![]() |
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner! Benötige dringend Hilfe!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #1 |
| ![]() GVU-Trojaner! Benötige dringend Hilfe! Hilfeeee! Auch ich habe mir den GVU-Trojaner eingefangen. Könnt ihr mir weiterhelfen? Habe den Rechner nun im abgesicherten Modus über Netzwerk gestartet und den Quick Scan mit OTL nach eurer Beschreibung durchgeführt. Nun habe ich folgende Logfiles: Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.05.2013 16:29:34 - Run 1 OTL by OldTimer - Version Folder = C:\Dokumente und Einstellungen\GunnarW\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 81,79% Memory free 3,73 Gb Paging File | 3,58 Gb Available in Paging File | 96,18% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 93,15 Gb Total Space | 38,53 Gb Free Space | 41,37% Space Free | Partition Type: NTFS Drive D: | 139,73 Gb Total Space | 129,28 Gb Free Space | 92,52% Space Free | Partition Type: NTFS Computer Name: GUNNAR | User Name: GunnarW | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 "1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 "500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "15783:UDP" = 15783:UDP:*:Enabled:UDP 15783 "17711:TCP" = 17711:TCP:*:Enabled:TCP 17711 "1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015 "1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016 "500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Software\SweetImSetup.exe" = C:\Software\SweetImSetup.exe:*:Enabled:SweetIM Installer "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.) "C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\Spotify\spotify.exe" = C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd) "C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{01FF2C26-DBCE-DADA-BEE5-0928E0F8F623}" = CCC Help German "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{05F4ABAC-8697-2291-16D8-4BFD7DD78B59}" = CCC Help Japanese "{07C85A90-668F-A807-5C67-975E0777A9E8}" = Catalyst Control Center Localization Russian "{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.(R) L2 Fast Ethernet Driver "{0EA06F05-4320-E4DC-4374-E6C0986C964D}" = Catalyst Control Center Localization Finnish "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers "{137C5C08-8B6F-497A-1529-502359B3BA88}" = Catalyst Control Center Localization Polish "{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media "{17EE76BB-5264-8946-DA8F-D564ED25EDDD}" = CCC Help English "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26 "{27599825-6BD9-1081-D1CC-0BFC01157204}" = CCC Help Hungarian "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{2E13776F-DEAF-7C83-C2A9-3BF073D51BFD}" = Catalyst Control Center Localization Swedish "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3482A5D0-F16D-A6C9-397F-8D85EA61BF93}" = Catalyst Control Center Localization Norwegian "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder "{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey "{3C3CA756-9FB1-60D9-4435-6D9FEB42C637}" = Catalyst Control Center Localization Dutch "{3E4039F8-5DA8-0414-B7E1-8DA8C8FC1565}" = Catalyst Control Center Localization Thai "{415CD877-0970-4CB6-B178-1E72F7DC60E7}" = MyScript HWR (German) "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{47C6C88F-FA95-49C8-B57D-5C5F093738E1}" = iTunes "{48D4215F-414F-1554-8534-E3D8156C0666}" = Skins "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A0FAC3C-852D-C0A3-1715-6F844C184CF0}" = CCC Help Portuguese "{4B29B49E-F274-58CE-25D2-791570F1619A}" = CCC Help French "{4B546AE5-DF17-6D39-A846-A9ECD0153C9A}" = Catalyst Control Center Localization Greek "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{54DDB1B0-5E5B-4637-99DD-7A364CE6A75B}}_is1" = VX-Software 9 v. "{57EF4BC7-0C52-1872-C0CE-AEAB996E5626}" = Catalyst Control Center Localization Korean "{5B701396-48C3-A3FA-43DB-FF975446759C}" = Catalyst Control Center Localization French "{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2 "{5ECA8F33-8F8E-1042-2082-5F02E64D6140}" = CCC Help Polish "{68B84920-CD46-8C5B-DABE-EC0FF6F0C703}" = Catalyst Control Center Localization German "{6AF75C96-2093-51F4-0412-501CB317A7F9}" = CCC Help Thai "{6D219284-A368-A0A5-AA55-8BAAE9EA60CC}" = Catalyst Control Center Localization Japanese "{732442CA-AFFC-E75D-C586-2A3C71D8CFFE}" = CCC Help Finnish "{767EE8DA-A2AA-00A9-1A21-9584E00867B8}" = Catalyst Control Center Core Implementation "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{815B5312-F7B5-EDD5-A899-B0228C3C7F3A}" = CCC Help Turkish "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2 "{857D4360-762B-978B-76AD-491AA719E47A}" = ccc-core-static "{86552A3A-0437-319B-46C5-569FC9F7ACA9}" = ccc-utility "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89EAD7B4-1CAC-CC9E-F040-FE041A2EA77C}" = Catalyst Control Center Localization Spanish "{8BE3174F-3BFE-8822-4493-A0519D1E4E94}" = Catalyst Control Center Localization Portuguese "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel "{9313E9A6-03DF-11D5-88F8-005004361016}" = Pinnacle TRex "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D7802F0-3C39-ED52-10D9-AE8A7FB5A94C}" = Catalyst Control Center Localization Hungarian "{9F303CF8-2998-4541-C9F7-C3AAEC2B88B0}" = Catalyst Control Center Graphics Full Existing "{A042FD6F-D051-ECE5-71C9-52ABFE36EBF9}" = Catalyst Control Center Localization Czech "{A125DDDB-E0C0-08E0-F04C-7B5409DFFC79}" = Catalyst Control Center Graphics Light "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AB1E9EC2-42E4-E801-83BB-AAFF86DDEC7E}" = CCC Help Czech "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B02A3921-F7B7-C73F-395B-8172C9EE4006}" = Catalyst Control Center Localization Italian "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BD17DEF2-8970-E4F5-337A-C10DE4D33F29}" = CCC Help Korean "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C5A2542D-CF79-3EE6-7673-2CEDA2338172}" = CCC Help Greek "{C69B9631-B617-B714-7FE2-6FCD5B891ACD}" = Catalyst Control Center Localization Chinese Traditional "{C6D7BC96-A608-0908-F6E7-53C118423087}" = CCC Help Chinese Standard "{C8A4038E-4DA5-879D-A353-7443FC3EE22C}" = CCC Help Spanish "{C9B7D4A2-7A42-96BC-DE77-6EB23F1116A8}" = CCC Help Swedish "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE344E77-B015-C6D0-9A1B-0EA0043E7A52}" = CCC Help Russian "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D9D45F79-D38C-9BCA-4023-6F3E365D5D25}" = CCC Help Dutch "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DCE907E3-4D72-4CD3-A08A-BEFC8C7A5869}" = Branding "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E4BCF2E7-B181-C240-B6EC-04A8FA633EEF}" = Catalyst Control Center Graphics Full New "{E91EBA1F-DA25-58B2-365F-FB76BDC81F86}" = Catalyst Control Center Localization Turkish "{EA2F03AD-BF9D-EECC-F24C-549046AEC17A}" = Catalyst Control Center Localization Danish "{EE78C2A7-1413-105B-DC86-3F9FA6B10C2F}" = CCC Help Danish "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2AAE965-966C-104E-ECCD-9F111A83139C}" = CCC Help Italian "{F3AEE6A8-5FA3-F9AA-8CA7-D1AAD6352065}" = Catalyst Control Center Localization Chinese Standard "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F7F564DD-A790-D01A-5390-6D1386AA5621}" = CCC Help Norwegian "{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari "{FD9B0D38-7B82-5A3A-E046-D8DBF3F06A93}" = CCC Help Chinese Traditional "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver "ATI Display Driver" = ATI Display Driver "Avira AntiVir Desktop" = Avira Free Antivirus "BitZipper_is1" = BitZipper 2010 "CCleaner" = CCleaner "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version "GPL Ghostscript 9.04" = GPL Ghostscript "ie8" = Windows Internet Explorer 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "PDFKey Pro" = PDFKey Pro "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SP_9d47ade0" = EasyLife Search 1.74 "SP_b376809d" = BrowseToSave 1.74 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall "USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam "VLC media player" = VLC media player 1.1.11 "vShare" = vShare Plugin "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.20 (32-Bit) "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "WMV9_VCM" = Microsoft Windows Media Video 9 VCM "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Game Organizer" = EasyBits GO "JNLP" = JNLP "Kies Air Discovery Service" = Kies Air Discovery Service "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 05.02.2013 12:17:20 | Computer Name = GUNNAR | Source = MsiInstaller | ID = 11609 Description = Error - 06.02.2013 05:51:35 | Computer Name = GUNNAR | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 07.02.2013 03:52:45 | Computer Name = GUNNAR | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 11.02.2013 04:52:27 | Computer Name = GUNNAR | Source = ESENT | ID = 490 Description = svchost (1176) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error - 13.02.2013 06:26:56 | Computer Name = GUNNAR | Source = MsiInstaller | ID = 11609 Description = Error - 13.02.2013 07:14:23 | Computer Name = GUNNAR | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OUTLOOK.EXE, Version 12.0.6665.5003, Stillstandmodul hungapp, Version, Stillstandadresse 0x00000000. Error - 13.02.2013 07:14:23 | Computer Name = GUNNAR | Source = Microsoft Office 12 | ID = 5000 Description = EventType officelifeboathang, P1 outlook.exe, P2 12.0.6665.5003, P3 ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL. Error - 15.02.2013 08:45:50 | Computer Name = GUNNAR | Source = SecurityCenter | ID = 1802 Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen. Error - 21.02.2013 02:37:08 | Computer Name = GUNNAR | Source = MsiInstaller | ID = 11609 Description = Error - 28.02.2013 02:57:46 | Computer Name = GUNNAR | Source = MsiInstaller | ID = 11609 Description = [ OSession Events ] Error - 12.04.2011 08:18:37 | Computer Name = GUNNAR | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1908 seconds with 1080 seconds of active time. This session ended with a crash. Error - 08.08.2011 14:51:54 | Computer Name = GUNNAR | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 835 seconds with 0 seconds of active time. This session ended with a crash. Error - 17.08.2011 05:56:02 | Computer Name = GUNNAR | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 179 seconds with 0 seconds of active time. This session ended with a crash. Error - 02.10.2011 16:47:04 | Computer Name = GUNNAR | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 22 seconds with 0 seconds of active time. This session ended with a crash. Error - 22.11.2011 14:18:32 | Computer Name = GUNNAR | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 609 seconds with 120 seconds of active time. This session ended with a crash. Error - 09.08.2012 12:18:20 | Computer Name = GUNNAR | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 569 seconds with 540 seconds of active time. This session ended with a crash. Error - 17.10.2012 05:24:57 | Computer Name = GUNNAR | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3907 seconds with 2940 seconds of active time. This session ended with a crash. Error - 17.10.2012 05:26:08 | Computer Name = GUNNAR | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 57 seconds with 0 seconds of active time. This session ended with a crash. Error - 17.10.2012 05:42:12 | Computer Name = GUNNAR | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 496 seconds with 480 seconds of active time. This session ended with a crash. [ System Events ] Error - 02.05.2013 15:51:48 | Computer Name = GUNNAR | Source = Print | ID = 6161 Description = Das Dokument Microsoft Word - Skript.docx, im Besitz von GunnarW, konnte nicht auf dem Drucker Canon MP550 series Printer gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes: 262144. Anzahl der gedruckten Bytes: 30960. Gesamtanzahl der Seiten des Dokuments: 7. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\GUNNAR. Vom Druckprozessor zurückgelieferter Win32-Fehlercode: 13 (0xd). Error - 13.05.2013 09:18:36 | Computer Name = GUNNAR | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 13.05.2013 09:19:44 | Computer Name = GUNNAR | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: avipbb avkmgr Fips intelppm ssmdrv Error - 13.05.2013 09:54:03 | Computer Name = GUNNAR | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 13.05.2013 09:54:21 | Computer Name = GUNNAR | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 15.05.2013 09:22:21 | Computer Name = GUNNAR | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 15.05.2013 09:23:36 | Computer Name = GUNNAR | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: avipbb avkmgr Fips intelppm ssmdrv Error - 15.05.2013 10:00:13 | Computer Name = GUNNAR | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 15.05.2013 10:12:11 | Computer Name = GUNNAR | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 15.05.2013 10:13:25 | Computer Name = GUNNAR | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: avipbb avkmgr Fips intelppm ssmdrv < End of report > OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 15.05.2013 16:29:33 - Run 1 OTL by OldTimer - Version Folder = C:\Dokumente und Einstellungen\GunnarW\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 81,79% Memory free 3,73 Gb Paging File | 3,58 Gb Available in Paging File | 96,18% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 93,15 Gb Total Space | 38,53 Gb Free Space | 41,37% Space Free | Partition Type: NTFS Drive D: | 139,73 Gb Total Space | 129,28 Gb Free Space | 92,52% Space Free | Partition Type: NTFS Computer Name: GUNNAR | User Name: GunnarW | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\GunnarW\Desktop\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Skype C2C Service) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros) SRV - (StkSSrv) -- C:\WINDOWS\system32\StkCSrv.exe (Syntek America Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (smserial) -- system32\DRIVERS\smserial.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys () DRV - (AtcL002) -- C:\WINDOWS\system32\drivers\l251x86.sys (Atheros Communications, Inc.) DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.) DRV - (StkCMini) -- C:\WINDOWS\system32\drivers\StkCMini.sys (Syntek) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (kbfiltr) -- C:\WINDOWS\system32\drivers\kbfiltr.sys ( ) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.easylifeapp.com/?pid=499&r=2013/02/14&hid=817904650&lg=EN&cc=DE IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = hxxp://search.easylifeapp.com/?q={searchTerms}&abc=ie&pid=499&r=2013/02/14&hid=817904650&lg=EN&cc=DE IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = hxxp://search.easylifeapp.com/?q={searchTerms}&abc=ie&pid=499&r=2013/02/14&hid=817904650&lg=EN&cc=DE IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: D:\Veetle\plugins\npVeetle.dll File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Veetle\Player\npvlc.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: localhost O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O4 - HKLM..