| |
| |||||||
Log-Analyse und Auswertung: emisoft logfileWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.03.2013, 15:11
| #1 |
| |  emisoft logfile Emsisoft Anti-Malware - Version 7.0 Letztes Update: 01.03.2013 11:47:23 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Riskware-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 01.03.2013 11:47:59 C:\Users\****\AppData\Local\Smartbar\Application\QuickShare.exe gefunden: Adware.MSIL.Agent.AMN (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\microsoft\windows\currentversion\run -> licensevalidator gefunden: Trace.Registry.Trojan-Dropper.Win32.Inject (A) C:\Users\*****\AppData\Roaming\fk1xxx.e2ts gefunden: Trace.File.Injector (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\pokerinstaller -> fullpath gefunden: Trace.Registry.Pacific Poker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\pokerinstaller -> INSTALLER_GUID gefunden: Trace.Registry.Pacific Poker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\pokerinstaller -> URL_CASINO_2 gefunden: Trace.Registry.Pacific Poker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> 1 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> 10 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> 2 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> 4 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> 5 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> 6 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> 7 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> 9 gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> AdsLastKnownState gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> BlackjackVoice gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> EnableCardAnimations gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> EnableCongratulations gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> EnableSounds gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> FourColourDeck gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> HHEnableLog gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> HHLogDays gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> HHLogSize gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> InitialPort gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> MuckLosingHand gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> SearchHiding gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> TableType gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> useCount gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming -> AutoLoginToOtherGames gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming -> CFDialogShown gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming -> FreshInstall gefunden: Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming -> OldCFformat gefunden: Trace.Registry.PartyPoker (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\pacificpoker gefunden: Trace.Registry.PacificPoker (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\pacificpoker\poker gefunden: Trace.Registry.PacificPoker (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\pacificpoker\poker\init gefunden: Trace.Registry.PacificPoker (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\pokerinstaller gefunden: Trace.Registry.PacificPoker (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\mgs\thumper\casino gefunden: Trace.Registry.CasinoAction (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\microgaming gefunden: Trace.Registry.CasinoAction (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\microgaming\thumper gefunden: Trace.Registry.CasinoAction (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\microgaming\thumper\casino gefunden: Trace.Registry.CasinoAction (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\microsoft\windows\currentversion\ext\stats\{963b125b-8b21-49a2-a3a8-e37092276531} gefunden: Trace.Registry.GetStyles (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\microsoft\windows\currentversion\ext\stats\{963b125b-8b21-49a2-a3a8-e37092276531}\iexplore gefunden: Trace.Registry.GetStyles (A) C:\Program Files\GadgetBox\uninstall.exe gefunden: Malware.Win32.AMN (A) C:\Program Files\Yontoo\YontooIEClient.dll gefunden: Adware.Win32.Yontoo.AMN (A) C:\ProgramData\GBox\runtime.dll gefunden: Trojan.Win32.GenUpdater.AMN (A) C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll gefunden: Adware.Win32.Yontoo.AMN (A) C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll gefunden: Adware.Win32.Yontoo.AMN (A) C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll gefunden: Adware.Win32.Yontoo.AMN (A) C:\Users\*****\AppData\Local\promo.exe gefunden: Trojan.Win32.SoGeInstaller.AMN (A) C:\Users\*****\AppData\Local\Temp\DM\microsoft-office-word-viewer-2007_027\DomaIQ10.exe gefunden: Trojan.Win32.DomaIQ.AMN (A) Gescannt 616301 Gefunden 50 Scan Ende: 01.03.2013 14:11:34 Scan Zeit: 2:23:35 C:\Users\*****\AppData\Local\Temp\DM\microsoft-office-word-viewer-2007_027\DomaIQ10.exe Quarantäne Trojan.Win32.DomaIQ.AMN (A) C:\Users\*****\AppData\Local\promo.exe Quarantäne Trojan.Win32.SoGeInstaller.AMN (A) C:\ProgramData\GBox\runtime.dll Quarantäne Trojan.Win32.GenUpdater.AMN (A) C:\Program Files\Yontoo\YontooIEClient.dll Quarantäne Adware.Win32.Yontoo.AMN (A) C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Quarantäne Adware.Win32.Yontoo.AMN (A) C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll Quarantäne Adware.Win32.Yontoo.AMN (A) C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll Quarantäne Adware.Win32.Yontoo.AMN (A) C:\Program Files\GadgetBox\uninstall.exe Quarantäne Malware.Win32.AMN (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\microsoft\windows\currentversion\ext\stats\{963b125b-8b21-49a2-a3a8-e37092276531} Quarantäne Trace.Registry.GetStyles (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\microsoft\windows\currentversion\ext\stats\{963b125b-8b21-49a2-a3a8-e37092276531}\iexplore Quarantäne Trace.Registry.GetStyles (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\mgs\thumper\casino Quarantäne Trace.Registry.CasinoAction (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\microgaming Quarantäne Trace.Registry.CasinoAction (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\microgaming\thumper Quarantäne Trace.Registry.CasinoAction (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\microgaming\thumper\casino Quarantäne Trace.Registry.CasinoAction (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\pacificpoker Quarantäne Trace.Registry.PacificPoker (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\pacificpoker\poker Quarantäne Trace.Registry.PacificPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> 1 Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> 10 Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> 2 Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> 4 Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> 5 Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> 6 Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> 7 Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> 9 Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> AdsLastKnownState Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> BlackjackVoice Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> EnableCardAnimations Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> EnableCongratulations Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> EnableSounds Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> FourColourDeck Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> HHEnableLog Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> HHLogDays Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> HHLogSize Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> InitialPort Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> MuckLosingHand Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> SearchHiding Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> TableType Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming\partypoker -> useCount Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming -> AutoLoginToOtherGames Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming -> CFDialogShown Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming -> FreshInstall Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\partygaming -> OldCFformat Quarantäne Trace.Registry.PartyPoker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\pokerinstaller -> fullpath Quarantäne Trace.Registry.Pacific Poker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\pokerinstaller -> INSTALLER_GUID Quarantäne Trace.Registry.Pacific Poker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\pokerinstaller -> URL_CASINO_2 Quarantäne Trace.Registry.Pacific Poker (A) Value: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\microsoft\windows\currentversion\run -> licensevalidator Quarantäne Trace.Registry.Trojan-Dropper.Win32.Inject (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\pacificpoker Quarantäne Trace.Registry.PacificPoker (A) Key: hkey_users\s-1-5-21-3860368706-2829457680-2847276661-1000\software\pacificpoker\poker Quarantäne Trace.Registry.PacificPoker (A) Quarantäne 48 |
|
01.03.2013, 16:35
| #2 |
| /// Malware-holic   | emisoft logfile Hi
__________________warum wurde emsisoft ausgeführt, einfach n log reinzuknallen ist nicht grade höflich, zumal ohne problembeschreibung
__________________ |
|
01.03.2013, 17:29
| #3 | |
| | emisoft logfileZitat:
Ich habe ein Problem mit Snap.do das bei jedem öffnen eines neuen Tab mit FF sich selbst als Suchmaschine einstellt. Ich habe versucht es aus den Einstellungen von FF heraus zu entfernen nur taucht es da nicht auf, genauso wenig wie in der Systemsteurung. Emiosoft habe ich aufgrund einer Anleitung ausgeführt die ich im Netz gefunden habe, über die ich wiederum auf das Trojaner-board gestossen bin. Sorry nochmal  |
|
01.03.2013, 17:46
| #4 |
| /// Malware-holic | emisoft logfile nö, der titel lautet emisoft logfile :-) aber nu fangen wir mal an. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.03.2013, 23:00
| #5 |
