| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Java-Virus-Exploits- Rechner streikt bei gmer. Doch kein 32 bit?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.07.2012, 15:46
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Java-Virus-Exploits- Rechner streikt bei gmer. Doch kein 32 bit? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
[2011.06.22 23:09:54 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-682003330-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.07 14:50:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{44d0ce24-c3df-11df-8e50-001bfc1d24d8}\Shell\AutoRun\command - "" = E:\installer.exe
O33 - MountPoints2\{44d0ce24-c3df-11df-8e50-001bfc1d24d8}\Shell\verb\command - "" = E:\installer.exe
[2012.06.23 11:24:37 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\tmpC819B.FOT
[2011.08.15 23:40:48 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Nutzen$.ini
[2011.08.15 21:52:52 | 000,006,688 | ---- | C] () -- C:\WINDOWS\movexe.exe
@Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.07.2012, 16:37
| #17 |
 |  Java-Virus-Exploits- Rechner streikt bei gmer. Doch kein 32 bit?Code:
ATTFilter All processes killed
========== OTL ==========
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\search\engine folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\newtab\initial-thumbs folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\homebutton folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin\brand folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\skin folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\help\page folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\locale folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\util folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\tracking folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\search\mcollect folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\hotnews folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\content folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net\components folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-602162358-682003330-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44d0ce24-c3df-11df-8e50-001bfc1d24d8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44d0ce24-c3df-11df-8e50-001bfc1d24d8}\ not found.
File E:\installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44d0ce24-c3df-11df-8e50-001bfc1d24d8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44d0ce24-c3df-11df-8e50-001bfc1d24d8}\ not found.
File E:\installer.exe not found.
C:\WINDOWS\system32\tmpC819B.FOT moved successfully.
C:\WINDOWS\Nutzen$.ini moved successfully.
C:\WINDOWS\movexe.exe moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: xxx
->Temp folder emptied: 8841724551 bytes
->Temporary Internet Files folder emptied: 33581544 bytes
->Java cache emptied: 12363555 bytes
->FireFox cache emptied: 402571900 bytes
->Apple Safari cache emptied: 12511232 bytes
->Flash cache emptied: 396543 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 80055 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 48393660 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1641472 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43805688 bytes
RecycleBin emptied: 304518 bytes
Total Files Cleaned = 8.962,00 mb
[EMPTYFLASH]
User: All Users
User: xxx
->Flash cache emptied: 0 bytes
User: Default User
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.54.0 log created on 07182012_170554
Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temp\NotenRechteck.JPG not found!
File\Folder C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57bootloadercompiled[2611].js not found!
File\Folder C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57calendarjs_dashercom[2612].js not found!
File\Folder C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57calendarjs_delayedco[2613].js not found!
File\Folder C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57calendarjs_detailsse[2614].js not found!
File\Folder C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57calendarjs_doozercom[2615].js not found!
File\Folder C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57calendarjs_eventform[2616].js not found!
File\Folder C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57calendarjs_extrascom[2617].js not found!
File\Folder C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57calendarjs_offlineco[2618].js not found!
File\Folder C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57calendarjs_searchcom[2619].js not found!
File\Folder C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57doozercompiled_offl[2620].css not found!
File\Folder C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57eventpage__de[2621].xsl not found!
File\Folder C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57offline_workercompil[2622].js not found!
File\Folder C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\@login.calendar.google.com_managed[2]#localserver\eb40b98f01f229be9cce206bd3dedd57locallogin_compiled[2625].js not found!
PendingFileRenameOperations files...
File C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temp\NotenRechteck.JPG not found!
File C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57bootloadercompiled[2611].js not found!
File C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57calendarjs_dashercom[2612].js not found!
File C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57calendarjs_delayedco[2613].js not found!
File C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57calendarjs_detailsse[2614].js not found!
File C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57calendarjs_doozercom[2615].js not found!
File C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57calendarjs_eventform[2616].js not found!
File C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57calendarjs_extrascom[2617].js not found!
File C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57calendarjs_offlineco[2618].js not found!
File C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57calendarjs_searchcom[2619].js not found!
File C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57doozercompiled_offl[2620].css not found!
File C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57eventpage__de[2621].xsl not found!
File C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\invenit@gmx.de-cal2_managed[3]#localserver\eb40b98f01f229be9cce206bd3dedd57offline_workercompil[2622].js not found!
File C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\Google Gears for Firefox\www.google.com\http_80\@login.calendar.google.com_managed[2]#localserver\eb40b98f01f229be9cce206bd3dedd57locallogin_compiled[2625].js not found!
Registry entries deleted on Reboot...
|
|
18.07.2012, 21:21
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java-Virus-Exploits- Rechner streikt bei gmer. Doch kein 32 bit? Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:
__________________1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ |
|
19.07.2012, 11:42
| #19 | ||
| | Java-Virus-Exploits- Rechner streikt bei gmer. Doch kein 32 bit?Zitat:
Hab ich vergessen, speichern zu klicken...  Zitat:
Dank  und GrußMeine antworten kommen nicht an! |
|
19.07.2012, 19:10
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java-Virus-Exploits- Rechner streikt bei gmer. Doch kein 32 bit? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.07.2012, 21:39
| #21 |
| | Java-Virus-Exploits- Rechner streikt bei gmer. Doch kein 32 bit? Hier die Killerdatei. Code:
ATTFilter 22:25:32.0078 3676 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
22:25:32.0843 3676 ============================================================
22:25:32.0843 3676 Current date / time: 2012/07/19 22:25:32.0843
22:25:32.0843 3676 SystemInfo:
22:25:32.0843 3676
22:25:32.0843 3676 OS Version: 5.1.2600 ServicePack: 3.0
22:25:32.0843 3676 Product type: Workstation
22:25:32.0843 3676 ComputerName: xxx-705165CB177
22:25:32.0843 3676 UserName: xxx
22:25:32.0843 3676 Windows directory: C:\WINDOWS
22:25:32.0843 3676 System windows directory: C:\WINDOWS
22:25:32.0843 3676 Processor architecture: Intel x86
22:25:32.0843 3676 Number of processors: 1
22:25:32.0843 3676 Page size: 0x1000
22:25:32.0843 3676 Boot type: Normal boot
22:25:32.0843 3676 ============================================================
22:25:37.0031 3676 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:25:37.0062 3676 Drive \Device\Harddisk1\DR2 - Size: 0x1DC400000 (7.44 Gb), SectorSize: 0x200, Cylinders: 0x3CB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:25:37.0062 3676 ============================================================
22:25:37.0062 3676 \Device\Harddisk0\DR0:
22:25:37.0093 3676 MBR partitions:
22:25:37.0093 3676 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
22:25:37.0093 3676 \Device\Harddisk1\DR2:
22:25:37.0093 3676 MBR partitions:
22:25:37.0093 3676 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xEE0000
22:25:37.0093 3676 ============================================================
22:25:37.0140 3676 C: <-> \Device\Harddisk0\DR0\Partition0
22:25:37.0140 3676 ============================================================
22:25:37.0140 3676 Initialize success
22:25:37.0140 3676 ============================================================
22:27:23.0640 0408 ============================================================
22:27:23.0640 0408 Scan started
22:27:23.0640 0408 Mode: Manual; SigCheck; TDLFS;
22:27:23.0640 0408 ============================================================
22:27:24.0484 0408 Abiosdsk - ok
22:27:24.0484 0408 abp480n5 - ok
22:27:24.0515 0408 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:27:26.0593 0408 ACPI - ok