\Run: [ACU] C:\Programme\Atheros\ACU.exe (Atheros Communications, Inc.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe () O4 - HKLM..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe () O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKCU..\Run: [Sysyem Cleaner] C:\Dokumente und Einstellungen\GunnarW\1741363.exe () O4 - Startup: C:\Dokumente und Einstellungen\GunnarW\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281990639328 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EB66CE7-37B6-4436-B025-63FD740D3FAB}: DhcpNameServer = O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~1\easylife\sprote~1.dll) - c:\Programme\EasyLife\sprotector.dll () O20 - AppInit_DLLs: (c:\progra~1\browse~1\sprote~1.dll) - c:\Programme\BrowseToSave\sprotector.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\GunnarW\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\GunnarW\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.16 21:17:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: ccc-core-static - msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^GunnarW^Startmenü^Programme^Autostart^Dropbox.lnk - C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig - StartUpReg: ATKHOTKEY - hkey= - key= - C:\Programme\ATK Hotkey\Hcontrol.exe (ATK0100) MsConfig - StartUpReg: ATKOSD2 - hkey= - key= - C:\Programme\ATKOSD2\ATKOSD2.exe () MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - File not found MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.) MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: SkyTel - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: Spotify - hkey= - key= - C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\Spotify\Spotify.exe (Spotify Ltd) MsConfig - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe () MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: swg - hkey= - key= - File not found MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Unable to start System Restore Service. Error code 10 ========== Files/Folders - Created Within 30 Days ========== [2013.04.25 22:05:34 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Connect 2 [2013.04.25 22:03:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2013.04.25 22:03:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2013.04.25 21:57:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2011.01.18 19:04:59 | 002,291,256 | ---- | C] (Pinnacle Systems) -- C:\Programme\TRex.exe [2010.09.16 10:41:12 | 001,277,264 | ---- | C] (Microsoft Corporation) -- C:\Programme\wlmessengersetup-custom.exe [2010.09.14 23:13:21 | 019,075,976 | ---- | C] (Skype Technologies S.A.) -- C:\Programme\SkypeSetup187Full.exe [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.15 16:17:26 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\GunnarW\Desktop\Microsoft Office Outlook 2007.lnk [2013.05.15 16:11:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.15 15:20:37 | 000,109,056 | ---- | M] () -- C:\Dokumente und Einstellungen\GunnarW\1741363.exe [2013.05.15 13:59:24 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A42691D2-4E50-44F7-8D45-525364F2FD6C}.job [2013.05.15 13:53:56 | 000,280,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.05.15 09:50:58 | 000,453,002 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.15 09:50:58 | 000,436,042 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.15 09:50:58 | 000,081,764 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.15 09:50:58 | 000,068,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.05.15 09:47:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.05.13 00:14:55 | 000,013,700 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.08 09:17:27 | 000,122,564 | ---- | M] () -- C:\Verenas Modetipps.pdf [2013.04.28 16:48:00 | 000,026,112 | ---- | M] () -- C:\Dokumente und Einstellungen\GunnarW\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.26 08:22:52 | 000,127,841 | ---- | M] () -- C:\Teilnehmerliste Online-Regeltest April 2013.pdf [2013.04.25 22:05:48 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2013.04.25 22:05:48 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2013.04.25 22:03:55 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2013.04.25 22:00:13 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2013.04.25 20:17:33 | 000,157,600 | ---- | M] () -- C:\Dokumente und Einstellungen\GunnarW\5526142.dll [2013.04.23 09:45:30 | 000,051,898 | ---- | M] () -- C:\Dokumente und Einstellungen\GunnarW\.TransferManager.db [2013.04.22 22:23:15 | 000,001,846 | ---- | M] () -- C:\Dokumente und Einstellungen\GunnarW\Desktop\Kies Air Discovery Service.lnk [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.15 15:20:35 | 000,109,056 | ---- | C] () -- C:\Dokumente und Einstellungen\GunnarW\1741363.exe [2013.05.08 09:16:22 | 000,122,564 | ---- | C] () -- C:\Verenas Modetipps.pdf [2013.04.26 08:22:52 | 000,127,841 | ---- | C] () -- C:\Teilnehmerliste Online-Regeltest April 2013.pdf [2013.04.25 22:03:55 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2013.04.25 20:17:29 | 000,157,600 | ---- | C] () -- C:\Dokumente und Einstellungen\GunnarW\5526142.dll [2013.04.23 09:45:30 | 000,051,898 | ---- | C] () -- C:\Dokumente und Einstellungen\GunnarW\.TransferManager.db [2013.04.22 22:23:15 | 000,001,846 | ---- | C] () -- C:\Dokumente und Einstellungen\GunnarW\Desktop\Kies Air Discovery Service.lnk [2013.03.06 19:10:29 | 000,234,600 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.10.18 13:27:44 | 083,023,306 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\epyks.pad [2012.06.12 16:38:52 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2012.06.12 16:38:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2012.02.15 11:01:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.06.10 09:55:58 | 000,056,465 | ---- | C] () -- C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\B652.794 [2011.01.26 14:36:41 | 000,026,112 | ---- | C] () -- C:\Dokumente und Einstellungen\GunnarW\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2010.08.16 21:29:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.20 12:30:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2010.09.29 23:06:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Boss Media [2010.08.30 16:39:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2013.01.02 15:25:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ClubSanDisk [2011.05.02 18:59:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations [2011.10.13 11:50:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO [2011.07.15 21:49:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2013.02.14 11:19:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate [2013.02.14 11:19:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RightClick [2011.05.02 18:59:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SMART Technologies [2013.02.14 11:29:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.08.17 14:43:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012.07.04 13:02:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\BitZipper [2011.02.20 23:26:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\BSW [2013.05.15 16:09:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\Dropbox [2013.03.02 11:47:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\DVDVideoSoft [2010.08.17 15:48:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\DVDVideoSoftIEHelpers [2013.03.02 11:42:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\FreePDF [2011.10.13 10:34:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\go [2012.04.23 21:55:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\ICQ [2013.02.14 00:56:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\Jizy [2012.08.10 15:44:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\pdfforge [2011.05.02 19:09:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\SMART Technologies [2011.05.02 18:44:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\SMART Technologies Inc [2012.11.19 16:18:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\Spotify [2011.02.12 16:56:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GunnarW\Anwendungsdaten\vShare ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.10.18 13:55:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2010.08.16 23:53:36 | 000,000,000 | RH-D | M] -- C:\MSOCache [2013.01.08 15:08:47 | 000,000,000 | ---D | M] -- C:\Musik [2013.04.25 22:05:34 | 000,000,000 | R--D | M] -- C:\Programme [2010.08.16 21:46:26 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2013.04.25 22:02:10 | 000,000,000 | ---D | M] -- C:\Software [2010.08.16 21:21:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.05.15 13:55:12 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > [2010.09.14 23:13:23 | 019,075,976 | ---- | M] (Skype Technologies S.A.) -- C:\Programme\SkypeSetup187Full.exe [2011.01.18 19:05:04 | 002,291,256 | ---- | M] (Pinnacle Systems) -- C:\Programme\TRex.exe [2010.09.16 10:41:13 | 001,277,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\wlmessengersetup-custom.exe Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2008.04.14 04:23:08 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp [2008.04.14 04:23:08 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2008.04.14 04:23:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp [2008.04.14 04:23:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2008.04.14 04:23:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2008.04.14 04:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2008.04.14 04:23:08 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2010.08.16 21:15:34 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2010.08.16 21:21:17 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2010.08.17 14:41:56 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2011.04.14 10:10:43 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A42691D2-4E50-44F7-8D45-525364F2FD6C}.job [2012.03.28 17:40:16 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2006.02.28 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2006.02.28 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2006.02.28 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2006.02.28 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2012.12.14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2006.02.28 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2010.08.16 23:01:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2010.08.16 23:01:24 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2010.08.16 23:01:24 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2013.04.23 09:45:30 | 000,051,898 | ---- | M] () -- C:\Dokumente und Einstellungen\GunnarW\.TransferManager.db [2013.05.15 15:20:37 | 000,109,056 | ---- | M] () -- C:\Dokumente und Einstellungen\GunnarW\1741363.exe [2013.04.25 20:17:33 | 000,157,600 | ---- | M] () -- C:\Dokumente und Einstellungen\GunnarW\5526142.dll [2013.05.15 16:01:53 | 006,029,312 | -H-- | M] () -- C:\Dokumente und Einstellungen\GunnarW\NTUSER.DAT [2013.05.15 16:24:51 | 000,499,712 | -H-- | M] () -- C:\Dokumente und Einstellungen\GunnarW\ntuser.dat.LOG [2013.05.15 16:00:14 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\GunnarW\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2013.04.12 16:00:54 | 001,876,480 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\csrss.exe:SummaryInformation @Alternate Data Stream - 126 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:373E1720 < End of report > |
![]() | #2 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU-Trojaner! Benötige dringend Hilfe! b
__________________Hi, otl fix Fixen mit OTL
ATTFilter :OTL O4 - HKCU..\Run: [Sysyem Cleaner] C:\Dokumente und Einstellungen\GunnarW\1741363.exe () :files :Commands [emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die ![]()
__________________ |
![]() | #3 |
| ![]() GVU-Trojaner! Benötige dringend Hilfe! All processes killed
__________________========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Sysyem Cleaner deleted successfully. File C:\Dokumente und Einstellungen\GunnarW\1741363.exe not found. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Administrator.GUNNAR ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: GunnarW ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 2110701 bytes ->Java cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 506 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 32768 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2,00 mb OTL by OldTimer - Version log created on 05152013_171759 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
![]() | #4 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU-Trojaner! Benötige dringend Hilfe! ok, dann mal weiter mit dem Upload.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
![]() | #5 |
| ![]() GVU-Trojaner! Benötige dringend Hilfe! Der Upload hat funktioniert. |
![]() | #6 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU-Trojaner! Benötige dringend Hilfe! sehr gut. normaler Modus sollte gehen. Downloade dir bitte ![]()
__________________ --> GVU-Trojaner! Benötige dringend Hilfe! |
![]() | #7 |
