|
Plagegeister aller Art und deren Bekämpfung: Windows-Verschlüsselungs-Trojaner auf Win7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.06.2012, 14:31 | #1 |
| Windows-Verschlüsselungs-Trojaner auf Win7 Hallo, auch wir haben uns den Trojaner eingefangen. System: Windows 7, 32bit-Version Hier die Daten des Scans: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.12.03 Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Ari :: ARI-MSI [Administrator] Schutz: Deaktiviert 12.06.2012 14:46:40 mbam-log-2012-06-12 (14-46-40).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 366120 Laufzeit: 33 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|1470A94A (Trojan.Agent.SZ) -> Daten: C:\Users\Ari\AppData\Roaming\Xell\6BB6EB991470A94AFBEA.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Ari\AppData\Roaming\Xell\6BB6EB991470A94AFBEA.exe (Trojan.Agent.SZ) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Gruß Dennis Nach dem verschieben der Funde in Quarantäne kann ich zumindest wieder im normalen Windows-Modus arbeiten, ohne dass das Fenster zum bezahlen kommt. OTL.txt Code:
ATTFilter OTL logfile created on: 6/13/2012 2:19:37 PM - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Ari\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.17 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 66.40% Memory free 6.34 Gb Paging File | 5.01 Gb Available in Paging File | 79.10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 273.39 Gb Total Space | 229.00 Gb Free Space | 83.76% Space Free | Partition Type: NTFS Drive D: | 182.27 Gb Total Space | 168.82 Gb Free Space | 92.62% Space Free | Partition Type: NTFS Computer Name: ARI-MSI | User Name: Ari | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/13 14:11:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ari\Desktop\OTL.exe PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/04/24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/04/18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/03/31 04:38:14 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2012/03/31 04:38:12 | 000,954,256 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\KiesHelper.exe PRC - [2012/03/28 22:12:02 | 000,694,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe PRC - [2012/03/28 22:11:58 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/07/04 14:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/12/17 02:00:40 | 002,396,160 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe PRC - [2009/12/09 19:15:21 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009/12/09 19:14:52 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009/10/13 21:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/07/10 01:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe ========== Modules (No Company Name) ========== MOD - [2012/05/12 09:21:21 | 002,295,296 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c366ebd7f33816762268154efc68176d\System.Core.ni.dll MOD - [2012/05/09 19:00:53 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll MOD - [2012/05/09 19:00:52 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c06efd2e3e05e4e3231904d543240c20\System.ServiceProcess.ni.dll MOD - [2012/05/09 19:00:36 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\fe88a64f62eb6afc6dfc945fc335b92b\System.Web.ni.dll MOD - [2012/05/09 19:00:23 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012/05/09 19:00:20 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\558fa6c6131f14af258f94291a5d19d6\System.EnterpriseServices.ni.dll MOD - [2012/05/09 19:00:17 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\61fbbd8bc7d76972115b292b132ff2d1\System.Transactions.ni.dll MOD - [2012/05/09 19:00:14 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll MOD - [2012/05/09 18:59:38 | 014,325,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\64e140108933b8090472da1a76b78c20\PresentationFramework.ni.dll MOD - [2012/05/09 18:59:22 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9e953ea4e76b62ab1c4a1874abae2961\System.Windows.Forms.ni.dll MOD - [2012/05/09 18:59:15 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bbf2cf8dd0409f1ccc989406e2942dac\System.Drawing.ni.dll MOD - [2012/05/09 18:59:11 | 012,218,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b6370d1903505abc171c968e357fe1bf\PresentationCore.ni.dll MOD - [2012/05/09 18:59:01 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012/05/09 18:58:55 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012/05/09 18:58:51 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012/05/09 18:58:49 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012/05/09 18:58:38 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012/03/30 03:23:38 | 000,079,872 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FileService.dll MOD - [2012/03/30 03:21:48 | 014,144,512 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll MOD - [2012/03/30 03:21:18 | 000,486,912 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll MOD - [2012/03/30 03:21:12 | 000,034,304 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll MOD - [2012/03/29 18:44:34 | 000,022,528 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll MOD - [2012/03/28 22:13:12 | 000,037,376 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\ASF_cSharpAPI.dll MOD - [2012/03/28 22:12:04 | 000,839,680 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\System.Data.SQLite.dll MOD - [2012/03/28 22:12:00 | 000,712,704 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\DeviceModules\SHOWDRM_UCC.dll MOD - [2012/03/28 22:11:58 | 000,237,568 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\DeviceModules\drmcm.dll MOD - [2012/03/28 22:11:28 | 000,720,896 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\LDBCShConv.dll MOD - [2010/01/29 23:30:10 | 000,249,856 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010/01/29 23:30:00 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll MOD - [2010/01/29 23:29:59 | 000,167,936 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2010/01/29 23:29:56 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/01/29 23:29:55 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/01/29 23:29:53 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2010/01/29 23:20:28 | 000,372,736 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3630.42316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010/01/29 23:20:28 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3630.42335__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010/01/29 23:20:28 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3630.42330__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 001,708,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3630.42432__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,827,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3630.42360__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3630.42404__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3630.42380__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,356,352 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3630.42371__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3630.42335__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3630.42403__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,102,400 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3630.42413__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3630.42372__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3630.42364__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3630.42385__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3630.42324__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3630.42404__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3630.42371__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3630.42367__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3630.42427__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3630.42403__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3630.42358__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3630.42325__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,019,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3630.42413__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,013,312 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3630.42432__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 001,142,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3630.42428__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3630.42336__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,372,736 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3630.42354__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,323,584 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3630.42366__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3630.42340__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010/01/29 23:20:26 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,151,552 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010/01/29 23:20:26 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3630.42358__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3630.42364__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3630.42340__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3630.42365__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3622.19962__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3622.19963__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3622.19993__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010/01/29 23:20:26 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3622.19964__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3622.19965__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3622.19974__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3622.19966__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3622.19978__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3622.19975__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3622.19967__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3622.19974__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010/01/29 23:20:26 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010/01/29 23:20:25 | 001,220,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3630.42320__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010/01/29 23:20:25 | 000,741,376 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3630.42427__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,565,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3630.42393__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010/01/29 23:20:25 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3630.42329__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010/01/29 23:20:25 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3630.42398__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3630.42397__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3630.42314__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3630.42312__90ba9c70f846762e\APM.Server.dll MOD - [2010/01/29 23:20:25 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3630.42315__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010/01/29 23:20:25 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3622.19977__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3622.19970__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3630.42313__90ba9c70f846762e\AEM.Server.dll MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3630.42409__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3622.19967__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010/01/29 23:20:25 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3622.19972__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3622.19974__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3622.19977__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3622.19964__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3622.19967__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3622.19968__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3622.19967__90ba9c70f846762e\APM.Foundation.dll MOD - [2010/01/29 23:20:25 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3630.42398__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010/01/29 23:20:25 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3630.42313__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2009/08/31 23:56:04 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009/06/10 23:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009/06/10 23:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2006/09/14 09:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR 3.61 Multi\rarext.dll ========== Win32 Services (SafeList) ========== SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/07/04 14:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Start_Pending] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/12/09 19:14:52 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/07/10 01:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- -- (aswTdi) DRV - File not found [File_System | Auto | Stopped] -- aswFsBlk.sys -- (aswFsBlk) DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/03/11 19:25:26 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011/07/04 14:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011/07/04 14:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/07/04 14:32:32 | 000,025,432 | ---- | M] () [Kernel | System | Stopped] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/07/04 14:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011/06/02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011/06/02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011/06/02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/12/09 21:39:45 | 005,147,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2009/12/09 18:22:19 | 000,121,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009/12/09 17:02:47 | 006,229,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd) DRV - [2009/12/05 03:50:02 | 000,082,128 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR) DRV - [2009/10/30 00:55:30 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2009/10/26 06:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2009/10/05 03:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/09/25 04:13:12 | 000,159,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009/09/17 06:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2009/07/14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2009/05/27 00:32:02 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{9606359B-FBEA-4B26-98FB-5C31BB188E00}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKCU\..\SearchScopes\{C2880F9E-025D-45DB-9D95-45DA92779E06}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=57b62a2b-5ac0-4585-8fe3-c66f2f30b9fa&apn_sauid=E8923FAA-3A1C-4E85-83F0-C26B603B87CF IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/17 20:27:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/23 19:31:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/17 20:27:21 | 000,000,000 | ---D | M] [2010/07/02 18:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ari\AppData\Roaming\mozilla\Extensions [2012/06/12 14:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions [2012/05/26 21:06:28 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com [2010/06/08 11:29:10 | 000,000,927 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\efouTAgfxqjyLerasJgvL [2012/05/26 21:06:28 | 000,002,344 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\ounpaeyLUssXDus [2010/08/23 19:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/11/15 19:09:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/11/15 15:00:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/05/22 19:56:44 | 000,003,659 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2011/11/15 14:51:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/15 15:00:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/11/15 15:00:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/11/15 15:00:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/11/15 15:00:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D5FA4A3-4169-43CD-B417-D638ADEBE03F}: DhcpNameServer = 192.168.43.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CB108C4-C3A3-4681-A8BC-B4F03C71BD96}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell - "" = AutoRun O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/13 14:11:16 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ari\Desktop\OTL.exe [2012/06/12 15:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012/06/12 15:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/06/12 15:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012/06/12 15:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/06/12 14:43:51 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Malwarebytes [2012/06/12 14:43:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/03 16:31:12 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Xell [2012/05/26 21:11:52 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Avira [2012/05/26 21:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/05/26 21:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012/05/26 21:04:50 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys [2012/05/26 21:04:50 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys [2012/05/26 21:04:50 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys [2012/05/26 21:04:50 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2012/05/26 21:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/05/26 21:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012/05/21 18:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2012/05/20 13:52:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/05/20 13:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012/05/20 13:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/05/17 20:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG [2012/05/17 20:36:24 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Local\HP [2012/05/17 20:33:26 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\HP [2012/05/17 20:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant [2012/05/17 20:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP [2012/05/17 20:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012/05/17 20:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard [2012/05/17 20:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012/05/17 20:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/13 14:17:54 | 000,000,156 | ---- | M] () -- C:\Users\Ari\defogger_reenable [2012/06/13 14:13:24 | 000,022,672 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/13 14:13:24 | 000,022,672 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/13 14:11:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ari\Desktop\OTL.exe [2012/06/13 14:10:33 | 000,050,477 | ---- | M] () -- C:\Users\Ari\Desktop\Defogger.exe [2012/06/13 14:01:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/06/13 14:01:19 | 2552,381,440 | -HS- | M] () -- C:\hiberfil.sys [2012/06/12 14:06:45 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk [2012/05/26 21:06:36 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/05/25 13:47:34 | 000,014,033 | ---- | M] () -- C:\Users\Ari\Desktop\LUaVplOssqxGQasfX [2012/05/18 16:17:53 | 000,378,168 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/05/17 20:33:13 | 000,181,697 | ---- | M] () -- C:\windows\hpoins28.dat [2012/05/17 20:27:08 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk [2012/05/17 20:26:45 | 000,001,319 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2012/05/17 20:26:28 | 000,002,079 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012/05/14 16:56:27 | 000,694,430 | ---- | M] () -- C:\windows\System32\perfh00C.dat [2012/05/14 16:56:27 | 000,693,454 | ---- | M] () -- C:\windows\System32\perfh00A.dat [2012/05/14 16:56:27 | 000,689,108 | ---- | M] () -- C:\windows\System32\perfh010.dat [2012/05/14 16:56:27 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/05/14 16:56:27 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/05/14 16:56:27 | 000,137,062 | ---- | M] () -- C:\windows\System32\perfc00A.dat [2012/05/14 16:56:27 | 000,130,140 | ---- | M] () -- C:\windows\System32\perfc00C.dat [2012/05/14 16:56:27 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/05/14 16:56:27 | 000,127,144 | ---- | M] () -- C:\windows\System32\perfc010.dat [2012/05/14 16:56:27 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/13 14:17:53 | 000,000,156 | ---- | C] () -- C:\Users\Ari\defogger_reenable [2012/06/13 14:10:32 | 000,050,477 | ---- | C] () -- C:\Users\Ari\Desktop\Defogger.exe [2012/05/26 21:06:36 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/05/17 20:27:54 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk [2012/05/17 20:27:08 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk [2012/05/17 20:26:45 | 000,001,319 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2012/05/17 20:26:28 | 000,002,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012/05/17 20:23:52 | 000,181,697 | ---- | C] () -- C:\windows\hpoins28.dat [2012/05/17 20:23:52 | 000,000,442 | ---- | C] () -- C:\windows\hpomdl28.dat [2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll [2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll [2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll [2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll [2012/03/11 19:56:26 | 000,025,432 | ---- | C] () -- C:\windows\System32\drivers\aswRdr.sys ========== LOP Check ========== [2012/06/07 19:52:42 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\DAEMON Tools Lite [2012/05/01 16:57:52 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Samsung [2010/07/18 16:14:35 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Scan2PDF [2012/06/12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Xell [2012/05/21 18:37:25 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Und hier Gmer.txt: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-06-14 16:24:59 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000 Running: q0ncg1sr.exe; Driver: C:\Users\Ari\AppData\Local\Temp\fxldrpog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x94995D8C] SSDT 94EC864E ZwCreateSection SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x94995E3C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x94995ED4] SSDT 94EC8658 ZwRequestWaitReplyPort SSDT 94EC8653 ZwSetContextThread SSDT 94EC865D ZwSetSecurityObject SSDT 94EC8662 ZwSystemDebugControl SSDT 94EC85EF ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 8345D599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83482092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 23C 8348988C 4 Bytes [8C, 5D, 99, 94] {MOV WORD [EBP-0x67], DS; XCHG ESP, EAX} .text ntkrnlpa.exe!RtlSidHashLookup + 340 83489990 4 Bytes [4E, 86, EC, 94] {DEC ESI; XCHG AH, CH; XCHG ESP, EAX} .text ntkrnlpa.exe!RtlSidHashLookup + 3FC 83489A4C 4 Bytes [3C, 5E, 99, 94] {CMP AL, 0x5e; CDQ ; XCHG ESP, EAX} .text ntkrnlpa.exe!RtlSidHashLookup + 54C 83489B9C 4 Bytes [D4, 5E, 99, 94] {AAM 0x5e; CDQ ; XCHG ESP, EAX} .text ntkrnlpa.exe!RtlSidHashLookup + 69C 83489CEC 4 Bytes [58, 86, EC, 94] {POP EAX; XCHG AH, CH; XCHG ESP, EAX} .text ... .text C:\windows\system32\DRIVERS\atipmdag.sys section is writeable [0x95440000, 0x2CBE50, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00200A08 .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002003FC .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00200804 .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002001F8 .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00200600 .text C:\windows\system32\csrss.exe[480] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\wininit.exe[548] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000303FC .text C:\windows\system32\wininit.exe[548] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000301F8 .text C:\windows\system32\wininit.exe[548] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\wininit.exe[548] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00050A08 .text C:\windows\system32\wininit.exe[548] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000503FC .text C:\windows\system32\wininit.exe[548] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00050804 .text C:\windows\system32\wininit.exe[548] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000501F8 .text C:\windows\system32\wininit.exe[548] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00050600 .text C:\windows\system32\csrss.exe[560] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\services.exe[600] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\services.exe[600] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\system32\services.exe[600] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\services.exe[600] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00130A08 .text C:\windows\system32\services.exe[600] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001303FC .text C:\windows\system32\services.exe[600] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00130804 .text C:\windows\system32\services.exe[600] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001301F8 .text C:\windows\system32\services.exe[600] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00130600 .text C:\windows\system32\svchost.exe[612] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[612] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[612] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\svchost.exe[612] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00420A08 .text C:\windows\system32\svchost.exe[612] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 004203FC .text C:\windows\system32\svchost.exe[612] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00420804 .text C:\windows\system32\svchost.exe[612] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 004201F8 .text C:\windows\system32\svchost.exe[612] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00420600 .text C:\windows\system32\lsass.exe[628] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\lsass.exe[628] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\system32\lsass.exe[628] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\lsm.exe[636] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\lsm.exe[636] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\system32\lsm.exe[636] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\winlogon.exe[696] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000303FC .text C:\windows\system32\winlogon.exe[696] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000301F8 .text C:\windows\system32\winlogon.exe[696] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\winlogon.exe[696] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000C0A08 .text C:\windows\system32\winlogon.exe[696] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000C03FC .text C:\windows\system32\winlogon.exe[696] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000C0804 .text C:\windows\system32\winlogon.exe[696] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000C01F8 .text C:\windows\system32\winlogon.exe[696] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000C0600 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00200A08 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002003FC .