC9-83C158577578}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\SearchScopes\{77409DB1-BC1B-4652-8DC9-83C158577578}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/25 01:15:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/02/09 17:37:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/06/09 13:38:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/09 14:12:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/02/09 17:37:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/25 01:15:38 | 000,000,000 | ---D | M] [2012/06/09 14:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phie\AppData\Roaming\mozilla\Extensions [2012/06/10 15:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phie\AppData\Roaming\mozilla\Firefox\Profiles\8mk9wiiv.default\extensions [2012/06/09 14:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012/06/01 17:38:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/06/01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/06/01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/06/01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/06/01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001..\Run: [] File not found O4 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found O4 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions) O4 - Startup: C:\Users\Phie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Download by Orbit - Reg Error: Value error. File not found O8 - Extra context menu item: &Grab video by Orbit - Reg Error: Value error. File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Do&wnload selected by Orbit - Reg Error: Value error. File not found O8 - Extra context menu item: Down&load all by Orbit - Reg Error: Value error. File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Phie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Phie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5CA15FA-481E-4FF9-8374-3C33AF2BEA62}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/11/24 19:53:38 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{2d52ebf9-b456-11df-9aea-0027137715a3}\Shell - "" = AutoRun O33 - MountPoints2\{2d52ebf9-b456-11df-9aea-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{2d52ebfd-b456-11df-9aea-0027137715a3}\Shell - "" = AutoRun O33 - MountPoints2\{2d52ebfd-b456-11df-9aea-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{79b95dd3-c1b0-11df-9025-0027137715a3}\Shell - "" = AutoRun O33 - MountPoints2\{79b95dd3-c1b0-11df-9025-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{79b95dd5-c1b0-11df-9025-0027137715a3}\Shell - "" = AutoRun O33 - MountPoints2\{79b95dd5-c1b0-11df-9025-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{79b95dd9-c1b0-11df-9025-0027137715a3}\Shell - "" = AutoRun O33 - MountPoints2\{79b95dd9-c1b0-11df-9025-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{983f9058-70b8-11df-a91b-0027137715a3}\Shell - "" = AutoRun O33 - MountPoints2\{983f9058-70b8-11df-a91b-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{983f905c-70b8-11df-a91b-0027137715a3}\Shell - "" = AutoRun O33 - MountPoints2\{983f905c-70b8-11df-a91b-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{983f905e-70b8-11df-a91b-0027137715a3}\Shell - "" = AutoRun O33 - MountPoints2\{983f905e-70b8-11df-a91b-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{983f9060-70b8-11df-a91b-0027137715a3}\Shell - "" = AutoRun O33 - MountPoints2\{983f9060-70b8-11df-a91b-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: DivX Download Manager - hkey= - key= - File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - File not found MsConfig - StartUpReg: NokiaMServer - hkey= - key= - File not found MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - File not found MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe () SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9EFC9CF9-2629-F45E-83D3-6A3DDFDFAE18} - LightScribe Control Panel ActiveX: {AC4F23F0-8CE7-7FA1-DDE7-60F3C6372988} - Microsoft Windows Media Player ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error. ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F756EAD2-4CC5-3CAD-086F-8AAAD5DA4D81} - LightScribe Control Panel ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/06/11 23:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/06/10 17:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus [2012/06/10 17:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint [2012/06/10 12:47:54 | 000,000,000 | ---D | C] -- C:\Users\Phie\AppData\Local\Macromedia [2012/06/09 14:13:01 | 000,000,000 | ---D | C] -- C:\Users\Phie\AppData\Local\Mozilla [2012/06/09 14:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/06/09 14:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/06/09 14:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/06/09 13:53:06 | 000,000,000 | ---D | C] -- C:\Users\Phie\Desktop\Sicherheit [2012/06/09 12:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012/06/09 12:48:23 | 000,337,880 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys [2012/06/09 12:48:23 | 000,020,696 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys [2012/06/09 12:48:20 | 000,044,376 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys [2012/06/09 12:48:19 | 000,612,184 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys [2012/06/09 12:48:19 | 000,053,848 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys [2012/06/09 12:48:18 | 000,057,688 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys [2012/06/09 12:47:39 | 000,041,184 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2012/06/09 12:47:38 | 000,201,352 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe [2012/06/09 12:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012/06/09 12:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012/06/09 01:56:13 | 000,000,000 | ---D | C] -- C:\Users\Phie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte [2012/06/09 01:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\Recovery Toolbox for Word [2012/06/08 23:55:10 | 000,000,000 | ---D | C] -- C:\Users\Phie\AppData\Roaming\Malwarebytes [2012/06/08 23:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/08 23:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/08 23:55:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/06/08 23:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/06/08 17:47:56 | 000,000,000 | ---D | C] -- C:\Users\Phie\AppData\Roaming\Gmpdfruvg [2012/05/30 18:23:24 | 000,000,000 | ---D | C] -- C:\Users\Phie\Documents\Stefan [2012/05/23 22:07:30 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\windows\System32\QtCore4.dll [2012/05/23 22:07:27 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\windows\System32\Newtonsoft.Json.Net20.dll [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/13 12:12:51 | 000,019,536 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/13 12:12:51 | 000,019,536 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/13 12:04:39 | 000,569,544 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/06/13 12:04:34 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/13 12:04:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/06/13 12:04:13 | 1406,820,352 | -HS- | M] () -- C:\hiberfil.sys [2012/06/13 11:33:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/06/13 11:21:05 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/12 11:03:48 | 000,664,634 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/06/12 11:03:48 | 000,624,776 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/06/12 11:03:48 | 000,134,770 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/06/12 11:03:48 | 000,110,414 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/06/09 14:12:48 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/06/09 13:38:29 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/13 12:04:18 | 000,569,544 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2012/06/09 14:12:48 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/06/09 14:12:48 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/01/20 13:06:13 | 000,369,532 | ---- | C] () -- C:\windows\hpoins46.dat.temp [2011/12/02 10:18:11 | 000,000,000 | ---- | C] () -- C:\Users\Phie\AppData\Local\{37EC9AA0-6538-4793-AD15-0BCCA4582601} [2011/11/25 20:05:49 | 000,000,000 | ---- | C] () -- C:\Users\Phie\AppData\Roaming\wklnhst.dat [2011/10/12 14:52:18 | 000,000,118 | ---- | C] () -- C:\windows\System32\MRT.INI [2011/08/02 20:35:46 | 000,000,532 | ---- | C] () -- C:\windows\hpomdl46.dat.temp [2011/08/01 02:13:31 | 000,000,000 | ---- | C] () -- C:\Users\Phie\AppData\Local\{DDA3A991-BDCA-42A3-BD62-1DA24341616D} [2011/07/07 21:23:43 | 000,000,000 | ---- | C] () -- C:\Users\Phie\AppData\Local\{2525E744-2A56-4626-B07A-F96012EB662A} [2011/02/01 20:31:35 | 000,001,849 | ---- | C] () -- C:\Users\Phie\AppData\Roaming\GhostObjGAFix.xml [2010/12/25 01:08:13 | 000,217,306 | ---- | C] () -- C:\windows\hpoins46.dat [2010/09/04 19:40:52 | 000,000,000 | ---- | C] () -- C:\Users\Phie\AppData\Local\rx_image32.Cache [2010/09/04 19:35:22 | 000,000,403 | ---- | C] () -- C:\windows\ODBC.INI ========== LOP Check ========== [2011/11/24 20:38:14 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Autodesk [2010/11/12 16:23:07 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Canneverbe Limited [2012/05/23 22:07:54 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\DVDVideoSoft [2011/02/01 20:52:27 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\DVDVideoSoftIEHelpers [2011/05/05 20:07:38 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Games [2012/06/09 00:26:27 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Gmpdfruvg [2011/12/04 19:44:06 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\GrabPro [2011/10/25 17:54:24 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\gtk-2.0 [2012/02/28 14:38:12 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\ICQ [2011/01/15 19:13:54 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Local [2012/02/09 17:38:59 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Nokia [2010/03/29 22:01:20 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Nokia Ovi Suite [2012/02/09 18:13:34 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Nokia Suite [2010/08/11 13:09:36 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\OpenOffice.org [2011/04/29 12:22:42 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Opera [2011/12/04 19:48:26 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Orbit [2012/02/09 17:53:37 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\PC Suite [2011/12/04 19:44:08 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\ProgSense [2010/09/04 19:27:11 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\TerraTec [2012/02/09 03:01:55 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Tropico 3 [2011/02/13 18:35:08 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Visan [2012/05/23 10:14:06 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011/05/05 20:08:25 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Adobe [2010/03/17 01:57:36 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\ATI [2011/11/24 20:38:14 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Autodesk [2011/10/30 17:12:03 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Avira [2010/11/12 16:23:07 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Canneverbe Limited [2010/06/07 00:19:55 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\DivX [2012/05/23 22:07:54 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\DVDVideoSoft [2011/02/01 20:52:27 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\DVDVideoSoftIEHelpers [2011/05/05 20:07:38 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Games [2012/06/09 00:26:27 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Gmpdfruvg [2011/12/04 19:44:06 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\GrabPro [2011/10/25 17:54:24 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\gtk-2.0 [2011/05/21 13:29:51 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\hewlett-packard [2011/01/05 17:36:37 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\HP [2010/03/16 18:18:40 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\HP TCS [2010/03/16 18:05:50 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\hpqLog [2012/05/12 13:39:12 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\HpUpdate [2012/02/28 14:38:12 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\ICQ [2010/03/16 18:21:35 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Identities [2010/03/16 18:11:21 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\InstallShield [2011/01/15 19:13:54 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Local [2010/03/16 19:17:51 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Macromedia [2012/06/08 23:55:10 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Malwarebytes [2012/06/10 12:47:54 | 000,000,000 | --SD | M] -- C:\Users\Phie\AppData\Roaming\Microsoft [2010/09/04 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Microsoft Web Folders [2012/06/09 14:13:23 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Mozilla [2010/07/23 18:17:22 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Nero [2012/02/09 17:38:59 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Nokia [2010/03/29 22:01:20 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Nokia Ovi Suite [2012/02/09 18:13:34 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Nokia Suite [2010/08/11 13:09:36 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\OpenOffice.org [2011/04/29 12:22:42 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Opera [2011/12/04 19:48:26 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Orbit [2012/02/09 17:53:37 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\PC Suite [2011/12/04 19:44:08 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\ProgSense [2011/12/04 19:42:33 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Real [2010/09/04 19:40:34 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Roxio [2010/09/04 19:27:11 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\TerraTec [2012/02/09 03:01:55 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Tropico 3 [2011/02/13 18:35:08 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Visan [2011/12/05 14:49:25 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\vlc [2012/06/10 20:27:53 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Winamp < %APPDATA%\*.exe /s > [2011/02/07 19:11:29 | 000,010,134 | R--- | M] () -- C:\Users\Phie\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/08/04 08:52:00 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\windows\system32\ATIDEMGX.dll < End of report > |
|
13.06.2012, 16:11
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\SearchScopes\{77409DB1-BC1B-4652-8DC9-83C158577578}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
FF - user.js - File not found
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001..\Run: [] File not found
O4 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/24 19:53:38 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{2d52ebf9-b456-11df-9aea-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{2d52ebf9-b456-11df-9aea-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2d52ebfd-b456-11df-9aea-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{2d52ebfd-b456-11df-9aea-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{79b95dd3-c1b0-11df-9025-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{79b95dd3-c1b0-11df-9025-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{79b95dd5-c1b0-11df-9025-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{79b95dd5-c1b0-11df-9025-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{79b95dd9-c1b0-11df-9025-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{79b95dd9-c1b0-11df-9025-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{983f9058-70b8-11df-a91b-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{983f9058-70b8-11df-a91b-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{983f905c-70b8-11df-a91b-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{983f905c-70b8-11df-a91b-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{983f905e-70b8-11df-a91b-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{983f905e-70b8-11df-a91b-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{983f9060-70b8-11df-a91b-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{983f9060-70b8-11df-a91b-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
:Files
C:\Users\Phie\AppData\Roaming\Gmpdfruvg
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.06.2012, 16:37
| #11 |
| | Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\Microsoft\Internet Explorer\SearchScopes\{77409DB1-BC1B-4652-8DC9-83C158577578}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77409DB1-BC1B-4652-8DC9-83C158577578}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_USERS\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d52ebf9-b456-11df-9aea-0027137715a3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d52ebf9-b456-11df-9aea-0027137715a3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d52ebf9-b456-11df-9aea-0027137715a3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d52ebf9-b456-11df-9aea-0027137715a3}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d52ebfd-b456-11df-9aea-0027137715a3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d52ebfd-b456-11df-9aea-0027137715a3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d52ebfd-b456-11df-9aea-0027137715a3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d52ebfd-b456-11df-9aea-0027137715a3}\ not found.
File D:\AutoRun.exe not found.
|
|
13.06.2012, 19:59
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.06.2012, 21:01
| #13 |
| | Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?Code:
ATTFilter 21:56:37.0706 2444 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:56:38.0034 2444 ============================================================
21:56:38.0034 2444 Current date / time: 2012/06/13 21:56:38.0034
21:56:38.0034 2444 SystemInfo:
21:56:38.0034 2444
21:56:38.0034 2444 OS Version: 6.1.7601 ServicePack: 1.0
21:56:38.0034 2444 Product type: Workstation
21:56:38.0034 2444 ComputerName: PHIE-HP
21:56:38.0034 2444 UserName: Phie
21:56:38.0034 2444 Windows directory: C:\windows
21:56:38.0034 2444 System windows directory: C:\windows
21:56:38.0034 2444 Processor architecture: Intel x86
21:56:38.0034 2444 Number of processors: 2
21:56:38.0034 2444 Page size: 0x1000
21:56:38.0035 2444 Boot type: Normal boot
21:56:38.0035 2444 ============================================================
21:56:39.0499 2444 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:56:39.0506 2444 ============================================================
21:56:39.0506 2444 \Device\Harddisk0\DR0:
21:56:39.0507 2444 MBR partitions:
21:56:39.0507 2444 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
21:56:39.0507 2444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x23197800
21:56:39.0507 2444 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2322E000, BlocksNum 0x1E00000
21:56:39.0507 2444 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x2502E000, BlocksNum 0x3FD800
21:56:39.0507 2444 ============================================================
21:56:39.0531 2444 C: <-> \Device\Harddisk0\DR0\Partition1
21:56:39.0558 2444 E: <-> \Device\Harddisk0\DR0\Partition3
21:56:39.0559 2444 ============================================================
21:56:39.0559 2444 Initialize success