| ![]() GVU-Trojaner! Benötige dringend Hilfe! Hier mein Logfile: 17:32:28.0984 0252 TDSS rootkit removing tool Feb 11 2013 18:50:42 17:32:29.0109 0252 ============================================================ 17:32:29.0109 0252 Current date / time: 2013/05/15 17:32:29.0109 17:32:29.0109 0252 SystemInfo: 17:32:29.0109 0252 17:32:29.0109 0252 OS Version: 5.1.2600 ServicePack: 3.0 17:32:29.0109 0252 Product type: Workstation 17:32:29.0109 0252 ComputerName: GUNNAR 17:32:29.0109 0252 UserName: GunnarW 17:32:29.0109 0252 Windows directory: C:\WINDOWS 17:32:29.0109 0252 System windows directory: C:\WINDOWS 17:32:29.0109 0252 Processor architecture: Intel x86 17:32:29.0109 0252 Number of processors: 2 17:32:29.0109 0252 Page size: 0x1000 17:32:29.0109 0252 Boot type: Normal boot 17:32:29.0109 0252 ============================================================ 17:32:30.0390 0252 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 17:32:30.0437 0252 ============================================================ 17:32:30.0437 0252 \Device\Harddisk0\DR0: 17:32:30.0437 0252 MBR partitions: 17:32:30.0437 0252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA4CF41 17:32:30.0453 0252 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xBA4CFBF, BlocksNum 0x117775C2 17:32:30.0453 0252 ============================================================ 17:32:30.0468 0252 D: <-> \Device\Harddisk0\DR0\Partition2 17:32:30.0515 0252 C: <-> \Device\Harddisk0\DR0\Partition1 17:32:30.0515 0252 ============================================================ 17:32:30.0515 0252 Initialize success 17:32:30.0515 0252 ============================================================ 17:34:25.0875 1764 ============================================================ 17:34:25.0875 1764 Scan started 17:34:25.0875 1764 Mode: Manual; SigCheck; TDLFS; 17:34:25.0875 1764 ============================================================ 17:34:26.0156 1764 ================ Scan system memory ======================== 17:34:26.0156 1764 System memory - ok 17:34:26.0156 1764 ================ Scan services ============================= 17:34:26.0296 1764 Abiosdsk - ok 17:34:26.0296 1764 abp480n5 - ok 17:34:26.0359 1764 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 17:34:27.0140 1764 ACPI ( UnsignedFile.Multi.Generic ) - warning 17:34:27.0140 1764 ACPI - detected UnsignedFile.Multi.Generic (1) 17:34:27.0171 1764 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 17:34:27.0218 1764 ACPIEC ( UnsignedFile.Multi.Generic ) - warning 17:34:27.0218 1764 ACPIEC - detected UnsignedFile.Multi.Generic (1) 17:34:27.0265 1764 [ 9FEFF3A731EAAB3EB34F2AF361D703EE ] ACS C:\WINDOWS\system32\acs.exe 17:34:27.0296 1764 ACS ( UnsignedFile.Multi.Generic ) - warning 17:34:27.0296 1764 ACS - detected UnsignedFile.Multi.Generic (1) 17:34:27.0390 1764 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 17:34:27.0500 1764 AdobeFlashPlayerUpdateSvc - ok 17:34:27.0500 1764 adpu160m - ok 17:34:27.0609 1764 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 17:34:27.0625 1764 aec ( UnsignedFile.Multi.Generic ) - warning 17:34:27.0625 1764 aec - detected UnsignedFile.Multi.Generic (1) 17:34:27.0671 1764 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 17:34:27.0687 1764 AFD ( UnsignedFile.Multi.Generic ) - warning 17:34:27.0687 1764 AFD - detected UnsignedFile.Multi.Generic (1) 17:34:27.0703 1764 Aha154x - ok 17:34:27.0718 1764 aic78u2 - ok 17:34:27.0718 1764 aic78xx - ok 17:34:27.0765 1764 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 17:34:27.0781 1764 Alerter ( UnsignedFile.Multi.Generic ) - warning 17:34:27.0781 1764 Alerter - detected UnsignedFile.Multi.Generic (1) 17:34:27.0812 1764 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 17:34:27.0828 1764 ALG ( UnsignedFile.Multi.Generic ) - warning 17:34:27.0828 1764 ALG - detected UnsignedFile.Multi.Generic (1) 17:34:27.0828 1764 AliIde - ok 17:34:27.0843 1764 amsint - ok 17:34:27.0953 1764 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe 17:34:28.0093 1764 AntiVirSchedulerService - ok 17:34:28.0125 1764 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe 17:34:28.0140 1764 AntiVirService - ok 17:34:28.0187 1764 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe 17:34:28.0234 1764 Apple Mobile Device - ok 17:34:28.0234 1764 AppMgmt - ok 17:34:28.0281 1764 [ BD4A059B937A64F403E693DCAA26FE38 ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys 17:34:28.0359 1764 AR5211 ( UnsignedFile.Multi.Generic ) - warning 17:34:28.0359 1764 AR5211 - detected UnsignedFile.Multi.Generic (1) 17:34:28.0375 1764 asc - ok 17:34:28.0390 1764 asc3350p - ok 17:34:28.0390 1764 asc3550 - ok 17:34:28.0500 1764 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 17:34:28.0578 1764 aspnet_state - ok 17:34:28.0593 1764 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 17:34:28.0640 1764 AsyncMac ( UnsignedFile.Multi.Generic ) - warning 17:34:28.0640 1764 AsyncMac - detected UnsignedFile.Multi.Generic (1) 17:34:28.0671 1764 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 17:34:28.0687 1764 atapi ( UnsignedFile.Multi.Generic ) - warning 17:34:28.0687 1764 atapi - detected UnsignedFile.Multi.Generic (1) 17:34:28.0703 1764 [ 5DD646E4C9E447D83D7E781EF202F709 ] AtcL002 C:\WINDOWS\system32\DRIVERS\l251x86.sys 17:34:28.0718 1764 AtcL002 ( UnsignedFile.Multi.Generic ) - warning 17:34:28.0718 1764 AtcL002 - detected UnsignedFile.Multi.Generic (1) 17:34:28.0734 1764 Atdisk - ok 17:34:28.0781 1764 [ 29B2874B3956B62C0DBEA32D75A8E776 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe 17:34:28.0812 1764 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning 17:34:28.0812 1764 Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1) 17:34:28.0921 1764 [ A1789368B4A31D2111AF7AEDA0C8D3FC ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 17:34:29.0046 1764 ati2mtag ( UnsignedFile.Multi.Generic ) - warning 17:34:29.0046 1764 ati2mtag - detected UnsignedFile.Multi.Generic (1) 17:34:29.0078 1764 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 17:34:29.0093 1764 Atmarpc ( UnsignedFile.Multi.Generic ) - warning 17:34:29.0093 1764 Atmarpc - detected UnsignedFile.Multi.Generic (1) 17:34:29.0140 1764 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 17:34:29.0156 1764 AudioSrv ( UnsignedFile.Multi.Generic ) - warning 17:34:29.0156 1764 AudioSrv - detected UnsignedFile.Multi.Generic (1) 17:34:29.0187 1764 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 17:34:29.0203 1764 audstub ( UnsignedFile.Multi.Generic ) - warning 17:34:29.0203 1764 audstub - detected UnsignedFile.Multi.Generic (1) 17:34:29.0234 1764 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys 17:34:29.0312 1764 avgntflt - ok 17:34:29.0343 1764 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys 17:34:29.0390 1764 avipbb - ok 17:34:29.0406 1764 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys 17:34:29.0437 1764 avkmgr - ok 17:34:29.0484 1764 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 17:34:29.0500 1764 Beep ( UnsignedFile.Multi.Generic ) - warning 17:34:29.0500 1764 Beep - detected UnsignedFile.Multi.Generic (1) 17:34:29.0546 1764 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 17:34:29.0593 1764 BITS ( UnsignedFile.Multi.Generic ) - warning 17:34:29.0593 1764 BITS - detected UnsignedFile.Multi.Generic (1) 17:34:29.0656 1764 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe 17:34:29.0703 1764 Bonjour Service - ok 17:34:29.0750 1764 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 17:34:29.0765 1764 Browser ( UnsignedFile.Multi.Generic ) - warning 17:34:29.0765 1764 Browser - detected UnsignedFile.Multi.Generic (1) 17:34:29.0796 1764 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 17:34:29.0812 1764 cbidf2k ( UnsignedFile.Multi.Generic ) - warning 17:34:29.0812 1764 cbidf2k - detected UnsignedFile.Multi.Generic (1) 17:34:29.0843 1764 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 17:34:29.0859 1764 CCDECODE ( UnsignedFile.Multi.Generic ) - warning 17:34:29.0859 1764 CCDECODE - detected UnsignedFile.Multi.Generic (1) 17:34:29.0875 1764 cd20xrnt - ok 17:34:29.0906 1764 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 17:34:29.0906 1764 Cdaudio ( UnsignedFile.Multi.Generic ) - warning 17:34:29.0906 1764 Cdaudio - detected UnsignedFile.Multi.Generic (1) 17:34:29.0937 1764 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 17:34:29.0953 1764 Cdfs ( UnsignedFile.Multi.Generic ) - warning 17:34:29.0953 1764 Cdfs - detected UnsignedFile.Multi.Generic (1) 17:34:29.0968 1764 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 17:34:29.0984 1764 Cdrom ( UnsignedFile.Multi.Generic ) - warning 17:34:29.0984 1764 Cdrom - detected UnsignedFile.Multi.Generic (1) 17:34:30.0000 1764 Changer - ok 17:34:30.0046 1764 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 17:34:30.0062 1764 CiSvc ( UnsignedFile.Multi.Generic ) - warning 17:34:30.0062 1764 CiSvc - detected UnsignedFile.Multi.Generic (1) 17:34:30.0093 1764 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 17:34:30.0109 1764 ClipSrv ( UnsignedFile.Multi.Generic ) - warning 17:34:30.0109 1764 ClipSrv - detected UnsignedFile.Multi.Generic (1) 17:34:30.0125 1764 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:34:30.0171 1764 clr_optimization_v2.0.50727_32 - ok 17:34:30.0203 1764 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 17:34:30.0218 1764 CmBatt ( UnsignedFile.Multi.Generic ) - warning 17:34:30.0218 1764 CmBatt - detected UnsignedFile.Multi.Generic (1) 17:34:30.0218 1764 CmdIde - ok 17:34:30.0234 1764 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 17:34:30.0250 1764 Compbatt ( UnsignedFile.Multi.Generic ) - warning 17:34:30.0250 1764 Compbatt - detected UnsignedFile.Multi.Generic (1) 17:34:30.0265 1764 COMSysApp - ok 17:34:30.0281 1764 Cpqarray - ok 17:34:30.0328 1764 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 17:34:30.0343 1764 CryptSvc ( UnsignedFile.Multi.Generic ) - warning 17:34:30.0343 1764 CryptSvc - detected UnsignedFile.Multi.Generic (1) 17:34:30.0359 1764 dac2w2k - ok 17:34:30.0375 1764 dac960nt - ok 17:34:30.0421 1764 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 17:34:30.0453 1764 DcomLaunch ( UnsignedFile.Multi.Generic ) - warning 17:34:30.0453 1764 DcomLaunch - detected UnsignedFile.Multi.Generic (1) 17:34:30.0484 1764 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 17:34:30.0500 1764 Dhcp ( UnsignedFile.Multi.Generic ) - warning 17:34:30.0500 1764 Dhcp - detected UnsignedFile.Multi.Generic (1) 17:34:30.0515 1764 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 17:34:30.0531 1764 Disk ( UnsignedFile.Multi.Generic ) - warning 17:34:30.0531 1764 Disk - detected UnsignedFile.Multi.Generic (1) 17:34:30.0546 1764 dmadmin - ok 17:34:30.0593 1764 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 17:34:30.0656 1764 dmboot ( UnsignedFile.Multi.Generic ) - warning 17:34:30.0656 1764 dmboot - detected UnsignedFile.Multi.Generic (1) 17:34:30.0671 1764 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 17:34:30.0703 1764 dmio ( UnsignedFile.Multi.Generic ) - warning 17:34:30.0703 1764 dmio - detected UnsignedFile.Multi.Generic (1) 17:34:30.0734 1764 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 17:34:30.0750 1764 dmload ( UnsignedFile.Multi.Generic ) - warning 17:34:30.0750 1764 dmload - detected UnsignedFile.Multi.Generic (1) 17:34:30.0796 1764 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 17:34:30.0812 1764 dmserver ( UnsignedFile.Multi.Generic ) - warning 17:34:30.0812 1764 dmserver - detected UnsignedFile.Multi.Generic (1) 17:34:30.0843 1764 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 17:34:30.0859 1764 DMusic ( UnsignedFile.Multi.Generic ) - warning 17:34:30.0859 1764 DMusic - detected UnsignedFile.Multi.Generic (1) 17:34:30.0906 1764 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 17:34:30.0921 1764 Dnscache ( UnsignedFile.Multi.Generic ) - warning 17:34:30.0921 1764 Dnscache - detected UnsignedFile.Multi.Generic (1) 17:34:30.0953 1764 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 17:34:30.0984 1764 Dot3svc ( UnsignedFile.Multi.Generic ) - warning 17:34:30.0984 1764 Dot3svc - detected UnsignedFile.Multi.Generic (1) 17:34:30.0984 1764 dpti2o - ok 17:34:31.0000 1764 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 17:34:31.0015 1764 drmkaud ( UnsignedFile.Multi.Generic ) - warning 17:34:31.0015 1764 drmkaud - detected UnsignedFile.Multi.Generic (1) 17:34:31.0046 1764 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 17:34:31.0062 1764 EapHost ( UnsignedFile.Multi.Generic ) - warning 17:34:31.0062 1764 EapHost - detected UnsignedFile.Multi.Generic (1) 17:34:31.0109 1764 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 17:34:31.0125 1764 ERSvc ( UnsignedFile.Multi.Generic ) - warning 17:34:31.0125 1764 ERSvc - detected UnsignedFile.Multi.Generic (1) 17:34:31.0156 1764 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 17:34:31.0171 1764 Eventlog ( UnsignedFile.Multi.Generic ) - warning 17:34:31.0171 1764 Eventlog - detected UnsignedFile.Multi.Generic (1) 17:34:31.0203 1764 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll 17:34:31.0234 1764 EventSystem ( UnsignedFile.Multi.Generic ) - warning 17:34:31.0234 1764 EventSystem - detected UnsignedFile.Multi.Generic (1) 17:34:31.0250 1764 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 17:34:31.0265 1764 Fastfat ( UnsignedFile.Multi.Generic ) - warning 17:34:31.0265 1764 Fastfat - detected UnsignedFile.Multi.Generic (1) 17:34:31.0312 1764 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 17:34:31.0328 1764 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - warning 17:34:31.0328 1764 FastUserSwitchingCompatibility - detected UnsignedFile.Multi.Generic (1) 17:34:31.0343 1764 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 17:34:31.0359 1764 Fdc ( UnsignedFile.Multi.Generic ) - warning 17:34:31.0359 1764 Fdc - detected UnsignedFile.Multi.Generic (1) 17:34:31.0375 1764 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 17:34:31.0390 1764 Fips ( UnsignedFile.Multi.Generic ) - warning 17:34:31.0390 1764 Fips - detected UnsignedFile.Multi.Generic (1) 17:34:31.0406 1764 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 17:34:31.0421 1764 Flpydisk ( UnsignedFile.Multi.Generic ) - warning 17:34:31.0421 1764 Flpydisk - detected UnsignedFile.Multi.Generic (1) 17:34:31.0468 1764 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 17:34:31.0484 1764 FltMgr ( UnsignedFile.Multi.Generic ) - warning 17:34:31.0484 1764 FltMgr - detected UnsignedFile.Multi.Generic (1) 17:34:31.0562 1764 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 17:34:31.0593 1764 FontCache3.0.0.0 - ok 17:34:31.0609 1764 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 17:34:31.0625 1764 Fs_Rec ( UnsignedFile.Multi.Generic ) - warning 17:34:31.0625 1764 Fs_Rec - detected UnsignedFile.Multi.Generic (1) 17:34:31.0640 1764 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 17:34:31.0656 1764 Ftdisk ( UnsignedFile.Multi.Generic ) - warning 17:34:31.0656 1764 Ftdisk - detected UnsignedFile.Multi.Generic (1) 17:34:31.0687 1764 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 17:34:31.0718 1764 GEARAspiWDM - ok 17:34:31.0718 1764 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 17:34:31.0734 1764 Gpc ( UnsignedFile.Multi.Generic ) - warning 17:34:31.0734 1764 Gpc - detected UnsignedFile.Multi.Generic (1) 17:34:31.0750 1764 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 17:34:31.0765 1764 HDAudBus ( UnsignedFile.Multi.Generic ) - warning 17:34:31.0765 1764 HDAudBus - detected UnsignedFile.Multi.Generic (1) 17:34:31.0843 1764 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 17:34:31.0859 1764 helpsvc ( UnsignedFile.Multi.Generic ) - warning 17:34:31.0859 1764 helpsvc - detected UnsignedFile.Multi.Generic (1) 17:34:31.0875 1764 HidServ - ok 17:34:31.0890 1764 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys 17:34:31.0906 1764 hidusb ( UnsignedFile.Multi.Generic ) - warning 17:34:31.0906 1764 hidusb - detected UnsignedFile.Multi.Generic (1) 17:34:31.0937 1764 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 17:34:31.0953 1764 hkmsvc ( UnsignedFile.Multi.Generic ) - warning 17:34:31.0953 1764 hkmsvc - detected UnsignedFile.Multi.Generic (1) 17:34:31.0968 1764 hpn - ok 17:34:32.0015 1764 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 17:34:32.0031 1764 HTTP ( UnsignedFile.Multi.Generic ) - warning 17:34:32.0031 1764 HTTP - detected UnsignedFile.Multi.Generic (1) 17:34:32.0078 1764 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 17:34:32.0093 1764 HTTPFilter ( UnsignedFile.Multi.Generic ) - warning 17:34:32.0093 1764 HTTPFilter - detected UnsignedFile.Multi.Generic (1) 17:34:32.0093 1764 i2omgmt - ok 17:34:32.0109 1764 i2omp - ok 17:34:32.0125 1764 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 17:34:32.0140 1764 i8042prt ( UnsignedFile.Multi.Generic ) - warning 17:34:32.0140 1764 i8042prt - detected UnsignedFile.Multi.Generic (1) 17:34:32.0234 1764 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 17:34:32.0343 1764 idsvc - ok 17:34:32.0375 1764 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 17:34:32.0390 1764 Imapi ( UnsignedFile.Multi.Generic ) - warning 17:34:32.0390 1764 Imapi - detected UnsignedFile.Multi.Generic (1) 17:34:32.0437 1764 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 17:34:32.0453 1764 ImapiService ( UnsignedFile.Multi.Generic ) - warning 17:34:32.0453 1764 ImapiService - detected UnsignedFile.Multi.Generic (1) 17:34:32.0468 1764 ini910u - ok 17:34:32.0718 1764 [ 47F27AF890DA3E51C633FDD510910115 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys 17:34:33.0000 1764 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - warning 17:34:33.0000 1764 IntcAzAudAddService - detected UnsignedFile.Multi.Generic (1) 17:34:33.0015 1764 IntelIde - ok 17:34:33.0062 1764 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 17:34:33.0062 1764 intelppm ( UnsignedFile.Multi.Generic ) - warning 17:34:33.0062 1764 intelppm - detected UnsignedFile.Multi.Generic (1) 17:34:33.0093 1764 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 17:34:33.0093 1764 Ip6Fw ( UnsignedFile.Multi.Generic ) - warning 17:34:33.0093 1764 Ip6Fw - detected UnsignedFile.Multi.Generic (1) 17:34:33.0140 1764 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 17:34:33.0156 1764 IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning 17:34:33.0156 1764 IpFilterDriver - detected UnsignedFile.Multi.Generic (1) 17:34:33.0171 1764 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 17:34:33.0187 1764 IpInIp ( UnsignedFile.Multi.Generic ) - warning 17:34:33.0187 1764 IpInIp - detected UnsignedFile.Multi.Generic (1) 17:34:33.0218 1764 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 17:34:33.0234 1764 IpNat ( UnsignedFile.Multi.Generic ) - warning 17:34:33.0234 1764 IpNat - detected UnsignedFile.Multi.Generic (1) 17:34:33.0265 1764 [ 02682AE021F0FB92F5768B49776B8B5B ] iPod Service C:\Programme\iPod\bin\iPodService.exe 17:34:33.0296 1764 iPod Service - ok 17:34:33.0312 1764 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 17:34:33.0312 1764 IPSec ( UnsignedFile.Multi.Generic ) - warning 17:34:33.0312 1764 IPSec - detected UnsignedFile.Multi.Generic (1) 17:34:33.0343 1764 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 17:34:33.0343 1764 IRENUM ( UnsignedFile.Multi.Generic ) - warning 17:34:33.0343 1764 IRENUM - detected UnsignedFile.Multi.Generic (1) 17:34:33.0375 1764 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 17:34:33.0390 1764 isapnp ( UnsignedFile.Multi.Generic ) - warning 17:34:33.0390 1764 isapnp - detected UnsignedFile.Multi.Generic (1) 17:34:33.0437 1764 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe 17:34:33.0453 1764 JavaQuickStarterService - ok 17:34:33.0484 1764 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 17:34:33.0500 1764 Kbdclass ( UnsignedFile.Multi.Generic ) - warning 17:34:33.0500 1764 Kbdclass - detected UnsignedFile.Multi.Generic (1) 17:34:33.0546 1764 [ CC2A86D7BBF14977340DCA61BBCBA771 ] kbfiltr C:\WINDOWS\system32\DRIVERS\kbfiltr.sys 17:34:33.0562 1764 kbfiltr ( UnsignedFile.Multi.Generic ) - warning 17:34:33.0562 1764 kbfiltr - detected UnsignedFile.Multi.Generic (1) 17:34:33.0578 1764 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 17:34:33.0593 1764 kmixer ( UnsignedFile.Multi.Generic ) - warning 17:34:33.0593 1764 kmixer - detected UnsignedFile.Multi.Generic (1) 17:34:33.0640 1764 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 17:34:33.0656 1764 KSecDD ( UnsignedFile.Multi.Generic ) - warning 17:34:33.0656 1764 KSecDD - detected UnsignedFile.Multi.Generic (1) 17:34:33.0703 1764 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 17:34:33.0718 1764 lanmanserver ( UnsignedFile.Multi.Generic ) - warning 17:34:33.0718 1764 lanmanserver - detected UnsignedFile.Multi.Generic (1) 17:34:33.0734 1764 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 17:34:33.0750 1764 lanmanworkstation ( UnsignedFile.Multi.Generic ) - warning 17:34:33.0750 1764 lanmanworkstation - detected UnsignedFile.Multi.Generic (1) 17:34:33.0750 1764 lbrtfdc - ok 17:34:33.0796 1764 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 17:34:33.0796 1764 LmHosts ( UnsignedFile.Multi.Generic ) - warning 17:34:33.0796 1764 LmHosts - detected UnsignedFile.Multi.Generic (1) 17:34:33.0843 1764 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys 17:34:33.0859 1764 MBAMProtector - ok 17:34:33.0859 1764 MBAMSwissArmy - ok 17:34:33.0890 1764 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 17:34:33.0906 1764 Messenger ( UnsignedFile.Multi.Generic ) - warning 17:34:33.0906 1764 Messenger - detected UnsignedFile.Multi.Generic (1) 17:34:33.0968 1764 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe 17:34:33.0984 1764 Microsoft Office Groove Audit Service - ok 17:34:34.0031 1764 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 17:34:34.0046 1764 mnmdd ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0046 1764 mnmdd - detected UnsignedFile.Multi.Generic (1) 17:34:34.0062 1764 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 17:34:34.0078 1764 mnmsrvc ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0078 1764 mnmsrvc - detected UnsignedFile.Multi.Generic (1) 17:34:34.0109 1764 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 17:34:34.0109 1764 Modem ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0109 1764 Modem - detected UnsignedFile.Multi.Generic (1) 17:34:34.0140 1764 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys 17:34:34.0156 1764 MODEMCSA ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0156 1764 MODEMCSA - detected UnsignedFile.Multi.Generic (1) 17:34:34.0171 1764 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 17:34:34.0187 1764 Mouclass ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0187 1764 Mouclass - detected UnsignedFile.Multi.Generic (1) 17:34:34.0203 1764 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 17:34:34.0203 1764 mouhid ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0203 1764 mouhid - detected UnsignedFile.Multi.Generic (1) 17:34:34.0218 1764 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 17:34:34.0234 1764 MountMgr ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0234 1764 MountMgr - detected UnsignedFile.Multi.Generic (1) 17:34:34.0234 1764 mraid35x - ok 17:34:34.0250 1764 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 17:34:34.0265 1764 MRxDAV ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0265 1764 MRxDAV - detected UnsignedFile.Multi.Generic (1) 17:34:34.0312 1764 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 17:34:34.0328 1764 MRxSmb ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0328 1764 MRxSmb - detected UnsignedFile.Multi.Generic (1) 17:34:34.0359 1764 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe 17:34:34.0359 1764 MSDTC ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0359 1764 MSDTC - detected UnsignedFile.Multi.Generic (1) 17:34:34.0375 1764 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 17:34:34.0390 1764 Msfs ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0390 1764 Msfs - detected UnsignedFile.Multi.Generic (1) 17:34:34.0390 1764 MSIServer - ok 17:34:34.0421 1764 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 17:34:34.0421 1764 MSKSSRV ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0421 1764 MSKSSRV - detected UnsignedFile.Multi.Generic (1) 17:34:34.0453 1764 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 17:34:34.0453 1764 MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0453 1764 MSPCLOCK - detected UnsignedFile.Multi.Generic (1) 17:34:34.0500 1764 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 17:34:34.0500 1764 MSPQM ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0500 1764 MSPQM - detected UnsignedFile.Multi.Generic (1) 17:34:34.0562 1764 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 17:34:34.0562 1764 mssmbios ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0562 1764 mssmbios - detected UnsignedFile.Multi.Generic (1) 17:34:34.0593 1764 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 17:34:34.0593 1764 MSTEE ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0593 1764 MSTEE - detected UnsignedFile.Multi.Generic (1) 17:34:34.0640 1764 [ 1C0F480B7C6136DDB5FB909995AF014A ] MTsensor C:\WINDOWS\system32\DRIVERS\ATKACPI.sys 17:34:34.0640 1764 MTsensor ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0640 1764 MTsensor - detected UnsignedFile.Multi.Generic (1) 17:34:34.0687 1764 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 17:34:34.0687 1764 Mup ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0687 1764 Mup - detected UnsignedFile.Multi.Generic (1) 17:34:34.0750 1764 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 17:34:34.0750 1764 NABTSFEC ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0750 1764 NABTSFEC - detected UnsignedFile.Multi.Generic (1) 17:34:34.0796 1764 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 17:34:34.0812 1764 napagent ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0812 1764 napagent - detected UnsignedFile.Multi.Generic (1) 17:34:34.0859 1764 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 17:34:34.0875 1764 NDIS ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0875 1764 NDIS - detected UnsignedFile.Multi.Generic (1) 17:34:34.0906 1764 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 17:34:34.0906 1764 NdisIP ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0906 1764 NdisIP - detected UnsignedFile.Multi.Generic (1) 17:34:34.0937 1764 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 17:34:34.0953 1764 NdisTapi ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0953 1764 NdisTapi - detected UnsignedFile.Multi.Generic (1) 17:34:34.0968 1764 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 17:34:34.0968 1764 Ndisuio ( UnsignedFile.Multi.Generic ) - warning 17:34:34.0968 1764 Ndisuio - detected UnsignedFile.Multi.Generic (1) 17:34:34.0984 1764 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 17:34:35.0000 1764 NdisWan ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0000 1764 NdisWan - detected UnsignedFile.Multi.Generic (1) 17:34:35.0031 1764 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 17:34:35.0031 1764 NDProxy ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0031 1764 NDProxy - detected UnsignedFile.Multi.Generic (1) 17:34:35.0046 1764 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 17:34:35.0046 1764 NetBIOS ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0046 1764 NetBIOS - detected UnsignedFile.Multi.Generic (1) 17:34:35.0078 1764 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 17:34:35.0093 1764 NetBT ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0093 1764 NetBT - detected UnsignedFile.Multi.Generic (1) 17:34:35.0140 1764 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 17:34:35.0156 1764 NetDDE ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0156 1764 NetDDE - detected UnsignedFile.Multi.Generic (1) 17:34:35.0156 1764 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 17:34:35.0171 1764 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0171 1764 NetDDEdsdm - detected UnsignedFile.Multi.Generic (1) 17:34:35.0218 1764 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 17:34:35.0218 1764 Netlogon ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0218 1764 Netlogon - detected UnsignedFile.Multi.Generic (1) 17:34:35.0265 1764 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 17:34:35.0281 1764 Netman ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0281 1764 Netman - detected UnsignedFile.Multi.Generic (1) 17:34:35.0296 1764 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:34:35.0312 1764 NetTcpPortSharing - ok 17:34:35.0359 1764 [ ACD8BD448A74F344D46FCAF21BAB92AF ] Nla C:\WINDOWS\System32\mswsock.dll 17:34:35.0375 1764 Nla ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0375 1764 Nla - detected UnsignedFile.Multi.Generic (1) 17:34:35.0375 1764 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 17:34:35.0390 1764 Npfs ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0390 1764 Npfs - detected UnsignedFile.Multi.Generic (1) 17:34:35.0421 1764 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 17:34:35.0453 1764 Ntfs ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0453 1764 Ntfs - detected UnsignedFile.Multi.Generic (1) 17:34:35.0468 1764 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 17:34:35.0468 1764 NtLmSsp ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0468 1764 NtLmSsp - detected UnsignedFile.Multi.Generic (1) 17:34:35.0531 1764 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 17:34:35.0578 1764 NtmsSvc ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0578 1764 NtmsSvc - detected UnsignedFile.Multi.Generic (1) 17:34:35.0609 1764 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 17:34:35.0609 1764 Null ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0609 1764 Null - detected UnsignedFile.Multi.Generic (1) 17:34:35.0656 1764 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 17:34:35.0656 1764 NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0656 1764 NwlnkFlt - detected UnsignedFile.Multi.Generic (1) 17:34:35.0671 1764 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 17:34:35.0687 1764 NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0687 1764 NwlnkFwd - detected UnsignedFile.Multi.Generic (1) 17:34:35.0796 1764 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE 17:34:35.0828 1764 odserv - ok 17:34:35.0843 1764 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 17:34:35.0875 1764 ose - ok 17:34:35.0890 1764 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 17:34:35.0906 1764 Parport ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0906 1764 Parport - detected UnsignedFile.Multi.Generic (1) 17:34:35.0921 1764 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 17:34:35.0921 1764 PartMgr ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0921 1764 PartMgr - detected UnsignedFile.Multi.Generic (1) 17:34:35.0953 1764 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 17:34:35.0968 1764 ParVdm ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0968 1764 ParVdm - detected UnsignedFile.Multi.Generic (1) 17:34:35.0968 1764 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 17:34:35.0984 1764 PCI ( UnsignedFile.Multi.Generic ) - warning 17:34:35.0984 1764 PCI - detected UnsignedFile.Multi.Generic (1) 17:34:36.0000 1764 PCIDump - ok 17:34:36.0015 1764 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 17:34:36.0015 1764 PCIIde ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0015 1764 PCIIde - detected UnsignedFile.Multi.Generic (1) 17:34:36.0046 1764 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 17:34:36.0062 1764 Pcmcia ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0062 1764 Pcmcia - detected UnsignedFile.Multi.Generic (1) 17:34:36.0062 1764 PDCOMP - ok 17:34:36.0078 1764 