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00200804 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002001F8 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00200600 .text C:\windows\system32\svchost.exe[788] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[788] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[788] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\svchost.exe[788] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001C0A08 .text C:\windows\system32\svchost.exe[788] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001C03FC .text C:\windows\system32\svchost.exe[788] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001C0804 .text C:\windows\system32\svchost.exe[788] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001C01F8 .text C:\windows\system32\svchost.exe[788] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001C0600 .text C:\windows\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[852] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\svchost.exe[900] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000A03FC .text C:\windows\system32\svchost.exe[900] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000A01F8 .text C:\windows\system32\svchost.exe[900] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\svchost.exe[900] user32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00330A08 .text C:\windows\system32\svchost.exe[900] user32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 003303FC .text C:\windows\system32\svchost.exe[900] user32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00330804 .text C:\windows\system32\svchost.exe[900] user32.dll!SetWinEventHook 7740507E 5 Bytes JMP 003301F8 .text C:\windows\system32\svchost.exe[900] user32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00330600 .text C:\windows\system32\atiesrxx.exe[948] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\windows\system32\atiesrxx.exe[948] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\windows\system32\atiesrxx.exe[948] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\atiesrxx.exe[948] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08 .text C:\windows\system32\atiesrxx.exe[948] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC .text C:\windows\system32\atiesrxx.exe[948] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804 .text C:\windows\system32\atiesrxx.exe[948] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8 .text C:\windows\system32\atiesrxx.exe[948] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600 .text C:\windows\System32\svchost.exe[1024] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\System32\svchost.exe[1024] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\System32\svchost.exe[1024] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\System32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000A03FC .text C:\windows\System32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000A01F8 .text C:\windows\System32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\System32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00510A08 .text C:\windows\System32\svchost.exe[1036] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 005103FC .text C:\windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00510804 .text C:\windows\System32\svchost.exe[1036] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 005101F8 .text C:\windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00510600 .text C:\windows\System32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\System32\svchost.exe[1072] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\System32\svchost.exe[1072] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\System32\svchost.exe[1072] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 003B0A08 .text C:\windows\System32\svchost.exe[1072] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 003B03FC .text C:\windows\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 003B0804 .text C:\windows\System32\svchost.exe[1072] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 003B01F8 .text C:\windows\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 003B0600 .text C:\windows\system32\svchost.exe[1104] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[1104] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[1104] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\svchost.exe[1104] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00A30A08 .text C:\windows\system32\svchost.exe[1104] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 00A303FC .text C:\windows\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00A30804 .text C:\windows\system32\svchost.exe[1104] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 00A301F8 .text C:\windows\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00A30600 .text C:\Program Files\System Control Manager\MSIService.exe[1168] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Program Files\System Control Manager\MSIService.exe[1168] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Program Files\System Control Manager\MSIService.exe[1168] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00200A08 .text C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002003FC .text C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00200804 .text C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002001F8 .text C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00200600 .text C:\windows\system32\svchost.exe[1224] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[1224] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[1224] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\svchost.exe[1224] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00550A08 .text C:\windows\system32\svchost.exe[1224] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 005503FC .text C:\windows\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00550804 .text C:\windows\system32\svchost.exe[1224] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 005501F8 .text C:\windows\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00550600 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600 .text C:\windows\system32\atieclxx.exe[1308] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\windows\system32\atieclxx.exe[1308] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\windows\system32\atieclxx.exe[1308] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\atieclxx.exe[1308] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 002F0A08 .text C:\windows\system32\atieclxx.exe[1308] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002F03FC .text C:\windows\system32\atieclxx.exe[1308] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 002F0804 .text C:\windows\system32\atieclxx.exe[1308] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002F01F8 .text C:\windows\system32\atieclxx.exe[1308] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 002F0600 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00210A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002103FC .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00210804 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002101F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00210600 .text C:\windows\system32\svchost.exe[1408] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[1408] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[1408] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\System32\spoolsv.exe[1484] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\System32\spoolsv.exe[1484] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\System32\spoolsv.exe[1484] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\System32\spoolsv.exe[1484] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00140A08 .text C:\windows\System32\spoolsv.exe[1484] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001403FC .text C:\windows\System32\spoolsv.exe[1484] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00140804 .text C:\windows\System32\spoolsv.exe[1484] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001401F8 .text C:\windows\System32\spoolsv.exe[1484] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00140600 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00090A08 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000903FC .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00090804 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000901F8 .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00090600 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1544] kernel32.dll!SetUnhandledExceptionFilter 76CD30E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1544] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600 .text C:\windows\system32\taskhost.exe[1596] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000503FC .text C:\windows\system32\taskhost.exe[1596] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000501F8 .text C:\windows\system32\taskhost.exe[1596] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\taskhost.exe[1596] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000E0A08 .text C:\windows\system32\taskhost.exe[1596] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000E03FC .text C:\windows\system32\taskhost.exe[1596] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000E0804 .text C:\windows\system32\taskhost.exe[1596] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000E01F8 .text C:\windows\system32\taskhost.exe[1596] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000E0600 .text C:\windows\System32\svchost.exe[1816] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\System32\svchost.exe[1816] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\System32\svchost.exe[1816] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\svchost.exe[1900] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[1900] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[1900] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\svchost.exe[1900] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00240A08 .text C:\windows\system32\svchost.exe[1900] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002403FC .text C:\windows\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00240804 .text C:\windows\system32\svchost.exe[1900] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002401F8 .text C:\windows\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00240600 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000F0A08 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000F03FC .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000F0804 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000F01F8 .text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000F0600 .text C:\windows\system32\Dwm.exe[2028] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\Dwm.exe[2028] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\system32\Dwm.exe[2028] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\Dwm.exe[2028] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000F0A08 .text C:\windows\system32\Dwm.exe[2028] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000F03FC .text C:\windows\system32\Dwm.exe[2028] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000F0804 .text C:\windows\system32\Dwm.exe[2028] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000F01F8 .text C:\windows\system32\Dwm.exe[2028] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000F0600 .text C:\windows\Explorer.EXE[2036] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\Explorer.EXE[2036] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\Explorer.EXE[2036] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\Explorer.EXE[2036] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00150A08 .text C:\windows\Explorer.EXE[2036] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001503FC .text C:\windows\Explorer.EXE[2036] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00150804 .text C:\windows\Explorer.EXE[2036] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001501F8 .text C:\windows\Explorer.EXE[2036] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00150600 .text C:\Program Files\Samsung\Kies\KiesHelper.exe[2080] KERNEL32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2252] ntdll.dll!DbgUiRemoteBreakin 7755D5CB 1 Byte [C3] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2252] KERNEL32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000503FC .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000501F8 .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00080A08 .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000803FC .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00080804 .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000801F8 .text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00080600 .text C:\windows\system32\conhost.exe[2472] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000303FC .text C:\windows\system32\conhost.exe[2472] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000301F8 .text C:\windows\system32\conhost.exe[2472] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\conhost.exe[2472] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00100A08 .text C:\windows\system32\conhost.exe[2472] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001003FC .text C:\windows\system32\conhost.exe[2472] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00100804 .text C:\windows\system32\conhost.exe[2472] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001001F8 .text C:\windows\system32\conhost.exe[2472] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00100600 .text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000F0A08 .text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000F03FC .text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000F0804 .text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000F01F8 .text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000F0600 .text C:\windows\system32\svchost.exe[2824] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[2824] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[2824] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\svchost.exe[2824] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00190A08 .text C:\windows\system32\svchost.exe[2824] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001903FC .text C:\windows\system32\svchost.exe[2824] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00190804 .text C:\windows\system32\svchost.exe[2824] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001901F8 .text C:\windows\system32\svchost.exe[2824] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00190600 .text C:\Windows\System32\hkcmd.exe[2936] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Windows\System32\hkcmd.exe[2936] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Windows\System32\hkcmd.exe[2936] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Windows\System32\hkcmd.exe[2936] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00210A08 .text C:\Windows\System32\hkcmd.exe[2936] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002103FC .text C:\Windows\System32\hkcmd.exe[2936] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00210804 .text C:\Windows\System32\hkcmd.exe[2936] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002101F8 .text C:\Windows\System32\hkcmd.exe[2936] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00210600 .text C:\Windows\System32\igfxpers.exe[2964] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Windows\System32\igfxpers.exe[2964] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Windows\System32\igfxpers.exe[2964] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Windows\System32\igfxpers.exe[2964] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00200A08 .text C:\Windows\System32\igfxpers.exe[2964] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002003FC .text C:\Windows\System32\igfxpers.exe[2964] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00200804 .text C:\Windows\System32\igfxpers.exe[2964] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002001F8 .text C:\Windows\System32\igfxpers.exe[2964] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00200600 .text C:\windows\system32\igfxsrvc.exe[2972] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\windows\system32\igfxsrvc.exe[2972] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\windows\system32\igfxsrvc.exe[2972] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 002F0A08 .text C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002F03FC .text C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 002F0804 .text C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002F01F8 .text C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 002F0600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3056] KERNEL32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\AUDIODG.EXE[3120] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00200A08 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002003FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00200804 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002001F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00200600 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600 .text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00300A08 .text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 003003FC .text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00300804 .text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 003001F8 .text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00300600 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00540A08 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 005403FC .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00540804 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 005401F8 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00540600 .text C:\windows\system32\wbem\unsecapp.exe[3476] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\wbem\unsecapp.exe[3476] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\system32\wbem\unsecapp.exe[3476] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000F0A08 .text C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000F03FC .text C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000F0804 .text C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000F01F8 .text C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000F0600 .text C:\Windows\WindowsMobile\wmdc.exe[3520] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\Windows\WindowsMobile\wmdc.exe[3520] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\Windows\WindowsMobile\wmdc.exe[3520] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00140A08 .text C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001403FC .text C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00140804 .text C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001401F8 .text C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00140600 .text C:\windows\system32\wbem\wmiprvse.exe[3532] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\wbem\wmiprvse.exe[3532] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\system32\wbem\wmiprvse.exe[3532] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00140A08 .text C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001403FC .text C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00140804 .text C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001401F8 .text C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00140600 .text C:\windows\system32\SearchIndexer.exe[3572] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000D03FC .text C:\windows\system32\SearchIndexer.exe[3572] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000D01F8 .text C:\windows\system32\SearchIndexer.exe[3572] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00170A08 .text C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001703FC .text C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00170804 .text C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001701F8 .text C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00170600 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3700] KERNEL32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\svchost.exe[3712] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[3712] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[3712] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 002F0A08 .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002F03FC .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 002F0804 .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002F01F8 .text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 002F0600 .text C:\Program Files\Ask.com\Updater\Updater.exe[3824] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000703FC .text C:\Program Files\Ask.com\Updater\Updater.exe[3824] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000701F8 .text C:\Program Files\Ask.com\Updater\Updater.exe[3824] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00100A08 .text C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001003FC .text C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00100804 .text C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001001F8 .text C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00100600 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000F0A08 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000F03FC .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000F0804 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000F01F8 .text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000F0600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00110A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001103FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00110804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001101F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00110600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00210A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002103FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00210804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002101F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00210600 .text C:\windows\system32\wuauclt.exe[4188] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000703FC .text C:\windows\system32\wuauclt.exe[4188] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000701F8 .text C:\windows\system32\wuauclt.exe[4188] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\wuauclt.exe[4188] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00110A08 .text C:\windows\system32\wuauclt.exe[4188] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001103FC .text C:\windows\system32\wuauclt.exe[4188] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00110804 .text C:\windows\system32\wuauclt.exe[4188] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001101F8 .text C:\windows\system32\wuauclt.exe[4188] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00110600 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00180A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001803FC .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00180804 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001801F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00180600 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] kernel32.dll!SetUnhandledExceptionFilter 76CD30E2 5 Bytes JMP 00468140 C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe (DeviceManager.exe/Mobileleader Co., Ltd.) .text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC .text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804 .text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00200A08 .text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002003FC .text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00200804 .text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002001F8 .text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00200600 .text C:\windows\system32\taskeng.exe[4536] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\windows\system32\taskeng.exe[4536] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\windows\system32\taskeng.exe[4536] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\windows\system32\taskeng.exe[4536] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00130A08 .text C:\windows\system32\taskeng.exe[4536] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001303FC .text C:\windows\system32\taskeng.exe[4536] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00130804 .text C:\windows\system32\taskeng.exe[4536] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001301F8 .text C:\windows\system32\taskeng.exe[4536] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00130600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00AB0A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 00AB03FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00AB0804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 00AB01F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00AB0600 .text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00210A08 .text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002103FC .text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00210804 .text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002101F8 .text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00210600 .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8 .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62] .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00340A08 .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 003403FC .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00340804 .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 003401F8 .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00340600 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) ---- Threads - GMER 1.0.15 ---- Thread System [4:1660] BCE32F2E ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002421d25b11 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002421d25b11 (not active ControlSet) ---- EOF - GMER 1.0.15 ---- |
15.06.2012, 17:53 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschlüsselungs-Trojaner auf Win7 Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
__________________Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
15.06.2012, 20:12 | #3 |
| Windows-Verschlüsselungs-Trojaner auf Win7 Hallo.