21:56:39.0559 2444 ============================================================
21:57:31.0875 5968 ============================================================
21:57:31.0876 5968 Scan started
21:57:31.0876 5968 Mode: Manual; SigCheck; TDLFS;
21:57:31.0876 5968 ============================================================
21:57:32.0839 5968 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
21:57:32.0991 5968 1394ohci - ok
21:57:33.0034 5968 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
21:57:33.0080 5968 ACPI - ok
21:57:33.0118 5968 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
21:57:33.0172 5968 AcpiPmi - ok
21:57:33.0250 5968 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:57:33.0294 5968 AdobeFlashPlayerUpdateSvc - ok
21:57:33.0358 5968 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
21:57:33.0403 5968 adp94xx - ok
21:57:33.0435 5968 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
21:57:33.0474 5968 adpahci - ok
21:57:33.0503 5968 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
21:57:33.0539 5968 adpu320 - ok
21:57:33.0568 5968 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
21:57:33.0632 5968 AeLookupSvc - ok
21:57:33.0712 5968 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe
21:57:33.0768 5968 AESTFilters - ok
21:57:33.0819 5968 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
21:57:33.0883 5968 AFD - ok
21:57:33.0951 5968 AgereModemAudio (48091a2374a69f473273c44951195452) C:\Program Files\LSI SoftModem\agrsmsvc.exe
21:57:38.0184 5968 AgereModemAudio - ok
21:57:38.0306 5968 AgereSoftModem (c6fa08a8cca9001f3197525b07331715) C:\windows\system32\DRIVERS\AGRSM.sys
21:57:38.0389 5968 AgereSoftModem - ok
21:57:38.0424 5968 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
21:57:38.0454 5968 agp440 - ok
21:57:38.0487 5968 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
21:57:38.0517 5968 aic78xx - ok
21:57:38.0553 5968 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
21:57:38.0619 5968 ALG - ok
21:57:38.0643 5968 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
21:57:38.0672 5968 aliide - ok
21:57:38.0741 5968 AMD External Events Utility (a236cee2bf90381e981ebb870429fa9b) C:\windows\system32\atiesrxx.exe
21:57:38.0786 5968 AMD External Events Utility - ok
21:57:38.0797 5968 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
21:57:38.0828 5968 amdagp - ok
21:57:38.0847 5968 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
21:57:38.0876 5968 amdide - ok
21:57:38.0904 5968 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
21:57:38.0941 5968 AmdK8 - ok
21:57:38.0962 5968 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
21:57:39.0010 5968 AmdPPM - ok
21:57:39.0043 5968 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
21:57:39.0074 5968 amdsata - ok
21:57:39.0110 5968 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
21:57:39.0142 5968 amdsbs - ok
21:57:39.0159 5968 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
21:57:39.0188 5968 amdxata - ok
21:57:39.0280 5968 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:57:39.0310 5968 AntiVirSchedulerService - ok
21:57:39.0364 5968 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:57:39.0392 5968 AntiVirService - ok
21:57:39.0438 5968 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
21:57:39.0507 5968 AppID - ok
21:57:39.0551 5968 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
21:57:39.0628 5968 AppIDSvc - ok
21:57:39.0666 5968 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
21:57:39.0733 5968 Appinfo - ok
21:57:39.0763 5968 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
21:57:39.0794 5968 arc - ok
21:57:39.0806 5968 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
21:57:39.0838 5968 arcsas - ok
21:57:39.0910 5968 aspnet_state (39cdcb109bf200cc8a05b9c7e6272d11) C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:57:39.0939 5968 aspnet_state - ok
21:57:39.0998 5968 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\windows\system32\drivers\aswFsBlk.sys
21:57:40.0025 5968 aswFsBlk - ok
21:57:40.0069 5968 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\windows\system32\drivers\aswMonFlt.sys
21:57:40.0086 5968 aswMonFlt - ok
21:57:40.0108 5968 aswRdr (225013c16fe096714d71649ad7a20e8b) C:\windows\System32\Drivers\aswrdr2.sys
21:57:40.0124 5968 aswRdr - ok
21:57:40.0168 5968 aswSnx (dcb199b967375753b5019ec15f008f53) C:\windows\system32\drivers\aswSnx.sys
21:57:40.0207 5968 aswSnx - ok
21:57:40.0246 5968 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\windows\system32\drivers\aswSP.sys
21:57:40.0285 5968 aswSP - ok
21:57:40.0305 5968 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\windows\system32\drivers\aswTdi.sys
21:57:40.0332 5968 aswTdi - ok
21:57:40.0372 5968 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
21:57:40.0442 5968 AsyncMac - ok
21:57:40.0467 5968 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
21:57:40.0488 5968 atapi - ok
21:57:40.0842 5968 atikmdag (a4252328d2b1520571102992ef0b0e5c) C:\windows\system32\DRIVERS\atikmdag.sys
21:57:41.0014 5968 atikmdag - ok
21:57:41.0124 5968 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\windows\system32\DRIVERS\AtiPcie.sys
21:57:41.0151 5968 AtiPcie - ok
21:57:41.0204 5968 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\windows\system32\DRIVERS\atksgt.sys
21:57:41.0242 5968 atksgt - ok
21:57:41.0304 5968 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
21:57:41.0386 5968 AudioEndpointBuilder - ok
21:57:41.0401 5968 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
21:57:41.0474 5968 Audiosrv - ok
21:57:41.0632 5968 Autodesk Licensing Service (ea2d28bbe98256654397cd1f6eaebdd8) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
21:57:41.0652 5968 Autodesk Licensing Service - ok
21:57:41.0715 5968 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:57:41.0744 5968 avast! Antivirus - ok
21:57:41.0789 5968 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\windows\system32\DRIVERS\avgntflt.sys
21:57:41.0820 5968 avgntflt - ok
21:57:41.0877 5968 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\windows\system32\DRIVERS\avipbb.sys
21:57:41.0915 5968 avipbb - ok
21:57:41.0943 5968 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\windows\system32\DRIVERS\avkmgr.sys
21:57:41.0973 5968 avkmgr - ok
21:57:42.0017 5968 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
21:57:42.0114 5968 AxInstSV - ok
21:57:42.0173 5968 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
21:57:42.0240 5968 b06bdrv - ok
21:57:42.0293 5968 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
21:57:42.0335 5968 b57nd60x - ok
21:57:42.0561 5968 BCM43XX (40fb1d9065e668cd4beeff0a804c40e0) C:\windows\system32\DRIVERS\bcmwl6.sys
21:57:42.0664 5968 BCM43XX - ok
21:57:42.0835 5968 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
21:57:42.0901 5968 BDESVC - ok
21:57:42.0955 5968 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
21:57:43.0028 5968 Beep - ok
21:57:43.0126 5968 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
21:57:43.0218 5968 BFE - ok
21:57:43.0270 5968 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
21:57:43.0369 5968 BITS - ok
21:57:43.0397 5968 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
21:57:43.0431 5968 blbdrive - ok
21:57:43.0459 5968 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
21:57:43.0501 5968 bowser - ok
21:57:43.0524 5968 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
21:57:43.0566 5968 BrFiltLo - ok
21:57:43.0586 5968 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
21:57:43.0644 5968 BrFiltUp - ok
21:57:43.0689 5968 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
21:57:43.0751 5968 Browser - ok
21:57:43.0779 5968 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
21:57:43.0828 5968 Brserid - ok
21:57:43.0856 5968 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
21:57:43.0892 5968 BrSerWdm - ok
21:57:43.0921 5968 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
21:57:43.0961 5968 BrUsbMdm - ok
21:57:43.0977 5968 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
21:57:44.0020 5968 BrUsbSer - ok
21:57:44.0071 5968 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
21:57:44.0132 5968 BthEnum - ok
21:57:44.0153 5968 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
21:57:44.0202 5968 BTHMODEM - ok
21:57:44.0233 5968 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
21:57:44.0300 5968 BthPan - ok
21:57:44.0484 5968 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
21:57:44.0536 5968 BTHPORT - ok
21:57:44.0570 5968 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
21:57:44.0647 5968 bthserv - ok
21:57:44.0679 5968 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
21:57:44.0717 5968 BTHUSB - ok
21:57:44.0757 5968 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
21:57:44.0785 5968 btwaudio - ok
21:57:44.0821 5968 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys
21:57:44.0849 5968 btwavdt - ok
21:57:44.0921 5968 btwdins (7d2dd14e60ce4ff3308d66fda7990546) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:57:44.0965 5968 btwdins - ok
21:57:44.0985 5968 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
21:57:44.0998 5968 btwl2cap - ok
21:57:45.0020 5968 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
21:57:45.0035 5968 btwrchid - ok
21:57:45.0071 5968 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
21:57:45.0137 5968 cdfs - ok
21:57:45.0188 5968 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
21:57:45.0228 5968 cdrom - ok
21:57:45.0278 5968 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
21:57:45.0348 5968 CertPropSvc - ok
21:57:45.0379 5968 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
21:57:45.0424 5968 circlass - ok
21:57:45.0469 5968 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
21:57:45.0508 5968 CLFS - ok