| | emisoft logfile OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.03.2013 20:05:31 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\******\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,62% Memory free 4,23 Gb Paging File | 2,71 Gb Available in Paging File | 63,99% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 290,28 Gb Total Space | 171,49 Gb Free Space | 59,08% Space Free | Partition Type: NTFS Drive D: | 7,81 Gb Total Space | 2,73 Gb Free Space | 34,90% Space Free | Partition Type: NTFS Computer Name: PALOIM-PC | User Name: ****** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*******\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\ProgramData\GBox\GBox.exe () PRC - C:\Programme\BrowserCompanion\BCHelper.exe () PRC - C:\Programme\Bandoo\Bandoo.exe (Bandoo Media Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Notepad++\NppShell_05.dll () MOD - C:\Programme\BrowserCompanion\BCHelper.exe () MOD - C:\Programme\BrowserCompanion\sqlite3.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Bandoo Coordinator) -- C:\Programme\Bandoo\Bandoo.exe (Bandoo Media Inc.) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys () DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys () DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH) DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (SPC530) -- C:\Windows\System32\drivers\SPC530.sys ( ) DRV - (SPC530m) -- C:\Windows\System32\drivers\SPC530m.sys ( ) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. ) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation) DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Search IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Programme\Utubebario\tbUtub.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaze.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{38240111-0E4A-4CFF-AE04-A015CC146644}: "URL" = Search IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=341&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0376031856714203&q={searchTerms} IE - HKLM\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.gboxapp.com/?q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.gboxapp.com/?q={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={2CA70069-D1AB-11E0-965C-001E8CCC3F50} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=645240e4-9c09-4d0e-8e78-a888adaee973&searchtype=ds&q={searchTerms}&installDate=01/01/1970 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=645240e4-9c09-4d0e-8e78-a888adaee973&searchtype=ds&q={searchTerms}&installDate=01/01/1970 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=645240e4-9c09-4d0e-8e78-a888adaee973&searchtype=ds&q={searchTerms}&installDate=01/01/1970 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=645240e4-9c09-4d0e-8e78-a888adaee973&searchtype=ds&q={searchTerms}&installDate=01/01/1970 IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=645240e4-9c09-4d0e-8e78-a888adaee973&searchtype=ds&q={searchTerms}&installDate=01/01/1970 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2E3C1014-32DD-4460-85E8-118277568F74}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=2341e67b-a353-421a-b1d6-c2b0c93ae7d8&apn_sauid=A977D5DF-DBD6-4576-B986-5465E334A7DD IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.order.1,S: S", "" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "duckduckgo.com" FF - prefs.js..extensions.enabledAddons: trackmenot%40mrl.nyu.edu:0.6.728 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1482 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=645240e4-9c09-4d0e-8e78-a888adaee973&searchtype=ds&installDate=01/01/1970&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\******\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\******\AppData\Roaming\Mozilla\Firefox\\extensions\ffox@bandoo.com [2011.09.01 21:49:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.09 21:16:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\******\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013.01.16 18:39:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.01 15:03:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.22 14:01:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\******\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013.01.16 18:39:30 | 000,000,000 | ---D | M] [2013.01.16 18:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions [2013.01.16 18:39:30 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Users\******\AppData\Roaming\mozilla\Extensions\statuswinks@StatusWinks [2012.08.12 16:51:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions [2012.08.12 16:51:33 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2011.09.01 21:49:12 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\extensions\ffox@bandoo.com [2012.08.12 17:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2012.08.12 15:55:21 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com [2013.02.27 18:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\6rnamkmz.default\extensions [2013.02.27 18:46:58 | 000,067,428 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\6rnamkmz.default\extensions\trackmenot@mrl.nyu.edu.xpi [2013.02.27 18:46:34 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\6rnamkmz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.22 14:01:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.16 20:25:59 | 000,000,000 | ---D | M] (DealPly) -- C:\Programme\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012.10.16 20:25:57 | 000,000,000 | ---D | M] (Babylon) -- C:\Programme\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2013.03.01 15:03:51 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013.02.16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.08.12 17:52:18 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (FMTLB0003 Class) - {0EC9148F-41E2-437C-8437-E576FE833A52} - C:\Programme\ChatVibes Toolbar\tbcore3.dll () O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Utubebario Toolbar) - {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Programme\Utubebario\tbUtub.dll (Conduit Ltd.) O2 - BHO: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaze.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Smiley Bar for Facebook) - {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - C:\Programme\Smiley Bar for Facebook\ScriptHost.dll (Status Winks) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (FACECONS Class) - {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Programme\Facecons\Facecons.dll (Facecons) O2 - BHO: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Programme\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll File not found O3 - HKLM\..\Toolbar: (ChatVibes Toolbar) - {01193D00-C7F9-4C26-92A2-1CA91F170068} - C:\Programme\ChatVibes Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll̀ File not found O3 - HKLM\..\Toolbar: (Utubebario Toolbar) - {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Programme\Utubebario\tbUtub.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Utubebario Toolbar) - {58BECA16-CAE6-4B7A-A0E8-153D0CBBA63A} - C:\Programme\Utubebario\tbUtub.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Eazel-DE Toolbar) - {69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} - C:\Programme\Eazel-DE\tbEaze.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (PHPNukeDE Toolbar) - {C9508125-4747-4733-B048-E4B82DC9716D} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Optimizer Pro] C:\Programme\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro) O4 - HKCU..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKCU..\Run: [Zouqwusek] C:\Users\******\AppData\Roaming\Cuhuy\fyed.exe File not found O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software) O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60504D45-A1C9-45DF-B964-F61BB0204C35}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~1\search~2\datamngr\datamngr.dll) - c:\Programme\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc) O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\iebho.dll) - c:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc) O20 - AppInit_DLLs: (c:\progra~1\sprote~1\sprote~1.dll) - File not found O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Programme\Bandoo\BndHook.dll (Discordia Limited) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597) ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: 4Y3Y0C3A9F7W0I5EGYKU - hkey= - key= - File not found MsConfig - StartUpReg: Akamai NetSession Interface - hkey= - key= - C:\Users\******\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) MsConfig - StartUpReg: DATAMNGR - hkey= - key= - C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) MsConfig - StartUpReg: facemoods - hkey= - key= - File not found MsConfig - StartUpReg: Iminent - hkey= - key= - File not found MsConfig - StartUpReg: IminentMessenger - hkey= - key= - File not found MsConfig - StartUpReg: MediaGet2 - hkey= - key= - File not found MsConfig - StartUpReg: Optimizer Pro - hkey= - key= - C:\Programme\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro) MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - File not found MsConfig - StartUpReg: ROC_roc_ssl_v12 - hkey= - key= - File not found MsConfig - StartUpReg: snobc - hkey= - key= - File not found MsConfig - StartUpReg: SweetIM - hkey= - key= - File not found MsConfig - StartUpReg: TabbtnEx - hkey= - key= - File not found MsConfig - StartUpReg: uTorrent - hkey= - key= - File not found MsConfig - StartUpReg: XSECVA - hkey= - key= - File not found MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.03.01 12:01:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe [2013.03.01 11:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2013.03.01 11:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2013.03.01 11:45:09 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\Anti-Malware [2013.03.01 10:45:00 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.03.01 10:45:00 | 000,000,000 | ---D | C] -- C:\Users\******m\AppData\Roaming\Malwarebytes [2013.03.01 10:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.01 10:44:48 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.01 10:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.02.27 18:36:07 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\Systemprogramme [2013.02.27 15:51:57 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Auslogics [2013.02.27 15:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics [2013.02.27 15:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics [2013.02.26 20:45:00 | 000,368,248 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.02.26 20:45:00 | 000,029,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013.02.26 20:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.02.26 20:44:59 | 000,049,832 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2013.02.26 20:44:58 | 000,062,448 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013.02.26 20:44:56 | 000,765,808 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.02.26 20:44:55 | 000,066,408 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013.02.26 20:44:16 | 000,228,600 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013.02.26 20:44:16 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.02.26 20:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.02.26 20:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.02.24 18:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Opera Next [2013.02.23 12:13:35 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\APN [2013.02.22 14:06:17 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Macromedia [2013.02.22 14:01:55 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Mozilla [2013.02.22 14:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.02.22 14:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013.02.15 23:09:06 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Unity [2013.02.12 00:26:46 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\**** [2013.02.07 16:01:41 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\NVIDIA [2011.11.08 13:13:35 | 001,382,304 | ---- | C] (DownVision ) -- C:\Users\******\AppData\Local\setup.exe [1 C:\Users\Paloim\*.tmp files -> C:\Users\******\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.01 19:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.01 19:30:50 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.01 19:30:50 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.01 15:03:51 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013.03.01 12:01:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paloim\Desktop\OTL.exe [2013.03.01 11:45:50 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2013.03.01 10:45:30 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.03.01 10:44:51 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.01 09:29:28 | 000,000,328 | -H-- | M] () -- C:\Windows\tasks\GBoxUpdaterTask{C97362B4-619D-4A4A-8836-9050FB603459}.job [2013.03.01 09:29:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.01 09:29:13 | 2146,820,096 | -HS- | M] () -- C:\hiberfil.sys [2013.02.28 09:36:37 | 000,765,808 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.02.28 09:36:37 | 000,368,248 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.02.28 09:36:37 | 000,163,784 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.02.28 09:36:37 | 000,062,448 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013.02.28 09:36:36 | 000,066,408 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013.02.28 09:36:36 | 000,049,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2013.02.28 09:36:36 | 000,049,320 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.02.28 09:36:35 | 000,029,880 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013.02.28 09:36:07 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013.02.28 09:35:59 | 000,228,600 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013.02.26 20:43:07 | 000,000,864 | ---- | M] () -- C:\Users\******\Desktop\Mozilla Firefox.lnk [2013.02.24 18:35:56 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\Opera Next.lnk [2013.02.24 13:59:58 | 000,604,804 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.24 13:59:57 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.24 13:59:57 | 000,131,250 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.24 13:59:57 | 000,108,136 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.16 15:08:17 | 000,000,104 | ---- | M] () -- C:\Users\******\Desktop\Opera.lnk [2013.02.14 11:52:50 | 003,608,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.07 16:00:11 | 000,019,456 | ---- | M] () -- C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Users\Paloim\*.tmp files -> C:\Users\Paloim\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.01 15:03:52 | 000,163,784 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.03.01 15:03:52 | 000,049,320 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.03.01 11:45:50 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2013.03.01 10:44:51 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.27 15:46:29 | 2146,820,096 | -HS- | C] () -- C:\hiberfil.sys [2013.02.26 20:43:07 | 000,000,864 | ---- | C] () -- C:\Users\******\Desktop\Mozilla Firefox.lnk [2013.02.24 18:35:56 | 000,001,681 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Next.lnk [2013.02.24 18:35:56 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\Opera Next.lnk [2013.02.22 14:01:48 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.02.16 15:08:17 | 000,000,104 | ---- | C] () -- C:\Users\******\Desktop\Opera.lnk [2012.11.29 15:15:46 | 000,160,262 | ---- | C] () -- C:\Windows\hpoins14.dat [2012.05.24 17:22:25 | 000,000,166 | ---- | C] () -- C:\Users\******\AppData\Roaming\FireArcadeSettings.cfg [2012.04.11 22:07:46 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.09.11 07:32:07 | 000,000,839 | ---- | C] () -- C:\Users\******\.recently-used.xbel [2011.09.08 15:00:25 | 000,000,012 | ---- | C] () -- C:\Windows\dirsaver.ini [2011.09.05 21:07:50 | 000,391,731 | ---- | C] () -- C:\Users\******\DSC00090.JPG [2011.07.16 16:30:40 | 000,202,000 | ---- | C] () -- C:\Users\******\empfangsbestätigung.xps empfangsbestätigung [2011.07.09 12:52:32 | 003,815,424 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll [2011.06.24 12:48:28 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.06.24 12:47:42 | 000,259,584 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2011.06.24 12:47:16 | 000,096,768 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2011.06.24 12:47:14 | 000,145,920 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2011.06.24 12:47:12 | 000,158,208 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2011.06.24 12:47:10 | 001,524,224 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2011.06.24 12:47:10 | 000,211,456 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2011.06.24 12:47:10 | 000,113,664 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2011.06.24 12:47:06 | 000,327,680 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2011.06.24 12:47:04 | 000,136,704 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2011.06.05 16:57:49 | 002,760,078 | ---- | C] () -- C:\Users\******\021 (2).JPG [2011.06.05 16:57:44 | 002,259,352 | ---- | C] () -- C:\Users\******\019 (2).JPG [2011.06.05 16:57:39 | 002,562,859 | ---- | C] () -- C:\Users\******\124.JPG [2011.06.05 16:57:33 | 002,808,134 | ---- | C] () -- C:\Users\******\117.JPG [2011.06.05 16:57:27 | 003,090,299 | ---- | C] () -- C:\Users\******\064.JPG [2011.06.05 16:57:22 | 002,467,532 | ---- | C] () -- C:\Users\******\047.JPG [2011.06.05 16:57:18 | 002,167,893 | ---- | C] () -- C:\Users\******\045.JPG [2011.06.05 16:57:13 | 002,227,423 | ---- | C] () -- C:\Users\******m\043.JPG [2011.06.05 16:57:09 | 002,803,245 | ---- | C] () -- C:\Users\******\030.JPG [2011.06.05 16:57:03 | 002,429,861 | ---- | C] () -- C:\Users\******\021.JPG [2011.03.03 12:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll [2011.03.03 12:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll [2011.03.03 12:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll [2011.03.03 12:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll [2011.03.03 12:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe [2011.03.03 12:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll [2011.03.03 12:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll [2011.03.03 12:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll [2011.03.03 12:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe [2011.03.03 12:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll [2011.03.03 12:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe [2011.03.03 12:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll [2011.03.03 12:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll [2011.02.24 21:15:09 | 000,000,094 | ---- | C] () -- C:\Users\******\AppData\Local\fusioncache.dat [2010.08.28 15:56:38 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.15 19:18:19 | 000,019,456 | ---- | C] () -- C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.03 18:17:45 | 000,000,680 | ---- | C] () -- C:\Users\******\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.03.11 09:51:42 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\.minecraft [2012.11.06 17:51:12 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Ahryho [2012.08.12 16:19:02 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ArmA II Launcher [2013.02.27 15:51:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Auslogics [2011.08.28 21:15:37 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Babylon [2011.09.01 21:49:15 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Bandoo [2011.09.10 12:37:46 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.11.09 21:21:16 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Cuhuy [2012.08.12 16:53:29 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DAEMON Tools Pro [2011.12.26 21:34:34 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoft [2011.08.05 22:32:50 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.14 13:33:56 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Electronic Arts [2011.03.24 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\GetRightToGo [2012.08.25 20:53:40 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\go [2011.09.11 07:30:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\gtk-2.0 [2013.03.01 12:08:50 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\hellomoto [2012.03.09 21:43:34 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\kikin [2012.10.30 16:03:48 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Notepad++ [2010.07.05 12:44:22 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\OpenOffice.org [2013.02.24 18:35:58 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Opera [2013.01.21 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Optimizer Pro [2012.05.16 09:11:22 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Origin [2013.01.22 20:40:05 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PerformerSoft [2011.09.10 12:33:36 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PhotoScape [2012.08.12 16:57:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PowerISO [2011.11.06 19:01:09 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Registry Mechanic [2011.11.08 12:37:37 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Sports Interactive [2011.09.11 07:38:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.01.16 18:39:30 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\StatusWinks [2012.10.17 13:21:51 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TeamViewer [2012.08.24 20:43:03 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TuneUp Software [2010.08.27 08:56:36 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\UBNet [2013.02.15 23:09:06 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Unity [2012.08.13 09:53:49 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\uTorrent [2012.07.09 06:22:15 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\xsecva [2012.11.06 18:51:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Zeyl ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.08.13 10:30:46 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.04.17 09:36:45 | 000,000,000 | ---D | M] -- C:\1b516d21621b582236674336 [2011.04.15 22:35:04 | 000,000,000 | ---D | M] -- C:\4da1b372ae1b0b3bda54cc8175c7 [2012.05.10 21:56:10 | 000,000,000 | ---D | M] -- C:\acfb4430a433ceafbb61ff27ff [2011.10.08 09:43:02 | 000,000,000 | ---D | M] -- C:\AeriaGames [2010.05.15 11:10:45 | 000,000,000 | -HSD | M] -- C:\Boot [2010.08.03 19:03:11 | 000,000,000 | ---D | M] -- C:\cards [2013.03.01 17:18:28 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2012.03.13 12:41:15 | 000,000,000 | ---D | M] -- C:\Counter-Strike 2D [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.10.28 16:28:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.09.01 22:25:39 | 000,000,000 | ---D | M] -- C:\FIFA 09 Demo [2010.11.06 20:11:39 | 000,000,000 | -HSD | M] -- C:\found.000 [2008.03.14 07:53:14 | 000,000,000 | ---D | M] -- C:\HP F4180 Installation [2011.08.12 21:54:02 | 000,000,000 | ---D | M] -- C:\Jdowl [2010.12.11 19:54:30 | 000,000,000 | ---D | M] -- C:\Microgaming [2008.03.14 07:23:39 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.09.01 21:58:15 | 000,000,000 | ---D | M] -- C:\NFSMWDemo [2010.05.03 18:26:47 | 000,000,000 | ---D | M] -- C:\OEMSettings [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2010.11.24 17:02:41 | 000,000,000 | ---D | M] -- C:\Poker Application [2013.03.01 15:13:14 | 000,000,000 | R--D | M] -- C:\Program Files [2013.03.01 12:08:51 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.10.28 16:28:28 | 000,000,000 | -HSD | M] -- C:\Programme [2009.11.03 18:26:50 | 000,000,000 | ---D | M] -- C:\Programs [2013.03.01 20:07:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.11.29 20:40:11 | 000,000,000 | ---D | M] -- C:\Temp [2011.10.25 16:10:58 | 000,000,000 | ---D | M] -- C:\tmp [2012.11.19 21:54:07 | 000,000,000 | R--D | M] -- C:\Users [2013.03.01 15:03:49 | 000,000,000 | ---D | M] -- C:\Windows [2010.05.03 18:54:53 | 000,000,000 | ---D | M] -- C:\Windows.old < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > [2011.11.08 13:13:37 | 001,382,304 | ---- | M] (DownVision ) -- C:\Users\******\AppData\Local\setup.exe < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:49 | 000,032,558 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.08.12 14:22:27 | 000,000,328 | -H-- | C] () -- C:\Windows\Tasks\GBoxUpdaterTask{C97362B4-619D-4A4A-8836-9050FB603459}.job [2012.08.14 21:44:45 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.04.19 13:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=615D79A1D2C98817FF2FDEB1B167D808 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a195c2b5\nvstor32.sys [2007.10.31 11:23:22 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=9D2BD672C0461185D6EA1AE8BD3AE3F4 -- C:\Windows.old\Windows\NETDRV\RAID\nvstor32.sys [2007.10.31 11:23:22 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=9D2BD672C0461185D6EA1AE8BD3AE3F4 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvrd32.inf_04bc6797\nvstor32.sys [2007.07.20 11:52:48 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Windows.old\Windows\NETDRV\nvstor32.sys [2007.07.20 11:52:48 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvstor32.inf_efe24208\nvstor32.sys [2007.08.09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows.old\Windows\System32\drivers\nvstor32.sys [2007.08.09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvstor32.inf_99d8b088\nvstor32.sys [2007.08.09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\drivers\nvstor32.sys [2007.08.09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_99d8b088\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.09.11 07:32:07 | 000,000,839 | ---- | M] () -- C:\Users\******\.recently-used.xbel [2011.06.05 16:57:44 | 002,259,352 | ---- | M] () -- C:\Users\******\019 (2).JPG [2011.06.05 16:57:52 | 002,760,078 | ---- | M] () -- C:\Users\******\021 (2).JPG [2011.06.05 16:57:03 | 002,429,861 | ---- | M] () -- C:\Users\******\021.JPG [2011.06.05 16:57:11 | 002,803,245 | ---- | M] () -- C:\Users\******\030.JPG [2011.06.05 16:57:14 | 002,227,423 | ---- | M] () -- C:\Users\******\043.JPG [2011.06.05 16:57:19 | 002,167,893 | ---- | M] () -- C:\Users\******\045.JPG [2011.06.05 16:57:24 | 002,467,532 | ---- | M] () -- C:\Users\******\047.JPG [2011.06.05 16:57:29 | 003,090,299 | ---- | M] () -- C:\Users\******\064.JPG [2011.06.05 16:57:34 | 002,808,134 | ---- | M] () -- C:\Users\******\117.JPG [2011.06.05 16:57:40 | 002,562,859 | ---- | M] () -- C:\Users\******\124.JPG [2011.09.05 21:07:50 | 000,391,731 | ---- | M] () -- C:\Users\******\DSC00090.JPG [2011.07.16 16:30:41 | 000,202,000 | ---- | M] () -- C:\Users\******\empfangsbestätigung.xps empfangsbestätigung [2013.03.01 20:07:07 | 004,980,736 | -HS- | M] () -- C:\Users\******\NTUSER.DAT [2013.03.01 20:07:07 | 000,262,144 | -H-- | M] () -- C:\Users\******\ntuser.dat.LOG1 [2010.05.03 18:17:43 | 000,000,000 | -H-- | M] () -- C:\Users\******\ntuser.dat.LOG2 [2013.02.28 21:20:12 | 000,065,536 | -HS- | M] () -- C:\Users\******\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2012.12.29 17:40:56 | 000,524,288 | -HS- | M] () -- C:\Users\******\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2013.02.28 21:20:12 | 000,524,288 | -HS- | M] () -- C:\Users\******\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010.05.03 18:17:43 | 000,000,020 | -HS- | M] () -- C:\Users\******\ntuser.ini [1 C:\Users\Paloim\*.tmp files -> C:\Users\******\temp -> ] < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > |
|
03.03.2013, 20:22
| #6 |
| /// Malware-holic | emisoft logfile Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll̀ File not found
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKCU..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent File not found
O4 - HKCU..\Run: [Zouqwusek] C:\Users\******\AppData\Roaming\Cuhuy\fyed.exe File not found
O20 - AppInit_DLLs: (c:\progra~1\sprote~1\sprote~1.dll) - File not found
:files
:Commands
[emptytemp]
__________________ --> emisoft logfile |
|
19.03.2013, 15:31
| #7 |
| | emisoft logfile Hi, sorry für die übelst verspätete Antwort ; Umzugsstress ! Hier ist die .txt Datei von OTL All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Steam deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Zouqwusek deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\sprote~1\sprote~1.dll deleted successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56468 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: ****** ->Temp folder emptied: 7456873 bytes ->Temporary Internet Files folder emptied: 499718404 bytes ->Java cache emptied: 16737076 bytes ->FireFox cache emptied: 8207888 bytes ->Opera cache emptied: 6318702 bytes ->Flash cache emptied: 5752156 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56468 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 281293882 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 787,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 03192013_152157 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\_avast_\Webshlock.txt not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
26.03.2013, 17:31
| #8 |
| /// Malware-holic | emisoft logfile sorry, war im Urlaub und dann gesundheitlich angeschlagen. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.04.2013, 21:51
| #9 |
| | emisoft logfile Hi, kein Ding ich hoffe es geht Dir jetzt besser =) Hier die gewünschte Logfile: 22:46:46.0705 6020 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 22:46:46.0970 6020 ============================================================ 22:46:46.0970 6020 Current date / time: 2013/04/01 22:46:46.0970 22:46:46.0970 6020 SystemInfo: 22:46:46.0970 6020 22:46:46.0970 6020 OS Version: 6.0.6002 ServicePack: 2.0 22:46:46.0970 6020 Product type: Workstation 22:46:46.0970 6020 ComputerName: PALOIM-PC 22:46:46.0970 6020 UserName: Paloim 22:46:46.0970 6020 Windows directory: C:\Windows 22:46:46.0970 6020 System windows directory: C:\Windows 22:46:46.0970 6020 Processor architecture: Intel x86 22:46:46.0970 6020 Number of processors: 2 22:46:46.0970 6020 Page size: 0x1000 22:46:46.0970 6020 Boot type: Normal boot 22:46:46.0970 6020 ============================================================ 22:46:47.0610 6020 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 22:46:47.0734 6020 ============================================================ 22:46:47.0734 6020 \Device\Harddisk0\DR0: 22:46:47.0734 6020 MBR partitions: 22:46:47.0734 6020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2448D7F8 22:46:47.0734 6020 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2448E000, BlocksNum 0xFA0000 22:46:47.0734 6020 ============================================================ 22:46:47.0906 6020 C: <-> \Device\Harddisk0\DR0\Partition1 22:46:47.0968 6020 D: <-> \Device\Harddisk0\DR0\Partition2 22:46:47.0968 6020 ============================================================ 22:46:47.0968 6020 Initialize success 22:46:47.0968 6020 ============================================================ 22:47:26.0704 4424 ============================================================ 22:47:26.0704 4424 Scan started 22:47:26.0704 4424 Mode: Manual; SigCheck; TDLFS; 22:47:26.0704 4424 ============================================================ 22:47:27.0063 4424 ================ Scan system memory ======================== 22:47:27.0063 4424 System memory - ok 22:47:27.0063 4424 ================ Scan services ============================= 22:47:27.0203 4424 [ A8A4E18857CDFD8D9AB81E2C9EAF89B5 ] a2acc C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys 22:47:27.0905 4424 a2acc - ok 22:47:27.0999 4424 [ 521C7DB6FA2B4DC01610B7A7D741F2BB ] a2AntiMalware C:\Program Files\Emsisoft Anti-Malware\a2service.exe 22:47:28.0186 4424 a2AntiMalware - ok 22:47:28.0217 4424 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys 22:47:28.0233 4424 A2DDA - ok 22:47:28.0358 4424 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 22:47:28.0389 4424 ACPI - ok 22:47:28.0467 4424 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 22:47:28.0483 4424 AdobeARMservice - ok 22:47:28.0545 4424 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 22:47:28.0592 4424 AdobeFlashPlayerUpdateSvc - ok 22:47:28.0639 4424 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 22:47:28.0685 4424 adp94xx - ok 22:47:28.0701 4424 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 22:47:28.0732 4424 adpahci - ok 22:47:28.0763 4424 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 22:47:28.0779 4424 adpu160m - ok 22:47:28.0795 4424 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 22:47:28.0810 4424 adpu320 - ok 22:47:28.0857 4424 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:47:28.0951 4424 AeLookupSvc - ok 22:47:29.0013 4424 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 22:47:29.0060 4424 AFD - ok 22:47:29.0107 4424 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 