__________________Nein, vorher kein Scan. Habe das Programm erst neu installiert. |
15.06.2012, 20:40 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschlüsselungs-Trojaner auf Win7 Führ bitte auch ESET aus, danach sehen wir weiter. Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Code:
ATTFilter "%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt" Code:
ATTFilter "%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
__________________ Logfiles bitte immer in CODE-Tags posten |
19.06.2012, 18:58 | #5 |
| Windows-Verschlüsselungs-Trojaner auf Win7 log.txt Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=0192eff3705fc04493db60c5e141e7e4 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-18 11:55:03 # local_time=2012-06-18 01:55:03 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=1792 16777215 100 0 1958262 1958262 0 0 # compatibility_mode=5893 16776574 100 94 2070724 91648542 0 0 # compatibility_mode=8192 67108863 100 0 223 223 0 0 # scanned=35937 # found=0 # cleaned=0 # scan_time=3152 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=0192eff3705fc04493db60c5e141e7e4 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-19 05:50:02 # local_time=2012-06-19 07:50:02 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=1792 16777215 100 0 2061506 2061506 0 0 # compatibility_mode=5893 16776574 100 94 2173968 91751786 0 0 # compatibility_mode=8192 67108863 100 0 103467 103467 0 0 # scanned=191021 # found=1 # cleaned=0 # scan_time=7628 C:\Users\Ari\Downloads\sqvepgXUGdxrusyfLgX a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I |
19.06.2012, 23:18 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschlüsselungs-Trojaner auf Win7 Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ --> Windows-Verschlüsselungs-Trojaner auf Win7 |
20.06.2012, 11:35 | #7 |
| Windows-Verschlüsselungs-Trojaner auf Win7 Hier jetzt die OTL.txt Code:
ATTFilter OTL logfile created on: 6/20/2012 12:22:01 PM - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = D:\ Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.17 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 55.29% Memory free 6.34 Gb Paging File | 4.74 Gb Available in Paging File | 74.86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 273.39 Gb Total Space | 225.85 Gb Free Space | 82.61% Space Free | Partition Type: NTFS Drive D: | 182.27 Gb Total Space | 164.13 Gb Free Space | 90.05% Space Free | Partition Type: NTFS Computer Name: ARI-MSI | User Name: Ari | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/13 14:11:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2012/05/17 16:59:22 | 001,927,736 | ---- | M] (Micro-Star International) -- C:\Program Files\msi\Live Update 5\LU5.exe PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/04/24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/04/18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/31 04:38:26 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012/03/31 04:38:14 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2012/03/31 04:38:12 | 000,954,256 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\KiesHelper.exe PRC - [2012/03/28 22:12:02 | 000,694,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe PRC - [2012/03/28 22:11:58 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe PRC - [2011/07/04 14:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/12/17 02:00:40 | 002,396,160 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe PRC - [2009/12/09 19:15:21 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009/12/09 19:14:52 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009/10/13 21:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/07/10 01:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe ========== Modules (No Company Name) ========== MOD - [2012/06/19 20:57:30 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll MOD - [2012/06/19 20:57:24 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\299d0b38053fd7cbd84bac2178c3703b\PresentationFramework.Aero.ni.dll MOD - [2012/06/19 20:57:19 | 014,339,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bfaf8f86e69928fb2f67987c0203f603\PresentationFramework.ni.dll MOD - [2012/06/19 20:57:05 | 012,234,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ad23de8284d4594aa658dfb5e667d97\PresentationCore.ni.dll MOD - [2012/06/19 20:56:55 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll MOD - [2012/06/19 20:56:16 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\20008c75bb41e2febf84d4d4aea5b4e8\System.ServiceProcess.ni.dll MOD - [2012/06/19 20:56:12 | 012,432,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll MOD - [2012/06/19 20:55:56 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll MOD - [2012/06/19 20:55:54 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\887ef2648686aad19feff405eddbffd2\System.EnterpriseServices.ni.dll MOD - [2012/06/19 20:55:54 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad18f93fc713db2c4b29b25116c13bd8\System.Transactions.ni.dll MOD - [2012/06/19 20:55:53 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\1e85062785e286cd9eae9c26d2c61f73\System.Data.ni.dll MOD - [2012/06/19 20:55:49 | 011,819,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll MOD - [2012/06/19 20:55:42 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll MOD - [2012/06/19 20:55:30 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll MOD - [2012/06/19 20:55:26 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll MOD - [2012/06/19 20:55:25 | 007,963,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll MOD - [2012/06/19 20:54:39 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll MOD - [2012/06/14 16:39:35 | 013,198,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll MOD - [2012/06/14 16:36:44 | 018,019,840 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012/06/14 16:36:31 | 011,522,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012/06/14 16:36:21 | 003,881,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012/06/14 16:36:16 | 001,666,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll MOD - [2012/06/02 18:21:35 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012/06/02 18:20:04 | 000,762,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll MOD - [2012/05/20 13:39:51 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012/05/09 17:10:09 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012/05/09 17:07:13 | 007,069,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012/05/09 17:07:10 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012/05/09 17:07:03 | 009,092,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012/05/09 17:06:57 | 014,414,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012/05/01 16:58:02 | 000,115,137 | ---- | M] () -- C:\Users\Ari\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll MOD - [2012/03/31 04:38:26 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012/03/30 03:23:38 | 000,079,872 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FileService.dll MOD - [2012/03/30 03:21:48 | 014,144,512 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll MOD - [2012/03/30 03:21:18 | 000,486,912 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll MOD - [2012/03/30 03:21:12 | 000,034,304 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll MOD - [2012/03/29 18:44:34 | 000,022,528 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll MOD - [2012/03/28 22:13:12 | 000,037,376 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\ASF_cSharpAPI.dll MOD - [2012/03/28 22:12:04 | 000,839,680 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\System.Data.SQLite.dll MOD - [2012/03/28 22:12:00 | 000,712,704 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\DeviceModules\SHOWDRM_UCC.dll MOD - [2012/03/28 22:11:58 | 000,237,568 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\DeviceModules\drmcm.dll MOD - [2012/03/28 22:11:28 | 000,720,896 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\LDBCShConv.dll MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/01/29 23:30:10 | 000,249,856 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010/01/29 23:30:00 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll MOD - [2010/01/29 23:29:59 | 000,167,936 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2010/01/29 23:29:56 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/01/29 23:29:55 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/01/29 23:29:53 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2010/01/29 23:20:28 | 000,372,736 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3630.42316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010/01/29 23:20:28 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3630.42335__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010/01/29 23:20:28 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3630.42330__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 001,708,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3630.42432__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,827,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3630.42360__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3630.42404__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3630.42380__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,356,352 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3630.42371__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3630.42335__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3630.42403__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,102,400 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3630.42413__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3630.42372__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3630.42364__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3630.42385__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3630.42324__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3630.42404__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3630.42371__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3630.42367__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3630.42427__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3630.42403__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3630.42358__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3630.42325__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,019,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3630.42413__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,013,312 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3630.42432__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 001,142,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3630.42428__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3630.42336__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,372,736 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3630.42354__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,323,584 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3630.42366__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3630.42340__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010/01/29 23:20:26 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,151,552 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010/01/29 23:20:26 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3630.42358__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3630.42364__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3630.42340__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3630.42365__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3622.19962__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3622.19963__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3622.19993__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010/01/29 23:20:26 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3622.19964__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3622.19965__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3622.19974__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3622.19966__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3622.19978__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3622.19975__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3622.19967__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3622.19974__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010/01/29 23:20:26 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010/01/29 23:20:25 | 001,220,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3630.42320__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010/01/29 23:20:25 | 000,741,376 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3630.42427__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,565,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3630.42393__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010/01/29 23:20:25 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3630.42329__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010/01/29 23:20:25 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3630.42398__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3630.42397__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3630.42314__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3630.42312__90ba9c70f846762e\APM.Server.dll MOD - [2010/01/29 23:20:25 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3630.42315__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010/01/29 23:20:25 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3622.19977__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3622.19970__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3630.42313__90ba9c70f846762e\AEM.Server.dll MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3630.42409__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3622.19967__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010/01/29 23:20:25 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3622.19972__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3622.19974__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3622.19977__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3622.19964__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3622.19967__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3622.19968__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3622.19967__90ba9c70f846762e\APM.Foundation.dll MOD - [2010/01/29 23:20:25 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3630.42398__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010/01/29 23:20:25 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3630.42313__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2009/08/31 23:56:04 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009/06/10 23:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Win32 Services (SafeList) ========== SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/07/04 14:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Start_Pending] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/12/09 19:14:52 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/07/10 01:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- -- (aswTdi) DRV - File not found [File_System | Auto | Stopped] -- aswFsBlk.sys -- (aswFsBlk) DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/03/11 19:25:26 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011/07/04 14:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011/07/04 14:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/07/04 14:32:32 | 000,025,432 | ---- | M] () [Kernel | System | Stopped] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/07/04 14:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011/06/27 01:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2011/06/02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011/06/02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011/06/02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2010/10/20 14:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files\msi\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4) DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/05/10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507) DRV - [2009/12/09 21:39:45 | 005,147,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2009/12/09 18:22:19 | 000,121,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009/12/09 17:02:47 | 006,229,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd) DRV - [2009/12/05 03:50:02 | 000,082,128 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR) DRV - [2009/10/30 00:55:30 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2009/10/26 06:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2009/09/25 04:13:12 | 000,159,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009/09/17 06:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009/07/14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2009/05/27 00:32:02 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{9606359B-FBEA-4B26-98FB-5C31BB188E00}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\SearchScopes\{C2880F9E-025D-45DB-9D95-45DA92779E06}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=57b62a2b-5ac0-4585-8fe3-c66f2f30b9fa&apn_sauid=E8923FAA-3A1C-4E85-83F0-C26B603B87CF IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/17 20:27:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/23 19:31:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/17 20:27:21 | 000,000,000 | ---D | M] [2010/07/02 18:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ari\AppData\Roaming\mozilla\Extensions [2012/06/12 14:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions [2012/05/26 21:06:28 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com [2010/06/08 11:29:10 | 000,000,927 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\efouTAgfxqjyLerasJgvL [2012/05/26 21:06:28 | 000,002,344 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\ounpaeyLUssXDus [2010/08/23 19:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/11/15 19:09:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/11/15 15:00:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/05/22 19:56:44 | 000,003,659 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2011/11/15 14:51:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/15 15:00:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/11/15 15:00:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/11/15 15:00:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/11/15 15:00:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\BootStartLiveupdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D5FA4A3-4169-43CD-B417-D638ADEBE03F}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell - "" = AutoRun O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/06/19 20:09:05 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview [2012/06/19 20:08:04 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders [2012/06/18 12:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/06/12 15:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012/06/12 15:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/06/12 15:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012/06/12 15:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/06/12 14:43:51 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Malwarebytes [2012/06/12 14:43:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/03 16:31:12 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Xell [2012/05/26 21:11:52 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Avira [2012/05/26 21:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/05/26 21:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012/05/26 21:04:50 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys [2012/05/26 21:04:50 