21:57:45.0572 5968 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:57:45.0603 5968 clr_optimization_v2.0.50727_32 - ok
21:57:45.0679 5968 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:57:45.0722 5968 clr_optimization_v4.0.30319_32 - ok
21:57:45.0737 5968 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
21:57:45.0781 5968 CmBatt - ok
21:57:45.0804 5968 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
21:57:45.0832 5968 cmdide - ok
21:57:45.0892 5968 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
21:57:45.0940 5968 CNG - ok
21:57:46.0037 5968 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:57:46.0071 5968 Com4QLBEx - ok
21:57:46.0088 5968 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
21:57:46.0117 5968 Compbatt - ok
21:57:46.0149 5968 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
21:57:46.0193 5968 CompositeBus - ok
21:57:46.0208 5968 COMSysApp - ok
21:57:46.0229 5968 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
21:57:46.0248 5968 crcdisk - ok
21:57:46.0299 5968 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
21:57:46.0349 5968 CryptSvc - ok
21:57:46.0387 5968 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\windows\system32\DRIVERS\CVirtA.sys
21:57:46.0425 5968 CVirtA - ok
21:57:46.0481 5968 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\windows\system32\DRIVERS\dc3d.sys
21:57:46.0519 5968 dc3d - ok
21:57:46.0587 5968 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
21:57:46.0677 5968 DcomLaunch - ok
21:57:46.0713 5968 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
21:57:46.0771 5968 defragsvc - ok
21:57:46.0824 5968 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
21:57:46.0891 5968 DfsC - ok
21:57:46.0964 5968 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
21:57:47.0043 5968 Dhcp - ok
21:57:47.0073 5968 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
21:57:47.0135 5968 discache - ok
21:57:47.0171 5968 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
21:57:47.0201 5968 Disk - ok
21:57:47.0253 5968 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\windows\system32\DRIVERS\dne2000.sys
21:57:47.0280 5968 DNE - ok
21:57:47.0331 5968 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
21:57:47.0378 5968 Dnscache - ok
21:57:47.0440 5968 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
21:57:47.0525 5968 dot3svc - ok
21:57:47.0560 5968 Dot4 (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys
21:57:47.0603 5968 Dot4 - ok
21:57:47.0639 5968 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\windows\system32\DRIVERS\Dot4Prt.sys
21:57:47.0680 5968 Dot4Print - ok
21:57:47.0699 5968 dot4usb (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys
21:57:47.0746 5968 dot4usb - ok
21:57:47.0793 5968 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
21:57:47.0883 5968 DPS - ok
21:57:47.0922 5968 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
21:57:47.0956 5968 drmkaud - ok
21:57:48.0031 5968 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
21:57:48.0085 5968 DXGKrnl - ok
21:57:48.0115 5968 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
21:57:48.0193 5968 EapHost - ok
21:57:48.0422 5968 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
21:57:48.0551 5968 ebdrv - ok
21:57:48.0676 5968 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
21:57:48.0727 5968 EFS - ok
21:57:48.0811 5968 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
21:57:48.0894 5968 ehRecvr - ok
21:57:48.0917 5968 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
21:57:48.0973 5968 ehSched - ok
21:57:49.0043 5968 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
21:57:49.0088 5968 elxstor - ok
21:57:49.0115 5968 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
21:57:49.0155 5968 ErrDev - ok
21:57:49.0216 5968 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
21:57:49.0296 5968 EventSystem - ok
21:57:49.0331 5968 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
21:57:49.0402 5968 exfat - ok
21:57:49.0430 5968 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
21:57:49.0482 5968 fastfat - ok
21:57:49.0683 5968 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
21:57:49.0753 5968 Fax - ok
21:57:49.0782 5968 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
21:57:49.0820 5968 fdc - ok
21:57:49.0846 5968 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
21:57:49.0911 5968 fdPHost - ok
21:57:49.0929 5968 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
21:57:49.0992 5968 FDResPub - ok
21:57:50.0011 5968 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
21:57:50.0026 5968 FileInfo - ok
21:57:50.0040 5968 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
21:57:50.0074 5968 Filetrace - ok
21:57:50.0088 5968 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
21:57:50.0119 5968 flpydisk - ok
21:57:50.0152 5968 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
21:57:50.0172 5968 FltMgr - ok
21:57:50.0243 5968 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
21:57:50.0339 5968 FontCache - ok
21:57:50.0410 5968 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:57:50.0434 5968 FontCache3.0.0.0 - ok
21:57:50.0458 5968 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
21:57:50.0487 5968 FsDepends - ok
21:57:50.0516 5968 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
21:57:50.0543 5968 Fs_Rec - ok
21:57:50.0602 5968 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
21:57:50.0649 5968 fvevol - ok
21:57:50.0689 5968 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
21:57:50.0719 5968 gagp30kx - ok
21:57:50.0784 5968 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
21:57:50.0883 5968 gpsvc - ok
21:57:50.0989 5968 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:57:51.0024 5968 gupdate - ok
21:57:51.0052 5968 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:57:51.0080 5968 gupdatem - ok
21:57:51.0109 5968 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
21:57:51.0168 5968 hcw85cir - ok
21:57:51.0239 5968 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
21:57:51.0286 5968 HdAudAddService - ok
21:57:51.0326 5968 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
21:57:51.0382 5968 HDAudBus - ok
21:57:51.0400 5968 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
21:57:51.0438 5968 HidBatt - ok
21:57:51.0464 5968 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
21:57:51.0507 5968 HidBth - ok
21:57:51.0529 5968 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
21:57:51.0564 5968 HidIr - ok
21:57:51.0591 5968 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
21:57:51.0663 5968 hidserv - ok
21:57:51.0698 5968 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
21:57:51.0736 5968 HidUsb - ok
21:57:51.0776 5968 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
21:57:51.0829 5968 hkmsvc - ok
21:57:51.0876 5968 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
21:57:51.0939 5968 HomeGroupListener - ok
21:57:51.0991 5968 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
21:57:52.0063 5968 HomeGroupProvider - ok
21:57:52.0180 5968 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
21:57:52.0207 5968 HP Health Check Service - ok
21:57:52.0261 5968 HPDrvMntSvc.exe (f55442690a70a0278a7eed4faaebf576) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:57:52.0286 5968 HPDrvMntSvc.exe - ok
21:57:52.0362 5968 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:57:52.0398 5968 hpqcxs08 - ok
21:57:52.0424 5968 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:57:52.0455 5968 hpqddsvc - ok
21:57:52.0532 5968 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
21:57:52.0569 5968 HpqKbFiltr - ok
21:57:52.0655 5968 hpqwmiex (640e51db253265c3eac075866b3d2b33) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:57:52.0714 5968 hpqwmiex - ok
21:57:52.0767 5968 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
21:57:52.0797 5968 HpSAMD - ok
21:57:52.0915 5968 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:57:52.0965 5968 HPSLPSVC - ok
21:57:53.0044 5968 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
21:57:53.0116 5968 HTTP - ok
21:57:53.0137 5968 hwdatacard - ok
21:57:53.0179 5968 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
21:57:53.0207 5968 hwpolicy - ok
21:57:53.0262 5968 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
21:57:53.0301 5968 i8042prt - ok
21:57:53.0355 5968 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
21:57:53.0394 5968 iaStorV - ok
21:57:53.0540 5968 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:57:53.0603 5968 idsvc - ok
21:57:54.0063 5968 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
21:57:54.0241 5968 igfx - ok
21:57:54.0359 5968 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
21:57:54.0388 5968 iirsp - ok
21:57:54.0495 5968 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
21:57:54.0578 5968 IKEEXT - ok
21:57:54.0611 5968 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
21:57:54.0631 5968 intelide - ok
21:57:54.0752 5968 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
21:57:54.0784 5968 intelppm - ok
21:57:54.0830 5968 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
21:57:54.0916 5968 IPBusEnum - ok
21:57:54.0954 5968 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:57:55.0025 5968 IpFilterDriver - ok
21:57:55.0082 5968 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
21:57:55.0146 5968 iphlpsvc - ok
21:57:55.0176 5968 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
21:57:55.0210 5968 IPMIDRV - ok
21:57:55.0237 5968 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
21:57:55.0302 5968 IPNAT - ok
21:57:55.0321 5968 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
21:57:55.0359 5968 IRENUM - ok
21:57:55.0386 5968 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
21:57:55.0403 5968 isapnp - ok