22:27:26.0625 0408 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:27:26.0812 0408 ACPIEC - ok
22:27:26.0859 0408 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:27:26.0906 0408 AdobeFlashPlayerUpdateSvc - ok
22:27:26.0906 0408 adpu160m - ok
22:27:26.0937 0408 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:27:27.0093 0408 aec - ok
22:27:27.0140 0408 AF15BDA (5b1ef06f0cdcf7ed33bd5d99e9421f02) C:\WINDOWS\system32\DRIVERS\AF15BDA.sys
22:27:27.0218 0408 AF15BDA - ok
22:27:27.0250 0408 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:27:27.0312 0408 AFD - ok
22:27:27.0328 0408 Aha154x - ok
22:27:27.0328 0408 aic78u2 - ok
22:27:27.0343 0408 aic78xx - ok
22:27:27.0375 0408 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
22:27:27.0515 0408 Alerter - ok
22:27:27.0546 0408 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
22:27:27.0640 0408 ALG - ok
22:27:27.0640 0408 AliIde - ok
22:27:27.0734 0408 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
22:27:28.0156 0408 Ambfilt - ok
22:27:28.0406 0408 AmdK8 (22ad3ec1f0486c863d70cdd50b97761b) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
22:27:28.0437 0408 AmdK8 - ok
22:27:28.0437 0408 amsint - ok
22:27:28.0484 0408 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
22:27:28.0640 0408 AppMgmt - ok
22:27:28.0640 0408 asc - ok
22:27:28.0656 0408 asc3350p - ok
22:27:28.0656 0408 asc3550 - ok
22:27:28.0703 0408 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:27:28.0734 0408 aspnet_state - ok
22:27:28.0765 0408 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:27:28.0921 0408 AsyncMac - ok
22:27:28.0937 0408 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:27:29.0093 0408 atapi - ok
22:27:29.0109 0408 Atdisk - ok
22:27:29.0156 0408 Ati HotKey Poller (29b2874b3956b62c0dbea32d75a8e776) C:\WINDOWS\system32\Ati2evxx.exe
22:27:29.0250 0408 Ati HotKey Poller - ok
22:27:29.0359 0408 ati2mtag (a1789368b4a31d2111af7aeda0c8d3fc) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:27:29.0765 0408 ati2mtag - ok
22:27:30.0015 0408 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:27:30.0187 0408 Atmarpc - ok
22:27:30.0234 0408 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
22:27:30.0390 0408 AudioSrv - ok
22:27:30.0421 0408 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:27:30.0578 0408 audstub - ok
22:27:30.0875 0408 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
22:27:30.0906 0408 AVP - ok
22:27:30.0953 0408 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:27:31.0125 0408 Beep - ok
22:27:31.0171 0408 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
22:27:31.0359 0408 BITS - ok
22:27:31.0437 0408 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Programme\Bonjour\mDNSResponder.exe
22:27:31.0515 0408 Bonjour Service - ok
22:27:31.0546 0408 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
22:27:31.0718 0408 Browser - ok
22:27:31.0750 0408 BsStor (d6d0f3860f022a12e888965f8237cbd9) C:\WINDOWS\system32\DRIVERS\bsstor.sys
22:27:31.0750 0408 BsStor ( UnsignedFile.Multi.Generic ) - warning
22:27:31.0750 0408 BsStor - detected UnsignedFile.Multi.Generic (1)
22:27:31.0796 0408 BsUDF (2a5b741b6745bbc2b069e68a627cea44) C:\WINDOWS\system32\drivers\BsUDF.sys
22:27:31.0859 0408 BsUDF ( UnsignedFile.Multi.Generic ) - warning
22:27:31.0859 0408 BsUDF - detected UnsignedFile.Multi.Generic (1)
22:27:31.0890 0408 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:27:32.0046 0408 cbidf2k - ok
22:27:32.0078 0408 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:27:32.0250 0408 CCDECODE - ok
22:27:32.0265 0408 cd20xrnt - ok
22:27:32.0296 0408 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:27:32.0468 0408 Cdaudio - ok
22:27:32.0500 0408 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:27:32.0671 0408 Cdfs - ok
22:27:32.0687 0408 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:27:32.0843 0408 Cdrom - ok
22:27:32.0890 0408 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
22:27:32.0906 0408 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
22:27:32.0906 0408 cercsr6 - detected UnsignedFile.Multi.Generic (1)
22:27:32.0906 0408 Changer - ok
22:27:32.0937 0408 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
22:27:33.0109 0408 CiSvc - ok
22:27:33.0140 0408 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
22:27:33.0296 0408 ClipSrv - ok
22:27:33.0343 0408 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:27:33.0390 0408 clr_optimization_v2.0.50727_32 - ok
22:27:33.0406 0408 CmdIde - ok
22:27:33.0406 0408 COMSysApp - ok
22:27:33.0421 0408 Cpqarray - ok
22:27:33.0453 0408 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
22:27:33.0640 0408 CryptSvc - ok
22:27:33.0640 0408 dac2w2k - ok
22:27:33.0640 0408 dac960nt - ok
22:27:33.0687 0408 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
22:27:33.0781 0408 DcomLaunch - ok
22:27:33.0812 0408 DefragFS (e08557f41650b505571d50c9247a1e03) C:\WINDOWS\system32\drivers\DefragFS.sys
22:27:33.0828 0408 DefragFS - ok
22:27:33.0859 0408 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys
22:27:33.0875 0408 dgderdrv - ok
22:27:33.0906 0408 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
22:27:34.0062 0408 Dhcp - ok
22:27:34.0078 0408 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:27:34.0265 0408 Disk - ok
22:27:34.0265 0408 dmadmin - ok
22:27:34.0328 0408 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
22:27:34.0640 0408 dmboot - ok
22:27:34.0671 0408 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
22:27:34.0828 0408 dmio - ok
22:27:34.0843 0408 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:27:35.0000 0408 dmload - ok
22:27:35.0031 0408 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
22:27:35.0203 0408 dmserver - ok
22:27:35.0234 0408 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:27:35.0390 0408 DMusic - ok
22:27:35.0421 0408 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
22:27:35.0515 0408 Dnscache - ok
22:27:35.0546 0408 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
22:27:35.0718 0408 Dot3svc - ok
22:27:35.0734 0408 dpti2o - ok
22:27:35.0750 0408 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:27:35.0921 0408 drmkaud - ok
22:27:35.0937 0408 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
22:27:36.0125 0408 EapHost - ok
22:27:36.0156 0408 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
22:27:36.0312 0408 ERSvc - ok
22:27:36.0359 0408 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
22:27:36.0390 0408 Eventlog - ok
22:27:36.0421 0408 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
22:27:36.0484 0408 EventSystem - ok
22:27:36.0515 0408 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:27:36.0656 0408 Fastfat - ok
22:27:36.0687 0408 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
22:27:36.0750 0408 FastUserSwitchingCompatibility - ok
22:27:36.0765 0408 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:27:36.0921 0408 Fdc - ok
22:27:36.0937 0408 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
22:27:37.0109 0408 Fips - ok
22:27:37.0234 0408 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:27:37.0343 0408 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:27:37.0343 0408 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:27:37.0375 0408 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:27:37.0531 0408 Flpydisk - ok
22:27:37.0562 0408 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:27:37.0734 0408 FltMgr - ok
22:27:37.0796 0408 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:27:37.0812 0408 FontCache3.0.0.0 - ok
22:27:37.0828 0408 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\WINDOWS\system32\FsUsbExDisk.SYS
22:27:37.0843 0408 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
22:27:37.0843 0408 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
22:27:37.0890 0408 FsUsbExService (f96c429788350db4ba6771c3034dfd88) C:\WINDOWS\system32\FsUsbExService.Exe
22:27:37.0921 0408 FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
22:27:37.0921 0408 FsUsbExService - detected UnsignedFile.Multi.Generic (1)
22:27:37.0953 0408 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:27:38.0093 0408 Fs_Rec - ok
22:27:38.0125 0408 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:27:38.0281 0408 Ftdisk - ok
22:27:38.0296 0408 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:27:38.0468 0408 Gpc - ok
22:27:38.0640 0408 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
22:27:38.0671 0408 gupdate - ok
22:27:38.0687 0408 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
22:27:38.0703 0408 gupdatem - ok
22:27:38.0718 0408 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:27:38.0890 0408 HDAudBus - ok
22:27:38.0953 0408 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:27:39.0109 0408 helpsvc - ok
22:27:39.0125 0408 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
22:27:39.0296 0408 HidServ - ok
22:27:39.0328 0408 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:27:39.0484 0408 hidusb - ok
22:27:39.0500 0408 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
22:27:39.0671 0408 hkmsvc - ok
22:27:39.0687 0408 hpn - ok
22:27:39.0734 0408 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:27:39.0781 0408 HTTP - ok
22:27:39.0812 0408 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
22:27:39.0968 0408 HTTPFilter - ok
22:27:39.0984 0408 i2omgmt - ok
22:27:39.0984 0408 i2omp - ok
22:27:40.0015 0408 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:27:40.0187 0408 i8042prt - ok
22:27:40.0296 0408 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:27:40.0312 0408 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:27:40.0312 0408 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:27:40.0437 0408 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:27:40.0640 0408 idsvc - ok