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys [2012/05/26 21:04:50 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys [2012/05/26 21:04:50 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2012/05/26 21:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/05/26 21:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012/05/21 18:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/20 10:53:13 | 000,022,672 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/20 10:53:13 | 000,022,672 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/20 10:52:37 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/06/20 10:52:37 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/06/20 10:52:37 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/06/20 10:52:37 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/06/20 10:41:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/06/20 10:41:04 | 2552,381,440 | -HS- | M] () -- C:\hiberfil.sys [2012/06/19 20:47:04 | 000,378,168 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/06/14 14:48:59 | 511,223,463 | ---- | M] () -- C:\windows\MEMORY.DMP [2012/06/13 14:17:54 | 000,000,156 | ---- | M] () -- C:\Users\Ari\defogger_reenable [2012/06/12 14:06:45 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk [2012/05/26 21:06:36 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/05/25 13:47:34 | 000,014,033 | ---- | M] () -- C:\Users\Ari\Desktop\LUaVplOssqxGQasfX [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/13 14:17:53 | 000,000,156 | ---- | C] () -- C:\Users\Ari\defogger_reenable [2012/05/26 21:06:36 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/05/17 20:23:52 | 000,181,697 | ---- | C] () -- C:\windows\hpoins28.dat [2012/05/17 20:23:52 | 000,000,442 | ---- | C] () -- C:\windows\hpomdl28.dat [2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll [2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll [2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll [2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll [2012/03/11 19:56:26 | 000,025,432 | ---- | C] () -- C:\windows\System32\drivers\aswRdr.sys [2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll ========== LOP Check ========== [2012/06/07 19:52:42 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\DAEMON Tools Lite [2012/05/01 16:57:52 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Samsung [2010/07/18 16:14:35 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Scan2PDF [2012/06/12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Xell [2012/05/21 18:37:25 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/07/03 14:32:02 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Adobe [2010/08/14 18:53:08 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\ArcSoft [2010/07/02 15:23:41 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\ATI [2012/05/26 21:11:52 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Avira [2012/06/07 19:52:42 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\DAEMON Tools Lite [2012/05/17 20:38:47 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\HP [2010/07/02 15:23:23 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Identities [2010/07/02 18:30:56 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Macromedia [2012/06/12 14:43:51 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Malwarebytes [2010/01/29 23:22:42 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Media Center Programs [2012/06/19 22:30:33 | 000,000,000 | --SD | M] -- C:\Users\Ari\AppData\Roaming\Microsoft [2010/07/02 18:33:39 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Mozilla [2012/05/01 16:57:52 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Samsung [2010/07/18 16:14:35 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Scan2PDF [2012/06/12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Xell < %APPDATA%\*.exe /s > [2012/05/09 14:43:21 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Ari\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x86.exe [2012/03/31 04:38:30 | 000,371,088 | ---- | M] (ml) -- C:\Users\Ari\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe [2012/05/04 07:37:12 | 000,371,088 | ---- | M] (ml) -- C:\Users\Ari\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009/10/13 21:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009/10/13 21:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\drivers\iaStor.sys [2009/10/13 21:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_3f3653f13a033ed4\iaStor.sys [2009/10/13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/12/09 19:15:49 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\windows\system32\ATIDEMGX.dll < End of report > |
20.06.2012, 12:12 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschlüsselungs-Trojaner auf Win7 Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\SearchScopes\{C2880F9E-025D-45DB-9D95-45DA92779E06}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=57b62a2b-5ac0-4585-8fe3-c66f2f30b9fa&apn_sauid=E8923FAA-3A1C-4E85-83F0-C26B603B87CF IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 FF - user.js - File not found [2012/05/26 21:06:28 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com [2010/06/08 11:29:10 | 000,000,927 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\efouTAgfxqjyLerasJgvL [2012/05/26 21:06:28 | 000,002,344 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\ounpaeyLUssXDus O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell - "" = AutoRun O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell\AutoRun\command - "" = G:\autorun.exe [2012/06/03 16:31:12 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Xell :Files C:\Program Files\Ask.com :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
20.06.2012, 13:05 | #9 |
| Windows-Verschlüsselungs-Trojaner auf Win7 Hier der Inhalt des Logs nachdem Win neu gestartet hat. Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry value HKEY_USERS\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully. C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully. HKEY_USERS\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_USERS\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C2880F9E-025D-45DB-9D95-45DA92779E06}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2880F9E-025D-45DB-9D95-45DA92779E06}\ not found. HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\searchplugins folder moved successfully. C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully. Folder move failed. C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\defaults scheduled to be moved on reboot. C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully. C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\chrome\content folder moved successfully. Folder move failed. C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\chrome scheduled to be moved on reboot. Folder move failed. C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com scheduled to be moved on reboot. C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\efouTAgfxqjyLerasJgvL moved successfully. C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\ounpaeyLUssXDus moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully. C:\Program Files\Ask.com\Updater\Updater.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{808a24fc-6b9d-11e1-8290-4061861e300d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{808a24fc-6b9d-11e1-8290-4061861e300d}\ not found. File G:\autorun.exe not found. C:\Users\Ari\AppData\Roaming\Xell folder moved successfully. ========== FILES ========== C:\Program Files\Ask.com\Updater folder moved successfully. C:\Program Files\Ask.com\assets\oobe folder moved successfully. C:\Program Files\Ask.com\assets folder moved successfully. C:\Program Files\Ask.com folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Ari ->Temp folder emptied: 1541470152 bytes ->Temporary Internet Files folder emptied: 208109481 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 418502234 bytes ->Flash cache emptied: 119643 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 6 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 168218055 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 18103226 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2,245.00 mb [EMPTYFLASH] User: All Users User: Ari ->Flash cache emptied: 0 bytes User: Default User: Default User User: Public Total Flash Files Cleaned = 0.00 mb C:\windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.48.0 log created on 06202012_134310 Files\Folders moved on Reboot... C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\defaults folder moved successfully. C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\chrome folder moved successfully. C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com folder moved successfully. Registry entries deleted on Reboot... |
20.06.2012, 14:25 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschlüsselungs-Trojaner auf Win7 Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
20.06.2012, 14:46 | #11 |
| Windows-Verschlüsselungs-Trojaner auf Win7Code:
ATTFilter 15:42:14.0357 6132 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31 15:42:16.0369 6132 ============================================================ 15:42:16.0369 6132 Current date / time: 2012/06/20 15:42:16.0369 15:42:16.0369 6132 SystemInfo: 15:42:16.0369 6132 15:42:16.0369 6132 OS Version: 6.1.7601 ServicePack: 1.0 15:42:16.0369 6132 Product type: Workstation 15:42:16.0369 6132 ComputerName: ARI-MSI 15:42:16.0369 6132 UserName: Ari 15:42:16.0369 6132 Windows directory: C:\windows 15:42:16.0369 6132 System windows directory: C:\windows 15:42:16.0369 6132 Processor architecture: Intel x86 15:42:16.0369 6132 Number of processors: 4 15:42:16.0369 6132 Page size: 0x1000 15:42:16.0369 6132 Boot type: Normal boot 15:42:16.0369 6132 ============================================================ 15:42:16.0853 6132 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:42:16.0868 6132 ============================================================ 15:42:16.0868 6132 \Device\Harddisk0\DR0: 15:42:16.0868 6132 MBR partitions: 15:42:16.0868 6132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1432800, BlocksNum 0x222C844C 15:42:16.0868 6132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x236FAC4C, BlocksNum 0x16C8ABE4 15:42:16.0868 6132 ============================================================ 15:42:16.0899 6132 C: <-> \Device\Harddisk0\DR0\Partition0 15:42:16.0931 6132 D: <-> \Device\Harddisk0\DR0\Partition1 15:42:16.0931 6132 ============================================================ 15:42:16.0931 6132 Initialize success 15:42:16.0931 6132 ============================================================ 15:42:34.0730 1004 ============================================================ 15:42:34.0730 1004 Scan started 15:42:34.0730 1004 Mode: Manual; SigCheck; TDLFS; 15:42:34.0730 1004 ============================================================ 15:42:35.0105 1004 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys 15:42:35.0214 1004 1394ohci - ok 15:42:35.0339 1004 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 15:42:35.0370 1004 ACDaemon - ok 15:42:35.0432 1004 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys 15:42:35.0464 1004 ACPI - ok 15:42:35.0495 1004 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys 15:42:35.0526 1004 AcpiPmi - ok 15:42:35.0573 1004 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys 15:42:35.0604 1004 adp94xx - ok 15:42:35.0635 1004 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys 15:42:35.0651 1004 adpahci - ok 15:42:35.0666 1004 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys 15:42:35.0682 1004 adpu320 - ok 15:42:35.0713 1004 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll 15:42:35.0713 1004 AeLookupSvc - ok 15:42:35.0791 1004 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys 15:42:35.0807 1004 AFD - ok 15:42:35.0854 1004 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys 15:42:35.0854 1004 agp440 - ok 15:42:35.0900 1004 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys 15:42:35.0916 1004 aic78xx - ok 15:42:35.0947 1004 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe 15:42:35.0963 1004 ALG - ok 15:42:35.0994 1004 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys 15:42:36.0025 1004 aliide - ok 15:42:36.0056 1004 AMD External Events Utility (4fca011a5afb252cab7b30ef12a99ce8) C:\windows\system32\atiesrxx.exe 15:42:36.0072 1004 AMD External Events Utility - ok 15:42:36.0103 1004 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys 15:42:36.0119 1004 amdagp - ok 15:42:36.0134 1004 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys 15:42:36.0150 1004 amdide - ok 15:42:36.0166 1004 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys 15:42:36.0181 1004 AmdK8 - ok 15:42:36.0556 1004 amdkmdag (b0ad0b3ed60d9c60b85731a9e08e27b9) C:\windows\system32\DRIVERS\atipmdag.sys 15:42:36.0618 1004 amdkmdag - ok 15:42:36.0790 1004 amdkmdap (9c07c155b0e1b0df48fae92f0e6c0761) C:\windows\system32\DRIVERS\atikmpag.sys 15:42:36.0821 1004 amdkmdap - ok 15:42:36.0852 1004 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys 15:42:36.0868 1004 AmdPPM - ok 15:42:36.0883 1004 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys 15:42:36.0899 1004 amdsata - ok 15:42:36.0930 1004 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys 15:42:36.0946 1004 amdsbs - ok 15:42:36.0961 1004 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys 15:42:36.0977 1004 amdxata - ok 15:42:37.0055 1004 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe 15:42:37.0070 1004 AntiVirSchedulerService - ok 15:42:37.0102 1004 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 15:42:37.0102 1004 AntiVirService - ok 15:42:37.0164 1004 AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 15:42:37.0195 1004 AntiVirWebService - ok 15:42:37.0258 1004 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys 15:42:37.0304 1004 AppID - ok 15:42:37.0336 1004 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll 15:42:37.0382 1004 AppIDSvc - ok 15:42:37.0398 1004 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll 15:42:37.0429 1004 Appinfo - ok 15:42:37.0460 1004 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys 15:42:37.0476 1004 arc - ok 15:42:37.0476 1004 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys 15:42:37.0492 1004 arcsas - ok 15:42:37.0523 1004 ArcSoftKsUFilter (dfd07f0a36bd4f7e7ad2bc5548213694) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys 15:42:37.0538 1004 ArcSoftKsUFilter - ok 15:42:37.0538 1004 aswFsBlk - ok 15:42:37.0601 1004 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\windows\system32\drivers\aswMonFlt.sys 15:42:37.0616 1004 aswMonFlt - ok 15:42:37.0648 1004 aswRdr (2fdcfa71d5462effc178fd2e70b301cb) C:\windows\system32\drivers\aswRdr.sys 15:42:37.0648 1004 Suspicious file (Forged): C:\windows\system32\drivers\aswRdr.sys. Real md5: 2fdcfa71d5462effc178fd2e70b301cb, Fake md5: aa96492df3a150bf0741f7d5201e7dd0 15:42:37.0648 1004 aswRdr ( ForgedFile.Multi.Generic ) - warning 15:42:37.0648 1004 aswRdr - detected ForgedFile.Multi.Generic (1) 15:42:37.0694 1004 aswSnx (17230708a2028cd995656df455f2e303) C:\windows\system32\drivers\aswSnx.sys 15:42:37.0726 1004 aswSnx - ok 15:42:37.0757 1004 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\windows\system32\drivers\aswSP.sys 15:42:37.0772 1004 aswSP - ok 15:42:37.0788 1004 aswTdi - ok 15:42:37.0819 1004 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys 15:42:37.0850 1004 AsyncMac - ok 15:42:37.0882 1004 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys 15:42:37.0897 1004 atapi - ok 15:42:38.0084 1004 athr (31cb2740bfdbac1e48e2b7ead38f0d27) C:\windows\system32\DRIVERS\athr.sys 15:42:38.0131 1004 athr - ok 15:42:38.0303 1004 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll 15:42:38.0350 1004 AudioEndpointBuilder - ok 15:42:38.0350 1004 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll 15:42:38.0381 1004 Audiosrv - ok 15:42:38.0459 1004 avast! Antivirus (d16c826f375a44802bf317982e81a7e2) C:\Program Files\AVAST Software\Avast\AvastSvc.exe 15:42:38.0474 1004 avast! Antivirus - ok 15:42:38.0552 1004 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\windows\system32\DRIVERS\avgntflt.sys 15:42:38.0584 1004 avgntflt - ok 15:42:38.0599 1004 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\windows\system32\DRIVERS\avipbb.sys 15:42:38.0615 1004 avipbb - ok 15:42:38.0615 1004 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\windows\system32\DRIVERS\avkmgr.sys 15:42:38.0630 1004 avkmgr - ok 15:42:38.0677 1004 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll 15:42:38.0708 1004 AxInstSV - ok 15:42:38.0755 1004 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys 15:42:38.0771 1004 b06bdrv - ok 15:42:38.0818 1004 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys 15:42:38.0833 1004 b57nd60x - ok 15:42:38.0880 1004 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll 15:42:38.0896 1004 BDESVC - ok 15:42:38.0927 1004 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys 15:42:38.0958 1004 Beep - ok 15:42:39.0020 1004 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll 15:42:39.0067 1004 BFE - ok 15:42:39.0145 1004 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll 15:42:39.0192 1004 BITS - ok 15:42:39.0223 1004 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys 15:42:39.0239 1004 blbdrive - ok 15:42:39.0254 1004 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys 15:42:39.0270 1004 bowser - ok 15:42:39.0286 1004 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys 15:42:39.0301 1004 BrFiltLo - ok 15:42:39.0317 1004 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys 15:42:39.0332 1004 BrFiltUp - ok 15:42:39.0348 1004 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll 15:42:39.0379 1004 Browser - ok 15:42:39.0395 1004 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys 15:42:39.0410 1004 Brserid - ok 15:42:39.0426 1004 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys 15:42:39.0442 1004 BrSerWdm - ok 15:42:39.0457 1004 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys 15:42:39.0473 1004 BrUsbMdm - ok 15:42:39.0488 1004 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys 15:42:39.0504 1004 BrUsbSer - ok 15:42:39.0535 1004 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys 15:42:39.0566 1004 BthEnum - ok 15:42:39.0582 1004 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys 15:42:39.0598 1004 BTHMODEM - ok 15:42:39.0629 1004 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys 15:42:39.0660 1004 BthPan - ok 15:42:39.0722 1004 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys 15:42:39.0816 1004 BTHPORT - ok 15:42:39.0847 1004 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll 15:42:39.0910 1004 bthserv - ok 15:42:39.0956 1004 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys 15:42:39.0988 1004 BTHUSB - ok 15:42:40.0034 1004 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys 15:42:40.0097 1004 cdfs - ok 15:42:40.0144 1004 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys 15:42:40.0190 1004 cdrom - ok 15:42:40.0222 1004 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll 15:42:40.0284 1004 CertPropSvc - ok 15:42:40.0315 1004 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys 15:42:40.0346 1004 circlass - ok 15:42:40.0409 1004 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys 15:42:40.0440 1004 CLFS - ok 15:42:40.0502 1004 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:42:40.0534 1004 clr_optimization_v2.0.50727_32 - ok 15:42:40.0627 1004 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:42:40.0643 1004 clr_optimization_v4.0.30319_32 - ok 15:42:40.0674 1004 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys 15:42:40.0721 1004 CmBatt - ok 15:42:40.0752 1004 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys 15:42:40.0768 1004 cmdide - ok 15:42:40.0814 1004 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys 15:42:40.0877 1004 CNG - ok 15:42:40.0908 1004 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys 15:42:40.0924 1004 Compbatt - ok 15:42:40.0955 1004 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys 15:42:40.0986 1004 CompositeBus - ok 15:42:41.0002 1004 COMSysApp - ok 15:42:41.0033 1004 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys 15:42:41.0048 1004 crcdisk - ok 15:42:41.0080 1004 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll 15:42:41.0158 1004 CryptSvc - ok 15:42:41.0220 1004 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll 15:42:41.0298 1004 DcomLaunch - ok 15:42:41.0345 1004 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll 15:42:41.0407 1004 defragsvc - ok 15:42:41.0454 1004 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys 15:42:41.0532 1004 DfsC - ok 15:42:41.0610 1004 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll 15:42:41.0688 1004 Dhcp - ok 15:42:41.0719 1004 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys 15:42:41.0766 1004 discache - ok 15:42:41.0813 1004 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys 15:42:41.0844 1004 Disk - ok 15:42:41.0891 1004 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll 15:42:41.0953 1004 Dnscache - ok 15:42:41.0984 1004 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll 15:42:42.0047 1004 dot3svc - ok 15:42:42.0109 1004 Dot4 (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys 15:42:42.0172 1004 Dot4 - ok 15:42:42.0218 1004 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\windows\system32\drivers\Dot4Prt.sys 15:42:42.0265 1004 Dot4Print - ok 15:42:42.0312 1004 dot4usb (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys 15:42:42.0359 1004 dot4usb - ok 15:42:42.0390 1004 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll 15:42:42.0468 1004 DPS - ok 15:42:42.0499 1004 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys 15:42:42.0530 1004 drmkaud - ok 15:42:42.0593 1004 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\windows\system32\DRIVERS\dtsoftbus01.sys 15:42:42.0608 1004 dtsoftbus01 - ok 15:42:42.0686 1004 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys 15:42:42.0749 1004 DXGKrnl - ok 15:42:42.0796 1004 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll 15:42:42.0858 1004 EapHost - ok 15:42:43.0123 1004 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys 15:42:43.0264 1004 ebdrv - ok 15:42:43.0388 1004 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe 15:42:43.0451 1004 EFS - ok 15:42:43.0544 1004 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe 15:42:43.0669 1004 ehRecvr - ok 15:42:43.0700 1004 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe 15:42:43.0778 1004 ehSched - ok 15:42:43.0872 1004 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys 15:42:43.0934 1004 elxstor - ok 15:42:43.0966 1004 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys 15:42:44.0012 1004 ErrDev - ok 15:42:44.0090 1004 EUCR (73fafd5a8e5e01302c71b4997ee28bde) C:\windows\system32\DRIVERS\EUCR6SK.SYS 15:42:44.0106 1004 EUCR - ok 15:42:44.0153 1004 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll 15:42:44.0246 1004 EventSystem - ok 15:42:44.0293 1004 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys 15:42:44.0356 1004 exfat - ok 15:42:44.0371 1004 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys 15:42:44.0418 1004 fastfat - ok 15:42:44.0496 1004 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe 15:42:44.0558 1004 Fax - ok 15:42:44.0605 1004 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys 15:42:44.0636 1004 fdc - ok 15:42:44.0683 1004 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll 15:42:44.0746 1004 fdPHost - ok 15:42:44.0761 1004 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll 15:42:44.0808 1004 FDResPub - ok 15:42:44.0824 1004 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys 15:42:44.0839 1004 FileInfo - ok 15:42:44.0839 1004 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys 15:42:44.0886 1004 Filetrace - ok 15:42:44.0933 1004 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys 15:42:44.0964 1004 flpydisk - ok 15:42:45.0026 1004 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys 15:42:45.0042 1004 FltMgr - ok 15:42:45.0120 1004 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll 15:42:45.0214 1004 FontCache - ok 15:42:45.0323 1004 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 15:42:45.0338 1004 FontCache3.0.0.0 - ok 15:42:45.0354 1004 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys 15:42:45.0385 1004 FsDepends - ok 15:42:45.0401 1004 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys 15:42:45.0416 1004 Fs_Rec - ok 15:42:45.0463 1004 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys 15:42:45.0494 1004 fvevol - ok 15:42:45.0510 1004 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys 15:42:45.0526 1004 gagp30kx - ok 15:42:45.0588 1004 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll 15:42:45.0666 1004 gpsvc - ok 15:42:45.0666 1004 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys 15:42:45.0713 1004 hcw85cir - ok 15:42:45.0775 1004 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys 15:42:45.0838 1004 HdAudAddService - ok 15:42:45.0884 1004 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys 15:42:45.0931 1004 HDAudBus - ok 15:42:45.0978 1004 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys 15:42:46.0025 1004 HECI - ok 15:42:46.0025 1004 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys 15:42:46.0072 1004 HidBatt - ok 15:42:46.0087 1004 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys 15:42:46.0118 1004 HidBth - ok 15:42:46.0150 1004 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys 15:42:46.0196 1004 HidIr - ok 15:42:46.0228 1004 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll 15:42:46.0306 1004 hidserv - ok 15:42:46.0337 1004 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys 15:42:46.0384 1004 HidUsb - ok 15:42:46.0415 1004 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll 15:42:46.0462 1004 hkmsvc - ok 15:42:46.0493 1004 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll 15:42:46.0571 1004 HomeGroupListener - ok 15:42:46.0618 1004 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll 15:42:46.0664 1004 HomeGroupProvider - ok 15:42:46.0820 1004 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 15:42:46.0852 1004 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 15:42:46.0852 1004 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 15:42:46.0898 1004 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 15:42:46.0930 1004 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 15:42:46.0930 1004 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 15:42:46.0992 1004 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys 15:42:47.0008 1004 HpSAMD - ok 15:42:47.0086 1004 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys 15:42:47.0132 1004 HTTP - ok 15:42:47.0164 1004 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys 15:42:47.0179 1004 hwpolicy - ok 15:42:47.0210 1004 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys 15:42:47.0257 1004 i8042prt - ok 15:42:47.0351 1004 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 15:42:47.0382 1004 IAANTMON - ok 15:42:47.0413 1004 iaStor (0baa4115dfffd6a6d809a89d65e1281a) C:\windows\system32\DRIVERS\iaStor.sys 15:42:47.0444 1004 iaStor - ok 15:42:47.0507 1004 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys 15:42:47.0538 1004 iaStorV - ok 15:42:47.0647 1004 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:42:47.0756 1004 idsvc - ok 15:42:47.0881 1004 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys 15:42:47.0912 1004 iirsp - ok 15:42:48.0006 1004 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll 15:42:48.0068 1004 IKEEXT - ok 15:42:48.0146 1004 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\windows\system32\DRIVERS\Impcd.sys 15:42:48.0193 1004 Impcd - ok 15:42:48.0474 1004 IntcAzAudAddService (97fa95e4f486f37d60ad3744d86f3d7e) C:\windows\system32\drivers\RTKVHDA.sys 15:42:48.0614 1004 IntcAzAudAddService - ok 15:42:48.0786 1004 IntcDAud (29061f25abb6e60a5b49fbeed7a5698a) C:\windows\system32\DRIVERS\IntcDAud.sys 15:42:48.0864 1004 IntcDAud - ok 15:42:48.0895 1004 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys 15:42:48.0911 1004 intelide - ok 15:42:49.0394 1004 intelkmd (faf70667be6d1e1ffbacc8d4fc15d645) C:\windows\system32\DRIVERS\igdpmd32.sys 15:42:49.0597 1004 intelkmd - ok 15:42:49.0769 1004 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys 15:42:49.0816 1004 intelppm - ok 15:42:49.0847 1004 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll 15:42:49.0909 1004 IPBusEnum - ok 15:42:49.0909 1004 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys 15:42:49.0940 1004 IpFilterDriver - ok 15:42:50.0018 1004 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll 15:42:50.0096 1004 iphlpsvc - ok 15:42:50.0128 1004 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys 15:42:50.0159 1004 IPMIDRV - ok 15:42:50.0206 1004 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys 15:42:50.0237 1004 IPNAT - ok 15:42:50.0268 1004 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys 15:42:50.0330 1004 IRENUM - ok 15:42:50.0346 1004 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys 15:42:50.0362 1004 isapnp - ok 15:42:50.0408 1004 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys 15:42:50.0440 1004 iScsiPrt - ok 15:42:50.0471 1004 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys 15:42:50.0486 1004 kbdclass - ok 15:42:50.0502 1004 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys 15:42:50.0518 1004 kbdhid - ok 15:42:50.0549 1004 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 15:42:50.0564 1004 KeyIso - ok 15:42:50.0580 1004 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys 15:42:50.0596 1004 KSecDD - ok 15:42:50.0627 1004 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys 15:42:50.0658 1004 KSecPkg - ok 15:42:50.0705 1004 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll 15:42:50.0783 1004 KtmRm - ok 15:42:50.0861 1004 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll 15:42:50.0923 1004 LanmanServer - ok 15:42:50.0954 1004 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll 15:42:51.0017 1004 LanmanWorkstation - ok 15:42:51.0064 1004 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys 15:42:51.0126 1004 lltdio - ok 15:42:51.0173 1004 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll 15:42:51.0251 1004 lltdsvc - ok 15:42:51.0266 1004 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll 15:42:51.0313 1004 lmhosts - ok 15:42:51.0438 1004 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 15:42:51.0469 1004 LMS - ok 15:42:51.0500 1004 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys 15:42:51.0516 1004 LSI_FC - ok 15:42:51.0532 1004 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys 15:42:51.0547 1004 LSI_SAS - ok 15:42:51.0563 1004 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys 15:42:51.0563 1004 LSI_SAS2 - ok 15:42:51.0578 1004 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys 15:42:51.0594 1004 LSI_SCSI - ok 15:42:51.0610 1004 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys 15:42:51.0656 1004 luafv - ok 15:42:51.0688 1004 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys 15:42:51.0688 1004 MBAMProtector - ok 15:42:51.0781 1004 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 15:42:51.0828 1004 MBAMService - ok 15:42:51.0859 1004 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll 15:42:51.0890 1004 Mcx2Svc - ok 15:42:51.0906 1004 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys 15:42:51.0922 1004 megasas - ok 15:42:51.0953 1004 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys 15:42:51.0984 1004 MegaSR - ok 15:42:52.0046 1004 Micro Star SCM (71c6748ee8de938532057ef10b4b7e44) C:\Program Files\System Control Manager\MSIService.exe 15:42:52.0078 1004 Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning 15:42:52.0078 1004 Micro Star SCM - detected UnsignedFile.Multi.Generic (1) 15:42:52.0124 1004 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll 15:42:52.0187 1004 MMCSS - ok 15:42:52.0218 1004 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys 15:42:52.0265 1004 Modem - ok 15:42:52.0265 1004 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys 15:42:52.0280 1004 monitor - ok 15:42:52.0327 1004 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys 15:42:52.0343 1004 mouclass - ok 15:42:52.0374 1004 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys 15:42:52.0405 1004 mouhid - ok 15:42:52.0452 1004 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys 15:42:52.0468 1004 mountmgr - ok 15:42:52.0499 1004 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys 15:42:52.0514 1004 mpio - ok 15:42:52.0546 1004 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys 15:42:52.0608 1004 mpsdrv - ok 15:42:52.0670 1004 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll 15:42:52.0748 1004 MpsSvc - ok 15:42:52.0795 1004 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys 15:42:52.0858 1004 MRxDAV - ok 15:42:52.0889 1004 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys 15:42:52.0920 1004 mrxsmb - ok 15:42:52.0951 1004 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys 15:42:52.0998 1004 mrxsmb10 - ok 15:42:53.0029 1004 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys 15:42:53.0076 1004 mrxsmb20 - ok 15:42:53.0092 1004 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys 15:42:53.0123 1004 msahci - ok 15:42:53.0138 1004 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys 15:42:53.0154 1004 msdsm - ok 15:42:53.0185 1004 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe 15:42:53.0263 1004 MSDTC - ok 15:42:53.0310 1004 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys 15:42:53.0388 1004 Msfs - ok 15:42:53.0404 1004 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys 15:42:53.0450 1004 mshidkmdf - ok 15:42:53.0482 1004 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys 15:42:53.0497 1004 msisadrv - ok 15:42:53.0528 1004 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll 15:42:53.0575 1004 MSiSCSI - ok 15:42:53.0575 1004 msiserver - ok 15:42:53.0684 1004 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\Program Files\MSI\Live Update 5\msibios32_100507.sys 15:42:53.0716 1004 MSI_MSIBIOS_010507 - ok 15:42:53.0731 1004 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys 15:42:53.0794 1004 MSKSSRV - ok 15:42:53.0809 1004 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys 15:42:53.0856 1004 MSPCLOCK - ok 15:42:53.0872 1004 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys 15:42:53.0950 1004 MSPQM - ok 15:42:53.0996 1004 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys 15:42:54.0012 1004 MsRPC - ok 15:42:54.0043 1004 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys 15:42:54.0059 1004 mssmbios - ok 15:42:54.0074 1004 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys 15:42:54.0106 1004 MSTEE - ok 15:42:54.0137 1004 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys 15:42:54.0152 1004 MTConfig - ok 15:42:54.0184 1004 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys 15:42:54.0199 1004 Mup - ok 15:42:54.0230 1004 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll 15:42:54.0308 1004 napagent - ok 15:42:54.0386 1004 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys 15:42:54.0433 1004 NativeWifiP - ok 15:42:54.0511 1004 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys 15:42:54.0542 1004 NDIS - ok 15:42:54.0574 1004 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys 15:42:54.0636 1004 NdisCap - ok 15:42:54.0667 1004 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys 15:42:54.0698 1004 NdisTapi - ok 15:42:54.0714 1004 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys 15:42:54.0745 1004 Ndisuio - ok 15:42:54.0776 1004 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys 15:42:54.0839 1004 NdisWan - ok 15:42:54.0870 1004 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys 15:42:54.0932 1004 NDProxy - ok 15:42:54.0979 1004 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\windows\system32\HPZinw12.dll 15:42:55.0010 1004 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 15:42:55.0010 1004 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 15:42:55.0042 1004 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys 15:42:55.0104 1004 NetBIOS - ok 15:42:55.0151 1004 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys 15:42:55.0229 1004 NetBT - ok 15:42:55.0260 1004 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 15:42:55.0276 1004 Netlogon - ok 15:42:55.0322 1004 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll 15:42:55.0385 1004 Netman - ok 15:42:55.0416 1004 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll 15:42:55.0478 1004 netprofm - ok 15:42:55.0556 1004 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:42:55.0603 1004 NetTcpPortSharing - ok 15:42:55.0650 1004 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys 15:42:55.0666 1004 nfrd960 - ok 15:42:55.0728 1004 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll 15:42:55.0775 1004 NlaSvc - ok 15:42:55.0790 1004 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys 15:42:55.0822 1004 Npfs - ok 15:42:55.0853 1004 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll 15:42:55.0900 1004 nsi - ok 15:42:55.0931 1004 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys 15:42:55.0978 1004 nsiproxy - ok 15:42:56.0102 1004 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys 15:42:56.0180 1004 Ntfs - ok 15:42:56.0274 1004 NTIOLib_1_0_4 (cd2166c9511d336a058cde91778aaa69) C:\Program Files\msi\Live Update 5\NTIOLib.sys 15:42:56.0290 1004 NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - warning 15:42:56.0290 1004 NTIOLib_1_0_4 - detected UnsignedFile.Multi.Generic (1) 15:42:56.0414 1004 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys 15:42:56.0477 1004 Null - ok 15:42:56.0524 1004 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys 15:42:56.0570 1004 nvraid - ok 15:42:56.0586 1004 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys 15:42:56.0602 1004 nvstor - ok 15:42:56.0633 1004 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys 15:42:56.0664 1004 nv_agp - ok 15:42:56.0695 1004 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys 15:42:56.0742 1004 ohci1394 - ok 15:42:56.0836 1004 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:42:56.0851 1004 ose - ok 15:42:57.0226 1004 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 15:42:57.0397 1004 osppsvc - ok 15:42:57.0413 1004 Scan interrupted by user! 15:42:57.0413 1004 Scan interrupted by user! 15:42:57.0413 1004 Scan interrupted by user! 15:42:57.0413 1004 ============================================================ 15:42:57.0413 1004 Scan finished 15:42:57.0413 1004 ============================================================ 15:42:57.0413 5292 Detected object count: 6 15:42:57.0413 5292 Actual detected object count: 6 15:42:59.0940 5292 aswRdr ( ForgedFile.Multi.Generic ) - skipped by user 15:42:59.0940 5292 aswRdr ( ForgedFile.Multi.Generic ) - User select action: Skip 15:42:59.0940 5292 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 15:42:59.0940 5292 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:42:59.0940 5292 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 15:42:59.0940 5292 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:42:59.0956 5292 Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user 15:42:59.0956 5292 Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:42:59.0956 5292 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 15:42:59.0956 5292 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:42:59.0956 