PDFRAME - ok 17:34:36.0078 1764 PDRELI - ok 17:34:36.0093 1764 PDRFRAME - ok 17:34:36.0109 1764 perc2 - ok 17:34:36.0109 1764 perc2hib - ok 17:34:36.0156 1764 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 17:34:36.0171 1764 PlugPlay ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0171 1764 PlugPlay - detected UnsignedFile.Multi.Generic (1) 17:34:36.0187 1764 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 17:34:36.0203 1764 PolicyAgent ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0203 1764 PolicyAgent - detected UnsignedFile.Multi.Generic (1) 17:34:36.0203 1764 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 17:34:36.0218 1764 PptpMiniport ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0218 1764 PptpMiniport - detected UnsignedFile.Multi.Generic (1) 17:34:36.0234 1764 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 17:34:36.0234 1764 ProtectedStorage ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0234 1764 ProtectedStorage - detected UnsignedFile.Multi.Generic (1) 17:34:36.0250 1764 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 17:34:36.0250 1764 PSched ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0250 1764 PSched - detected UnsignedFile.Multi.Generic (1) 17:34:36.0265 1764 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 17:34:36.0265 1764 Ptilink ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0265 1764 Ptilink - detected UnsignedFile.Multi.Generic (1) 17:34:36.0281 1764 ql1080 - ok 17:34:36.0296 1764 Ql10wnt - ok 17:34:36.0296 1764 ql12160 - ok 17:34:36.0312 1764 ql1240 - ok 17:34:36.0312 1764 ql1280 - ok 17:34:36.0343 1764 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 17:34:36.0359 1764 RasAcd ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0359 1764 RasAcd - detected UnsignedFile.Multi.Generic (1) 17:34:36.0390 1764 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 17:34:36.0406 1764 RasAuto ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0406 1764 RasAuto - detected UnsignedFile.Multi.Generic (1) 17:34:36.0437 1764 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 17:34:36.0453 1764 Rasl2tp ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0453 1764 Rasl2tp - detected UnsignedFile.Multi.Generic (1) 17:34:36.0500 1764 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 17:34:36.0515 1764 RasMan ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0515 1764 RasMan - detected UnsignedFile.Multi.Generic (1) 17:34:36.0531 1764 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 17:34:36.0531 1764 RasPppoe ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0531 1764 RasPppoe - detected UnsignedFile.Multi.Generic (1) 17:34:36.0546 1764 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 17:34:36.0546 1764 Raspti ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0562 1764 Raspti - detected UnsignedFile.Multi.Generic (1) 17:34:36.0593 1764 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 17:34:36.0593 1764 Rdbss ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0593 1764 Rdbss - detected UnsignedFile.Multi.Generic (1) 17:34:36.0609 1764 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 17:34:36.0625 1764 RDPCDD ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0625 1764 RDPCDD - detected UnsignedFile.Multi.Generic (1) 17:34:36.0671 1764 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 17:34:36.0671 1764 RDPWD ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0671 1764 RDPWD - detected UnsignedFile.Multi.Generic (1) 17:34:36.0718 1764 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 17:34:36.0734 1764 RDSessMgr ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0734 1764 RDSessMgr - detected UnsignedFile.Multi.Generic (1) 17:34:36.0750 1764 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 17:34:36.0765 1764 redbook ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0765 1764 redbook - detected UnsignedFile.Multi.Generic (1) 17:34:36.0812 1764 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 17:34:36.0828 1764 RemoteAccess ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0828 1764 RemoteAccess - detected UnsignedFile.Multi.Generic (1) 17:34:36.0828 1764 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe 17:34:36.0843 1764 RpcLocator ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0843 1764 RpcLocator - detected UnsignedFile.Multi.Generic (1) 17:34:36.0859 1764 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 17:34:36.0890 1764 RpcSs ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0890 1764 RpcSs - detected UnsignedFile.Multi.Generic (1) 17:34:36.0921 1764 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 17:34:36.0937 1764 RSVP ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0937 1764 RSVP - detected UnsignedFile.Multi.Generic (1) 17:34:36.0968 1764 [ DAAF657C0B5BD0595669496857040F75 ] RTSTOR C:\WINDOWS\system32\drivers\RTSTOR.SYS 17:34:36.0968 1764 RTSTOR ( UnsignedFile.Multi.Generic ) - warning 17:34:36.0968 1764 RTSTOR - detected UnsignedFile.Multi.Generic (1) 17:34:37.0000 1764 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 17:34:37.0015 1764 SamSs ( UnsignedFile.Multi.Generic ) - warning 17:34:37.0015 1764 SamSs - detected UnsignedFile.Multi.Generic (1) 17:34:37.0015 1764 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 17:34:37.0031 1764 SCardSvr ( UnsignedFile.Multi.Generic ) - warning 17:34:37.0031 1764 SCardSvr - detected UnsignedFile.Multi.Generic (1) 17:34:37.0078 1764 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 17:34:37.0093 1764 Schedule ( UnsignedFile.Multi.Generic ) - warning 17:34:37.0093 1764 Schedule - detected UnsignedFile.Multi.Generic (1) 17:34:37.0125 1764 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 17:34:37.0140 1764 Secdrv ( UnsignedFile.Multi.Generic ) - warning 17:34:37.0140 1764 Secdrv - detected UnsignedFile.Multi.Generic (1) 17:34:37.0156 1764 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 17:34:37.0171 1764 seclogon ( UnsignedFile.Multi.Generic ) - warning 17:34:37.0171 1764 seclogon - detected UnsignedFile.Multi.Generic (1) 17:34:37.0171 1764 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 17:34:37.0187 1764 SENS ( UnsignedFile.Multi.Generic ) - warning 17:34:37.0187 1764 SENS - detected UnsignedFile.Multi.Generic (1) 17:34:37.0218 1764 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys 17:34:37.0234 1764 Serial ( UnsignedFile.Multi.Generic ) - warning 17:34:37.0234 1764 Serial - detected UnsignedFile.Multi.Generic (1) 17:34:37.0250 1764 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 17:34:37.0265 1764 Sfloppy ( UnsignedFile.Multi.Generic ) - warning 17:34:37.0265 1764 Sfloppy - detected UnsignedFile.Multi.Generic (1) 17:34:37.0328 1764 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 17:34:37.0343 1764 SharedAccess ( UnsignedFile.Multi.Generic ) - warning 17:34:37.0343 1764 SharedAccess - detected UnsignedFile.Multi.Generic (1) 17:34:37.0390 1764 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 17:34:37.0406 1764 ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning 17:34:37.0406 1764 ShellHWDetection - detected UnsignedFile.Multi.Generic (1) 17:34:37.0406 1764 Simbad - ok 17:34:37.0671 1764 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe 17:34:37.0921 1764 Skype C2C Service - ok 17:34:37.0968 1764 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe 17:34:38.0000 1764 SkypeUpdate - ok 17:34:38.0015 1764 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 17:34:38.0031 1764 SLIP ( UnsignedFile.Multi.Generic ) - warning 17:34:38.0031 1764 SLIP - detected UnsignedFile.Multi.Generic (1) 17:34:38.0046 1764 smserial - ok 17:34:38.0062 1764 Sparrow - ok 17:34:38.0093 1764 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 17:34:38.0109 1764 splitter ( UnsignedFile.Multi.Generic ) - warning 17:34:38.0109 1764 splitter - detected UnsignedFile.Multi.Generic (1) 17:34:38.0156 1764 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 17:34:38.0171 1764 Spooler ( UnsignedFile.Multi.Generic ) - warning 17:34:38.0171 1764 Spooler - detected UnsignedFile.Multi.Generic (1) 17:34:38.0187 1764 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 17:34:38.0203 1764 sr ( UnsignedFile.Multi.Generic ) - warning 17:34:38.0203 1764 sr - detected UnsignedFile.Multi.Generic (1) 17:34:38.0250 1764 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 17:34:38.0265 1764 srservice ( UnsignedFile.Multi.Generic ) - warning 17:34:38.0265 1764 srservice - detected UnsignedFile.Multi.Generic (1) 17:34:38.0312 1764 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 17:34:38.0343 1764 Srv ( UnsignedFile.Multi.Generic ) - warning 17:34:38.0343 1764 Srv - detected UnsignedFile.Multi.Generic (1) 17:34:38.0390 1764 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 17:34:38.0406 1764 SSDPSRV ( UnsignedFile.Multi.Generic ) - warning 17:34:38.0406 1764 SSDPSRV - detected UnsignedFile.Multi.Generic (1) 17:34:38.0437 1764 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 17:34:38.0468 1764 ssmdrv - ok 17:34:38.0531 1764 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 17:34:38.0562 1764 stisvc ( UnsignedFile.Multi.Generic ) - warning 17:34:38.0562 1764 stisvc - detected UnsignedFile.Multi.Generic (1) 17:34:38.0671 1764 [ 409F7268DD0D820110ADCC78A8E9CE71 ] StkCMini C:\WINDOWS\system32\Drivers\StkCMini.sys 17:34:38.0781 1764 StkCMini ( UnsignedFile.Multi.Generic ) - warning 17:34:38.0781 1764 StkCMini - detected UnsignedFile.Multi.Generic (1) 17:34:38.0796 1764 [ 7B072F348B63098C94CCCBBD3516A558 ] StkSSrv C:\WINDOWS\System32\StkCSrv.exe 17:34:38.0828 1764 StkSSrv ( UnsignedFile.Multi.Generic ) - warning 17:34:38.0828 1764 StkSSrv - detected UnsignedFile.Multi.Generic (1) 17:34:38.0859 1764 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 17:34:38.0875 1764 streamip ( UnsignedFile.Multi.Generic ) - warning 17:34:38.0875 1764 streamip - detected UnsignedFile.Multi.Generic (1) 17:34:38.0890 1764 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 17:34:38.0906 1764 swenum ( UnsignedFile.Multi.Generic ) - warning 17:34:38.0906 1764 swenum - detected UnsignedFile.Multi.Generic (1) 17:34:38.0921 1764 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 17:34:38.0937 1764 swmidi ( UnsignedFile.Multi.Generic ) - warning 17:34:38.0937 1764 swmidi - detected UnsignedFile.Multi.Generic (1) 17:34:38.0937 1764 SwPrv - ok 17:34:38.0953 1764 symc810 - ok 17:34:38.0968 1764 symc8xx - ok 17:34:38.0984 1764 sym_hi - ok 17:34:39.0000 1764 sym_u3 - ok 17:34:39.0046 1764 [ 69BF2DD9B1099D1AA3E7CF14B4B842CD ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys 17:34:39.0062 1764 SynTP ( UnsignedFile.Multi.Generic ) - warning 17:34:39.0062 1764 SynTP - detected UnsignedFile.Multi.Generic (1) 17:34:39.0093 1764 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 17:34:39.0109 1764 sysaudio ( UnsignedFile.Multi.Generic ) - warning 17:34:39.0109 1764 sysaudio - detected UnsignedFile.Multi.Generic (1) 17:34:39.0140 1764 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 17:34:39.0171 1764 SysmonLog ( UnsignedFile.Multi.Generic ) - warning 17:34:39.0171 1764 SysmonLog - detected UnsignedFile.Multi.Generic (1) 17:34:39.0218 1764 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 17:34:39.0250 1764 TapiSrv ( UnsignedFile.Multi.Generic ) - warning 17:34:39.0250 1764 TapiSrv - detected UnsignedFile.Multi.Generic (1) 17:34:39.0296 1764 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 17:34:39.0328 1764 Tcpip ( UnsignedFile.Multi.Generic ) - warning 17:34:39.0328 1764 Tcpip - detected UnsignedFile.Multi.Generic (1) 17:34:39.0359 1764 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 17:34:39.0359 1764 TDPIPE ( UnsignedFile.Multi.Generic ) - warning 17:34:39.0359 1764 TDPIPE - detected UnsignedFile.Multi.Generic (1) 17:34:39.0390 1764 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 17:34:39.0406 1764 TDTCP ( UnsignedFile.Multi.Generic ) - warning 17:34:39.0406 1764 TDTCP - detected UnsignedFile.Multi.Generic (1) 17:34:39.0421 1764 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 17:34:39.0437 1764 TermDD ( UnsignedFile.Multi.Generic ) - warning 17:34:39.0437 1764 TermDD - detected UnsignedFile.Multi.Generic (1) 17:34:39.0484 1764 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 17:34:39.0500 1764 TermService ( UnsignedFile.Multi.Generic ) - warning 17:34:39.0500 1764 TermService - detected UnsignedFile.Multi.Generic (1) 17:34:39.0531 1764 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 17:34:39.0546 1764 Themes ( UnsignedFile.Multi.Generic ) - warning 17:34:39.0546 1764 Themes - detected UnsignedFile.Multi.Generic (1) 17:34:39.0562 1764 TosIde - ok 17:34:39.0609 1764 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 17:34:39.0625 1764 TrkWks ( UnsignedFile.Multi.Generic ) - warning 17:34:39.0625 1764 TrkWks - detected UnsignedFile.Multi.Generic (1) 17:34:39.0656 1764 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 17:34:39.0671 1764 Udfs ( UnsignedFile.Multi.Generic ) - warning 17:34:39.0671 1764 Udfs - detected UnsignedFile.Multi.Generic (1) 17:34:39.0687 1764 ultra - ok 17:34:39.0734 1764 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 17:34:39.0765 1764 Update ( UnsignedFile.Multi.Generic ) - warning 17:34:39.0765 1764 Update - detected UnsignedFile.Multi.Generic (1) 17:34:39.0796 1764 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 17:34:39.0828 1764 upnphost ( UnsignedFile.Multi.Generic ) - warning 17:34:39.0828 1764 upnphost - detected UnsignedFile.Multi.Generic (1) 17:34:39.0859 1764 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 17:34:39.0875 1764 UPS ( UnsignedFile.Multi.Generic ) - warning 17:34:39.0875 1764 UPS - detected UnsignedFile.Multi.Generic (1) 17:34:39.0921 1764 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys 17:34:39.0937 1764 USBAAPL ( UnsignedFile.Multi.Generic ) - warning 17:34:39.0937 1764 USBAAPL - detected UnsignedFile.Multi.Generic (1) 17:34:39.0968 1764 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 17:34:39.0984 1764 usbccgp ( UnsignedFile.Multi.Generic ) - warning 17:34:39.0984 1764 usbccgp - detected UnsignedFile.Multi.Generic (1) 17:34:40.0000 1764 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 17:34:40.0015 1764 usbehci ( UnsignedFile.Multi.Generic ) - warning 17:34:40.0015 1764 usbehci - detected UnsignedFile.Multi.Generic (1) 17:34:40.0046 1764 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 17:34:40.0046 1764 usbhub ( UnsignedFile.Multi.Generic ) - warning 17:34:40.0046 1764 usbhub - detected UnsignedFile.Multi.Generic (1) 17:34:40.0078 1764 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys 17:34:40.0093 1764 usbohci ( UnsignedFile.Multi.Generic ) - warning 17:34:40.0093 1764 usbohci - detected UnsignedFile.Multi.Generic (1) 17:34:40.0109 1764 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 17:34:40.0125 1764 usbprint ( UnsignedFile.Multi.Generic ) - warning 17:34:40.0125 1764 usbprint - detected UnsignedFile.Multi.Generic (1) 17:34:40.0140 1764 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 17:34:40.0140 1764 usbscan ( UnsignedFile.Multi.Generic ) - warning 17:34:40.0140 1764 usbscan - detected UnsignedFile.Multi.Generic (1) 17:34:40.0187 1764 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 17:34:40.0203 1764 usbstor ( UnsignedFile.Multi.Generic ) - warning 17:34:40.0203 1764 usbstor - detected UnsignedFile.Multi.Generic (1) 17:34:40.0218 1764 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 17:34:40.0234 1764 VgaSave ( UnsignedFile.Multi.Generic ) - warning 17:34:40.0234 1764 VgaSave - detected UnsignedFile.Multi.Generic (1) 17:34:40.0234 1764 ViaIde - ok 17:34:40.0281 1764 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 17:34:40.0281 1764 VolSnap ( UnsignedFile.Multi.Generic ) - warning 17:34:40.0281 1764 VolSnap - detected UnsignedFile.Multi.Generic (1) 17:34:40.0312 1764 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 17:34:40.0328 1764 VSS ( UnsignedFile.Multi.Generic ) - warning 17:34:40.0328 1764 VSS - detected UnsignedFile.Multi.Generic (1) 17:34:40.0359 1764 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll 17:34:40.0375 1764 W32Time ( UnsignedFile.Multi.Generic ) - warning 17:34:40.0375 1764 W32Time - detected UnsignedFile.Multi.Generic (1) 17:34:40.0406 1764 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 17:34:40.0406 1764 Wanarp ( UnsignedFile.Multi.Generic ) - warning 17:34:40.0406 1764 Wanarp - detected UnsignedFile.Multi.Generic (1) 17:34:40.0421 1764 WDICA - ok 17:34:40.0468 1764 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 17:34:40.0468 1764 wdmaud ( UnsignedFile.Multi.Generic ) - warning 17:34:40.0468 1764 wdmaud - detected UnsignedFile.Multi.Generic (1) 17:34:40.0531 1764 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 17:34:40.0531 1764 WebClient ( UnsignedFile.Multi.Generic ) - warning 17:34:40.0531 1764 WebClient - detected UnsignedFile.Multi.Generic (1) 17:34:40.0625 1764 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 17:34:40.0640 1764 winmgmt ( UnsignedFile.Multi.Generic ) - warning 17:34:40.0640 1764 winmgmt - detected UnsignedFile.Multi.Generic (1) 17:34:40.0687 1764 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 17:34:40.0703 1764 WmdmPmSN ( UnsignedFile.Multi.Generic ) - warning 17:34:40.0703 1764 WmdmPmSN - detected UnsignedFile.Multi.Generic (1) 17:34:40.0750 1764 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 17:34:40.0750 1764 WmiApSrv ( UnsignedFile.Multi.Generic ) - warning 17:34:40.0750 1764 WmiApSrv - detected UnsignedFile.Multi.Generic (1) 17:34:40.0859 1764 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe 17:34:40.0968 1764 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning 17:34:40.0968 1764 WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1) 17:34:41.0000 1764 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 17:34:41.0015 1764 wscsvc ( UnsignedFile.Multi.Generic ) - warning 17:34:41.0015 1764 wscsvc - detected UnsignedFile.Multi.Generic (1) 17:34:41.0062 1764 [ 2EA107F535B0B7BFB1D8D6BD79325DBB ] WSIMD C:\WINDOWS\system32\DRIVERS\wsimd.sys 17:34:41.0062 1764 WSIMD ( UnsignedFile.Multi.Generic ) - warning 17:34:41.0062 1764 WSIMD - detected UnsignedFile.Multi.Generic (1) 17:34:41.0093 1764 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 17:34:41.0093 1764 WSTCODEC ( UnsignedFile.Multi.Generic ) - warning 17:34:41.0093 1764 WSTCODEC - detected UnsignedFile.Multi.Generic (1) 17:34:41.0109 1764 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 17:34:41.0109 1764 wuauserv ( UnsignedFile.Multi.Generic ) - warning 17:34:41.0109 1764 wuauserv - detected UnsignedFile.Multi.Generic (1) 17:34:41.0156 1764 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 17:34:41.0171 1764 WudfPf ( UnsignedFile.Multi.Generic ) - warning 17:34:41.0171 1764 WudfPf - detected UnsignedFile.Multi.Generic (1) 17:34:41.0187 1764 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 17:34:41.0187 1764 WudfRd ( UnsignedFile.Multi.Generic ) - warning 17:34:41.0187 1764 WudfRd - detected UnsignedFile.Multi.Generic (1) 17:34:41.0203 1764 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 17:34:41.0218 1764 WudfSvc ( UnsignedFile.Multi.Generic ) - warning 17:34:41.0218 1764 WudfSvc - detected UnsignedFile.Multi.Generic (1) 17:34:41.0265 1764 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 17:34:41.0296 1764 WZCSVC ( UnsignedFile.Multi.Generic ) - warning 17:34:41.0296 1764 WZCSVC - detected UnsignedFile.Multi.Generic (1) 17:34:41.0328 1764 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 17:34:41.0343 1764 xmlprov ( UnsignedFile.Multi.Generic ) - warning 17:34:41.0343 1764 xmlprov - detected UnsignedFile.Multi.Generic (1) 17:34:41.0359 1764 ================ Scan global =============================== 17:34:41.0390 1764 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 17:34:41.0421 1764 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll 17:34:41.0453 1764 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll 17:34:41.0484 1764 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 17:34:41.0484 1764 [Global] - ok 17:34:41.0484 1764 ================ Scan MBR ================================== 17:34:41.0515 1764 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 17:34:41.0828 1764 \Device\Harddisk0\DR0 - ok 17:34:41.0828 1764 ================ Scan VBR ================================== 17:34:41.0828 1764 [ E9628C05CD689796F50F81329F7F04FE ] \Device\Harddisk0\DR0\Partition1 17:34:41.0828 1764 \Device\Harddisk0\DR0\Partition1 - ok 17:34:41.0828 1764 [ 91E91931C597D6DBBC80B65CCC81B347 ] \Device\Harddisk0\DR0\Partition2 17:34:41.0843 1764 \Device\Harddisk0\DR0\Partition2 - ok 17:34:41.0859 1764 ============================================================ 17:34:41.0859 1764 Scan finished 17:34:41.0859 1764 ============================================================ 17:34:41.0968 1012 Detected object count: 213 17:34:41.0984 1012 Actual detected object count: 213 17:37:12.0484 1012 ACPI ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0484 1012 ACPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0484 1012 ACPIEC ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0484 1012 ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0484 1012 ACS ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0484 1012 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0500 1012 aec ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0500 1012 aec ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0500 1012 AFD ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0500 1012 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0500 1012 Alerter ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0500 1012 Alerter ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0515 1012 ALG ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0515 1012 ALG ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0515 1012 AR5211 ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0515 1012 AR5211 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0515 1012 AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0515 1012 AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0515 1012 atapi ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0515 1012 atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0515 1012 AtcL002 ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0515 1012 AtcL002 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0531 1012 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0531 1012 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0531 1012 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0531 1012 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0531 1012 Atmarpc ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0531 1012 Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0531 1012 AudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0531 1012 AudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0546 1012 audstub ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0546 1012 audstub ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0546 1012 Beep ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0546 1012 Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0546 1012 BITS ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0546 1012 BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0546 1012 Browser ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0546 1012 Browser ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0562 1012 cbidf2k ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0562 1012 cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0562 1012 CCDECODE ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0562 1012 CCDECODE ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0562 1012 Cdaudio ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0562 1012 Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0562 1012 Cdfs ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0562 1012 Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0578 1012 Cdrom ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0578 1012 Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0578 1012 CiSvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0578 1012 CiSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0578 1012 ClipSrv ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0578 1012 ClipSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0578 1012 CmBatt ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0578 1012 CmBatt ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0593 1012 Compbatt ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0593 1012 Compbatt ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0593 1012 CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0593 1012 CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0593 1012 DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0593 1012 DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0593 1012 Dhcp ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0593 1012 Dhcp ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0609 1012 Disk ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0609 1012 Disk ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0609 1012 dmboot ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0609 1012 dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0609 1012 dmio ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0609 1012 dmio ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0609 1012 dmload ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0609 1012 dmload ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0625 1012 dmserver ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0625 1012 dmserver ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0625 1012 DMusic ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0625 1012 DMusic ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0625 1012 Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0625 1012 Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0625 1012 Dot3svc ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0625 1012 Dot3svc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0625 1012 drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0625 1012 drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0640 1012 EapHost ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0640 1012 EapHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0640 1012 ERSvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0640 1012 ERSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0640 1012 Eventlog ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0640 1012 Eventlog ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0640 1012 EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0640 1012 EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0656 1012 Fastfat ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0656 1012 Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0656 1012 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0656 1012 FastUserSwitchingCompatibility ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0656 1012 Fdc ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0656 1012 Fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0656 1012 Fips ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0656 1012 Fips ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0656 1012 Flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0671 1012 Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0671 1012 FltMgr ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0671 1012 FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0671 1012 Fs_Rec ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0671 1012 Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0671 1012 Ftdisk ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0671 1012 Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0671 1012 Gpc ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0671 1012 Gpc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0687 1012 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0687 1012 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0687 1012 helpsvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0687 1012 helpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0687 1012 hidusb ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0687 1012 hidusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0687 1012 hkmsvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0687 1012 hkmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0703 1012 HTTP ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0703 1012 HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0703 1012 HTTPFilter ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0703 1012 HTTPFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0703 1012 i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0703 1012 i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0703 1012 Imapi ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0703 1012 Imapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0703 1012 ImapiService ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0703 1012 ImapiService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0718 1012 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0718 1012 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0718 1012 intelppm ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0718 1012 intelppm ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0718 1012 Ip6Fw ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0718 1012 Ip6Fw ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0718 1012 IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0718 1012 IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0718 1012 IpInIp ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0718 1012 IpInIp ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0734 1012 IpNat ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0734 1012 IpNat ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0734 1012 