22:27:40.0703 0408 IGDCTRL (e28602c9e17b0ddce9f5deb3b3e2a635) C:\Programme\FRITZ!DSL\IGDCTRL.EXE
22:27:40.0718 0408 IGDCTRL - ok
22:27:40.0750 0408 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:27:40.0921 0408 Imapi - ok
22:27:40.0953 0408 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
22:27:41.0109 0408 ImapiService - ok
22:27:41.0125 0408 ini910u - ok
22:27:41.0343 0408 IntcAzAudAddService (f9bb9063a6557098dbaf7396e026c922) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:27:42.0234 0408 IntcAzAudAddService - ok
22:27:42.0468 0408 IntelIde - ok
22:27:42.0500 0408 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:27:42.0656 0408 Ip6Fw - ok
22:27:42.0687 0408 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:27:42.0843 0408 IpFilterDriver - ok
22:27:42.0875 0408 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:27:43.0015 0408 IpInIp - ok
22:27:43.0046 0408 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:27:43.0218 0408 IpNat - ok
22:27:43.0234 0408 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:27:43.0390 0408 IPSec - ok
22:27:43.0406 0408 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:27:43.0484 0408 IRENUM - ok
22:27:43.0515 0408 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:27:43.0671 0408 isapnp - ok
22:27:43.0703 0408 ivusb (de96bbf842059a67d876b692076d8875) C:\WINDOWS\system32\DRIVERS\ivusb.sys
22:27:43.0718 0408 ivusb - ok
22:27:43.0859 0408 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
22:27:43.0890 0408 JavaQuickStarterService - ok
22:27:43.0906 0408 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:27:44.0078 0408 Kbdclass - ok
22:27:44.0093 0408 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:27:44.0234 0408 kbdhid - ok
22:27:44.0281 0408 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\kl1.sys
22:27:44.0296 0408 KL1 - ok
22:27:44.0328 0408 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\WINDOWS\system32\DRIVERS\kl2.sys
22:27:44.0343 0408 kl2 - ok
22:27:44.0375 0408 KLIF (5d92a03045a6a98708975b3d77b39a36) C:\WINDOWS\system32\DRIVERS\klif.sys
22:27:44.0468 0408 KLIF - ok
22:27:44.0500 0408 klim5 (96a7ec308a93da26dfe481308baac2a2) C:\WINDOWS\system32\DRIVERS\klim5.sys
22:27:44.0500 0408 klim5 - ok
22:27:44.0546 0408 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
22:27:44.0562 0408 klmouflt - ok
22:27:44.0578 0408 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:27:44.0781 0408 kmixer - ok
22:27:44.0812 0408 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:27:44.0890 0408 KSecDD - ok
22:27:44.0906 0408 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
22:27:44.0968 0408 lanmanserver - ok
22:27:45.0000 0408 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
22:27:45.0046 0408 lanmanworkstation - ok
22:27:45.0062 0408 lbrtfdc - ok
22:27:45.0093 0408 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
22:27:45.0250 0408 LmHosts - ok
22:27:45.0281 0408 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
22:27:45.0453 0408 Messenger - ok
22:27:45.0468 0408 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:27:45.0640 0408 mnmdd - ok
22:27:45.0671 0408 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
22:27:45.0843 0408 mnmsrvc - ok
22:27:45.0875 0408 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
22:27:46.0031 0408 Modem - ok
22:27:46.0125 0408 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
22:27:46.0406 0408 Monfilt - ok
22:27:46.0640 0408 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:27:46.0796 0408 Mouclass - ok
22:27:46.0828 0408 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:27:47.0000 0408 mouhid - ok
22:27:47.0031 0408 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:27:47.0187 0408 MountMgr - ok
22:27:47.0296 0408 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
22:27:47.0312 0408 MozillaMaintenance - ok
22:27:47.0343 0408 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
22:27:47.0500 0408 MPE - ok
22:27:47.0515 0408 mraid35x - ok
22:27:47.0531 0408 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:27:47.0703 0408 MRxDAV - ok
22:27:47.0750 0408 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:27:47.0937 0408 MRxSmb - ok
22:27:47.0968 0408 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
22:27:48.0140 0408 MSDTC - ok
22:27:48.0156 0408 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:27:48.0312 0408 Msfs - ok
22:27:48.0328 0408 MSIServer - ok
22:27:48.0375 0408 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:27:48.0515 0408 MSKSSRV - ok
22:27:48.0531 0408 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:27:48.0687 0408 MSPCLOCK - ok
22:27:48.0718 0408 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:27:48.0859 0408 MSPQM - ok
22:27:48.0890 0408 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:27:49.0031 0408 mssmbios - ok
22:27:49.0062 0408 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:27:49.0187 0408 MSTEE - ok
22:27:49.0218 0408 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
22:27:49.0265 0408 MTsensor - ok
22:27:49.0312 0408 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:27:49.0343 0408 Mup - ok
22:27:49.0390 0408 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:27:49.0578 0408 NABTSFEC - ok
22:27:49.0625 0408 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
22:27:49.0781 0408 napagent - ok
22:27:49.0812 0408 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:27:49.0968 0408 NDIS - ok
22:27:50.0000 0408 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:27:50.0156 0408 NdisIP - ok
22:27:50.0187 0408 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:27:50.0234 0408 NdisTapi - ok
22:27:50.0250 0408 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:27:50.0375 0408 Ndisuio - ok
22:27:50.0406 0408 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:27:50.0562 0408 NdisWan - ok
22:27:50.0656 0408 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:27:50.0703 0408 NDProxy - ok
22:27:50.0734 0408 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:27:50.0859 0408 NetBIOS - ok
22:27:50.0890 0408 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:27:51.0046 0408 NetBT - ok
22:27:51.0093 0408 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
22:27:51.0234 0408 NetDDE - ok
22:27:51.0234 0408 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
22:27:51.0390 0408 NetDDEdsdm - ok
22:27:51.0421 0408 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:27:51.0562 0408 Netlogon - ok
22:27:51.0968 0408 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
22:27:52.0140 0408 Netman - ok
22:27:52.0218 0408 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:27:52.0250 0408 NetTcpPortSharing - ok
22:27:52.0281 0408 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
22:27:52.0328 0408 Nla - ok
22:27:52.0453 0408 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Programme\CDBurnerXP\NMSAccessU.exe
22:27:52.0468 0408 NMSAccessU - ok
22:27:52.0500 0408 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:27:52.0625 0408 Npfs - ok
22:27:52.0671 0408 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:27:52.0953 0408 Ntfs - ok
22:27:52.0984 0408 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:27:53.0125 0408 NtLmSsp - ok
22:27:53.0156 0408 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
22:27:53.0406 0408 NtmsSvc - ok
22:27:53.0437 0408 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:27:53.0562 0408 Null - ok
22:27:53.0640 0408 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:27:53.0796 0408 NwlnkFlt - ok
22:27:53.0828 0408 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:27:53.0953 0408 NwlnkFwd - ok
22:27:54.0125 0408 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
22:27:54.0218 0408 odserv - ok
22:27:54.0281 0408 OpenVPNService (cec6fd00b96e05ec0f3a0a99f138182c) C:\Programme\OpenVPN\bin\openvpnserv.exe
22:27:54.0281 0408 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
22:27:54.0281 0408 OpenVPNService - detected UnsignedFile.Multi.Generic (1)
22:27:54.0328 0408 ose (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
22:27:54.0343 0408 ose - ok
22:27:54.0406 0408 PAC207 (9482616a0f87384c5afb5f34a317bf6c) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
22:27:54.0515 0408 PAC207 ( UnsignedFile.Multi.Generic ) - warning
22:27:54.0515 0408 PAC207 - detected UnsignedFile.Multi.Generic (1)
22:27:54.0546 0408 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
22:27:54.0703 0408 Parport - ok
22:27:54.0984 0408 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:27:55.0140 0408 PartMgr - ok
22:27:55.0156 0408 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:27:55.0328 0408 ParVdm - ok
22:27:55.0343 0408 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
22:27:55.0500 0408 PCI - ok
22:27:55.0500 0408 PCIDump - ok
22:27:55.0531 0408 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:27:55.0750 0408 PCIIde - ok
22:27:55.0765 0408 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:27:55.0906 0408 Pcmcia - ok
22:27:56.0078 0408 PD91Agent (c580cc0a6e77f00ee3aa61ad0a1e2dd7) C:\Programme\PerfectDisk2008\PD91Agent.exe
22:27:56.0218 0408 PD91Agent - ok
22:27:56.0343 0408 PD91Engine (e4d1f39822c1c5d404b03f0ad7b44dc5) C:\Programme\PerfectDisk2008\PD91Engine.exe
22:27:56.0546 0408 PD91Engine - ok
22:27:56.0812 0408 PDCOMP - ok
22:27:56.0828 0408 PDFRAME - ok
22:27:56.0828 0408 PDRELI - ok
22:27:56.0843 0408 PDRFRAME - ok
22:27:56.0859 0408 perc2 - ok
22:27:56.0859 0408 perc2hib - ok
22:27:56.0906 0408 pfc (c4aa89518e8a2934eaf503c9587ff157) C:\WINDOWS\system32\drivers\pfc.sys