5292 NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - skipped by user 15:42:59.0956 5292 NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:43:21.0109 0188 ============================================================ 15:43:21.0109 0188 Scan started 15:43:21.0109 0188 Mode: Manual; SigCheck; TDLFS; 15:43:21.0109 0188 ============================================================ 15:43:21.0390 0188 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys 15:43:21.0421 0188 1394ohci - ok 15:43:21.0499 0188 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 15:43:21.0515 0188 ACDaemon - ok 15:43:21.0562 0188 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys 15:43:21.0593 0188 ACPI - ok 15:43:21.0624 0188 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys 15:43:21.0640 0188 AcpiPmi - ok 15:43:21.0686 0188 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys 15:43:21.0702 0188 adp94xx - ok 15:43:21.0733 0188 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys 15:43:21.0749 0188 adpahci - ok 15:43:21.0764 0188 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys 15:43:21.0764 0188 adpu320 - ok 15:43:21.0811 0188 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll 15:43:21.0827 0188 AeLookupSvc - ok 15:43:21.0874 0188 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys 15:43:21.0889 0188 AFD - ok 15:43:21.0920 0188 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys 15:43:21.0936 0188 agp440 - ok 15:43:21.0952 0188 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys 15:43:21.0967 0188 aic78xx - ok 15:43:21.0998 0188 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe 15:43:22.0014 0188 ALG - ok 15:43:22.0045 0188 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys 15:43:22.0045 0188 aliide - ok 15:43:22.0076 0188 AMD External Events Utility (4fca011a5afb252cab7b30ef12a99ce8) C:\windows\system32\atiesrxx.exe 15:43:22.0092 0188 AMD External Events Utility - ok 15:43:22.0108 0188 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys 15:43:22.0123 0188 amdagp - ok 15:43:22.0123 0188 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys 15:43:22.0139 0188 amdide - ok 15:43:22.0154 0188 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys 15:43:22.0170 0188 AmdK8 - ok 15:43:22.0529 0188 amdkmdag (b0ad0b3ed60d9c60b85731a9e08e27b9) C:\windows\system32\DRIVERS\atipmdag.sys 15:43:22.0607 0188 amdkmdag - ok 15:43:22.0716 0188 amdkmdap (9c07c155b0e1b0df48fae92f0e6c0761) C:\windows\system32\DRIVERS\atikmpag.sys 15:43:22.0747 0188 amdkmdap - ok 15:43:22.0763 0188 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys 15:43:22.0778 0188 AmdPPM - ok 15:43:22.0810 0188 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys 15:43:22.0810 0188 amdsata - ok 15:43:22.0841 0188 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys 15:43:22.0856 0188 amdsbs - ok 15:43:22.0872 0188 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys 15:43:22.0888 0188 amdxata - ok 15:43:22.0934 0188 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe 15:43:22.0966 0188 AntiVirSchedulerService - ok 15:43:22.0981 0188 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 15:43:22.0997 0188 AntiVirService - ok 15:43:23.0028 0188 AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 15:43:23.0059 0188 AntiVirWebService - ok 15:43:23.0075 0188 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys 15:43:23.0122 0188 AppID - ok 15:43:23.0153 0188 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll 15:43:23.0184 0188 AppIDSvc - ok 15:43:23.0200 0188 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll 15:43:23.0231 0188 Appinfo - ok 15:43:23.0246 0188 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys 15:43:23.0262 0188 arc - ok 15:43:23.0278 0188 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys 15:43:23.0278 0188 arcsas - ok 15:43:23.0309 0188 ArcSoftKsUFilter (dfd07f0a36bd4f7e7ad2bc5548213694) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys 15:43:23.0309 0188 ArcSoftKsUFilter - ok 15:43:23.0309 0188 aswFsBlk - ok 15:43:23.0340 0188 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\windows\system32\drivers\aswMonFlt.sys 15:43:23.0356 0188 aswMonFlt - ok 15:43:23.0371 0188 aswRdr (2fdcfa71d5462effc178fd2e70b301cb) C:\windows\system32\drivers\aswRdr.sys 15:43:23.0371 0188 Suspicious file (Forged): C:\windows\system32\drivers\aswRdr.sys. Real md5: 2fdcfa71d5462effc178fd2e70b301cb, Fake md5: aa96492df3a150bf0741f7d5201e7dd0 15:43:23.0371 0188 aswRdr ( ForgedFile.Multi.Generic ) - warning 15:43:23.0371 0188 aswRdr - detected ForgedFile.Multi.Generic (1) 15:43:23.0402 0188 aswSnx (17230708a2028cd995656df455f2e303) C:\windows\system32\drivers\aswSnx.sys 15:43:23.0434 0188 aswSnx - ok 15:43:23.0480 0188 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\windows\system32\drivers\aswSP.sys 15:43:23.0496 0188 aswSP - ok 15:43:23.0496 0188 aswTdi - ok 15:43:23.0512 0188 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys 15:43:23.0543 0188 AsyncMac - ok 15:43:23.0574 0188 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys 15:43:23.0574 0188 atapi - ok 15:43:23.0761 0188 athr (31cb2740bfdbac1e48e2b7ead38f0d27) C:\windows\system32\DRIVERS\athr.sys 15:43:23.0808 0188 athr - ok 15:43:23.0933 0188 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll 15:43:23.0995 0188 AudioEndpointBuilder - ok 15:43:23.0995 0188 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll 15:43:24.0026 0188 Audiosrv - ok 15:43:24.0104 0188 avast! Antivirus (d16c826f375a44802bf317982e81a7e2) C:\Program Files\AVAST Software\Avast\AvastSvc.exe 15:43:24.0120 0188 avast! Antivirus - ok 15:43:24.0167 0188 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\windows\system32\DRIVERS\avgntflt.sys 15:43:24.0198 0188 avgntflt - ok 15:43:24.0214 0188 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\windows\system32\DRIVERS\avipbb.sys 15:43:24.0245 0188 avipbb - ok 15:43:24.0260 0188 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\windows\system32\DRIVERS\avkmgr.sys 15:43:24.0276 0188 avkmgr - ok 15:43:24.0307 0188 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll 15:43:24.0323 0188 AxInstSV - ok 15:43:24.0385 0188 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys 15:43:24.0416 0188 b06bdrv - ok 15:43:24.0448 0188 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys 15:43:24.0463 0188 b57nd60x - ok 15:43:24.0479 0188 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll 15:43:24.0510 0188 BDESVC - ok 15:43:24.0510 0188 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys 15:43:24.0541 0188 Beep - ok 15:43:24.0588 0188 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll 15:43:24.0635 0188 BFE - ok 15:43:24.0697 0188 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll 15:43:24.0744 0188 BITS - ok 15:43:24.0760 0188 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys 15:43:24.0760 0188 blbdrive - ok 15:43:24.0791 0188 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys 15:43:24.0806 0188 bowser - ok 15:43:24.0806 0188 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys 15:43:24.0822 0188 BrFiltLo - ok 15:43:24.0838 0188 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys 15:43:24.0853 0188 BrFiltUp - ok 15:43:24.0869 0188 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll 15:43:24.0900 0188 Browser - ok 15:43:24.0916 0188 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys 15:43:24.0931 0188 Brserid - ok 15:43:24.0947 0188 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys 15:43:24.0962 0188 BrSerWdm - ok 15:43:24.0962 0188 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys 15:43:24.0978 0188 BrUsbMdm - ok 15:43:24.0994 0188 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys 15:43:25.0009 0188 BrUsbSer - ok 15:43:25.0025 0188 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys 15:43:25.0040 0188 BthEnum - ok 15:43:25.0040 0188 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys 15:43:25.0056 0188 BTHMODEM - ok 15:43:25.0072 0188 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys 15:43:25.0087 0188 BthPan - ok 15:43:25.0134 0188 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys 15:43:25.0150 0188 BTHPORT - ok 15:43:25.0181 0188 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll 15:43:25.0212 0188 bthserv - ok 15:43:25.0228 0188 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys 15:43:25.0243 0188 BTHUSB - ok 15:43:25.0259 0188 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys 15:43:25.0290 0188 cdfs - ok 15:43:25.0321 0188 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys 15:43:25.0337 0188 cdrom - ok 15:43:25.0352 0188 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll 15:43:25.0368 0188 CertPropSvc - ok 15:43:25.0384 0188 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys 15:43:25.0399 0188 circlass - ok 15:43:25.0477 0188 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys 15:43:25.0493 0188 CLFS - ok 15:43:25.0555 0188 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:43:25.0571 0188 clr_optimization_v2.0.50727_32 - ok 15:43:25.0649 0188 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:43:25.0664 0188 clr_optimization_v4.0.30319_32 - ok 15:43:25.0680 0188 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys 15:43:25.0711 0188 CmBatt - ok 15:43:25.0727 0188 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys 15:43:25.0742 0188 cmdide - ok 15:43:25.0789 0188 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys 15:43:25.0836 0188 CNG - ok 15:43:25.0836 0188 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys 15:43:25.0836 0188 Compbatt - ok 15:43:25.0852 0188 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys 15:43:25.0867 0188 CompositeBus - ok 15:43:25.0867 0188 COMSysApp - ok 15:43:25.0898 0188 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys 15:43:25.0914 0188 crcdisk - ok 15:43:25.0930 0188 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll 15:43:25.0945 0188 CryptSvc - ok 15:43:25.0992 0188 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll 15:43:26.0023 0188 DcomLaunch - ok 15:43:26.0070 0188 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll 15:43:26.0117 0188 defragsvc - ok 15:43:26.0132 0188 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys 15:43:26.0164 0188 DfsC - ok 15:43:26.0195 0188 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll 15:43:26.0226 0188 Dhcp - ok 15:43:26.0257 0188 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys 15:43:26.0288 0188 discache - ok 15:43:26.0320 0188 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys 15:43:26.0320 0188 Disk - ok 15:43:26.0351 0188 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll 15:43:26.0366 0188 Dnscache - ok 15:43:26.0398 0188 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll 15:43:26.0429 0188 dot3svc - ok 15:43:26.0460 0188 Dot4 (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys 15:43:26.0476 0188 Dot4 - ok 15:43:26.0491 0188 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\windows\system32\drivers\Dot4Prt.sys 15:43:26.0507 0188 Dot4Print - ok 15:43:26.0538 0188 dot4usb (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys 15:43:26.0554 0188 dot4usb - ok 15:43:26.0585 0188 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll 15:43:26.0616 0188 DPS - ok 15:43:26.0616 0188 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys 15:43:26.0632 0188 drmkaud - ok 15:43:26.0678 0188 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\windows\system32\DRIVERS\dtsoftbus01.sys 15:43:26.0710 0188 dtsoftbus01 - ok 15:43:26.0788 0188 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys 15:43:26.0803 0188 DXGKrnl - ok 15:43:26.0834 0188 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll 15:43:26.0866 0188 EapHost - ok 15:43:27.0100 0188 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys 15:43:27.0146 0188 ebdrv - ok 15:43:27.0256 0188 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe 15:43:27.0287 0188 EFS - ok 15:43:27.0365 0188 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe 15:43:27.0396 0188 ehRecvr - ok 15:43:27.0427 0188 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe 15:43:27.0458 0188 ehSched - ok 15:43:27.0536 0188 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys 15:43:27.0583 0188 elxstor - ok 15:43:27.0614 0188 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys 15:43:27.0630 0188 ErrDev - ok 15:43:27.0630 0188 EUCR (73fafd5a8e5e01302c71b4997ee28bde) C:\windows\system32\DRIVERS\EUCR6SK.SYS 15:43:27.0646 0188 EUCR - ok 15:43:27.0692 0188 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll 15:43:27.0724 0188 EventSystem - ok 15:43:27.0739 0188 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys 15:43:27.0770 0188 exfat - ok 15:43:27.0770 0188 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys 15:43:27.0802 0188 fastfat - ok 15:43:27.0880 0188 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe 15:43:27.0911 0188 Fax - ok 15:43:27.0942 0188 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys 15:43:27.0942 0188 fdc - ok 15:43:27.0958 0188 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll 15:43:27.0989 0188 fdPHost - ok 15:43:28.0020 0188 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll 15:43:28.0051 0188 FDResPub - ok 15:43:28.0051 0188 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys 15:43:28.0067 0188 FileInfo - ok 15:43:28.0067 0188 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys 15:43:28.0098 0188 Filetrace - ok 15:43:28.0098 0188 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys 15:43:28.0114 0188 flpydisk - ok 15:43:28.0129 0188 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys 15:43:28.0145 0188 FltMgr - ok 15:43:28.0254 0188 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll 15:43:28.0285 0188 FontCache - ok 15:43:28.0363 0188 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 15:43:28.0379 0188 FontCache3.0.0.0 - ok 15:43:28.0394 0188 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys 15:43:28.0410 0188 FsDepends - ok 15:43:28.0426 0188 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys 15:43:28.0441 0188 Fs_Rec - ok 15:43:28.0472 0188 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys 15:43:28.0504 0188 fvevol - ok 15:43:28.0504 0188 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys 15:43:28.0519 0188 gagp30kx - ok 15:43:28.0566 0188 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll 15:43:28.0613 0188 gpsvc - ok 15:43:28.0613 0188 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys 15:43:28.0628 0188 hcw85cir - ok 15:43:28.0675 0188 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys 15:43:28.0691 0188 HdAudAddService - ok 15:43:28.0706 0188 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys 15:43:28.0722 0188 HDAudBus - ok 15:43:28.0738 0188 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys 15:43:28.0753 0188 HECI - ok 15:43:28.0753 0188 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys 15:43:28.0769 0188 HidBatt - ok 15:43:28.0784 0188 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys 15:43:28.0800 0188 HidBth - ok 15:43:28.0800 0188 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys 15:43:28.0816 0188 HidIr - ok 15:43:28.0847 0188 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll 15:43:28.0878 0188 hidserv - ok 15:43:28.0894 0188 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys 15:43:28.0909 0188 HidUsb - ok 15:43:28.0940 0188 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll 15:43:28.0972 0188 hkmsvc - ok 15:43:28.0987 0188 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll 15:43:29.0003 0188 HomeGroupListener - ok 15:43:29.0034 0188 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll 15:43:29.0050 0188 HomeGroupProvider - ok 15:43:29.0190 0188 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 15:43:29.0190 0188 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 15:43:29.0190 0188 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 15:43:29.0221 0188 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 15:43:29.0221 0188 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 15:43:29.0221 0188 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 15:43:29.0252 0188 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys 15:43:29.0268 0188 HpSAMD - ok 15:43:29.0330 0188 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys 15:43:29.0362 0188 HTTP - ok 15:43:29.0377 0188 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys 15:43:29.0393 0188 hwpolicy - ok 15:43:29.0408 0188 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys 15:43:29.0424 0188 i8042prt - ok 15:43:29.0502 0188 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 15:43:29.0533 0188 IAANTMON - ok 15:43:29.0564 0188 iaStor (0baa4115dfffd6a6d809a89d65e1281a) C:\windows\system32\DRIVERS\iaStor.sys 15:43:29.0596 0188 iaStor - ok 15:43:29.0642 0188 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys 15:43:29.0658 0188 iaStorV - ok 15:43:29.0767 0188 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:43:29.0798 0188 idsvc - ok 15:43:29.0908 0188 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys 15:43:29.0939 0188 iirsp - ok 15:43:30.0001 0188 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll 15:43:30.0064 0188 IKEEXT - ok 15:43:30.0079 0188 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\windows\system32\DRIVERS\Impcd.sys 15:43:30.0079 0188 Impcd - ok 15:43:30.0313 0188 IntcAzAudAddService (97fa95e4f486f37d60ad3744d86f3d7e) C:\windows\system32\drivers\RTKVHDA.sys 15:43:30.0376 0188 IntcAzAudAddService - ok 15:43:30.0516 0188 IntcDAud (29061f25abb6e60a5b49fbeed7a5698a) C:\windows\system32\DRIVERS\IntcDAud.sys 15:43:30.0532 0188 IntcDAud - ok 15:43:30.0563 0188 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys 15:43:30.0578 0188 intelide - ok 15:43:31.0015 0188 intelkmd (faf70667be6d1e1ffbacc8d4fc15d645) C:\windows\system32\DRIVERS\igdpmd32.sys 15:43:31.0093 0188 intelkmd - ok 15:43:31.0249 0188 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys 15:43:31.0280 0188 intelppm - ok 15:43:31.0312 0188 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll 15:43:31.0358 0188 IPBusEnum - ok 15:43:31.0358 0188 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys 15:43:31.0390 0188 IpFilterDriver - ok 15:43:31.0436 0188 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll 15:43:31.0468 0188 iphlpsvc - ok 15:43:31.0499 0188 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys 15:43:31.0499 0188 IPMIDRV - ok 15:43:31.0530 0188 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys 15:43:31.0577 0188 IPNAT - ok 15:43:31.0592 0188 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys 15:43:31.0608 0188 IRENUM - ok 15:43:31.0624 0188 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys 15:43:31.0639 0188 isapnp - ok 15:43:31.0670 0188 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys 15:43:31.0702 0188 iScsiPrt - ok 15:43:31.0717 0188 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys 15:43:31.0717 0188 kbdclass - ok 15:43:31.0733 0188 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys 15:43:31.0748 0188 kbdhid - ok 15:43:31.0764 0188 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 15:43:31.0780 0188 KeyIso - ok 15:43:31.0811 0188 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys 15:43:31.0826 0188 KSecDD - ok 15:43:31.0842 0188 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys 15:43:31.0858 0188 KSecPkg - ok 15:43:31.0904 0188 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll 15:43:31.0951 0188 KtmRm - ok 15:43:31.0982 0188 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll 15:43:32.0014 0188 LanmanServer - ok 15:43:32.0045 0188 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll 15:43:32.0060 0188 LanmanWorkstation - ok 15:43:32.0092 0188 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys 15:43:32.0123 0188 lltdio - ok 15:43:32.0154 0188 