22:47:29.0122 4424 agp440 - ok 22:47:29.0138 4424 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 22:47:29.0153 4424 aic78xx - ok 22:47:29.0169 4424 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 22:47:29.0278 4424 ALG - ok 22:47:29.0325 4424 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 22:47:29.0356 4424 aliide - ok 22:47:29.0387 4424 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 22:47:29.0403 4424 amdagp - ok 22:47:29.0419 4424 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 22:47:29.0434 4424 amdide - ok 22:47:29.0450 4424 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 22:47:29.0481 4424 AmdK7 - ok 22:47:29.0497 4424 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 22:47:29.0543 4424 AmdK8 - ok 22:47:29.0590 4424 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 22:47:29.0668 4424 Appinfo - ok 22:47:29.0715 4424 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:47:29.0746 4424 Apple Mobile Device - ok 22:47:29.0777 4424 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 22:47:29.0809 4424 arc - ok 22:47:29.0824 4424 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 22:47:29.0871 4424 arcsas - ok 22:47:29.0949 4424 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 22:47:30.0011 4424 aspnet_state - ok 22:47:30.0043 4424 [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 22:47:30.0074 4424 aswFsBlk - ok 22:47:30.0089 4424 [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 22:47:30.0136 4424 aswMonFlt - ok 22:47:30.0136 4424 [ C1A411B7CCD604554D96EFDAC2F83617 ] AswRdr C:\Windows\system32\drivers\AswRdr.sys 22:47:30.0152 4424 AswRdr - ok 22:47:30.0183 4424 [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys 22:47:30.0199 4424 aswRvrt - ok 22:47:30.0230 4424 [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 22:47:30.0308 4424 aswSnx - ok 22:47:30.0355 4424 [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP C:\Windows\system32\drivers\aswSP.sys 22:47:30.0386 4424 aswSP - ok 22:47:30.0401 4424 [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 22:47:30.0417 4424 aswTdi - ok 22:47:30.0448 4424 [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm C:\Windows\system32\drivers\aswVmm.sys 22:47:30.0464 4424 aswVmm - ok 22:47:30.0511 4424 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 22:47:30.0557 4424 AsyncMac - ok 22:47:30.0573 4424 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 22:47:30.0604 4424 atapi - ok 22:47:30.0620 4424 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 22:47:30.0667 4424 AudioEndpointBuilder - ok 22:47:30.0682 4424 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 22:47:30.0713 4424 Audiosrv - ok 22:47:30.0760 4424 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 22:47:30.0776 4424 avast! Antivirus - ok 22:47:30.0854 4424 [ 799E48FDF68D388B1B9BCBB6BD062FA2 ] Bandoo Coordinator C:\Program Files\Bandoo\Bandoo.exe 22:47:31.0025 4424 Bandoo Coordinator - ok 22:47:31.0119 4424 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 22:47:31.0197 4424 Beep - ok 22:47:31.0244 4424 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 22:47:31.0322 4424 BFE - ok 22:47:31.0400 4424 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 22:47:31.0509 4424 BITS - ok 22:47:31.0571 4424 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 22:47:31.0618 4424 blbdrive - ok 22:47:31.0681 4424 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 22:47:31.0727 4424 Bonjour Service - ok 22:47:31.0790 4424 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:47:31.0821 4424 bowser - ok 22:47:31.0868 4424 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 22:47:31.0883 4424 BrFiltLo - ok 22:47:31.0899 4424 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 22:47:31.0930 4424 BrFiltUp - ok 22:47:31.0946 4424 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 22:47:31.0977 4424 Browser - ok 22:47:31.0993 4424 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 22:47:32.0133 4424 Brserid - ok 22:47:32.0149 4424 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 22:47:32.0195 4424 BrSerWdm - ok 22:47:32.0211 4424 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 22:47:32.0273 4424 BrUsbMdm - ok 22:47:32.0289 4424 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 22:47:32.0351 4424 BrUsbSer - ok 22:47:32.0367 4424 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 22:47:32.0429 4424 BTHMODEM - ok 22:47:32.0445 4424 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:47:32.0492 4424 cdfs - ok 22:47:32.0523 4424 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 22:47:32.0554 4424 cdrom - ok 22:47:32.0601 4424 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 22:47:32.0632 4424 CertPropSvc - ok 22:47:32.0663 4424 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 22:47:32.0710 4424 circlass - ok 22:47:32.0726 4424 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 22:47:32.0741 4424 CLFS - ok 22:47:32.0773 4424 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:47:32.0804 4424 clr_optimization_v2.0.50727_32 - ok 22:47:32.0851 4424 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:47:32.0882 4424 clr_optimization_v4.0.30319_32 - ok 22:47:32.0897 4424 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 22:47:32.0929 4424 cmdide - ok 22:47:32.0960 4424 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys 22:47:32.0975 4424 Compbatt - ok 22:47:32.0991 4424 COMSysApp - ok 22:47:33.0038 4424 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 22:47:33.0069 4424 crcdisk - ok 22:47:33.0100 4424 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 22:47:33.0178 4424 Crusoe - ok 22:47:33.0209 4424 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:47:33.0256 4424 CryptSvc - ok 22:47:33.0303 4424 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 22:47:33.0428 4424 DcomLaunch - ok 22:47:33.0475 4424 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 22:47:33.0537 4424 DfsC - ok 22:47:33.0662 4424 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 22:47:33.0771 4424 DFSR - ok 22:47:33.0818 4424 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 22:47:33.0880 4424 Dhcp - ok 22:47:33.0896 4424 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 22:47:33.0927 4424 disk - ok 22:47:33.0958 4424 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:47:33.0989 4424 Dnscache - ok 22:47:34.0021 4424 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 22:47:34.0052 4424 dot3svc - ok 22:47:34.0099 4424 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 22:47:34.0161 4424 Dot4 - ok 22:47:34.0192 4424 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 22:47:34.0239 4424 Dot4Print - ok 22:47:34.0255 4424 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 22:47:34.0301 4424 dot4usb - ok 22:47:34.0333 4424 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 22:47:34.0379 4424 DPS - ok 22:47:34.0411 4424 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:47:34.0457 4424 drmkaud - ok 22:47:34.0489 4424 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:47:34.0551 4424 DXGKrnl - ok 22:47:34.0582 4424 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 22:47:34.0629 4424 E1G60 - ok 22:47:34.0645 4424 EagleXNt - ok 22:47:34.0676 4424 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 22:47:34.0723 4424 EapHost - ok 22:47:34.0754 4424 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 22:47:34.0769 4424 Ecache - ok 22:47:34.0832 4424 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 22:47:34.0910 4424 ehRecvr - ok 22:47:34.0925 4424 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 22:47:34.0957 4424 ehSched - ok 22:47:34.0972 4424 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 22:47:34.0988 4424 ehstart - ok 22:47:35.0019 4424 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 22:47:35.0050 4424 elxstor - ok 22:47:35.0081 4424 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 22:47:35.0144 4424 EMDMgmt - ok 22:47:35.0175 4424 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 22:47:35.0206 4424 ErrDev - ok 22:47:35.0222 4424 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 22:47:35.0269 4424 EventSystem - ok 22:47:35.0300 4424 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 22:47:35.0331 4424 exfat - ok 22:47:35.0362 4424 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:47:35.0409 4424 fastfat - ok 22:47:35.0440 4424 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 22:47:35.0487 4424 fdc - ok 22:47:35.0503 4424 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 22:47:35.0534 4424 fdPHost - ok 22:47:35.0549 4424 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 22:47:35.0612 4424 FDResPub - ok 22:47:35.0627 4424 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:47:35.0659 4424 FileInfo - ok 22:47:35.0659 4424 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:47:35.0705 4424 Filetrace - ok 22:47:35.0705 4424 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 22:47:35.0737 4424 flpydisk - ok 22:47:35.0768 4424 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:47:35.0783 4424 FltMgr - ok 22:47:35.0846 4424 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 22:47:35.0939 4424 FontCache - ok 22:47:36.0002 4424 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 22:47:36.0017 4424 FontCache3.0.0.0 - ok 22:47:36.0033 4424 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:47:36.0080 4424 Fs_Rec - ok 22:47:36.0111 4424 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 22:47:36.0127 4424 gagp30kx - ok 22:47:36.0142 4424 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 22:47:36.0158 4424 GEARAspiWDM - ok 22:47:36.0189 4424 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 22:47:36.0251 4424 gpsvc - ok 22:47:36.0298 4424 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 22:47:36.0345 4424 HdAudAddService - ok 22:47:36.0392 4424 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 22:47:36.0454 4424 HDAudBus - ok 22:47:36.0470 4424 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 22:47:36.0579 4424 HidBth - ok 22:47:36.0595 4424 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 22:47:36.0641 4424 HidIr - ok 22:47:36.0688 4424 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 22:47:36.0704 4424 hidserv - ok 22:47:36.0735 4424 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 22:47:36.0766 4424 HidUsb - ok 22:47:36.0782 4424 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 22:47:36.0813 4424 hkmsvc - ok 22:47:36.0844 4424 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 22:47:36.0860 4424 HpCISSs - ok 22:47:36.0938 4424 [ 58D4765AB87347DB835D5693ADF652C1 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 22:47:36.0953 4424 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 22:47:36.0953 4424 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 22:47:36.0969 4424 [ 99ED733F614660EB32199BF889DFB7E2 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 22:47:36.0985 4424 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 22:47:36.0985 4424 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 22:47:37.0016 4424 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:47:37.0063 4424 HTTP - ok 22:47:37.0094 4424 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 22:47:37.0109 4424 i2omp - ok 22:47:37.0125 4424 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 22:47:37.0156 4424 i8042prt - ok 22:47:37.0172 4424 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 22:47:37.0219 4424 iaStorV - ok 22:47:37.0265 4424 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 22:47:37.0297 4424 IDriverT ( UnsignedFile.Multi.Generic ) - warning 22:47:37.0297 4424 IDriverT - detected UnsignedFile.Multi.Generic (1) 22:47:37.0343 4424 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 22:47:37.0421 4424 idsvc - ok 22:47:37.0468 4424 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 22:47:37.0499 4424 iirsp - ok 22:47:37.0531 4424 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 22:47:37.0577 4424 IKEEXT - ok 22:47:37.0624 4424 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 22:47:37.0640 4424 intelide - ok 22:47:37.0671 4424 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 22:47:37.0702 4424 intelppm - ok 22:47:37.0733 4424 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 22:47:37.0780 4424 IPBusEnum - ok 22:47:37.0796 4424 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:47:37.0843 4424 IpFilterDriver - ok 22:47:37.0874 4424 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 22:47:37.0905 4424 iphlpsvc - ok 22:47:37.0921 4424 IpInIp - ok 22:47:37.0952 4424 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 22:47:37.0999 4424 IPMIDRV - ok 22:47:38.0014 4424 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 22:47:38.0045 4424 IPNAT - ok 22:47:38.0108 4424 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 22:47:38.0170 4424 iPod Service - ok 22:47:38.0217 4424 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:47:38.0295 4424 IRENUM - ok 22:47:38.0311 4424 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 22:47:38.0342 4424 isapnp - ok 22:47:38.0373 4424 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 22:47:38.0404 4424 iScsiPrt - ok 22:47:38.0404 4424 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 22:47:38.0435 4424 iteatapi - ok 22:47:38.0435 4424 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 22:47:38.0451 4424 iteraid - ok 22:47:38.0482 4424 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 22:47:38.0498 4424 kbdclass - ok 22:47:38.0498 4424 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 22:47:38.0545 4424 kbdhid - ok 22:47:38.0560 4424 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 22:47:38.0591 4424 KeyIso - ok 22:47:38.0623 4424 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:47:38.0685 4424 KSecDD - ok 22:47:38.0747 4424 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 22:47:38.0872 4424 KtmRm - ok 22:47:38.0888 4424 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 22:47:38.0935 4424 LanmanServer - ok 22:47:38.0966 4424 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:47:39.0028 4424 LanmanWorkstation - ok 22:47:39.0044 4424 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:47:39.0091 4424 lltdio - ok 22:47:39.0122 4424 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:47:39.0169 4424 lltdsvc - ok 22:47:39.0184 4424 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 22:47:39.0231 4424 lmhosts - ok 22:47:39.0247 4424 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 22:47:39.0262 4424 LSI_FC - ok 22:47:39.0278 4424 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 22:47:39.0293 4424 LSI_SAS - ok 22:47:39.0356 4424 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 22:47:39.0387 4424 LSI_SCSI - ok 22:47:39.0403 4424 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 22:47:39.0434 4424 luafv - ok 22:47:39.0465 4424 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 22:47:39.0496 4424 MBAMProtector - ok 22:47:39.0574 4424 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 22:47:39.0590 4424 MBAMScheduler - ok 22:47:39.0621 4424 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 22:47:39.0668 4424 MBAMService - ok 22:47:39.0683 4424 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 22:47:39.0730 4424 Mcx2Svc - ok 22:47:39.0761 4424 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 22:47:39.0777 4424 megasas - ok 22:47:39.0808 4424 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 22:47:39.0839 4424 MegaSR - ok 22:47:39.0917 4424 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 22:47:39.0964 4424 MMCSS - ok 22:47:39.0980 4424 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 22:47:40.0011 4424 Modem - ok 22:47:40.0027 4424 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 22:47:40.0058 4424 monitor - ok 22:47:40.0073 4424 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 22:47:40.0089 4424 mouclass - ok 22:47:40.0105 4424 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 22:47:40.0151 4424 mouhid - ok 22:47:40.0167 4424 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 22:47:40.0183 4424 MountMgr - ok 22:47:40.0214 4424 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 22:47:40.0245 4424 MozillaMaintenance - ok 22:47:40.0261 4424 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 22:47:40.0276 4424 mpio - ok 22:47:40.0292 4424 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:47:40.0339 4424 mpsdrv - ok 22:47:40.0370 4424 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 22:47:40.0432 4424 MpsSvc - ok 22:47:40.0463 4424 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 22:47:40.0479 4424 Mraid35x - ok 22:47:40.0495 4424 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:47:40.0541 4424 MRxDAV - ok 22:47:40.0573 4424 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:47:40.0604 4424 mrxsmb - ok 22:47:40.0635 4424 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:47:40.0666 4424 mrxsmb10 - ok 22:47:40.0682 4424 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:47:40.0697 4424 mrxsmb20 - ok 22:47:40.0744 4424 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 22:47:40.0744 4424 msahci - ok 22:47:40.0760 4424 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 22:47:40.0775 4424 msdsm - ok 22:47:40.0791 4424 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 22:47:40.0838 4424 MSDTC - ok 22:47:40.0869 4424 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:47:40.0900 4424 Msfs - ok 22:47:40.0931 4424 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 22:47:40.0947 4424 msisadrv - ok 22:47:40.0963 4424 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:47:40.0994 4424 MSiSCSI - ok 22:47:41.0009 4424 msiserver - ok 22:47:41.0025 4424 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:47:41.0072 4424 MSKSSRV - ok 22:47:41.0087 4424 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:47:41.0119 4424 MSPCLOCK - ok 22:47:41.0134 4424 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:47:41.0165 4424 MSPQM - ok 22:47:41.0181 4424 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:47:41.0197 4424 MsRPC - ok 22:47:41.0212 4424 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 22:47:41.0228 4424 mssmbios - ok 22:47:41.0243 4424 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:47:41.0275 4424 MSTEE - ok 22:47:41.0290 4424 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 22:47:41.0321 4424 MTsensor - ok 22:47:41.0337 4424 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 22:47:41.0353 4424 Mup - ok 22:47:41.0368 4424 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 22:47:41.0431 4424 napagent - ok 22:47:41.0462 4424 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:47:41.0493 4424 NativeWifiP - ok 22:47:41.0524 4424 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 22:47:41.0571 4424 NDIS - ok 22:47:41.0587 4424 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:47:41.0618 4424 NdisTapi - ok 22:47:41.0633 4424 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:47:41.0665 4424 Ndisuio - ok 22:47:41.0680 4424 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:47:41.0696 4424 NdisWan - ok 22:47:41.0711 4424 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:47:41.0743 4424 NDProxy - ok 22:47:41.0774 4424 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 22:47:41.0774 4424 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 22:47:41.0774 4424 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 22:47:41.0789 4424 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:47:41.0836 4424 NetBIOS - ok 22:47:41.0867 4424 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 22:47:41.0914 4424 netbt - ok 22:47:41.0914 4424 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 22:47:41.0945 4424 Netlogon - ok 22:47:41.0977 4424 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 22:47:42.0023 4424 Netman - ok 22:47:42.0055 4424 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 22:47:42.0101 4424 netprofm - ok 22:47:42.0133 4424 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:47:42.0148 4424 NetTcpPortSharing - ok 22:47:42.0164 4424 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 22:47:42.0211 4424 nfrd960 - ok 22:47:42.0226 4424 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 22:47:42.0273 4424 NlaSvc - ok 22:47:42.0289 4424 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:47:42.0335 4424 Npfs - ok 22:47:42.0335 4424 npggsvc - ok 22:47:42.0382 4424 [ 9131FE60ADFAB595C8DA53AD6A06AA31 ] NPPTNT2 C:\Windows\system32\npptNT2.sys 22:47:42.0382 4424 NPPTNT2 ( UnsignedFile.Multi.Generic ) - warning 22:47:42.0382 4424 NPPTNT2 - detected UnsignedFile.Multi.Generic (1) 22:47:42.0398 4424 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 22:47:42.0445 4424 nsi - ok 22:47:42.0460 4424 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:47:42.0507 4424 nsiproxy - ok 22:47:42.0632 4424 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:47:42.0757 4424 Ntfs - ok 22:47:42.0803 4424 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 22:47:42.0881 4424 ntrigdigi - ok 22:47:42.0913 4424 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 22:47:43.0022 4424 Null - ok 22:47:43.0053 4424 [ 1657F3FBD9061526C14FF37E79306F98 ] NVENETFD C:\Windows\system32\DRIVERS\nvm60x32.sys 22:47:43.0147 4424 NVENETFD - ok 22:47:43.0474 4424 [ B69E6F70CE1151C8D62ABC9DEF64DFBE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:47:44.0020 4424 nvlddmkm - ok 22:47:44.0051 4424 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 22:47:44.0083 4424 nvraid - ok 22:47:44.0083 4424 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 22:47:44.0114 