22:27:56.0921 0408 pfc ( UnsignedFile.Multi.Generic ) - warning
22:27:56.0921 0408 pfc - detected UnsignedFile.Multi.Generic (1)
22:27:56.0953 0408 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
22:27:57.0000 0408 PlugPlay - ok
22:27:57.0015 0408 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:27:57.0156 0408 PolicyAgent - ok
22:27:57.0187 0408 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:27:57.0328 0408 PptpMiniport - ok
22:27:57.0359 0408 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
22:27:57.0515 0408 Processor - ok
22:27:57.0531 0408 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:27:57.0656 0408 ProtectedStorage - ok
22:27:57.0687 0408 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:27:57.0828 0408 PSched - ok
22:27:57.0859 0408 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:27:58.0015 0408 Ptilink - ok
22:27:58.0046 0408 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:27:58.0062 0408 PxHelp20 - ok
22:27:58.0078 0408 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
22:27:58.0203 0408 QCDonner - ok
22:27:58.0218 0408 ql1080 - ok
22:27:58.0218 0408 Ql10wnt - ok
22:27:58.0234 0408 ql12160 - ok
22:27:58.0234 0408 ql1240 - ok
22:27:58.0250 0408 ql1280 - ok
22:27:58.0265 0408 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:27:58.0406 0408 RasAcd - ok
22:27:58.0437 0408 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
22:27:58.0578 0408 RasAuto - ok
22:27:58.0609 0408 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:27:58.0765 0408 Rasl2tp - ok
22:27:58.0796 0408 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
22:27:58.0953 0408 RasMan - ok
22:27:58.0968 0408 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:27:59.0125 0408 RasPppoe - ok
22:27:59.0140 0408 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:27:59.0281 0408 Raspti - ok
22:27:59.0296 0408 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:27:59.0437 0408 Rdbss - ok
22:27:59.0437 0408 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:27:59.0703 0408 RDPCDD - ok
22:27:59.0718 0408 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:27:59.0875 0408 rdpdr - ok
22:27:59.0906 0408 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
22:27:59.0953 0408 RDPWD - ok
22:27:59.0984 0408 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
22:28:00.0140 0408 RDSessMgr - ok
22:28:00.0171 0408 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:28:00.0328 0408 redbook - ok
22:28:00.0343 0408 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
22:28:00.0484 0408 RemoteAccess - ok
22:28:00.0515 0408 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
22:28:00.0718 0408 RemoteRegistry - ok
22:28:00.0796 0408 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
22:28:00.0953 0408 RpcLocator - ok
22:28:01.0000 0408 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
22:28:01.0078 0408 RpcSs - ok
22:28:01.0109 0408 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
22:28:01.0265 0408 RSVP - ok
22:28:01.0312 0408 RTLE8023xp (25be98c05808c57e4d8d26477dc12d39) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:28:01.0390 0408 RTLE8023xp - ok
22:28:01.0437 0408 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
22:28:01.0562 0408 SamSs - ok
22:28:01.0625 0408 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
22:28:01.0765 0408 SCardSvr - ok
22:28:01.0812 0408 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
22:28:01.0968 0408 Schedule - ok
22:28:02.0015 0408 SE27bus (59a9eb4073a39895af314780d0a032fa) C:\WINDOWS\system32\DRIVERS\SE27bus.sys
22:28:02.0015 0408 SE27bus ( UnsignedFile.Multi.Generic ) - warning
22:28:02.0015 0408 SE27bus - detected UnsignedFile.Multi.Generic (1)
22:28:02.0046 0408 SE27mdfl (d53e7e53107d1796825540129f8fe89f) C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
22:28:02.0062 0408 SE27mdfl ( UnsignedFile.Multi.Generic ) - warning
22:28:02.0062 0408 SE27mdfl - detected UnsignedFile.Multi.Generic (1)
22:28:02.0093 0408 SE27mdm (2afa2f65a6e91da5b5070e734769827e) C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
22:28:02.0109 0408 SE27mdm ( UnsignedFile.Multi.Generic ) - warning
22:28:02.0109 0408 SE27mdm - detected UnsignedFile.Multi.Generic (1)
22:28:02.0156 0408 SE27mgmt (5a33a8d7b44c7bd8abe248b4dcd1ff3c) C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
22:28:02.0171 0408 SE27mgmt ( UnsignedFile.Multi.Generic ) - warning
22:28:02.0171 0408 SE27mgmt - detected UnsignedFile.Multi.Generic (1)
22:28:02.0187 0408 se27nd5 (bb30139683bbf3ee89ec931393d9335c) C:\WINDOWS\system32\DRIVERS\se27nd5.sys
22:28:02.0203 0408 se27nd5 ( UnsignedFile.Multi.Generic ) - warning
22:28:02.0203 0408 se27nd5 - detected UnsignedFile.Multi.Generic (1)
22:28:02.0218 0408 SE27obex (5da6ff71e94b9134ddd094ebb09f05e6) C:\WINDOWS\system32\DRIVERS\SE27obex.sys
22:28:02.0250 0408 SE27obex ( UnsignedFile.Multi.Generic ) - warning
22:28:02.0250 0408 SE27obex - detected UnsignedFile.Multi.Generic (1)
22:28:02.0281 0408 se27unic (4d54a9d7c22157ab3d2442e8bcf5ecd2) C:\WINDOWS\system32\DRIVERS\se27unic.sys
22:28:02.0328 0408 se27unic ( UnsignedFile.Multi.Generic ) - warning
22:28:02.0328 0408 se27unic - detected UnsignedFile.Multi.Generic (1)
22:28:02.0359 0408 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:28:02.0421 0408 Secdrv - ok
22:28:02.0453 0408 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
22:28:02.0656 0408 seclogon - ok
22:28:02.0671 0408 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
22:28:02.0828 0408 SENS - ok
22:28:02.0843 0408 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:28:03.0328 0408 serenum - ok
22:28:03.0328 0408 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
22:28:03.0468 0408 Serial - ok
22:28:03.0500 0408 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:28:03.0656 0408 Sfloppy - ok
22:28:03.0703 0408 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
22:28:03.0890 0408 SharedAccess - ok
22:28:03.0921 0408 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
22:28:03.0937 0408 ShellHWDetection - ok
22:28:03.0953 0408 Simbad - ok
22:28:04.0093 0408 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Programme\Skype\Updater\Updater.exe
22:28:04.0125 0408 SkypeUpdate - ok
22:28:04.0156 0408 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:28:04.0281 0408 SLIP - ok
22:28:04.0296 0408 Sparrow - ok
22:28:04.0343 0408 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:28:04.0468 0408 splitter - ok
22:28:04.0500 0408 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:28:04.0546 0408 Spooler - ok
22:28:04.0562 0408 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
22:28:04.0656 0408 sr - ok
22:28:04.0671 0408 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
22:28:04.0750 0408 srservice - ok
22:28:04.0796 0408 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:28:04.0921 0408 Srv - ok
22:28:04.0968 0408 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
22:28:05.0046 0408 SSDPSRV - ok
22:28:05.0078 0408 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
22:28:05.0109 0408 ss_bbus - ok
22:28:05.0125 0408 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
22:28:05.0140 0408 ss_bmdfl - ok
22:28:05.0171 0408 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
22:28:05.0187 0408 ss_bmdm - ok
22:28:05.0218 0408 ss_bus (54946449a0eb74915a4bb34f7ee51a5a) C:\WINDOWS\system32\DRIVERS\ss_bus.sys
22:28:05.0234 0408 ss_bus - ok
22:28:05.0265 0408 ss_mdfl (4450bc0b2e9d7d9b90e3c3de4ea00a78) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
22:28:05.0281 0408 ss_mdfl - ok
22:28:05.0296 0408 ss_mdm (30b8d0dd01ead1243f329caf7d7d1517) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
22:28:05.0312 0408 ss_mdm - ok
22:28:05.0375 0408 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
22:28:05.0562 0408 stisvc - ok
22:28:05.0578 0408 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:28:05.0734 0408 streamip - ok
22:28:05.0765 0408 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:28:05.0906 0408 swenum - ok
22:28:05.0921 0408 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:28:06.0062 0408 swmidi - ok
22:28:06.0078 0408 SwPrv - ok
22:28:06.0093 0408 symc810 - ok
22:28:06.0093 0408 symc8xx - ok
22:28:06.0109 0408 sym_hi - ok
22:28:06.0109 0408 sym_u3 - ok
22:28:06.0125 0408 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:28:06.0265 0408 sysaudio - ok
22:28:06.0296 0408 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
22:28:06.0453 0408 SysmonLog - ok
22:28:06.0500 0408 tap0801 (0c82061920a2de35d33c2c2bb83b1e98) C:\WINDOWS\system32\DRIVERS\tap0801.sys
22:28:06.0531 0408 tap0801 ( UnsignedFile.Multi.Generic ) - warning
22:28:06.0531 0408 tap0801 - detected UnsignedFile.Multi.Generic (1)
22:28:06.0781 0408 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
22:28:06.0953 0408 TapiSrv - ok
22:28:07.0015 0408 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:28:07.0093 0408 Tcpip - ok
22:28:07.0125 0408 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:28:07.0234 0408 TDPIPE - ok
22:28:07.0265 0408 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:28:07.0390 0408 TDTCP - ok
22:28:07.0421 0408 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:28:07.0546 0408 TermDD - ok
22:28:07.0656 0408 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
22:28:07.0812 0408 TermService - ok
22:28:07.0843 0408 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
22:28:07.0859 0408 Themes - ok
22:28:07.0890 0408 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
22:28:07.0968 0408 TlntSvr - ok
22:28:07.0984 0408 TosIde - ok
22:28:08.0015 0408 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
22:28:08.0156 0408 TrkWks - ok
22:28:08.0234 0408 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