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll 15:43:32.0185 0188 lltdsvc - ok 15:43:32.0201 0188 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll 15:43:32.0216 0188 lmhosts - ok 15:43:32.0310 0188 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 15:43:32.0341 0188 LMS - ok 15:43:32.0357 0188 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys 15:43:32.0372 0188 LSI_FC - ok 15:43:32.0388 0188 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys 15:43:32.0404 0188 LSI_SAS - ok 15:43:32.0419 0188 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys 15:43:32.0435 0188 LSI_SAS2 - ok 15:43:32.0435 0188 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys 15:43:32.0450 0188 LSI_SCSI - ok 15:43:32.0466 0188 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys 15:43:32.0497 0188 luafv - ok 15:43:32.0513 0188 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys 15:43:32.0528 0188 MBAMProtector - ok 15:43:32.0622 0188 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 15:43:32.0653 0188 MBAMService - ok 15:43:32.0669 0188 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll 15:43:32.0684 0188 Mcx2Svc - ok 15:43:32.0716 0188 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys 15:43:32.0716 0188 megasas - ok 15:43:32.0747 0188 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys 15:43:32.0762 0188 MegaSR - ok 15:43:32.0809 0188 Micro Star SCM (71c6748ee8de938532057ef10b4b7e44) C:\Program Files\System Control Manager\MSIService.exe 15:43:32.0825 0188 Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning 15:43:32.0825 0188 Micro Star SCM - detected UnsignedFile.Multi.Generic (1) 15:43:32.0840 0188 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll 15:43:32.0887 0188 MMCSS - ok 15:43:32.0903 0188 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys 15:43:32.0934 0188 Modem - ok 15:43:32.0934 0188 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys 15:43:32.0950 0188 monitor - ok 15:43:32.0981 0188 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys 15:43:32.0996 0188 mouclass - ok 15:43:32.0996 0188 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys 15:43:33.0012 0188 mouhid - ok 15:43:33.0043 0188 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys 15:43:33.0059 0188 mountmgr - ok 15:43:33.0074 0188 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys 15:43:33.0090 0188 mpio - ok 15:43:33.0106 0188 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys 15:43:33.0137 0188 mpsdrv - ok 15:43:33.0215 0188 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll 15:43:33.0262 0188 MpsSvc - ok 15:43:33.0293 0188 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys 15:43:33.0308 0188 MRxDAV - ok 15:43:33.0355 0188 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys 15:43:33.0371 0188 mrxsmb - ok 15:43:33.0402 0188 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys 15:43:33.0418 0188 mrxsmb10 - ok 15:43:33.0449 0188 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys 15:43:33.0464 0188 mrxsmb20 - ok 15:43:33.0496 0188 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys 15:43:33.0511 0188 msahci - ok 15:43:33.0542 0188 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys 15:43:33.0558 0188 msdsm - ok 15:43:33.0589 0188 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe 15:43:33.0605 0188 MSDTC - ok 15:43:33.0620 0188 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys 15:43:33.0652 0188 Msfs - ok 15:43:33.0667 0188 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys 15:43:33.0683 0188 mshidkmdf - ok 15:43:33.0714 0188 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys 15:43:33.0730 0188 msisadrv - ok 15:43:33.0761 0188 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll 15:43:33.0792 0188 MSiSCSI - ok 15:43:33.0792 0188 msiserver - ok 15:43:33.0870 0188 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\Program Files\MSI\Live Update 5\msibios32_100507.sys 15:43:33.0886 0188 MSI_MSIBIOS_010507 - ok 15:43:33.0901 0188 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys 15:43:33.0948 0188 MSKSSRV - ok 15:43:33.0964 0188 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys 15:43:33.0995 0188 MSPCLOCK - ok 15:43:34.0010 0188 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys 15:43:34.0026 0188 MSPQM - ok 15:43:34.0057 0188 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys 15:43:34.0073 0188 MsRPC - ok 15:43:34.0104 0188 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys 15:43:34.0104 0188 mssmbios - ok 15:43:34.0135 0188 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys 15:43:34.0166 0188 MSTEE - ok 15:43:34.0166 0188 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys 15:43:34.0182 0188 MTConfig - ok 15:43:34.0198 0188 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys 15:43:34.0213 0188 Mup - ok 15:43:34.0244 0188 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll 15:43:34.0276 0188 napagent - ok 15:43:34.0307 0188 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys 15:43:34.0338 0188 NativeWifiP - ok 15:43:34.0400 0188 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys 15:43:34.0416 0188 NDIS - ok 15:43:34.0447 0188 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys 15:43:34.0478 0188 NdisCap - ok 15:43:34.0478 0188 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys 15:43:34.0510 0188 NdisTapi - ok 15:43:34.0525 0188 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys 15:43:34.0556 0188 Ndisuio - ok 15:43:34.0588 0188 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys 15:43:34.0603 0188 NdisWan - ok 15:43:34.0634 0188 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys 15:43:34.0666 0188 NDProxy - ok 15:43:34.0697 0188 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\windows\system32\HPZinw12.dll 15:43:34.0697 0188 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 15:43:34.0697 0188 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 15:43:34.0712 0188 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys 15:43:34.0744 0188 NetBIOS - ok 15:43:34.0790 0188 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys 15:43:34.0822 0188 NetBT - ok 15:43:34.0837 0188 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 15:43:34.0853 0188 Netlogon - ok 15:43:34.0900 0188 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll 15:43:34.0931 0188 Netman - ok 15:43:34.0962 0188 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll 15:43:34.0993 0188 netprofm - ok 15:43:35.0056 0188 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:43:35.0087 0188 NetTcpPortSharing - ok 15:43:35.0102 0188 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys 15:43:35.0134 0188 nfrd960 - ok 15:43:35.0165 0188 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll 15:43:35.0196 0188 NlaSvc - ok 15:43:35.0212 0188 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys 15:43:35.0227 0188 Npfs - ok 15:43:35.0258 0188 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll 15:43:35.0290 0188 nsi - ok 15:43:35.0305 0188 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys 15:43:35.0321 0188 nsiproxy - ok 15:43:35.0414 0188 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys 15:43:35.0461 0188 Ntfs - ok 15:43:35.0524 0188 NTIOLib_1_0_4 (cd2166c9511d336a058cde91778aaa69) C:\Program Files\msi\Live Update 5\NTIOLib.sys 15:43:35.0524 0188 NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - warning 15:43:35.0524 0188 NTIOLib_1_0_4 - detected UnsignedFile.Multi.Generic (1) 15:43:35.0664 0188 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys 15:43:35.0695 0188 Null - ok 15:43:35.0726 0188 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys 15:43:35.0742 0188 nvraid - ok 15:43:35.0773 0188 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys 15:43:35.0789 0188 nvstor - ok 15:43:35.0804 0188 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys 15:43:35.0804 0188 nv_agp - ok 15:43:35.0836 0188 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys 15:43:35.0851 0188 ohci1394 - ok 15:43:35.0914 0188 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:43:35.0929 0188 ose - ok 15:43:36.0288 0188 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 15:43:36.0366 0188 osppsvc - ok 15:43:36.0522 0188 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll 15:43:36.0600 0188 p2pimsvc - ok 15:43:36.0631 0188 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll 15:43:36.0662 0188 p2psvc - ok 15:43:36.0740 0188 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys 15:43:36.0787 0188 Parport - ok 15:43:36.0818 0188 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys 15:43:36.0834 0188 partmgr - ok 15:43:36.0850 0188 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys 15:43:36.0881 0188 Parvdm - ok 15:43:36.0928 0188 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll 15:43:36.0959 0188 PcaSvc - ok 15:43:37.0006 0188 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys 15:43:37.0037 0188 pci - ok 15:43:37.0052 0188 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys 15:43:37.0052 0188 pciide - ok 15:43:37.0099 0188 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys 15:43:37.0115 0188 pcmcia - ok 15:43:37.0115 0188 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys 15:43:37.0130 0188 pcw - ok 15:43:37.0177 0188 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys 15:43:37.0271 0188 PEAUTH - ok 15:43:37.0411 0188 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll 15:43:37.0474 0188 pla - ok 15:43:37.0614 0188 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll 15:43:37.0661 0188 PlugPlay - ok 15:43:37.0723 0188 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\windows\system32\HPZipm12.dll 15:43:37.0754 0188 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 15:43:37.0754 0188 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 15:43:37.0786 0188 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll 15:43:37.0801 0188 PNRPAutoReg - ok 15:43:37.0832 0188 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll 15:43:37.0864 0188 PNRPsvc - ok 15:43:37.0910 0188 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll 15:43:37.0973 0188 PolicyAgent - ok 15:43:38.0004 0188 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll 15:43:38.0082 0188 Power - ok 15:43:38.0160 0188 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys 15:43:38.0207 0188 PptpMiniport - ok 15:43:38.0222 0188 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys 15:43:38.0269 0188 Processor - ok 15:43:38.0300 0188 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll 15:43:38.0378 0188 ProfSvc - ok 15:43:38.0410 0188 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 15:43:38.0425 0188 ProtectedStorage - ok 15:43:38.0456 0188 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys 15:43:38.0503 0188 Psched - ok 15:43:38.0612 0188 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys 15:43:38.0722 0188 ql2300 - ok 15:43:38.0846 0188 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys 15:43:38.0878 0188 ql40xx - ok 15:43:38.0909 0188 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll 15:43:38.0940 0188 QWAVE - ok 15:43:38.0940 0188 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys 15:43:38.0971 0188 QWAVEdrv - ok 15:43:39.0049 0188 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\windows\WindowsMobile\rapimgr.dll 15:43:39.0080 0188 RapiMgr - ok 15:43:39.0096 0188 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys 15:43:39.0143 0188 RasAcd - ok 15:43:39.0190 0188 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys 15:43:39.0252 0188 RasAgileVpn - ok 15:43:39.0283 0188 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll 15:43:39.0346 0188 RasAuto - ok 15:43:39.0377 0188 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys 15:43:39.0439 0188 Rasl2tp - ok 15:43:39.0486 0188 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll 15:43:39.0533 0188 RasMan - ok 15:43:39.0548 0188 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys 15:43:39.0595 0188 RasPppoe - ok 15:43:39.0626 0188 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys 15:43:39.0704 0188 RasSstp - ok 15:43:39.0736 0188 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys 15:43:39.0798 0188 rdbss - ok 15:43:39.0845 0188 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys 15:43:39.0860 0188 rdpbus - ok 15:43:39.0892 0188 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys 15:43:39.0938 0188 RDPCDD - ok 15:43:39.0970 0188 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys 15:43:40.0016 0188 RDPENCDD - ok 15:43:40.0032 0188 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys 15:43:40.0094 0188 RDPREFMP - ok 15:43:40.0141 0188 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys 15:43:40.0204 0188 RDPWD - ok 15:43:40.0266 0188 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys 15:43:40.0282 0188 rdyboost - ok 15:43:40.0313 0188 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll 15:43:40.0344 0188 RemoteAccess - ok 15:43:40.0391 0188 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll 15:43:40.0453 0188 RemoteRegistry - ok 15:43:40.0500 0188 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys 15:43:40.0516 0188 RFCOMM - ok 15:43:40.0547 0188 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll 15:43:40.0594 0188 RpcEptMapper - ok 15:43:40.0625 0188 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe 15:43:40.0672 0188 RpcLocator - ok 15:43:40.0718 0188 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll 15:43:40.0765 0188 RpcSs - ok 15:43:40.0796 0188 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys 15:43:40.0874 0188 rspndr - ok 15:43:40.0906 0188 RTHDMIAzAudService (d82223ba9dc7ed479b61be2b521fb6e6) C:\windows\system32\drivers\RtHDMIV.sys 15:43:40.0937 0188 RTHDMIAzAudService - ok 15:43:40.0999 0188 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\windows\system32\DRIVERS\Rt86win7.sys 15:43:41.0030 0188 RTL8167 - ok 15:43:41.0046 0188 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 15:43:41.0062 0188 SamSs - ok 15:43:41.0093 0188 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys 15:43:41.0124 0188 sbp2port - ok 15:43:41.0171 0188 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll 15:43:41.0202 0188 SCardSvr - ok 15:43:41.0233 0188 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys 15:43:41.0296 0188 scfilter - ok 15:43:41.0389 0188 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll 15:43:41.0452 0188 Schedule - ok 15:43:41.0530 0188 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll 15:43:41.0576 0188 SCPolicySvc - ok 15:43:41.0608 0188 sdbus (0328be1c7f1cba23848179f8762e391c) C:\windows\system32\drivers\sdbus.sys 15:43:41.0639 0188 sdbus - ok 15:43:41.0686 0188 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll 15:43:41.0748 0188 SDRSVC - ok 15:43:41.0842 0188 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 15:43:41.0857 0188 SeaPort - ok 15:43:41.0904 0188 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys 15:43:41.0951 0188 secdrv - ok 15:43:41.0966 0188 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll 15:43:42.0013 0188 seclogon - ok 15:43:42.0044 0188 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll 15:43:42.0091 0188 SENS - ok 15:43:42.0122 0188 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll 15:43:42.0169 0188 SensrSvc - ok 15:43:42.0185 0188 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys 15:43:42.0232 0188 Serenum - ok 15:43:42.0247 0188 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys 15:43:42.0294 0188 Serial - ok 15:43:42.0325 0188 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys 15:43:42.0356 0188 sermouse - ok 15:43:42.0403 0188 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll 15:43:42.0450 0188 SessionEnv - ok 15:43:42.0466 0188 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys 15:43:42.0497 0188 sffdisk - ok 15:43:42.0512 0188 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys 15:43:42.0544 0188 sffp_mmc - ok 15:43:42.0559 0188 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys 15:43:42.0590 0188 sffp_sd - ok 15:43:42.0637 0188 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys 15:43:42.0668 0188 sfloppy - ok 15:43:42.0731 0188 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll 15:43:42.0762 0188 SharedAccess - ok 15:43:42.0809 0188 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll 15:43:42.0871 0188 ShellHWDetection - ok 15:43:42.0918 0188 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys 15:43:42.0934 0188 sisagp - ok 15:43:42.0965 0188 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys 15:43:42.0980 0188 SiSRaid2 - ok 15:43:42.0980 0188 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys 15:43:42.0996 0188 SiSRaid4 - ok 15:43:43.0012 0188 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys 15:43:43.0058 0188 Smb - ok 15:43:43.0152 0188 smserial (19301c27f3425dc39f6c599f527e507d) C:\windows\system32\DRIVERS\smserial.sys 15:43:43.0246 0188 smserial - ok 15:43:43.0292 0188 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe 15:43:43.0308 0188 SNMPTRAP - ok 15:43:43.0308 0188 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys 15:43:43.0324 0188 spldr - ok 15:43:43.0370 0188 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe 15:43:43.0433 0188 Spooler - ok 15:43:43.0682 0188 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe 15:43:43.0760 0188 sppsvc - ok 15:43:43.0901 0188 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll 15:43:43.0963 0188 sppuinotify - ok 15:43:44.0026 0188 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys 15:43:44.0088 0188 srv - ok 15:43:44.0135 0188 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys 15:43:44.0166 0188 srv2 - ok 15:43:44.0197 0188 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys 15:43:44.0244 0188 srvnet - ok 15:43:44.0291 0188 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\windows\system32\DRIVERS\ssadbus.sys 15:43:44.0369 0188 ssadbus - ok 15:43:44.0384 0188 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\windows\system32\DRIVERS\ssadmdfl.sys 15:43:44.0462 0188 ssadmdfl - ok 15:43:44.0494 0188 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\windows\system32\DRIVERS\ssadmdm.sys 15:43:44.0556 0188 ssadmdm - ok 15:43:44.0603 0188 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll 15:43:44.0665 0188 SSDPSRV - ok 15:43:44.0696 0188 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys 15:43:44.0712 0188 ssmdrv - ok 15:43:44.0728 0188 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll 15:43:44.0774 0188 SstpSvc - ok 15:43:44.0806 0188 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys 15:43:44.0821 0188 stexstor - ok 15:43:44.0884 0188 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll 15:43:44.0946 0188 StiSvc - ok 15:43:44.0962 0188 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys 15:43:44.0977 0188 swenum - ok 15:43:45.0024 0188 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll 15:43:45.0086 0188 swprv - ok 15:43:45.0196 0188 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll 15:43:45.0242 0188 SysMain - ok 15:43:45.0274 0188 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll 15:43:45.0305 0188 TabletInputService - ok 15:43:45.0336 0188 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll 15:43:45.0383 0188 TapiSrv - ok 15:43:45.0398 0188 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll 15:43:45.0445 0188 TBS - ok 15:43:45.0601 0188 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys 15:43:45.0679 0188 Tcpip - ok 15:43:45.0913 0188 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys 15:43:45.0944 0188 TCPIP6 - ok 15:43:46.0069 0188 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys 15:43:46.0116 0188 tcpipreg - ok 15:43:46.0163 0188 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys 15:43:46.0225 0188 TDPIPE - ok 15:43:46.0241 0188 