21:57:55.0449 5968 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
21:57:55.0483 5968 iScsiPrt - ok
21:57:55.0514 5968 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
21:57:55.0543 5968 kbdclass - ok
21:57:55.0571 5968 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
21:57:55.0603 5968 kbdhid - ok
21:57:55.0641 5968 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:57:55.0676 5968 KeyIso - ok
21:57:55.0697 5968 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
21:57:55.0727 5968 KSecDD - ok
21:57:55.0754 5968 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
21:57:55.0773 5968 KSecPkg - ok
21:57:55.0825 5968 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
21:57:55.0923 5968 KtmRm - ok
21:57:55.0985 5968 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
21:57:56.0069 5968 LanmanServer - ok
21:57:56.0123 5968 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
21:57:56.0196 5968 LanmanWorkstation - ok
21:57:56.0288 5968 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:57:56.0307 5968 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:57:56.0307 5968 LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:57:56.0352 5968 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\windows\system32\DRIVERS\lirsgt.sys
21:57:56.0379 5968 lirsgt - ok
21:57:56.0417 5968 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
21:57:56.0487 5968 lltdio - ok
21:57:56.0527 5968 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
21:57:56.0619 5968 lltdsvc - ok
21:57:56.0638 5968 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
21:57:56.0677 5968 lmhosts - ok
21:57:56.0723 5968 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
21:57:56.0754 5968 LSI_FC - ok
21:57:56.0782 5968 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
21:57:56.0814 5968 LSI_SAS - ok
21:57:56.0839 5968 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
21:57:56.0868 5968 LSI_SAS2 - ok
21:57:56.0890 5968 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
21:57:56.0921 5968 LSI_SCSI - ok
21:57:56.0946 5968 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
21:57:57.0009 5968 luafv - ok
21:57:57.0052 5968 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
21:57:57.0096 5968 Mcx2Svc - ok
21:57:57.0198 5968 MDM (7d552e9b906020bc2fcfe70fcdb96aea) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
21:57:57.0225 5968 MDM ( UnsignedFile.Multi.Generic ) - warning
21:57:57.0226 5968 MDM - detected UnsignedFile.Multi.Generic (1)
21:57:57.0245 5968 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
21:57:57.0274 5968 megasas - ok
21:57:57.0298 5968 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
21:57:57.0335 5968 MegaSR - ok
21:57:57.0375 5968 MfeAVFK (64b96de8c492bd435372d9130a535f1d) C:\windows\system32\drivers\MfeAVFK.sys
21:57:57.0397 5968 MfeAVFK - ok
21:57:57.0417 5968 MfeBOPK (078e87a89d36cc3516f19d5fb518bddc) C:\windows\system32\drivers\MfeBOPK.sys
21:57:57.0441 5968 MfeBOPK - ok
21:57:57.0483 5968 mfehidk (168c565101fd5b9db694efdec91fafa9) C:\windows\system32\drivers\mfehidk.sys
21:57:57.0515 5968 mfehidk - ok
21:57:57.0538 5968 MfeRKDK (e0842f67dc9bc4d21d1e319610ebe9e5) C:\windows\system32\drivers\MfeRKDK.sys
21:57:57.0563 5968 MfeRKDK - ok
21:57:57.0593 5968 mfetdik (43a7acbbd70ecd62f0b63486c72089a3) C:\windows\system32\drivers\mfetdik.sys
21:57:57.0619 5968 mfetdik - ok
21:57:57.0651 5968 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:57:57.0720 5968 MMCSS - ok
21:57:57.0787 5968 mod7700 (e821a366aa77f6e4f76056f35f76dee8) C:\windows\system32\DRIVERS\dvb7700all.sys
21:57:57.0837 5968 mod7700 - ok
21:57:57.0864 5968 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
21:57:57.0940 5968 Modem - ok
21:57:57.0973 5968 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
21:57:58.0017 5968 monitor - ok
21:57:58.0058 5968 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
21:57:58.0087 5968 mouclass - ok
21:57:58.0119 5968 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
21:57:58.0160 5968 mouhid - ok
21:57:58.0198 5968 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
21:57:58.0230 5968 mountmgr - ok
21:57:58.0295 5968 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:57:58.0326 5968 MozillaMaintenance - ok
21:57:58.0370 5968 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
21:57:58.0403 5968 mpio - ok
21:57:58.0424 5968 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
21:57:58.0481 5968 mpsdrv - ok
21:57:58.0546 5968 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
21:57:58.0637 5968 MpsSvc - ok
21:57:58.0679 5968 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
21:57:58.0724 5968 MRxDAV - ok
21:57:58.0768 5968 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
21:57:58.0801 5968 mrxsmb - ok
21:57:58.0843 5968 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:57:58.0892 5968 mrxsmb10 - ok
21:57:58.0916 5968 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:57:58.0950 5968 mrxsmb20 - ok
21:57:58.0980 5968 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
21:57:59.0009 5968 msahci - ok
21:57:59.0043 5968 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
21:57:59.0075 5968 msdsm - ok
21:57:59.0104 5968 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
21:57:59.0154 5968 MSDTC - ok
21:57:59.0191 5968 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
21:57:59.0253 5968 Msfs - ok
21:57:59.0267 5968 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
21:57:59.0338 5968 mshidkmdf - ok
21:57:59.0359 5968 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
21:57:59.0386 5968 msisadrv - ok
21:57:59.0443 5968 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
21:57:59.0538 5968 MSiSCSI - ok
21:57:59.0547 5968 msiserver - ok
21:57:59.0588 5968 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
21:57:59.0652 5968 MSKSSRV - ok
21:57:59.0671 5968 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
21:57:59.0733 5968 MSPCLOCK - ok
21:57:59.0743 5968 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
21:57:59.0802 5968 MSPQM - ok
21:57:59.0842 5968 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
21:57:59.0861 5968 MsRPC - ok
21:57:59.0889 5968 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
21:57:59.0906 5968 mssmbios - ok
21:57:59.0920 5968 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
21:57:59.0955 5968 MSTEE - ok
21:57:59.0977 5968 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
21:57:59.0995 5968 MTConfig - ok
21:58:00.0016 5968 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
21:58:00.0032 5968 Mup - ok
21:58:00.0077 5968 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
21:58:00.0122 5968 napagent - ok
21:58:00.0172 5968 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
21:58:00.0196 5968 NativeWifiP - ok
21:58:00.0273 5968 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
21:58:00.0332 5968 NDIS - ok
21:58:00.0352 5968 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
21:58:00.0411 5968 NdisCap - ok
21:58:00.0438 5968 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
21:58:00.0492 5968 NdisTapi - ok
21:58:00.0527 5968 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
21:58:00.0593 5968 Ndisuio - ok
21:58:00.0650 5968 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
21:58:00.0740 5968 NdisWan - ok
21:58:00.0770 5968 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
21:58:00.0819 5968 NDProxy - ok
21:58:00.0859 5968 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\windows\system32\HPZinw12.dll
21:58:00.0882 5968 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:58:00.0882 5968 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:58:00.0916 5968 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
21:58:00.0993 5968 NetBIOS - ok
21:58:01.0038 5968 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
21:58:01.0119 5968 NetBT - ok
21:58:01.0148 5968 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:58:01.0167 5968 Netlogon - ok
21:58:01.0208 5968 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
21:58:01.0268 5968 Netman - ok
21:58:01.0308 5968 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
21:58:01.0403 5968 netprofm - ok
21:58:01.0482 5968 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:58:01.0519 5968 NetTcpPortSharing - ok
21:58:01.0548 5968 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
21:58:01.0578 5968 nfrd960 - ok
21:58:01.0631 5968 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
21:58:01.0715 5968 NlaSvc - ok
21:58:01.0800 5968 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\windows\system32\drivers\ccdcmb.sys
21:58:01.0888 5968 nmwcd - ok
21:58:01.0938 5968 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\windows\system32\drivers\ccdcmbo.sys
21:58:02.0013 5968 nmwcdc - ok
21:58:02.0063 5968 nmwcdnsu (99b224f8026cb534724aa3c408561e45) C:\windows\system32\drivers\nmwcdnsu.sys
21:58:02.0129 5968 nmwcdnsu - ok
21:58:02.0169 5968 nmwcdnsuc (d23257682d349a5e2e4507ed33decc16) C:\windows\system32\drivers\nmwcdnsuc.sys
21:58:02.0245 5968 nmwcdnsuc - ok
21:58:02.0275 5968 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
21:58:02.0343 5968 Npfs - ok
21:58:02.0373 5968 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
21:58:02.0462 5968 nsi - ok
21:58:02.0481 5968 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
21:58:02.0550 5968 nsiproxy - ok
21:58:02.0664 5968 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
21:58:02.0740 5968 Ntfs - ok
21:58:02.0852 5968 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
21:58:02.0913 5968 Null - ok
21:58:02.0952 5968 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
21:58:02.0984 5968 nvraid - ok
21:58:03.0014 5968 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
21:58:03.0047 5968 nvstor - ok