4424 nvstor - ok 22:47:44.0129 4424 [ DC5F166422BEEBF195E3E4BB8AB4EE22 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys 22:47:44.0145 4424 nvstor32 - ok 22:47:44.0207 4424 [ E4284FCF99FEA13A7E1836F87AE356F6 ] nvsvc C:\Windows\system32\nvvsvc.exe 22:47:44.0254 4424 nvsvc - ok 22:47:44.0395 4424 [ 03E60E0BFA53ED15DC984FA34B44BB0F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 22:47:44.0473 4424 nvUpdatusService - ok 22:47:44.0504 4424 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 22:47:44.0535 4424 nv_agp - ok 22:47:44.0551 4424 NwlnkFlt - ok 22:47:44.0551 4424 NwlnkFwd - ok 22:47:44.0566 4424 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 22:47:44.0629 4424 ohci1394 - ok 22:47:44.0660 4424 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:47:44.0675 4424 ose - ok 22:47:44.0738 4424 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 22:47:44.0816 4424 p2pimsvc - ok 22:47:44.0831 4424 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 22:47:44.0878 4424 p2psvc - ok 22:47:44.0956 4424 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys 22:47:45.0019 4424 Parport - ok 22:47:45.0097 4424 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:47:45.0128 4424 partmgr - ok 22:47:45.0143 4424 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 22:47:45.0175 4424 Parvdm - ok 22:47:45.0190 4424 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 22:47:45.0237 4424 PcaSvc - ok 22:47:45.0237 4424 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 22:47:45.0268 4424 pci - ok 22:47:45.0284 4424 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys 22:47:45.0299 4424 pciide - ok 22:47:45.0331 4424 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 22:47:45.0346 4424 pcmcia - ok 22:47:45.0393 4424 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:47:45.0502 4424 PEAUTH - ok 22:47:45.0705 4424 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 22:47:45.0861 4424 pla - ok 22:47:45.0892 4424 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:47:45.0986 4424 PlugPlay - ok 22:47:46.0017 4424 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 22:47:46.0033 4424 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 22:47:46.0033 4424 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 22:47:46.0064 4424 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 22:47:46.0111 4424 PNRPAutoReg - ok 22:47:46.0157 4424 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 22:47:46.0204 4424 PNRPsvc - ok 22:47:46.0313 4424 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:47:46.0376 4424 PolicyAgent - ok 22:47:46.0407 4424 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 22:47:46.0454 4424 PptpMiniport - ok 22:47:46.0469 4424 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 22:47:46.0501 4424 Processor - ok 22:47:46.0532 4424 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 22:47:46.0579 4424 ProfSvc - ok 22:47:46.0579 4424 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 22:47:46.0625 4424 ProtectedStorage - ok 22:47:46.0641 4424 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 22:47:46.0688 4424 PSched - ok 22:47:46.0735 4424 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 22:47:46.0813 4424 ql2300 - ok 22:47:46.0844 4424 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 22:47:46.0875 4424 ql40xx - ok 22:47:46.0906 4424 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 22:47:46.0937 4424 QWAVE - ok 22:47:46.0953 4424 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:47:46.0969 4424 QWAVEdrv - ok 22:47:47.0015 4424 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll 22:47:47.0062 4424 RapiMgr - ok 22:47:47.0078 4424 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:47:47.0109 4424 RasAcd - ok 22:47:47.0125 4424 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 22:47:47.0156 4424 RasAuto - ok 22:47:47.0171 4424 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 22:47:47.0203 4424 Rasl2tp - ok 22:47:47.0234 4424 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 22:47:47.0281 4424 RasMan - ok 22:47:47.0296 4424 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:47:47.0327 4424 RasPppoe - ok 22:47:47.0359 4424 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 22:47:47.0374 4424 RasSstp - ok 22:47:47.0405 4424 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:47:47.0421 4424 rdbss - ok 22:47:47.0452 4424 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 22:47:47.0483 4424 RDPCDD - ok 22:47:47.0499 4424 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 22:47:47.0530 4424 rdpdr - ok 22:47:47.0530 4424 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 22:47:47.0561 4424 RDPENCDD - ok 22:47:47.0624 4424 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 22:47:47.0686 4424 RDPWD - ok 22:47:47.0717 4424 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 22:47:47.0764 4424 RemoteAccess - ok 22:47:47.0780 4424 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:47:47.0827 4424 RemoteRegistry - ok 22:47:47.0842 4424 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 22:47:47.0873 4424 RpcLocator - ok 22:47:47.0889 4424 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 22:47:47.0936 4424 RpcSs - ok 22:47:47.0967 4424 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:47:48.0014 4424 rspndr - ok 22:47:48.0045 4424 [ 872C4E777BEDCD7F99DC09016B5E6F39 ] RTL8187B C:\Windows\system32\DRIVERS\wg111v3.sys 22:47:48.0092 4424 RTL8187B - ok 22:47:48.0107 4424 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 22:47:48.0123 4424 SamSs - ok 22:47:48.0154 4424 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 22:47:48.0170 4424 sbp2port - ok 22:47:48.0185 4424 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:47:48.0232 4424 SCardSvr - ok 22:47:48.0248 4424 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 22:47:48.0326 4424 Schedule - ok 22:47:48.0341 4424 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 22:47:48.0373 4424 SCPolicySvc - ok 22:47:48.0388 4424 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 22:47:48.0435 4424 SDRSVC - ok 22:47:48.0451 4424 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:47:48.0513 4424 secdrv - ok 22:47:48.0529 4424 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 22:47:48.0575 4424 seclogon - ok 22:47:48.0591 4424 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 22:47:48.0638 4424 SENS - ok 22:47:48.0638 4424 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 22:47:48.0669 4424 Serenum - ok 22:47:48.0685 4424 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys 22:47:48.0731 4424 Serial - ok 22:47:48.0763 4424 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 22:47:48.0794 4424 sermouse - ok 22:47:48.0825 4424 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 22:47:48.0872 4424 SessionEnv - ok 22:47:48.0887 4424 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 22:47:48.0919 4424 sffdisk - ok 22:47:48.0934 4424 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 22:47:48.0965 4424 sffp_mmc - ok 22:47:48.0981 4424 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 22:47:49.0012 4424 sffp_sd - ok 22:47:49.0028 4424 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 22:47:49.0075 4424 sfloppy - ok 22:47:49.0137 4424 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 22:47:49.0199 4424 SharedAccess - ok 22:47:49.0231 4424 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:47:49.0262 4424 ShellHWDetection - ok 22:47:49.0293 4424 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 22:47:49.0309 4424 sisagp - ok 22:47:49.0324 4424 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 22:47:49.0340 4424 SiSRaid2 - ok 22:47:49.0355 4424 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 22:47:49.0387 4424 SiSRaid4 - ok 22:47:49.0558 4424 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 22:47:49.0808 4424 slsvc - ok 22:47:49.0855 4424 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 22:47:49.0948 4424 SLUINotify - ok 22:47:49.0995 4424 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 22:47:50.0057 4424 Smb - ok 22:47:50.0089 4424 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:47:50.0120 4424 SNMPTRAP - ok 22:47:50.0167 4424 [ 437198C0D349B0E0D4305D3081C5E912 ] SPC530 C:\Windows\system32\drivers\SPC530.sys 22:47:50.0276 4424 SPC530 - ok 22:47:50.0323 4424 [ 92E0CE241498B483404A957E709329CC ] SPC530m C:\Windows\system32\drivers\SPC530m.sys 22:47:50.0338 4424 SPC530m - ok 22:47:50.0369 4424 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 22:47:50.0385 4424 spldr - ok 22:47:50.0416 4424 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 22:47:50.0447 4424 Spooler - ok 22:47:50.0479 4424 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 22:47:50.0557 4424 srv - ok 22:47:50.0588 4424 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:47:50.0619 4424 srv2 - ok 22:47:50.0635 4424 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:47:50.0666 4424 srvnet - ok 22:47:50.0681 4424 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:47:50.0744 4424 SSDPSRV - ok 22:47:50.0775 4424 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:47:50.0806 4424 SstpSvc - ok 22:47:50.0837 4424 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 22:47:50.0869 4424 Stereo Service - ok 22:47:50.0947 4424 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 22:47:50.0978 4424 StillCam - ok 22:47:51.0009 4424 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 22:47:51.0087 4424 stisvc - ok 22:47:51.0103 4424 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 22:47:51.0134 4424 swenum - ok 22:47:51.0165 4424 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 22:47:51.0227 4424 swprv - ok 22:47:51.0243 4424 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 22:47:51.0259 4424 Symc8xx - ok 22:47:51.0274 4424 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 22:47:51.0290 4424 Sym_hi - ok 22:47:51.0305 4424 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 22:47:51.0321 4424 Sym_u3 - ok 22:47:51.0352 4424 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 22:47:51.0399 4424 SysMain - ok 22:47:51.0430 4424 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:47:51.0461 4424 TabletInputService - ok 22:47:51.0477 4424 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 22:47:51.0524 4424 TapiSrv - ok 22:47:51.0539 4424 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 22:47:51.0602 4424 TBS - ok 22:47:51.0649 4424 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:47:51.0727 4424 Tcpip - ok 22:47:51.0773 4424 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 22:47:51.0820 4424 Tcpip6 - ok 22:47:51.0867 4424 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:47:51.0945 4424 tcpipreg - ok 22:47:52.0007 4424 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 22:47:52.0039 4424 TDPIPE - ok 22:47:52.0085 4424 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 22:47:52.0117 4424 TDTCP - ok 22:47:52.0148 4424 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:47:52.0163 4424 tdx - ok 22:47:52.0179 4424 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 22:47:52.0195 4424 TermDD - ok 22:47:52.0210 4424 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 22:47:52.0304 4424 TermService - ok 22:47:52.0319 4424 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 22:47:52.0335 4424 Themes - ok 22:47:52.0351 4424 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 22:47:52.0382 4424 THREADORDER - ok 22:47:52.0413 4424 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 22:47:52.0460 4424 TrkWks - ok 22:47:52.0538 4424 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:47:52.0569 4424 TrustedInstaller - ok 22:47:52.0585 4424 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:47:52.0631 4424 tssecsrv - ok 22:47:52.0647 4424 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 22:47:52.0694 4424 tunmp - ok 22:47:52.0709 4424 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:47:52.0741 4424 tunnel - ok 22:47:52.0756 4424 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 22:47:52.0772 4424 uagp35 - ok 22:47:52.0803 4424 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:47:52.0834 4424 udfs - ok 22:47:52.0865 4424 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:47:52.0912 4424 UI0Detect - ok 22:47:52.0928 4424 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:47:52.0943 4424 uliagpkx - ok 22:47:52.0959 4424 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 22:47:52.0990 4424 uliahci - ok 22:47:53.0006 4424 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 22:47:53.0021 4424 UlSata - ok 22:47:53.0037 4424 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 22:47:53.0053 4424 ulsata2 - ok 22:47:53.0068 4424 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 22:47:53.0115 4424 umbus - ok 22:47:53.0131 4424 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 22:47:53.0209 4424 upnphost - ok 22:47:53.0255 4424 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 22:47:53.0255 4424 USBAAPL ( UnsignedFile.Multi.Generic ) - warning 22:47:53.0255 4424 USBAAPL - detected UnsignedFile.Multi.Generic (1) 22:47:53.0302 4424 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 22:47:53.0333 4424 usbaudio - ok 22:47:53.0349 4424 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:47:53.0380 4424 usbccgp - ok 22:47:53.0411 4424 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 22:47:53.0474 4424 usbcir - ok 22:47:53.0505 4424 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 22:47:53.0521 4424 usbehci - ok 22:47:53.0552 4424 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 22:47:53.0583 4424 usbhub - ok 22:47:53.0599 4424 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 22:47:53.0645 4424 usbohci - ok 22:47:53.0661 4424 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 22:47:53.0692 4424 usbprint - ok 22:47:53.0723 4424 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 22:47:53.0755 4424 usbscan - ok 22:47:53.0801 4424 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:47:53.0833 4424 USBSTOR - ok 22:47:53.0879 4424 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 22:47:53.0911 4424 usbuhci - ok 22:47:53.0942 4424 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 22:47:53.0989 4424 usbvideo - ok 22:47:54.0020 4424 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 22:47:54.0051 4424 UxSms - ok 22:47:54.0082 4424 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 22:47:54.0129 4424 vds - ok 22:47:54.0176 4424 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:47:54.0223 4424 vga - ok 22:47:54.0254 4424 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 22:47:54.0301 4424 VgaSave - ok 22:47:54.0316 4424 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 22:47:54.0332 4424 viaagp - ok 22:47:54.0347 4424 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 22:47:54.0394 4424 ViaC7 - ok 22:47:54.0394 4424 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 22:47:54.0425 4424 viaide - ok 22:47:54.0441 4424 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:47:54.0457 4424 volmgr - ok 22:47:54.0488 4424 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:47:54.0519 4424 volmgrx - ok 22:47:54.0535 4424 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:47:54.0550 4424 volsnap - ok 22:47:54.0581 4424 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 22:47:54.0597 4424 vsmraid - ok 22:47:54.0644 4424 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 22:47:54.0706 4424 VSS - ok 22:47:54.0722 4424 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 22:47:54.0769 4424 W32Time - ok 22:47:54.0784 4424 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 22:47:54.0847 4424 WacomPen - ok 22:47:54.0862 4424 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 22:47:54.0909 4424 Wanarp - ok 22:47:54.0909 4424 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:47:54.0925 4424 Wanarpv6 - ok 22:47:54.0956 4424 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll 22:47:55.0018 4424 WcesComm - ok 22:47:55.0081 4424 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:47:55.0112 4424 wcncsvc - ok 22:47:55.0127 4424 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:47:55.0159 4424 WcsPlugInService - ok 22:47:55.0174 4424 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 22:47:55.0190 4424 Wd - ok 22:47:55.0221 4424 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:47:55.0252 4424 Wdf01000 - ok 22:47:55.0283 4424 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:47:55.0330 4424 WdiServiceHost - ok 22:47:55.0330 4424 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:47:55.0361 4424 WdiSystemHost - ok 22:47:55.0377 4424 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 22:47:55.0424 4424 WebClient - ok 22:47:55.0455 4424 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:47:55.0502 4424 Wecsvc - ok 22:47:55.0517 4424 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:47:55.0549 4424 wercplsupport - ok 22:47:55.0580 4424 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 22:47:55.0611 4424 WerSvc - ok 22:47:55.0658 4424 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 22:47:55.0673 4424 WinDefend - ok 22:47:55.0689 4424 WinHttpAutoProxySvc - ok 22:47:55.0720 4424 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:47:55.0751 4424 Winmgmt - ok 22:47:55.0798 4424 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 22:47:55.0907 4424 WinRM - ok 22:47:55.0939 4424 [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb C:\Windows\system32\DRIVERS\winusb.sys 22:47:55.0970 4424 winusb - ok 22:47:56.0001 4424 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 22:47:56.0079 4424 Wlansvc - ok 22:47:56.0095 4424 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 22:47:56.0126 4424 WmiAcpi - ok 22:47:56.0157 4424 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:47:56.0188 4424 wmiApSrv - ok 22:47:56.0251 4424 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 22:47:56.0360 4424 WMPNetworkSvc - ok 22:47:56.0375 4424 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:47:56.0422 4424 WPCSvc - ok 22:47:56.0453 4424 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:47:56.0485 4424 WPDBusEnum - ok 22:47:56.0516 4424 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 22:47:56.0531 4424 WpdUsb - ok 22:47:56.0594 4424 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 22:47:56.0641 4424 WPFFontCache_v0400 - ok 22:47:56.0656 4424 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:47:56.0703 4424 ws2ifsl - ok 22:47:56.0719 4424 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 22:47:56.0750 4424 wscsvc - ok 22:47:56.0750 4424 WSearch - ok 22:47:56.0812 4424 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 22:47:56.0937 4424 wuauserv - ok 22:47:56.0999 4424 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 22:47:57.0046 4424 WudfPf - ok 22:47:57.0077 4424 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:47:57.0109 4424 WUDFRd - ok 22:47:57.0140 4424 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:47:57.0155 4424 wudfsvc - ok 22:47:57.0171 4424 ================ Scan global =============================== 22:47:57.0202 4424 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 22:47:57.0233 4424 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 22:47:57.0249 4424 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 22:47:57.0280 4424 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 22:47:57.0296 4424 [Global] - ok 22:47:57.0296 4424 ================ Scan MBR ================================== 22:47:57.0311 4424 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 22:47:57.0889 4424 \Device\Harddisk0\DR0 - ok 22:47:57.0889 4424 ================ Scan VBR ================================== 22:47:57.0904 4424 [ FE1F209BD62A15B05D6A639B39693652 ] \Device\Harddisk0\DR0\Partition1 22:47:57.0904 4424 \Device\Harddisk0\DR0\Partition1 - ok 22:47:57.0920 4424 [ CC2AF866A0E1FBEF0F74676D0507F6FD ] \Device\Harddisk0\DR0\Partition2 22:47:57.0920 4424 \Device\Harddisk0\DR0\Partition2 - ok 22:47:57.0920 4424 ============================================================ 22:47:57.0920 4424 Scan finished 22:47:57.0920 4424 ============================================================ 22:47:57.0935 2068 Detected object count: 7 22:47:57.0935 2068 Actual detected object count: 7 22:48:15.0267 2068 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:15.0267 2068 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:15.0267 2068 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:15.0267 2068 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:15.0283 2068 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:15.0283 2068 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:15.0283 2068 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:15.0283 2068 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:15.0283 2068 NPPTNT2 ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:15.0283 2068 NPPTNT2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:15.0298 2068 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:15.0298 2068 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:48:15.0298 2068 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user 22:48:15.0298 2068 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
| Themen zu emisoft logfile |
| .dll, anti-malware, appdata, autologin, caching, domaiq, einstellungen, emsisoft, festplatte, files, gen, iexplore, install.exe, logfile, methode, microsoft, platte, program, roaming, rootkits, smartbar, software, speicher, tarma, temp, traces, uninstall.exe, update, users, version, windows, zugriff |
Linear-Darstellung