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys 15:43:46.0256 0188 TDTCP - ok 15:43:46.0288 0188 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys 15:43:46.0350 0188 tdx - ok 15:43:46.0397 0188 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys 15:43:46.0412 0188 TermDD - ok 15:43:46.0475 0188 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll 15:43:46.0537 0188 TermService - ok 15:43:46.0568 0188 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll 15:43:46.0584 0188 Themes - ok 15:43:46.0615 0188 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll 15:43:46.0646 0188 THREADORDER - ok 15:43:46.0678 0188 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll 15:43:46.0724 0188 TrkWks - ok 15:43:46.0802 0188 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe 15:43:46.0865 0188 TrustedInstaller - ok 15:43:46.0880 0188 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys 15:43:46.0927 0188 tssecsrv - ok 15:43:47.0005 0188 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys 15:43:47.0068 0188 TsUsbFlt - ok 15:43:47.0114 0188 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys 15:43:47.0177 0188 tunnel - ok 15:43:47.0224 0188 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys 15:43:47.0239 0188 uagp35 - ok 15:43:47.0270 0188 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys 15:43:47.0348 0188 udfs - ok 15:43:47.0380 0188 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe 15:43:47.0411 0188 UI0Detect - ok 15:43:47.0442 0188 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys 15:43:47.0473 0188 uliagpkx - ok 15:43:47.0489 0188 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys 15:43:47.0504 0188 umbus - ok 15:43:47.0536 0188 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys 15:43:47.0551 0188 UmPass - ok 15:43:47.0801 0188 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 15:43:47.0894 0188 UNS - ok 15:43:48.0019 0188 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll 15:43:48.0097 0188 upnphost - ok 15:43:48.0144 0188 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\drivers\usbccgp.sys 15:43:48.0206 0188 usbccgp - ok 15:43:48.0238 0188 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys 15:43:48.0284 0188 usbcir - ok 15:43:48.0331 0188 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys 15:43:48.0347 0188 usbehci - ok 15:43:48.0378 0188 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys 15:43:48.0440 0188 usbhub - ok 15:43:48.0456 0188 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys 15:43:48.0503 0188 usbohci - ok 15:43:48.0534 0188 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys 15:43:48.0581 0188 usbprint - ok 15:43:48.0628 0188 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys 15:43:48.0659 0188 usbscan - ok 15:43:48.0690 0188 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\drivers\USBSTOR.SYS 15:43:48.0737 0188 USBSTOR - ok 15:43:48.0768 0188 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys 15:43:48.0799 0188 usbuhci - ok 15:43:48.0830 0188 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll 15:43:48.0908 0188 UxSms - ok 15:43:48.0924 0188 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe 15:43:48.0940 0188 VaultSvc - ok 15:43:48.0971 0188 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys 15:43:48.0986 0188 vdrvroot - ok 15:43:49.0033 0188 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe 15:43:49.0096 0188 vds - ok 15:43:49.0127 0188 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys 15:43:49.0158 0188 vga - ok 15:43:49.0174 0188 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys 15:43:49.0189 0188 VgaSave - ok 15:43:49.0236 0188 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys 15:43:49.0267 0188 vhdmp - ok 15:43:49.0298 0188 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys 15:43:49.0314 0188 viaagp - ok 15:43:49.0345 0188 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys 15:43:49.0376 0188 ViaC7 - ok 15:43:49.0423 0188 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys 15:43:49.0454 0188 viaide - ok 15:43:49.0470 0188 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys 15:43:49.0470 0188 volmgr - ok 15:43:49.0517 0188 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys 15:43:49.0579 0188 volmgrx - ok 15:43:49.0626 0188 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys 15:43:49.0657 0188 volsnap - ok 15:43:49.0704 0188 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys 15:43:49.0735 0188 vsmraid - ok 15:43:49.0829 0188 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe 15:43:49.0891 0188 VSS - ok 15:43:49.0907 0188 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys 15:43:49.0922 0188 vwifibus - ok 15:43:49.0938 0188 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys 15:43:49.0954 0188 vwififlt - ok 15:43:50.0000 0188 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys 15:43:50.0016 0188 vwifimp - ok 15:43:50.0063 0188 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll 15:43:50.0125 0188 W32Time - ok 15:43:50.0125 0188 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys 15:43:50.0156 0188 WacomPen - ok 15:43:50.0203 0188 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys 15:43:50.0266 0188 WANARP - ok 15:43:50.0266 0188 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys 15:43:50.0297 0188 Wanarpv6 - ok 15:43:50.0422 0188 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe 15:43:50.0468 0188 wbengine - ok 15:43:50.0500 0188 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll 15:43:50.0515 0188 WbioSrvc - ok 15:43:50.0578 0188 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\windows\WindowsMobile\wcescomm.dll 15:43:50.0624 0188 WcesComm - ok 15:43:50.0656 0188 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll 15:43:50.0687 0188 wcncsvc - ok 15:43:50.0718 0188 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll 15:43:50.0780 0188 WcsPlugInService - ok 15:43:50.0858 0188 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys 15:43:50.0874 0188 Wd - ok 15:43:50.0905 0188 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys 15:43:50.0952 0188 Wdf01000 - ok 15:43:50.0983 0188 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll 15:43:51.0077 0188 WdiServiceHost - ok 15:43:51.0077 0188 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll 15:43:51.0108 0188 WdiSystemHost - ok 15:43:51.0139 0188 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll 15:43:51.0155 0188 WebClient - ok 15:43:51.0186 0188 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll 15:43:51.0217 0188 Wecsvc - ok 15:43:51.0248 0188 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll 15:43:51.0311 0188 wercplsupport - ok 15:43:51.0358 0188 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll 15:43:51.0389 0188 WerSvc - ok 15:43:51.0404 0188 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys 15:43:51.0467 0188 WfpLwf - ok 15:43:51.0514 0188 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys 15:43:51.0529 0188 WIMMount - ok 15:43:51.0623 0188 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 15:43:51.0716 0188 WinDefend - ok 15:43:51.0732 0188 WinHttpAutoProxySvc - ok 15:43:51.0794 0188 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll 15:43:51.0857 0188 Winmgmt - ok 15:43:51.0966 0188 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll 15:43:52.0044 0188 WinRM - ok 15:43:52.0153 0188 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\drivers\WinUSB.SYS 15:43:52.0200 0188 WINUSB - ok 15:43:52.0278 0188 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll 15:43:52.0340 0188 Wlansvc - ok 15:43:52.0372 0188 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys 15:43:52.0418 0188 WmiAcpi - ok 15:43:52.0481 0188 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe 15:43:52.0528 0188 wmiApSrv - ok 15:43:52.0684 0188 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 15:43:52.0762 0188 WMPNetworkSvc - ok 15:43:52.0871 0188 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll 15:43:52.0902 0188 WPCSvc - ok 15:43:52.0918 0188 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll 15:43:52.0996 0188 WPDBusEnum - ok 15:43:53.0058 0188 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys 15:43:53.0120 0188 ws2ifsl - ok 15:43:53.0167 0188 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll 15:43:53.0214 0188 wscsvc - ok 15:43:53.0214 0188 WSearch - ok 15:43:53.0386 0188 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll 15:43:53.0448 0188 wuauserv - ok 15:43:53.0573 0188 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys 15:43:53.0651 0188 WudfPf - ok 15:43:53.0713 0188 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys 15:43:53.0776 0188 WUDFRd - ok 15:43:53.0807 0188 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll 15:43:53.0854 0188 wudfsvc - ok 15:43:53.0900 0188 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll 15:43:53.0947 0188 WwanSvc - ok 15:43:53.0994 0188 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 15:43:54.0415 0188 \Device\Harddisk0\DR0 - ok 15:43:54.0431 0188 Boot (0x1200) (bcfb390c95a188b4f8ad4d50a950cb4a) \Device\Harddisk0\DR0\Partition0 15:43:54.0431 0188 \Device\Harddisk0\DR0\Partition0 - ok 15:43:54.0462 0188 Boot (0x1200) (aee078fdf92e36efa5bbf64cd7f46bb9) \Device\Harddisk0\DR0\Partition1 15:43:54.0462 0188 \Device\Harddisk0\DR0\Partition1 - ok 15:43:54.0462 0188 ============================================================ 15:43:54.0462 0188 Scan finished 15:43:54.0462 0188 ============================================================ 15:43:54.0478 3272 Detected object count: 7 15:43:54.0478 3272 Actual detected object count: 7 15:50:50.0998 3272 aswRdr ( ForgedFile.Multi.Generic ) - skipped by user 15:50:50.0998 3272 aswRdr ( ForgedFile.Multi.Generic ) - User select action: Skip 15:50:50.0998 3272 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 15:50:50.0998 3272 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:50:50.0998 3272 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 15:50:50.0998 3272 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:50:51.0014 3272 Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user 15:50:51.0014 3272 Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:50:51.0014 3272 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 15:50:51.0014 3272 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:50:51.0014 3272 NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - skipped by user 15:50:51.0014 3272 NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:50:51.0014 3272 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 15:50:51.0014 3272 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip |
20.06.2012, 15:39 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschlüsselungs-Trojaner auf Win7 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
21.06.2012, 12:53 | #13 |
| Windows-Verschlüsselungs-Trojaner auf Win7 combofix.txt Code:
ATTFilter ComboFix 12-06-21.01 - Ari 21.06.2012 8:56.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3246.1972 [GMT 2:00] ausgeführt von:: c:\users\Ari\Downloads\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Ari\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll c:\windows\system32\muzapp.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-05-21 bis 2012-06-21 )))))))))))))))))))))))))))))) . . 2012-06-21 07:01 . 2012-06-21 07:13 -------- d-----w- c:\users\Ari\AppData\Local\temp 2012-06-21 07:01 . 2012-06-21 07:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-19 18:09 . 2012-06-19 18:09 -------- d-----w- c:\windows\system32\SPReview 2012-06-19 18:08 . 2012-06-19 18:08 -------- d-----w- c:\windows\system32\EventProviders 2012-06-18 10:58 . 2012-06-18 10:58 -------- d-----w- c:\program files\ESET 2012-06-14 14:29 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 14:29 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-14 14:29 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll 2012-06-14 14:29 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-06-14 14:29 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 14:29 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-14 14:29 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-14 14:29 . 2010-11-20 12:20 28672 ----a-w- c:\windows\system32\profprov.dll 2012-06-14 14:29 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 14:29 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 14:29 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-12 13:59 . 2012-06-12 13:59 -------- d-----w- c:\program files\Common Files\Java 2012-06-12 13:58 . 2012-06-12 13:58 -------- d-----w- c:\program files\Oracle 2012-06-12 13:57 . 2012-04-04 16:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-12 13:57 . 2012-04-04 16:47 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-12 13:57 . 2012-06-12 13:57 -------- d-----w- c:\program files\Java 2012-06-12 12:43 . 2012-06-12 12:43 -------- d-----w- c:\users\Ari\AppData\Roaming\Malwarebytes 2012-06-12 12:43 . 2012-06-12 12:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-12 12:43 . 2012-06-12 12:43 -------- d-----w- c:\programdata\Malwarebytes 2012-06-12 12:43 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-26 19:11 . 2012-05-26 19:11 -------- d-----w- c:\users\Ari\AppData\Roaming\Avira 2012-05-26 19:04 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-05-26 19:04 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-05-26 19:04 . 2012-04-16 19:17 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-05-26 19:04 . 2012-05-26 19:06 -------- d-----w- c:\programdata\Avira 2012-05-26 19:04 . 2012-05-26 19:04 -------- d-----w- c:\program files\Avira 2012-05-25 11:50 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{035046B4-6A7E-45F8-B9C8-99B57B6AC79D}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-19 18:38 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-03-31 04:39 . 2012-05-09 14:32 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-31 04:39 . 2012-05-09 14:32 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 10:23 . 2012-05-09 14:33 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-28 20:11 . 2012-05-01 14:54 4659712 ----a-w- c:\windows\system32\Redemption.dll 2012-03-28 20:11 . 2012-03-28 20:11 90112 ----a-w- c:\windows\MAMCityDownload.ocx 2012-03-28 20:11 . 2012-03-28 20:11 325552 ----a-w- c:\windows\MASetupCaller.dll 2012-03-28 20:11 . 2012-03-28 20:11 30568 ----a-w- c:\windows\MusiccityDownload.exe 2012-03-28 20:11 . 2012-03-28 20:11 974848 ----a-w- c:\windows\system32\cis-2.4.dll 2012-03-28 20:11 . 2012-03-28 20:11 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll 2012-03-28 20:11 . 2012-03-28 20:11 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll 2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll 2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\system32\MK_Lyric.dll 2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll 2012-03-28 20:11 . 2012-03-28 20:11 569344 ----a-w- c:\windows\system32\muzdecode.ax 2012-03-28 20:11 . 2012-03-28 20:11 491520 ----a-w- c:\windows\system32\muzapp.dll 2012-03-28 20:11 . 2012-03-28 20:11 49152 ----a-w- c:\windows\system32\MaJGUILib.dll 2012-03-28 20:11 . 2012-03-28 20:11 45320 ----a-w- c:\windows\system32\MAMACExtract.dll 2012-03-28 20:11 . 2012-03-28 20:11 45056 ----a-w- c:\windows\system32\MaXMLProto.dll 2012-03-28 20:11 . 2012-03-28 20:11 45056 ----a-w- c:\windows\system32\MACXMLProto.dll 2012-03-28 20:11 . 2012-03-28 20:11 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll 2012-03-28 20:11 . 2012-03-28 20:11 352256 ----a-w- c:\windows\system32\MSLUR71.dll 2012-03-28 20:11 . 2012-03-28 20:11 258048 ----a-w- c:\windows\system32\muzoggsp.ax 2012-03-28 20:11 . 2012-03-28 20:11 245760 ----a-w- c:\windows\system32\MSCLib.dll 2012-03-28 20:11 . 2012-03-28 20:11 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe 2012-03-28 20:11 . 2012-03-28 20:11 200704 ----a-w- c:\windows\system32\muzwmts.dll 2012-03-28 20:11 . 2012-03-28 20:11 155648 ----a-w- c:\windows\system32\MSFLib.dll 2012-03-28 20:11 . 2012-03-28 20:11 143360 ----a-w- c:\windows\system32\3DAudio.ax 2012-03-28 20:11 . 2012-03-28 20:11 135168 ----a-w- c:\windows\system32\muzaf1.dll 2012-03-28 20:11 . 2012-03-28 20:11 131072 ----a-w- c:\windows\system32\muzmpgsp.ax 2012-03-28 20:11 . 2012-03-28 20:11 122880 ----a-w- c:\windows\system32\muzeffect.ax 2012-03-28 20:11 . 2012-03-28 20:11 118784 ----a-w- c:\windows\system32\MaDRM.dll 2012-03-28 20:11 . 2012-03-28 20:11 110592 ----a-w- c:\windows\system32\muzmp4sp.ax 2012-03-28 20:11 . 2012-05-01 14:54 821824 ----a-w- c:\windows\system32\dgderapi.dll 2011-11-15 17:09 . 2010-08-23 17:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-03-31 954256] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-31 21392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-09 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-09 175128] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-09 166424] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-10 98304] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-03 8120864] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-12-17 2396160] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-03-31 3521424] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "Live Update 5"="c:\program files\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . R1 aswSnx;aswSnx; [x] R2 aswFsBlk;aswFsBlk;aswFsBlk.sys [x] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408] R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 82128] R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [2010-05-10 25912] R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\msi\Live Update 5\NTIOLib.sys [2010-10-20 7680] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 121064] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 12776] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 136808] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] S1 aswSP;aswSP; [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-11 242240] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-09 172032] S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224] S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-12-09 5147136] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-12-09 121344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-29 209920] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-12-09 6229504] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\system32\atieclxx.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\conhost.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\system32\igfxsrvc.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac c:\windows\system32\wbem\unsecapp.exe c:\program files\Samsung\Kies\External\DeviceModules\DeviceManager.exe c:\program files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-06-21 09:15:58 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-06-21 07:15 . Vor Suchlauf: 8 Verzeichnis(se), 241.423.515.648 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 240.780.251.136 Bytes frei . - - End Of File - - 1DECD5607A36EDD93B472FCFA9DB38A5 |
21.06.2012, 14:40 | #14 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschlüsselungs-Trojaner auf Win7 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
21.06.2012, 14:45 | #15 |
| Windows-Verschlüsselungs-Trojaner auf Win7 Das habe ich ja bereits gemacht. Siehe Beitrag vorher. |
Themen zu Windows-Verschlüsselungs-Trojaner auf Win7 |
administrator, anti-malware, appdata, audiodg.exe, autostart, avira searchfree toolbar, branding, bösartige, ccc.exe, code, dateien, dateisystem, daten, device driver, document, erfolgreich, explorer, gelöscht, heuristiks/extra, heuristiks/shuriken, locker, malwarebytes, microsoft, minute, mom.exe, ntdll.dll, plug-in, quarantäne, registrierung, roaming, searchscopes, software, speicher, test, trojan.fakealert, trojaner, version, version=1.0, win7, windows |