21:58:03.0072 5968 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
21:58:03.0111 5968 nv_agp - ok
21:58:03.0236 5968 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
21:58:03.0290 5968 ohci1394 - ok
21:58:03.0446 5968 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:58:03.0482 5968 ose - ok
21:58:03.0827 5968 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:58:03.0991 5968 osppsvc - ok
21:58:04.0243 5968 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:58:04.0317 5968 p2pimsvc - ok
21:58:04.0352 5968 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
21:58:04.0410 5968 p2psvc - ok
21:58:04.0464 5968 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
21:58:04.0499 5968 Parport - ok
21:58:04.0538 5968 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
21:58:04.0568 5968 partmgr - ok
21:58:04.0585 5968 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
21:58:04.0630 5968 Parvdm - ok
21:58:04.0663 5968 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
21:58:04.0719 5968 PcaSvc - ok
21:58:04.0753 5968 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\windows\system32\DRIVERS\pccsmcfd.sys
21:58:04.0822 5968 pccsmcfd - ok
21:58:04.0860 5968 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
21:58:04.0894 5968 pci - ok
21:58:04.0913 5968 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
21:58:04.0932 5968 pciide - ok
21:58:04.0965 5968 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
21:58:04.0996 5968 pcmcia - ok
21:58:05.0029 5968 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
21:58:05.0046 5968 pcw - ok
21:58:05.0105 5968 pdfcDispatcher - ok
21:58:05.0165 5968 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
21:58:05.0243 5968 PEAUTH - ok
21:58:05.0409 5968 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
21:58:05.0541 5968 pla - ok
21:58:05.0680 5968 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
21:58:05.0750 5968 PlugPlay - ok
21:58:05.0815 5968 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\windows\system32\HPZipm12.dll
21:58:05.0838 5968 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:58:05.0838 5968 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:58:05.0868 5968 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
21:58:05.0924 5968 PNRPAutoReg - ok
21:58:05.0966 5968 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:58:06.0011 5968 PNRPsvc - ok
21:58:06.0070 5968 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\windows\system32\DRIVERS\point32.sys
21:58:06.0095 5968 Point32 - ok
21:58:06.0150 5968 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
21:58:06.0226 5968 PolicyAgent - ok
21:58:06.0273 5968 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
21:58:06.0328 5968 Power - ok
21:58:06.0370 5968 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
21:58:06.0417 5968 PptpMiniport - ok
21:58:06.0442 5968 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
21:58:06.0480 5968 Processor - ok
21:58:06.0524 5968 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll
21:58:06.0582 5968 ProfSvc - ok
21:58:06.0623 5968 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:58:06.0658 5968 ProtectedStorage - ok
21:58:06.0694 5968 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
21:58:06.0786 5968 Psched - ok
21:58:06.0823 5968 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\windows\system32\Drivers\PxHelp20.sys
21:58:06.0851 5968 PxHelp20 - ok
21:58:06.0959 5968 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
21:58:07.0041 5968 ql2300 - ok
21:58:07.0168 5968 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
21:58:07.0201 5968 ql40xx - ok
21:58:07.0242 5968 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
21:58:07.0301 5968 QWAVE - ok
21:58:07.0332 5968 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
21:58:07.0370 5968 QWAVEdrv - ok
21:58:07.0393 5968 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
21:58:07.0467 5968 RasAcd - ok
21:58:07.0499 5968 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
21:58:07.0570 5968 RasAgileVpn - ok
21:58:07.0598 5968 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
21:58:07.0659 5968 RasAuto - ok
21:58:07.0675 5968 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
21:58:07.0729 5968 Rasl2tp - ok
21:58:07.0799 5968 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
21:58:07.0887 5968 RasMan - ok
21:58:07.0907 5968 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
21:58:07.0979 5968 RasPppoe - ok
21:58:08.0012 5968 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
21:58:08.0077 5968 RasSstp - ok
21:58:08.0119 5968 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
21:58:08.0182 5968 rdbss - ok
21:58:08.0209 5968 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
21:58:08.0247 5968 rdpbus - ok
21:58:08.0279 5968 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
21:58:08.0376 5968 RDPCDD - ok
21:58:08.0418 5968 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
21:58:08.0491 5968 RDPENCDD - ok
21:58:08.0515 5968 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
21:58:08.0562 5968 RDPREFMP - ok
21:58:08.0593 5968 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
21:58:08.0643 5968 RDPWD - ok
21:58:08.0693 5968 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
21:58:08.0727 5968 rdyboost - ok
21:58:08.0771 5968 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
21:58:08.0853 5968 RemoteAccess - ok
21:58:08.0886 5968 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
21:58:08.0974 5968 RemoteRegistry - ok
21:58:09.0024 5968 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
21:58:09.0047 5968 RFCOMM - ok
21:58:09.0353 5968 RoxMediaDB10 (85f9924fb26d924c4a10dc620ae2c350) c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
21:58:09.0422 5968 RoxMediaDB10 - ok
21:58:09.0523 5968 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
21:58:09.0633 5968 RpcEptMapper - ok
21:58:09.0655 5968 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
21:58:09.0676 5968 RpcLocator - ok
21:58:09.0744 5968 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
21:58:09.0818 5968 RpcSs - ok
21:58:09.0862 5968 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
21:58:09.0925 5968 rspndr - ok
21:58:09.0968 5968 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:58:10.0003 5968 SamSs - ok
21:58:10.0047 5968 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
21:58:10.0064 5968 sbp2port - ok
21:58:10.0213 5968 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
21:58:10.0276 5968 SBSDWSCService - ok
21:58:10.0391 5968 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
21:58:10.0476 5968 SCardSvr - ok
21:58:10.0519 5968 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
21:58:10.0584 5968 scfilter - ok
21:58:10.0686 5968 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
21:58:10.0783 5968 Schedule - ok
21:58:10.0838 5968 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
21:58:10.0897 5968 SCPolicySvc - ok
21:58:10.0938 5968 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
21:58:10.0989 5968 SDRSVC - ok
21:58:11.0025 5968 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
21:58:11.0095 5968 secdrv - ok
21:58:11.0119 5968 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
21:58:11.0201 5968 seclogon - ok
21:58:11.0229 5968 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
21:58:11.0316 5968 SENS - ok
21:58:11.0342 5968 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
21:58:11.0397 5968 SensrSvc - ok
21:58:11.0422 5968 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
21:58:11.0443 5968 Serenum - ok
21:58:11.0460 5968 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
21:58:11.0493 5968 Serial - ok
21:58:11.0522 5968 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
21:58:11.0561 5968 sermouse - ok
21:58:11.0681 5968 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:58:11.0738 5968 ServiceLayer - ok
21:58:11.0803 5968 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
21:58:11.0862 5968 SessionEnv - ok
21:58:11.0893 5968 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
21:58:11.0939 5968 sffdisk - ok
21:58:11.0963 5968 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
21:58:12.0007 5968 sffp_mmc - ok
21:58:12.0023 5968 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
21:58:12.0055 5968 sffp_sd - ok
21:58:12.0070 5968 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
21:58:12.0107 5968 sfloppy - ok
21:58:12.0160 5968 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
21:58:12.0257 5968 SharedAccess - ok
21:58:12.0308 5968 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
21:58:12.0391 5968 ShellHWDetection - ok
21:58:12.0422 5968 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
21:58:12.0451 5968 sisagp - ok
21:58:12.0489 5968 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
21:58:12.0505 5968 SiSRaid2 - ok
21:58:12.0519 5968 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
21:58:12.0539 5968 SiSRaid4 - ok
21:58:12.0574 5968 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
21:58:12.0625 5968 Smb - ok
21:58:12.0664 5968 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
21:58:12.0707 5968 SNMPTRAP - ok
21:58:12.0855 5968 SNP2UVC (d8aba1293b82e7af2f78b67ca46fcb3d) C:\windows\system32\DRIVERS\snp2uvc.sys
21:58:12.0950 5968 SNP2UVC - ok
21:58:13.0055 5968 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
21:58:13.0083 5968 spldr - ok
21:58:13.0139 5968 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
21:58:13.0208 5968 Spooler - ok
21:58:13.0456 5968 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
21:58:13.0592 5968 sppsvc - ok
21:58:13.0691 5968 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
21:58:13.0771 5968 sppuinotify - ok
21:58:13.0827 5968 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
21:58:13.0869 5968 srv - ok