22:28:08.0250 0408 TVICHW32 ( UnsignedFile.Multi.Generic ) - warning
22:28:08.0250 0408 TVICHW32 - detected UnsignedFile.Multi.Generic (1)
22:28:08.0281 0408 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:28:08.0421 0408 Udfs - ok
22:28:08.0437 0408 ultra - ok
22:28:08.0484 0408 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:28:08.0687 0408 Update - ok
22:28:08.0718 0408 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
22:28:08.0796 0408 upnphost - ok
22:28:08.0812 0408 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
22:28:08.0953 0408 UPS - ok
22:28:09.0000 0408 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:28:09.0125 0408 usbccgp - ok
22:28:09.0156 0408 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:28:09.0312 0408 usbehci - ok
22:28:09.0343 0408 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:28:09.0468 0408 usbhub - ok
22:28:09.0484 0408 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:28:09.0656 0408 usbohci - ok
22:28:09.0687 0408 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:28:09.0828 0408 usbprint - ok
22:28:09.0843 0408 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:28:09.0984 0408 usbscan - ok
22:28:10.0015 0408 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:28:10.0156 0408 USBSTOR - ok
22:28:10.0156 0408 VClone - ok
22:28:10.0187 0408 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:28:10.0312 0408 VgaSave - ok
22:28:10.0328 0408 ViaIde - ok
22:28:10.0359 0408 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
22:28:10.0484 0408 VolSnap - ok
22:28:10.0546 0408 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
22:28:10.0640 0408 VSS - ok
22:28:10.0656 0408 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
22:28:10.0796 0408 W32Time - ok
22:28:10.0828 0408 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:28:10.0968 0408 Wanarp - ok
22:28:11.0000 0408 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
22:28:11.0031 0408 wceusbsh - ok
22:28:11.0046 0408 WDICA - ok
22:28:11.0062 0408 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:28:11.0203 0408 wdmaud - ok
22:28:11.0234 0408 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
22:28:11.0375 0408 WebClient - ok
22:28:11.0437 0408 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:28:11.0656 0408 winmgmt - ok
22:28:11.0687 0408 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
22:28:11.0750 0408 WmdmPmSN - ok
22:28:11.0812 0408 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
22:28:11.0937 0408 Wmi - ok
22:28:11.0984 0408 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:28:12.0125 0408 WmiApSrv - ok
22:28:12.0281 0408 WMPNetworkSvc (d3dbd6e76f4be9bee67eb631488b5f29) C:\Programme\Windows Media Player\WMPNetwk.exe
22:28:12.0468 0408 WMPNetworkSvc - ok
22:28:12.0531 0408 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:28:12.0562 0408 WpdUsb - ok
22:28:12.0593 0408 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:28:12.0734 0408 WS2IFSL - ok
22:28:12.0765 0408 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
22:28:12.0906 0408 wscsvc - ok
22:28:12.0906 0408 WSearch - ok
22:28:12.0937 0408 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:28:13.0062 0408 WSTCODEC - ok
22:28:13.0093 0408 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
22:28:13.0234 0408 wuauserv - ok
22:28:13.0265 0408 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:28:13.0312 0408 WudfPf - ok
22:28:13.0328 0408 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:28:13.0375 0408 WudfRd - ok
22:28:13.0390 0408 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:28:13.0406 0408 WudfSvc - ok
22:28:13.0453 0408 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
22:28:13.0640 0408 WZCSVC - ok
22:28:13.0671 0408 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
22:28:13.0812 0408 xmlprov - ok
22:28:13.0859 0408 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
22:28:14.0343 0408 \Device\Harddisk0\DR0 - ok
22:28:14.0359 0408 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
22:28:14.0593 0408 \Device\Harddisk1\DR2 - ok
22:28:14.0671 0408 Boot (0x1200) (518318c53183458ea1fbdd0f8ff49eb6) \Device\Harddisk0\DR0\Partition0
22:28:14.0671 0408 \Device\Harddisk0\DR0\Partition0 - ok
22:28:14.0687 0408 Boot (0x1200) (1ada3c31995f254b52f9afdc5189d9e3) \Device\Harddisk1\DR2\Partition0
22:28:14.0687 0408 \Device\Harddisk1\DR2\Partition0 - ok
22:28:14.0687 0408 ============================================================
22:28:14.0687 0408 Scan finished
22:28:14.0687 0408 ============================================================
22:28:14.0796 2256 Detected object count: 19
22:28:14.0796 2256 Actual detected object count: 19
22:30:13.0250 2256 BsStor ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:13.0250 2256 BsStor ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:13.0250 2256 BsUDF ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:13.0250 2256 BsUDF ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:13.0250 2256 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:13.0250 2256 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:13.0250 2256 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:13.0250 2256 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:13.0250 2256 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:13.0250 2256 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:13.0250 2256 FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:13.0250 2256 FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:13.0250 2256 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:13.0250 2256 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:13.0250 2256 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:13.0250 2256 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:13.0250 2256 PAC207 ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:13.0250 2256 PAC207 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:13.0250 2256 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:13.0250 2256 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:13.0250 2256 SE27bus ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:13.0250 2256 SE27bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:13.0250 2256 SE27mdfl ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:13.0250 2256 SE27mdfl ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:13.0265 2256 SE27mdm ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:13.0265 2256 SE27mdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:13.0265 2256 SE27mgmt ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:13.0265 2256 SE27mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:13.0265 2256 se27nd5 ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:13.0265 2256 se27nd5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:13.0265 2256 SE27obex ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:13.0265 2256 SE27obex ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:13.0265 2256 se27unic ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:13.0265 2256 se27unic ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:13.0265 2256 tap0801 ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:13.0265 2256 tap0801 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:13.0265 2256 TVICHW32 ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:13.0265 2256 TVICHW32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
 ! GUTE N8! |
|
19.07.2012, 22:16
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java-Virus-Exploits- Rechner streikt bei gmer. Doch kein 32 bit? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.07.2012, 09:38
| #23 | ||
| |  Java-Virus-Exploits- Rechner streikt bei gmer. Doch kein 32 bit? Hallo, es war wieder anders, als gedacht: Zitat:
Zitat:
Der Rechner zeigte nach ca. 10 Minuten wieder die blaue Meldung wie bei meinem ersten Beitrag zu diesem Themas (siehe jpg v. 11.07.12). Nach Neustart finde ich keine log, weder auf dem Desktop noch unter C:\ Was ich erkenne ist ein aktualisierter Windows-Ordner, in dem neben den Ordnern unendlich viele KB123457 (u.Ä.) Textdokumente sind, eine direkt vor, die letzten 5 nach dem Combifix erstellt, aber ohne den Namen Combofix - eine Datei ist das windows-update über den Zeitraum - aber vermutlich weißt Du, was da zu finden ist. Dann ein vermutlich neuer Combofix-Ordner, der die Übersicht über die auf dem Rechner gespeicherten Dateien abgibt, die ich auch anklicken kann, um in deren Ordner zu gelangen. Außerdem eine Qoobox, die wohl auch erst in dem Rahmen der Combofix-Aktion bearbeitet oder erstellt wurde. Da sind auch wieder 5 Unterordner, einer = Quarantäne. Wenn ich mehr schildern soll oder Screenshots schicken, bitte um Info wie ich das hier her senden kann (Screenshots) und was es sein soll. Muss ich beunruhigt sein, weil sich mein Rechner so unagepasst verhält?  Dank und Gruß! |
|
20.07.2012, 16:02
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java-Virus-Exploits- Rechner streikt bei gmer. Doch kein 32 bit? Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner Quarantine in C:\Qoobox in eine Datei zippen 3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.07.2012, 16:39
| #25 | |
| | Java-Virus-Exploits- Rechner streikt bei gmer. Doch kein 32 bit?Zitat:
Dank und Gruß! PS: ich mach die Anwendungsdateien wieder unsichtbar, ok? Den Kaspersky werd ich auch morgen deinstallieren und Antivir wieder installieren, die 30 Tage Kaspersky-umsonst laufen ab und ich will den nicht dauerhaft haben - ist das ok oder stört das die Arbeit? |
|
21.07.2012, 14:21
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java-Virus-Exploits- Rechner streikt bei gmer. Doch kein 32 bit? Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und starte das Tool bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.07.2012, 19:53