21:58:13.0918 5968 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
21:58:13.0964 5968 srv2 - ok
21:58:13.0998 5968 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
21:58:14.0043 5968 srvnet - ok
21:58:14.0078 5968 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
21:58:14.0146 5968 SSDPSRV - ok
21:58:14.0196 5968 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
21:58:14.0220 5968 ssmdrv - ok
21:58:14.0250 5968 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
21:58:14.0328 5968 SstpSvc - ok
21:58:14.0414 5968 STacSV (a8d11fb4733af636a96fc7c67417d893) C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
21:58:14.0447 5968 STacSV - ok
21:58:14.0472 5968 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
21:58:14.0502 5968 stexstor - ok
21:58:14.0565 5968 STHDA (901703459c668331df0c0245f6b8160a) C:\windows\system32\DRIVERS\stwrt.sys
21:58:14.0604 5968 STHDA - ok
21:58:14.0638 5968 StillCam (edb05bd63148796f23ea78506404a538) C:\windows\system32\DRIVERS\serscan.sys
21:58:14.0670 5968 StillCam - ok
21:58:14.0753 5968 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
21:58:14.0834 5968 StiSvc - ok
21:58:14.0908 5968 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:58:14.0935 5968 stllssvr - ok
21:58:14.0963 5968 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
21:58:14.0995 5968 swenum - ok
21:58:15.0037 5968 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
21:58:15.0110 5968 swprv - ok
21:58:15.0161 5968 SynTP (1de40024679cde0e573465253519730e) C:\windows\system32\DRIVERS\SynTP.sys
21:58:15.0195 5968 SynTP - ok
21:58:15.0308 5968 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
21:58:15.0408 5968 SysMain - ok
21:58:15.0448 5968 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
21:58:15.0518 5968 TabletInputService - ok
21:58:15.0573 5968 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
21:58:15.0657 5968 TapiSrv - ok
21:58:15.0680 5968 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
21:58:15.0777 5968 TBS - ok
21:58:15.0928 5968 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
21:58:16.0013 5968 Tcpip - ok
21:58:16.0196 5968 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
21:58:16.0263 5968 TCPIP6 - ok
21:58:16.0355 5968 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
21:58:16.0414 5968 tcpipreg - ok
21:58:16.0472 5968 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
21:58:16.0525 5968 TDPIPE - ok
21:58:16.0560 5968 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
21:58:16.0602 5968 TDTCP - ok
21:58:16.0641 5968 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
21:58:16.0710 5968 tdx - ok
21:58:16.0742 5968 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
21:58:16.0770 5968 TermDD - ok
21:58:16.0849 5968 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
21:58:16.0946 5968 TermService - ok
21:58:16.0975 5968 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
21:58:17.0024 5968 Themes - ok
21:58:17.0056 5968 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:58:17.0096 5968 THREADORDER - ok
21:58:17.0133 5968 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\windows\system32\drivers\tpm.sys
21:58:17.0180 5968 TPM - ok
21:58:17.0208 5968 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
21:58:17.0290 5968 TrkWks - ok
21:58:17.0354 5968 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
21:58:17.0410 5968 TrustedInstaller - ok
21:58:17.0436 5968 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
21:58:17.0509 5968 tssecsrv - ok
21:58:17.0558 5968 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
21:58:17.0613 5968 TsUsbFlt - ok
21:58:17.0682 5968 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
21:58:17.0738 5968 tunnel - ok
21:58:17.0761 5968 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
21:58:17.0783 5968 uagp35 - ok
21:58:17.0822 5968 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
21:58:17.0892 5968 udfs - ok
21:58:17.0927 5968 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
21:58:17.0983 5968 UI0Detect - ok
21:58:18.0030 5968 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
21:58:18.0063 5968 uliagpkx - ok
21:58:18.0095 5968 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
21:58:18.0125 5968 umbus - ok
21:58:18.0152 5968 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
21:58:18.0175 5968 UmPass - ok
21:58:18.0211 5968 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
21:58:18.0289 5968 upnphost - ok
21:58:18.0343 5968 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\windows\system32\DRIVERS\usbser_lowerflt.sys
21:58:18.0407 5968 upperdev - ok
21:58:18.0434 5968 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
21:58:18.0492 5968 usbccgp - ok
21:58:18.0539 5968 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
21:58:18.0586 5968 usbcir - ok
21:58:18.0605 5968 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
21:58:18.0628 5968 usbehci - ok
21:58:18.0676 5968 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
21:58:18.0720 5968 usbhub - ok
21:58:18.0744 5968 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\DRIVERS\usbohci.sys
21:58:18.0766 5968 usbohci - ok
21:58:18.0801 5968 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
21:58:18.0828 5968 usbprint - ok
21:58:18.0852 5968 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
21:58:18.0900 5968 usbscan - ok
21:58:18.0932 5968 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\windows\system32\DRIVERS\usbser.sys
21:58:18.0988 5968 usbser - ok
21:58:19.0022 5968 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\windows\system32\DRIVERS\usbser_lowerfltj.sys
21:58:19.0094 5968 UsbserFilt - ok
21:58:19.0116 5968 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:58:19.0159 5968 USBSTOR - ok
21:58:19.0178 5968 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
21:58:19.0210 5968 usbuhci - ok
21:58:19.0240 5968 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
21:58:19.0289 5968 usbvideo - ok
21:58:19.0320 5968 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
21:58:19.0388 5968 UxSms - ok
21:58:19.0474 5968 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:58:19.0510 5968 VaultSvc - ok
21:58:19.0678 5968 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
21:58:19.0708 5968 vdrvroot - ok
21:58:19.0785 5968 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
21:58:19.0902 5968 vds - ok
21:58:19.0940 5968 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
21:58:19.0961 5968 vga - ok
21:58:19.0983 5968 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
21:58:20.0026 5968 VgaSave - ok
21:58:20.0070 5968 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
21:58:20.0103 5968 vhdmp - ok
21:58:20.0129 5968 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
21:58:20.0147 5968 viaagp - ok
21:58:20.0175 5968 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
21:58:20.0195 5968 ViaC7 - ok
21:58:20.0213 5968 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
21:58:20.0235 5968 viaide - ok
21:58:20.0248 5968 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
21:58:20.0274 5968 volmgr - ok
21:58:20.0311 5968 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
21:58:20.0349 5968 volmgrx - ok
21:58:20.0382 5968 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
21:58:20.0421 5968 volsnap - ok
21:58:20.0470 5968 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
21:58:20.0504 5968 vsmraid - ok
21:58:20.0633 5968 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
21:58:20.0746 5968 VSS - ok
21:58:20.0774 5968 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
21:58:20.0810 5968 vwifibus - ok
21:58:20.0837 5968 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
21:58:20.0880 5968 vwififlt - ok
21:58:20.0896 5968 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
21:58:20.0935 5968 vwifimp - ok
21:58:20.0985 5968 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
21:58:21.0069 5968 W32Time - ok
21:58:21.0105 5968 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
21:58:21.0142 5968 WacomPen - ok
21:58:21.0192 5968 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
21:58:21.0254 5968 WANARP - ok
21:58:21.0260 5968 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
21:58:21.0300 5968 Wanarpv6 - ok
21:58:21.0423 5968 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
21:58:21.0533 5968 wbengine - ok
21:58:21.0566 5968 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
21:58:21.0628 5968 WbioSrvc - ok
21:58:21.0684 5968 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
21:58:21.0758 5968 wcncsvc - ok
21:58:21.0779 5968 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
21:58:21.0841 5968 WcsPlugInService - ok
21:58:21.0888 5968 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
21:58:21.0917 5968 Wd - ok
21:58:21.0974 5968 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
21:58:22.0028 5968 Wdf01000 - ok
21:58:22.0053 5968 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:58:22.0139 5968 WdiServiceHost - ok
21:58:22.0146 5968 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:58:22.0185 5968 WdiSystemHost - ok
21:58:22.0224 5968 WebClient (e2cbb708dd2e12c8437eb7bfb90cc77e) C:\windows\System32\webclnt.dll
21:58:22.0264 5968 WebClient - ok
21:58:22.0293 5968 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
21:58:22.0373 5968 Wecsvc - ok
21:58:22.0393 5968 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
21:58:22.0471 5968 wercplsupport - ok
21:58:22.0506 5968 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
21:58:22.0573 5968 WerSvc - ok
21:58:22.0592 5968 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
21:58:22.0651 5968 WfpLwf - ok
21:58:22.0670 5968 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
21:58:22.0693 5968 WIMMount - ok
21:58:22.0806 5968 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:58:22.0873 5968 WinDefend - ok
21:58:22.0887 5968 WinHttpAutoProxySvc - ok
21:58:22.0959 5968 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
21:58:23.0025 5968 Winmgmt - ok
21:58:23.0149 5968 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
21:58:23.0262 5968 WinRM - ok
21:58:23.0338 5968 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
21:58:23.0373 5968 WinUsb - ok
21:58:23.0439 5968 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
21:58:23.0522 5968 Wlansvc - ok
21:58:23.0542 5968 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
21:58:23.0586 5968 WmiAcpi - ok
21:58:23.0650 5968 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
21:58:23.0715 5968 wmiApSrv - ok
21:58:23.0873 5968 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:58:23.0952 5968 WMPNetworkSvc - ok
21:58:24.0057 5968 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
21:58:24.0114 5968 WPCSvc - ok
21:58:24.0159 5968 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
21:58:24.0218 5968 WPDBusEnum - ok
21:58:24.0259 5968 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
21:58:24.0330 5968 ws2ifsl - ok
21:58:24.0351 5968 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll
21:58:24.0414 5968 wscsvc - ok
21:58:24.0456 5968 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\windows\system32\DRIVERS\WSDPrint.sys
21:58:24.0503 5968 WSDPrintDevice - ok
21:58:24.0517 5968 WSearch - ok
21:58:24.0813 5968 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
21:58:24.0939 5968 wuauserv - ok
21:58:25.0054 5968 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
21:58:25.0123 5968 WudfPf - ok
21:58:25.0158 5968 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
21:58:25.0192 5968 WUDFRd - ok
21:58:25.0245 5968 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
21:58:25.0324 5968 wudfsvc - ok
21:58:25.0367 5968 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
21:58:25.0420 5968 WwanSvc - ok
21:58:25.0477 5968 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
21:58:25.0536 5968 yukonw7 - ok
21:58:25.0584 5968 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:58:25.0855 5968 \Device\Harddisk0\DR0 - ok
21:58:25.0863 5968 Boot (0x1200) (4e3619f56baa38ea815305e247946fee) \Device\Harddisk0\DR0\Partition0
21:58:25.0865 5968 \Device\Harddisk0\DR0\Partition0 - ok
21:58:25.0901 5968 Boot (0x1200) (7767350a73b6965d2c50d0d391c3f53e) \Device\Harddisk0\DR0\Partition1
21:58:25.0903 5968 \Device\Harddisk0\DR0\Partition1 - ok
21:58:25.0936 5968 Boot (0x1200) (11f0b82b4b52611bf869506288575b48) \Device\Harddisk0\DR0\Partition2
21:58:25.0938 5968 \Device\Harddisk0\DR0\Partition2 - ok
21:58:25.0953 5968 Boot (0x1200) (01319dff9858d048481254ef9d1a5d8a) \Device\Harddisk0\DR0\Partition3
21:58:25.0955 5968 \Device\Harddisk0\DR0\Partition3 - ok
21:58:25.0956 5968 ============================================================
21:58:25.0956 5968 Scan finished
21:58:25.0956 5968 ============================================================
21:58:25.0990 3192 Detected object count: 4
21:58:25.0990 3192 Actual detected object count: 4
21:58:51.0502 3192 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:51.0502 3192 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:51.0507 3192 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:51.0507 3192 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:51.0513 3192 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:51.0513 3192 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:51.0517 3192 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:51.0517 3192 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
13.06.2012, 21:39
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.06.2012, 18:19
| #15 |
| | Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? Combofix Logfile: Code:
ATTFilter ComboFix 12-06-14.01 - Phie 14.06.2012 17:57:21.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1789.760 [GMT 2:00]
ausgeführt von:: c:\users\Phie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Maintenance Service
c:\program files\Mozilla Maintenance Service\maintenanceservice.exe
c:\program files\Mozilla Maintenance Service\Uninstall.exe
c:\program files\Mozilla Maintenance Service\updater.ini
c:\users\Phie\AppData\Roaming\Local
c:\users\Phie\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Phie\AppData\Roaming\Local\Temp\DDM\Settings\Arielle.Die.Meerjungfrau.1989.German.Alte.Orginal.Synchro.DVDRiP.XviD.avi.ddr
c:\users\Phie\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Phie\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Arielle.Die.Meerjungfrau.1989.German.Alte.Orginal.Synchro.DVDRiP.XviD.avi.ddp
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MozillaMaintenance
-------\Service_MozillaMaintenance
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-14 bis 2012-06-14 ))))))))))))))))))))))))))))))
.
.
2012-06-13 15:32 . 2012-06-13 15:32 -------- d-----w- C:\_OTL
2012-06-13 14:33 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 14:33 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 14:33 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 14:33 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 14:33 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 14:33 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 14:33 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 14:33 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 14:33 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 14:33 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 12:38 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F87E230-9730-4770-B20D-C1852147E98D}\mpengine.dll
2012-06-11 21:16 . 2012-06-11 21:16 -------- d-----w- c:\program files\ESET
2012-06-10 15:07 . 2012-06-10 15:07 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-06-10 10:47 . 2012-06-10 10:47 -------- d-----w- c:\users\Phie\AppData\Local\Macromedia
2012-06-09 12:13 . 2012-06-09 12:13 -------- d-----w- c:\users\Phie\AppData\Local\Mozilla
2012-06-09 10:48 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-09 10:48 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-09 10:48 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-06-09 10:48 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-09 10:48 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-09 10:48 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-09 10:47 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-06-09 10:47 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-09 10:47 . 2012-06-09 10:47 -------- d-----w- c:\programdata\AVAST Software
2012-06-09 10:47 . 2012-06-09 10:47 -------- d-----w- c:\program files\AVAST Software
2012-06-08 23:51 . 2012-06-09 10:44 -------- d-----w- c:\program files\Recovery Toolbox for Word
2012-06-08 21:55 . 2012-06-08 21:55 -------- d-----w- c:\users\Phie\AppData\Roaming\Malwarebytes
2012-06-08 21:55 . 2012-06-08 21:55 -------- d-----w- c:\programdata\Malwarebytes
2012-06-08 21:55 . 2012-06-08 21:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-08 21:55 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-23 20:07 . 2012-03-22 11:43 2557952 ----a-w- c:\windows\system32\QtCore4.dll
2012-05-23 20:07 . 2012-04-18 11:49 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 10:33 . 2012-03-30 09:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-10 10:33 . 2011-05-26 19:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-09 18:42 . 2011-10-30 15:11 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-09 18:42 . 2011-10-30 15:11 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-31 04:39 . 2012-05-11 07:28 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 07:28 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-11 07:28 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:27 . 2012-05-11 07:28 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-01 15:38 . 2012-06-09 12:12 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-02-01 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-13 458844]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 257224]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 136176]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 10:33]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 14:22]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 14:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: &Download by Orbit
IE: &Grab video by Orbit
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Do&wnload selected by Orbit
IE: Down&load all by Orbit
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Phie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Phie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Phie\AppData\Roaming\Mozilla\Firefox\Profiles\8mk9wiiv.default\
FF - prefs.js: browser.startup.homepage - google.de
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-MozillaMaintenanceService - c:\program files\Mozilla Maintenance Service\uninstall.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1444)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-14 19:13:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-14 17:13
.
Vor Suchlauf: 11 Verzeichnis(se), 177.024.569.344 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 176.563.986.432 Bytes frei
.
- - End Of File - - 45DAC15D057BA721F64ED02BBE0E0DA5
|
|
| Themen zu Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? |
| appdata, autostart, bösartige, computer, dateien, dateisystem, download, erfolgreich, forum, funktioniert, gelöscht, gestern, heuristiks/extra, heuristiks/shuriken, heute, konnte, mehrfach, minute, nichts, programm, recycle.bin, registrierung, roaming, speicherkarte, trojan.agent, trojan.fakealert, verzeichnisse, wiederherstellen, wirklich |
Button.
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