| #27 | |
| | Java-Virus-Exploits- Rechner streikt bei gmer. Doch kein 32 bit?Zitat:
Kein log - alle Dateien mit Datum von gestern, nur im Quarantine-Ordner ist eine neue txt.Datei. Aufgemacht hab ich die nicht. Spielt es vielleicht eine Rolle, dass ich die CF.exe nicht direkt auf dem desktop, sondern (so wie alle anderen bisher) in einem Ordner "Trojanertools" auf dem Desktop speichere? (um den Überblick nicht zu verlieren). Außerdem wird mir gerade klar, dass ich die Ordneransicht ("geschützte Systemdateien ausblenden" usw.) dieses Mal nach dem Hochladen über den Upload Channel vergessen habe, wieder zurück zu stellen. Jetzt eben hab ich es wieder eingestellt; das hat aber vermute ich nichts mit dem Problem hier zu tun, oder? Quarantine zippen und senden? Gruß und Dank! jetzt kam auf dem USB-Stick, den ich vorher auch über den USB-HUB an obigem Rechner hatte - diese Meldung auf dem Netbook: http://www.trojaner-board.de/120070-...tml#post870881 wieso da jetzt < hxxp:// ... > steht, weiß ich nicht - ich hatte lediglich copy-paste gemacht. Also das meinte ich eben: hxxp://www.trojaner-board.de/120070-usb-stick-enthaelt-erkennungsmuster-adware-adware-adware-gen.html |
|
23.07.2012, 14:09
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java-Virus-Exploits- Rechner streikt bei gmer. Doch kein 32 bit? Die combofix.exe sollte schon auf dem Desktop sein! Halte dich einfach genau an die Anleitungen! Probier CF notfalls im abgesicherten Modus mit Netzwerktreibern aus!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.07.2012, 10:34
| #29 |
| | Java-Virus-Exploits- Rechner streikt bei gmer. Doch kein 32 bit? ok, direkt vom Desktop aus gings auch nicht. Weder F5 noch F( brachten (in Variationen getestet) den abgesicherten Modus. Ich habs dann nach einer BEschreibung der TU-Berlin (Hoax-Info etc.) über msconfig gestartet - ich hoffe, auf welche Art lässt sich der log-Datei entnehmen -das geht weit über mein Verständnis hinaus... sch.. wo sind denn diese eckigen Klammern - ich muss die immer kopieren, oder gehts auch mit den runden? (gut, nee, geht nicht, die sind aber eingebaut, wie nett ;-)) Combofix Logfile: Code:
ATTFilter ComboFix 12-07-24.01 - xxx 24.07.2012 10:45:04.4.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.958.753 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\xxx\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\windows\EventSystem.log
c:\windows\IsUn0407.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-24 bis 2012-07-24 ))))))))))))))))))))))))))))))
.
.
2012-07-24 08:31 . 2012-07-24 08:32 -------- d-----w- c:\dokumente und einstellungen\Administrator
2012-07-18 15:05 . 2012-07-19 00:01 -------- d-----w- C:\_OTL
2012-07-15 10:04 . 2012-07-15 10:04 -------- d-----w- c:\programme\ESET
2012-07-15 07:25 . 2012-07-15 07:25 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-07-15 07:25 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 07:58 . 2012-04-26 07:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-15 07:58 . 2011-05-23 21:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2008-09-07 13:28 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-09-07 13:28 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-09-07 12:47 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-09-07 12:47 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-09-07 12:47 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-09-07 13:28 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-09-07 13:28 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-09-07 12:47 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-09-07 12:47 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-08-04 10:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-09-07 13:28 23576 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-09-07 12:47 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-09-07 12:47 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2010-08-30 08:56 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-08-30 08:56 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-08-30 08:56 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 10:00 604160 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2006-03-04 03:34 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2004-08-04 10:00 1863296 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:40 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2005-03-30 17:36 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2005-03-30 17:36 2071424 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-04 17:29 . 2012-06-22 12:42 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 17:29 . 2012-06-22 12:42 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-04 17:29 . 2010-12-01 19:40 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-02 13:46 . 2008-09-07 12:45 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2010-09-20 10:25 . 2010-09-20 10:24 19657194 ----a-w- c:\programme\vlc-1.1.4-win32.exe
2012-06-19 12:29 . 2011-06-22 21:10 85472 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . B128FC0A5CD83F669D5DE4B58F77C7D6 . 25216 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . D8653DCD80CF2EBB333FC4FCC43A7DEF . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 183805EB05BCA5A1E4AAAED4D2BE3690 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2004-08-04 . CDF4DA6B518105343FE9E8AFBBF8FBF4 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
.
[-] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-04 10:00 . 4B9D9E2708019763C5A72DA776DB1158 . 846848 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 3A5E54A9AB96EF2D273B58136FB58EFE . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . D3D765E8455A961AE567B408F767D4F9 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2004-08-04 . 9F28FF58D6D67B123272869D89D14004 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
.
[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . F0A7D59AF279326528715B206669B86C . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . EDB6B81761BD60F32F740BBC40AFB676 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2004-08-04 . 54E7113A4BD696E430919BCAF5C65E06 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
.
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2010-08-23 . 1438703F3D9FFE111DA3869E4F3EEE73 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 1438703F3D9FFE111DA3869E4F3EEE73 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 2B6ADE29F8D00EEFA5FA2250CBE094AD . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 3C93CE6C6985C55952B7BE6673E9FD15 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2004-08-04 . 2CF914215226B3F7FA1AE4A47E4D261C . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 . 9D0F57B9C65BF8A07DB655A9ED6EB2EE . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 1A5F9DB98DF7955B4C7CBDBF2C638238 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . ADA7241C16F3F42C7F210539FAD5F3AA . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2004-08-04 10:00 . 4E1A8645EE77CB9454FFE53C59620A25 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\es.dll
.
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 94101D13A1818A9D08337EEC12ED277A . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 3EB703BFC2ED26A3D8ACB8626AB2C006 . 1065472 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2004-08-04 . E6CD85D0D37416CF138F01F4BB0FC872 . 1057280 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
.
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-04 . 3898FFF548E2968CB3AC5A71D7F4E425 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
.
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . B4AD65C79F85C61D32C015B11E03CAAD . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2012-05-11 . 610AFC1D924512EEB7797ADD9E5F9455 . 6007808 . . [8.00.6001.19258] . . c:\windows\system32\mshtml.dll
[-] 2012-05-11 . 610AFC1D924512EEB7797ADD9E5F9455 . 6007808 . . [8.00.6001.19258] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2012-05-11 . E3C9C5F75F06CECD02E0BE32E0BE7463 . 6009344 . . [8.00.6001.23345] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\mshtml.dll
[-] 2012-03-01 . C34FC3162FE56D908A7285B5983D03FF . 5978624 . . [8.00.6001.19222] . . c:\windows\ie8updates\KB2699988-IE8\mshtml.dll
[-] 2012-03-01 . AFF12544647103F756962F43BF60C238 . 5980672 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\mshtml.dll
.
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . C536AAD8A71608FE33CD956214EDD366 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2004-08-04 . B30BAA48E5063E71C76280E34E7E4802 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 . 365B3C43810E1CF41B3BE1E7180F583B . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . F1B67B6B0751AE0E6E964B02821206A3 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . F1B67B6B0751AE0E6E964B02821206A3 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . B36E08F680BAE4DFC5C24D00A2DFC9E7 . 247296 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
.
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . D27395EDCD3416AFD125A9370DCB585C . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 5604574D490B798BD9A946B021A766AD . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 64DC26B3CF7BCCAD431CE360A4C625D5 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . F62934BC94299083EBFC8810242D8640 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 65A819B121EB6FDAB4400EA42BDFFE64 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-04 . 4584E2A5FE662AB3E7C32936E1449043 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
.
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2004-08-04 . 56785FD5236D7B22CF471A6DA9DB46D8 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . D1E53DC57143F2584B1DD53B036C0633 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2012-05-16 . CB1B69A4306EAE327DE46277CA3BA9C9 . 916992 . . [8.00.6001.19272] . . c:\windows\system32\wininet.dll
[-] 2012-05-16 . CB1B69A4306EAE327DE46277CA3BA9C9 . 916992 . . [8.00.6001.19272] . . c:\windows\system32\dllcache\wininet.dll
[-] 2012-05-16 . FA932FB2522C5B8436DF9D2290F56A98 . 920064 . . [8.00.6001.23359] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\wininet.dll
[-] 2012-03-01 . 9C4ABC4869FB2EB0E6F38E27A536B325 . 916992 . . [8.00.6001.19222] . . c:\windows\ie8updates\KB2699988-IE8\wininet.dll
[-] 2012-03-01 . 4CF6DBF445D93CAB7986F8EB90F27DEC . 919552 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll
[-] 2011-12-17 . 4C4FA27D15C83B59B16CED7DED66E33D . 916992 . . [8.00.6001.19190] . . c:\windows\ie8updates\KB2675157-IE8\wininet.dll
[-] 2011-12-17 . 48F111BC456924B4F131E9FF11B4925E . 919552 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll
[-] 2011-11-04 . 0BB4286D73CE2CF106F21C7D38C9F85A . 916992 . . [8.00.6001.19165] . . c:\windows\ie8updates\KB2647516-IE8\wininet.dll
[-] 2011-11-04 . C87AFD199FB2BAA77BADC2974815A7A4 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
[-] 2011-08-22 . 5F841994DB0F2B3A3303F8E6ADFDB13E . 916480 . . [8.00.6001.19131] . . c:\windows\ie8updates\KB2618444-IE8\wininet.dll
[-] 2011-08-22 . 15F8399C03B9717AC8F5722649CB017D . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[-] 2011-06-23 . 0BF4985026EF2B7F22B91B3A4A56E222 . 916480 . . [8.00.6001.19098] . . c:\windows\ie8updates\KB2586448-IE8\wininet.dll
[-] 2011-06-23 . 11C398190972B60689CA0E61FEC75C42 . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[-] 2011-04-25 . 64F49D76DBEDDC28C676AF86A8613575 . 916480 . . [8.00.6001.19072] . . c:\windows\ie8updates\KB2559049-IE8\wininet.dll
[-] 2011-04-25 . 69E2C6E3430C34698F72E735646B346E . 919552 . . [8.00.6001.23165] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . 0E05446F197207A173E06A27C70A1DF7 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . A2B8733A4FB67717861CF97DB1F03053 . 916480 . . [8.00.6001.19044] . . c:\windows\ie8updates\KB2530548-IE8\wininet.dll
[-] 2010-12-20 . 4E6109D5651FAB2D9C7ACEBFA5E49076 . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll
[-] 2010-12-20 . B5FF24B723725959D6AE0904F53F74BC . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . 628696B409200762C12C5140C434CBFA . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . 24BC8815BBD3BB53829E0141529E49FD . 916480 . . [8.00.6001.18992] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll
[-] 2010-09-10 . 41E62E6AA4D4C03322467FB0D2D29967 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll
[-] 2010-09-10 . 7B7028B726053782DD9B98B729515567 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 1ACB8E6FAD2A8690CBB41D3229A2B27D . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 5AC0C1733D8C3DE781002F45A678E0FC . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[-] 2010-05-06 . 12C5EEBBC10DB644B44131EE3ECBC430 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[-] 2010-05-06 . B5B9887088B8168D52CB28020CF05498 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-02-25 . 7857131DA01250E02BEE64F1163F6159 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2010-02-25 . 3C41EB3A0EC8E2606B6C906993E11C29 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . F2A70583964128530B7E86B1A13023A7 . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-12-21 . 5E3A3EB3BC5849BE4D5FE2B5F1869783 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 3426FBE495D1825D5C09C84D1E9361C1 . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-10-29 . 0A4248E124C88EDD1E0A93AE93E4DB6A . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-08-29 . 6B985F8E8ACE6A6424BE04A90C1E652A . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2009-08-29 . 11DA6B380B94BAABCFD0854526AFC602 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 3B6D4582FADA3948593C56F96964FEFA . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 6E3E0C6060EFC8B855DFCBC7AE18B377 . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[-] 2009-05-13 . 13521D5B5A6F1A47459909D32409A369 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2009-05-13 . 13521D5B5A6F1A47459909D32409A369 . 915456 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\6288fd9db6b86408ce7baea2379e011e\SP3QFE\wininet.dll
[-] 2009-05-13 . F85681C65CA3CD5D4B0E4CE88FDF6685 . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-05-13 . F85681C65CA3CD5D4B0E4CE88FDF6685 . 915456 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\6288fd9db6b86408ce7baea2379e011e\SP3GDR\wininet.dll
[-] 2009-04-29 . B7E6D6663CB6BC05316FEB978217360D . 827392 . . [7.00.6000.16850] . . c:\windows\ie8\wininet.dll
.
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . D569240A22421D5F670BB6FB6DD522B5 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-04 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-04 . 8193CE5FB09E83F2699FD65BBCBE2FD2 . 153600 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[-] 2011-11-01 . 6AD6619E7523E27B771569C26F408F0A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
[-] 2011-11-01 . 6AD6619E7523E27B771569C26F408F0A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . D684C601EC79D9543D50EB2DB124FE78 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . B28AF7976F2D8109C0DC2CF2460BEDC2 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll
[-] 2010-07-16 . B3D7633CF83B09042A49810A7A72ADED . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2004-08-04 . D700449AD3045E81680C25A79620A171 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
.
[-] 2010-04-16 . 45954AFB7AE6E29B23C56B830C820A11 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 45954AFB7AE6E29B23C56B830C820A11 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . EB2AD9C7DADE6C63F5F933881BA2A430 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-08-04 . E4E40EAFF464EBE7752BAD3D82AF1715 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\ksuser.dll
[-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2004-08-03 . 4721744CE11F385073F6F9F7831752C7 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2009-07-27 . 2DB7D303C36DDD055215052F118E8E75 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 2DB7D303C36DDD055215052F118E8E75 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 927666F4228E3FBBC3D1171581DC8BDC . 135680 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
[-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2004-08-04 . BAC5F7F0C2B8C1B9832594851E0F9914 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 7D3E0BEB62799112F5C9FF717D72BF29 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . 8302DE1C64618D72346DD0034DBC5D9B . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . B932C077D5A65B71B4512544AC404CB4 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 80F7B7198B869C07C98627AF812D68B6 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . AE81CF7D7CFA79CD03E8FB99788A7E09 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . D5E73842F38E24457C63FEF8CEFFBE19 . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 6FA03B462B2FFFE2627171B7FE73EE29 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . 1850BC10DE5DCCCEDE063FC2D0F2CEDA . 297472 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-04 . AE93E415220A4C0112768A0DEE36D28D . 348672 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D45960BE52C3C610D361977057F98C54 . 175616 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-04 . BECD5328E7869807D6557BE4FE60C72F . 175616 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-04 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2008-04-14 . 9843F75E31FB74C5FE757D28150C2B9F . 36864 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\iprip.dll
[-] 2008-04-14 . 9843F75E31FB74C5FE757D28150C2B9F . 36864 . . [5.1.2600.5512] . . c:\windows\system32\iprip.dll
[-] 2008-04-14 . 9843F75E31FB74C5FE757D28150C2B9F . 36864 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\iprip.dll
[-] 2004-08-04 . 6A814B935DB6001A4B80DC7F65E239ED . 36864 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\iprip.dll
.
[-] 2010-09-18 07:18 . 4891FCDAE77486BFB56999AA217651FA . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:52 . 1614669828A32BCD06E1BE6F334BB888 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:52 . 1614669828A32BCD06E1BE6F334BB888 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2004-08-04 10:00 . 31DD27AB47F62D383505F35CA972748B . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . E5215AB942C5AC5F7EB0E54871D7A27C . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2009-01-30 18:33 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\system32\mspmsnsv.dll
[-] 2009-01-30 18:33 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-08-04 10:00 . D68CC4EBF7B03FD770D5962295AD814E . 52736 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll
.
[-] 2012-05-05 . 0A7BFA15D9F9432DB882CD2A174E7F7F . 2071424 . . [5.1.2600.6223] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2012-05-05 . 0A7BFA15D9F9432DB882CD2A174E7F7F . 2071424 . . [5.1.2600.6223] . . c:\windows\system32\ntkrnlpa.exe
[-] 2012-05-05 . 0A7BFA15D9F9432DB882CD2A174E7F7F . 2071424 . . [5.1.2600.6223] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2012-05-05 . 339D9DA45F631C9D9D7132D9F6957943 . 2071424 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe
[-] 2012-04-11 . FCDFEE91E13E7A2433B053A53645EB39 . 2071424 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2707511$\ntkrnlpa.exe
[-] 2012-04-11 . C3124524EDDDA49504AE558352440F65 . 2071424 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[-] 2011-10-26 . 525C18123E6FAF032E3853A4B9D8F255 . 2071680 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntkrnlpa.exe
[-] 2011-10-26 . ADD968B4D4A095407FD5B915F89BA8B5 . 2071680 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 7B1CA0A6C042E4B90A18B49ED73CBA76 . 2071680 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . 59BCD807F5FC0AB291E9EA1E2CB598B1 . 2071680 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
[-] 2010-04-28 . 4EACA49489EB3C4A2E83C5546EB5884C . 2069248 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-28 . 989290FBD9A7E90CD8B8E9C96817804D . 2069120 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[-] 2010-02-16 . 9F24D01B6027FED0423FD28F1055E3DD . 2069120 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . CEE28C8C47E52F185F9F8F3A2E31880C . 2069248 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-10 . 2E72317A93EF61138E43DCF7CD423EDF . 2068480 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . ADB6D671931D876CD7D53A5E2C147DBB . 2068352 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-08-04 . C50ED62BB5CDC5AD4F3985ED39C6AE87 . 2068480 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 602A85B23E5D9E6402D7205AFBE6FEB4 . 2068352 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165-v2$\ntkrnlpa.exe
[-] 2009-02-10 . 321917CFF934663C48C1E91A930E5D71 . 2068352 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
.
[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 10:00 . 428AA946A8D9F32DBB4260C8E6E13377 . 438272 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-04 . 09D4A2D7C5A8ABEC227D118765FAADDF . 185856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 7DB3393F98E4211F5CE8F003DE0615CF . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . 20AE7889467887B869F30308EEED9A2A . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . CAC545A56482DE01640E6B791DE19944 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 10:00 . 1404D3DD4ED4F5E2A938B43794049A81 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 007BFD01772B5202C5CE4F208A2F3F46 . 41984 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-04 . 4EF2FDC0A085C8339ED4D9C59CE8FC60 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2012-05-05 . 6005B4877E0E9AFB992615A0D5130D11 . 2194944 . . [5.1.2600.6223] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2012-05-05 . 6005B4877E0E9AFB992615A0D5130D11 . 2194944 . . [5.1.2600.6223] . . c:\windows\system32\ntoskrnl.exe
[-] 2012-05-05 . 6005B4877E0E9AFB992615A0D5130D11 . 2194944 . . [5.1.2600.6223] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2012-05-05 . C11516E90F6D8C45329A070429392A04 . 2194944 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
[-] 2012-04-11 . 0D7DD9F68FA1B5D4A5571B0D53A8DF48 . 2194944 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2707511$\ntoskrnl.exe
[-] 2012-04-11 . 35BEC26067274CCFE4BE16CA22E54557 . 2194944 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[-] 2011-10-26 . 8B4FC0BCA12CABFDE8C2E49B1B9A65E6 . 2195072 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntoskrnl.exe
[-] 2011-10-26 . 43BA9F58FD87BBF57F958C06241F2C9C . 2195072 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 2A5A8BE47E1F8E55520FB4031E21D129 . 2195072 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . B7EF0123C501FFD1B47A86B44E710FD2 . 2195072 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
[-] 2010-04-28 . FE9DA2C577DF69771B31183EF5684BE8 . 2192256 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[-] 2010-04-28 . 6AF2E8CEB03F7CB3B8183359563DBB87 . 2192384 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-17 . 786F98EFD090AD93F03E3BD95FB68714 . 2192256 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . 4456016C2FF1A8CCCAC8309C9B76E2F5 . 2192384 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-10 . A97847B2D30F4A299B35239D26BAD948 . 2191616 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165-v2\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . F71185C58C105BDB2BE1AEEAF4198F6E . 2191488 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-04 . 121AEDCE2F5A65D63C9D51B9198FA7B3 . 2191488 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165-v2$\ntoskrnl.exe
[-] 2009-08-04 . 4B86421F2D85D9A4ECB06885C40B8EEB . 2191616 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
.
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-04 . C6D874CD2A5B83CD11CDEBD28A638584 . 176640 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2004-08-04 . 7E751068ADA60FC77638622E86A7CD9E . 333824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-04 . 32641AE4D340C1AC2D9B3A3BD71F5C47 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2004-08-04 . 84028E2EBE7A25494766673A5FF4B304 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\dokumente und einstellungen\xxx\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\dokumente und einstellungen\xxx\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\dokumente und einstellungen\xxx\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\dokumente und einstellungen\xxx\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-09 401491]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\xxx\Startmenü\Programme\Autostart\
Antroposofischer Seelenkalender.lnk - c:\programme\AntroVista\Seelenkalender\start.hta [2009-6-24 12180]
Dropbox.lnk - c:\dokumente und einstellungen\xxx\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
FRITZ!DSL Protect.lnk - c:\programme\FRITZ!DSL\FwebProt.exe [2007-9-7 1070384]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat - Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk
backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Audible Download Manager.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^QLink.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\QLink.lnk
backup=c:\windows\pss\QLink.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-08-30 11:24 624056 ----a-w- c:\programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59 937920 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 15:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22 59240 ----a-w- c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2004-02-09 09:32 401491 ----a-w- c:\programme\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2002-06-26 02:38 1044480 ------w- c:\program files\ahead\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 08:50 155648 ------w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]
2005-08-18 10:54 102400 ----a-w- c:\programme\OpenVPN\bin\openvpn-gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-02-03 16:32 18085888 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35 90112 ----a-w- c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"idsvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"gusvc"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=2 (0x2)
"wuauserv"=2 (0x2)
"WSearch"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=2 (0x2)
"TrkWks"=2 (0x2)
"TlntSvr"=3 (0x3)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"SkypeUpdate"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"PD91Engine"=3 (0x3)
"PD91Agent"=2 (0x2)
"OpenVPNService"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"NMSAccessU"=2 (0x2)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Messenger"=2 (0x2)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ImapiService"=3 (0x3)
"IGDCTRL"=2 (0x2)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"FsUsbExService"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"ClipSrv"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BITS"=3 (0x3)
"AudioSrv"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\german\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\InstTool.exe"=
"c:\\Dokumente und Einstellungen\\xxx\\Lokale Einstellungen\\Anwendungsdaten\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Dokumente und Einstellungen\\xxx\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [17.10.2010 21:57 9344]
S2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [17.10.2010 21:57 433920]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.02.2009 21:07 1684736]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [12.06.2011 13:10 20032]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [12.06.2011 10:36 36640]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [29.07.2010 00:25 25112]
S3 PAC207;USB PC Camera;c:\windows\system32\drivers\PFC027.SYS [15.02.2009 20:37 616064]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [12.06.2011 10:33 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [12.06.2011 10:33 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [12.06.2011 10:33 123648]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [01.10.2006 14:37 26624]
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 07:58]
.
2012-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-22 21:37]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-22 21:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\hmrqqgos.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - thehungersite.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-VirtualCloneDrive - c:\programme\VirtualCloneDrive\VCDDaemon.exe
HKLM_ActiveSetup-ccc-core-static - msiexec
AddRemove-Windows CE Services - c:\windows\ISUN0407.EXE
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\programme\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\programme\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\programme\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\programme\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\programme\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\programme\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\programme\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\programme\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\programme\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\programme\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-24 10:59
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-602162358-682003330-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(252)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-07-24 11:11:21
ComboFix-quarantined-files.txt 2012-07-24 09:11
.
Vor Suchlauf: 19 Verzeichnis(se), 218.664.837.120 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 219.870.679.040 Bytes frei
.
- - End Of File - - 7EE48D9A801927B3308874AB84BAEE75
einen schönen Tag und - wo ist denn das "Dankeschön"? Naja, das jedenfalls will ich sagen! |
|
24.07.2012, 19:46
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java-Virus-Exploits- Rechner streikt bei gmer. Doch kein 32 bit? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Java-Virus-Exploits- Rechner streikt bei gmer. Doch kein 32 bit? |
| 32 bit, adobe after effects, alternate, antivir, audacity, audiograbber, avira searchfree toolbar, bildschirm, bonjour, ccc.exe, cdburnerxp, converter, desktop, dllhost.exe, error, firefox, flash player, google earth, java/inject.f, kaspersky, logfile, microsoft office word, mom.exe, monitor.exe, mozilla, mp3, nt.dll, object, office 2007, plug-in, realtek, registry, revo uninstaller, searchscopes, security, software, starten, super, svchost.exe, tastatur, trojaner, verweise, windows, windows internet |
Linear-Darstellung