IPSec ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0734 1012 IPSec ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0734 1012 IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0734 1012 IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0734 1012 isapnp ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0734 1012 isapnp ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0750 1012 Kbdclass ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0750 1012 Kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0750 1012 kbfiltr ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0750 1012 kbfiltr ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0750 1012 kmixer ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0750 1012 kmixer ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0750 1012 KSecDD ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0750 1012 KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0750 1012 lanmanserver ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0750 1012 lanmanserver ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0765 1012 lanmanworkstation ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0765 1012 lanmanworkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0765 1012 LmHosts ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0765 1012 LmHosts ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0765 1012 Messenger ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0765 1012 Messenger ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0765 1012 mnmdd ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0765 1012 mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0781 1012 mnmsrvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0781 1012 mnmsrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0781 1012 Modem ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0781 1012 Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0781 1012 MODEMCSA ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0781 1012 MODEMCSA ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0781 1012 Mouclass ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0781 1012 Mouclass ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0781 1012 mouhid ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0781 1012 mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0796 1012 MountMgr ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0796 1012 MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0796 1012 MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0796 1012 MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0796 1012 MRxSmb ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0796 1012 MRxSmb ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0796 1012 MSDTC ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0796 1012 MSDTC ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0812 1012 Msfs ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0812 1012 Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0812 1012 MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0812 1012 MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0812 1012 MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0812 1012 MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0812 1012 MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0812 1012 MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0812 1012 mssmbios ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0812 1012 mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0828 1012 MSTEE ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0828 1012 MSTEE ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0828 1012 MTsensor ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0828 1012 MTsensor ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0828 1012 Mup ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0828 1012 Mup ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0828 1012 NABTSFEC ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0828 1012 NABTSFEC ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0828 1012 napagent ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0828 1012 napagent ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0843 1012 NDIS ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0843 1012 NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0843 1012 NdisIP ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0843 1012 NdisIP ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0843 1012 NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0843 1012 NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0843 1012 Ndisuio ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0843 1012 Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0859 1012 NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0859 1012 NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0859 1012 NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0859 1012 NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0859 1012 NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0859 1012 NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0859 1012 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0859 1012 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0859 1012 NetDDE ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0859 1012 NetDDE ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0875 1012 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0875 1012 NetDDEdsdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0875 1012 Netlogon ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0875 1012 Netlogon ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0875 1012 Netman ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0875 1012 Netman ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0875 1012 Nla ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0875 1012 Nla ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0890 1012 Npfs ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0890 1012 Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0890 1012 Ntfs ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0890 1012 Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0890 1012 NtLmSsp ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0890 1012 NtLmSsp ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0890 1012 NtmsSvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0890 1012 NtmsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0890 1012 Null ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0890 1012 Null ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0906 1012 NwlnkFlt ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0906 1012 NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0906 1012 NwlnkFwd ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0906 1012 NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0906 1012 Parport ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0906 1012 Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0906 1012 PartMgr ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0906 1012 PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0906 1012 ParVdm ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0921 1012 ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0921 1012 PCI ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0921 1012 PCI ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0921 1012 PCIIde ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0921 1012 PCIIde ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0921 1012 Pcmcia ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0921 1012 Pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0921 1012 PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0921 1012 PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0937 1012 PolicyAgent ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0937 1012 PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0937 1012 PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0937 1012 PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0937 1012 ProtectedStorage ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0937 1012 ProtectedStorage ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0937 1012 PSched ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0937 1012 PSched ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0953 1012 Ptilink ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0953 1012 Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0953 1012 RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0953 1012 RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0953 1012 RasAuto ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0953 1012 RasAuto ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0953 1012 Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0953 1012 Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0953 1012 RasMan ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0953 1012 RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0968 1012 RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0968 1012 RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0968 1012 Raspti ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0968 1012 Raspti ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0968 1012 Rdbss ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0968 1012 Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0968 1012 RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0968 1012 RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0984 1012 RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0984 1012 RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0984 1012 RDSessMgr ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0984 1012 RDSessMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0984 1012 redbook ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0984 1012 redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0984 1012 RemoteAccess ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0984 1012 RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0984 1012 RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0984 1012 RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:12.0984 1012 RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:12.0984 1012 RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0000 1012 RSVP ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0000 1012 RSVP ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0000 1012 RTSTOR ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0000 1012 RTSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0000 1012 SamSs ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0000 1012 SamSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0000 1012 SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0000 1012 SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0015 1012 Schedule ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0015 1012 Schedule ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0015 1012 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0015 1012 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0015 1012 seclogon ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0015 1012 seclogon ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0015 1012 SENS ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0015 1012 SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0015 1012 Serial ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0015 1012 Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0031 1012 Sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0031 1012 Sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0031 1012 SharedAccess ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0031 1012 SharedAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0031 1012 ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0031 1012 ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0031 1012 SLIP ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0031 1012 SLIP ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0046 1012 splitter ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0046 1012 splitter ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0046 1012 Spooler ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0046 1012 Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0046 1012 sr ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0046 1012 sr ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0046 1012 srservice ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0046 1012 srservice ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0062 1012 Srv ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0062 1012 Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0062 1012 SSDPSRV ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0062 1012 SSDPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0062 1012 stisvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0062 1012 stisvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0062 1012 StkCMini ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0062 1012 StkCMini ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0062 1012 StkSSrv ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0062 1012 StkSSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0078 1012 streamip ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0078 1012 streamip ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0078 1012 swenum ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0078 1012 swenum ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0078 1012 swmidi ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0078 1012 swmidi ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0078 1012 SynTP ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0078 1012 SynTP ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0078 1012 sysaudio ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0093 1012 sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0093 1012 SysmonLog ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0093 1012 SysmonLog ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0093 1012 TapiSrv ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0093 1012 TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0093 1012 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0093 1012 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0093 1012 TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0093 1012 TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0109 1012 TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0109 1012 TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0109 1012 TermDD ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0109 1012 TermDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0109 1012 TermService ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0109 1012 TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0109 1012 Themes ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0109 1012 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0109 1012 TrkWks ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0109 1012 TrkWks ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0125 1012 Udfs ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0125 1012 Udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0125 1012 Update ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0125 1012 Update ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0125 1012 upnphost ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0125 1012 upnphost ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0125 1012 UPS ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0125 1012 UPS ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0140 1012 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0140 1012 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0140 1012 usbccgp ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0140 1012 usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0140 1012 usbehci ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0140 1012 usbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0140 1012 usbhub ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0140 1012 usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0140 1012 usbohci ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0140 1012 usbohci ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0156 1012 usbprint ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0156 1012 usbprint ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0156 1012 usbscan ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0156 1012 usbscan ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0156 1012 usbstor ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0156 1012 usbstor ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0156 1012 VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0156 1012 VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0171 1012 VolSnap ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0171 1012 VolSnap ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0171 1012 VSS ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0171 1012 VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0171 1012 W32Time ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0171 1012 W32Time ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0171 1012 Wanarp ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0171 1012 Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0171 1012 wdmaud ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0171 1012 wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0187 1012 WebClient ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0187 1012 WebClient ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0187 1012 winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0187 1012 winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0187 1012 WmdmPmSN ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0187 1012 WmdmPmSN ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0187 1012 WmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0187 1012 WmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0203 1012 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0203 1012 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0203 1012 wscsvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0203 1012 wscsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0203 1012 WSIMD ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0203 1012 WSIMD ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0203 1012 WSTCODEC ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0203 1012 WSTCODEC ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0203 1012 wuauserv ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0203 1012 wuauserv ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0218 1012 WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0218 1012 WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0218 1012 WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0218 1012 WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0218 1012 WudfSvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0218 1012 WudfSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0218 1012 WZCSVC ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0218 1012 WZCSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:13.0234 1012 xmlprov ( UnsignedFile.Multi.Generic ) - skipped by user 17:37:13.0234 1012 xmlprov ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:37:28.0828 2064 Deinitialize success |
![]() | #8 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU-Trojaner! Benötige dringend Hilfe! Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
![]() | #9 |
| ![]() GVU-Trojaner! Benötige dringend Hilfe! Combofix Logfile: Code:
ATTFilter ComboFix 13-05-15.01 - GunnarW 15.05.2013 17:55:15.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1919.1332 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\GunnarW\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\dokumente und einstellungen\All Users\Anwendungsdaten\epyks.pad c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP c:\dokumente und einstellungen\GunnarW\5526142.dll c:\dokumente und einstellungen\GunnarW\WINDOWS c:\dokumente und einstellungen\GunnarW\WINDOWS\win.ini C:\Thumbs.db . . ((((((((((((((((((((((( Dateien erstellt von 2013-04-15 bis 2013-05-15 )))))))))))))))))))))))))))))) . . 2013-05-15 15:07 . 2013-05-15 15:22 -------- d-----w- C:\_OTL 2013-04-25 20:06 . 2008-04-14 02:22 26624 ----a-w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2013-04-25 20:05 . 2013-04-25 20:05 -------- d-----w- c:\programme\Windows Media Connect 2 2013-04-25 20:03 . 2013-04-25 20:04 -------- d-----w- c:\windows\system32\drivers\UMDF 2013-04-25 20:03 . 2013-04-25 20:03 -------- d-----w- c:\windows\system32\LogFiles . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-16 22:16 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-04-16 22:16 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-04-16 22:16 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-04-12 23:28 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec 2013-04-12 14:00 . 2006-02-28 12:00 1876480 ----a-w- c:\windows\system32\win32k.sys 2013-03-30 09:15 . 2013-02-13 22:03 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-30 09:15 . 2013-02-13 22:03 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-30 09:15 . 2013-02-13 22:03 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-03-08 08:36 . 2006-02-28 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 15:56 . 2004-08-04 00:50 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-07 15:56 . 2006-02-28 12:00 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-27 07:56 . 2010-08-16 19:13 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-18 17:05 . 2011-01-18 17:04 2291256 ----a-w- c:\programme\TRex.exe 2010-09-16 08:41 . 2010-09-16 08:41 1277264 ----a-w- c:\programme\wlmessengersetup-custom.exe 2010-09-14 21:13 . 2010-09-14 21:13 19075976 ----a-w- c:\programme\SkypeSetup187Full.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys [-] 2006-02-28 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys . [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys [-] 2006-02-28 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys . [-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys [-] 2006-02-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys . [-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys [-] 2008-04-14 . 1704D8C4C8807B889E43C649B478A452 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys [-] 2006-02-28 . B128FC0A5CD83F669D5DE4B58F77C7D6 . 25216 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\kbdclass.sys [-] 2004-08-03 . B128FC0A5CD83F669D5DE4B58F77C7D6 . 25216 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys . [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys [-] 2006-02-28 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys . [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys [-] 2006-02-28 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys . [-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys [-] 2006-02-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys . [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748_1$\tcpip.sys [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys . [-] 2012-07-06 . B71549F23736ADF83A571061C47777FD . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll [-] 2012-07-06 . B71549F23736ADF83A571061C47777FD . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll [-] 2012-07-06 . B2CC8D85D27BF10C5FAF5B98C335978E . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll [-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219$\browser.dll [-] 2008-04-14 . B42057F06BBB98B31876C0B3F2B54E33 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll [-] 2006-02-28 . D8653DCD80CF2EBB333FC4FCC43A7DEF . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll . [-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe [-] 2008-04-14 . AFB8261B56CBA0D86AEB6DF682AF9785 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe [-] 2006-02-28 . 183805EB05BCA5A1E4AAAED4D2BE3690 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe . [-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll [-] 2008-04-14 . E6D88F1F6745BF00B57E7855A2AB696C . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll [-] 2006-02-28 . CDF4DA6B518105343FE9E8AFBBF8FBF4 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll . [-] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll [-] 2008-04-14 02:22 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll [-] 2006-02-28 12:00 . 4B9D9E2708019763C5A72DA776DB1158 . 846848 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll . [-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll [-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll [-] 2008-04-14 . D6F603772A789BB3228F310D650B8BD1 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll [-] 2006-02-28 . 3A5E54A9AB96EF2D273B58136FB58EFE . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll . [-] 2009-02-09 . D3D765E8455A961AE567B408F767D4F9 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll [-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll [-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll [-] 2009-02-09 . 3127AFBF2C1ED0AB14A1BBB7AAECB85B . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll [-] 2009-02-09 . D45BBCDDC74A1B0259A0C4B00C190D20 . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll [-] 2009-02-09 . 8AFBC2E1E5555A1C29953AF854F0FCA5 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll [-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572_1$\rpcss.dll [-] 2008-04-14 . E970C2296916BF4A2F958680016FE312 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll [-] 2006-02-28 . 9F28FF58D6D67B123272869D89D14004 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll . [-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe [-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe [-] 2009-02-09 . A3EDBE9053889FB24AB22492472B39DC . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe [-] 2009-02-09 . F0A7D59AF279326528715B206669B86C . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [-] 2009-02-09 . 65F6B774819BD727358157CEDEA67B8E . 111104 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe [-] 2009-02-09 . A07CA23EA361A01E627D911CF139B950 . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe [-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572_1$\services.exe [-] 2008-04-14 . 4BB6A83640F1D1792AD21CE767B621C6 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe [-] 2006-02-28 . EDB6B81761BD60F32F740BBC40AFB676 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe . [-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe [-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe [-] 2008-04-14 . 39356A9CDB6753A6D13A4072A9F5A4BB . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2006-02-28 . 54E7113A4BD696E430919BCAF5C65E06 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe . [-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2006-02-28 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe . [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys [-] 2006-02-28 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys . [-] 2010-08-23 . 1438703F3D9FFE111DA3869E4F3EEE73 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2010-08-23 . 1438703F3D9FFE111DA3869E4F3EEE73 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll [-] 2010-08-23 . 2B6ADE29F8D00EEFA5FA2250CBE094AD . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [-] 2008-04-14 . 3C93CE6C6985C55952B7BE6673E9FD15 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll [-] 2008-04-14 . AD28671D1B83A386B070DC451A113C13 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2006-02-28 . 2CF914215226B3F7FA1AE4A47E4D261C . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll [-] 2006-02-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [-] 2006-02-28 . 9D0F57B9C65BF8A07DB655A9ED6EB2EE . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll . [-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll [-] 2008-04-14 . 611F824E5C703A5A899F84C5F1699E4D . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll [-] 2006-02-28 . 1A5F9DB98DF7955B4C7CBDBF2C638238 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll . [-] 2008-07-07 20:30 . D68ED3908C7A0DB446111D34AC40DC18 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll [-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll [-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:26 . AF4F6B5739D18CA7972AB53E091CBC74 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll [-] 2008-07-07 20:23 . ADA7241C16F3F42C7F210539FAD5F3AA . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [-] 2008-07-07 20:16 . 3912BEF896D1D687B6053409E5F5F2A6 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll [-] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974_1$\es.dll [-] 2008-04-14 02:22 . 0F3EDAEE1EF97CF3DB2BE23A7289B78C . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll [-] 2006-02-28 12:00 . 4E1A8645EE77CB9454FFE53C59620A25 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974_0$\es.dll . [-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll [-] 2008-04-14 . F9954695D246B33A5BF105029A4C6AB6 . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll [-] 2006-02-28 . 94101D13A1818A9D08337EEC12ED277A . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll . [-] 2012-10-03 . 8214D49147FBB2CD5CF896CBE021D339 . 1063936 . . [5.1.2600.6293] . . c:\windows\system32\kernel32.dll [-] 2012-10-03 . 8214D49147FBB2CD5CF896CBE021D339 . 1063936 . . [5.1.2600.6293] . . c:\windows\system32\dllcache\kernel32.dll [-] 2012-10-03 . A9D5CAF09ABD70F1CA28891ECED7B9E4 . 1065472 . . [5.1.2600.6293] . . c:\windows\$hf_mig$\KB2758857\SP3QFE\kernel32.dll [-] 2009-03-21 . A6F4977F9D2C9506050BFF0EF0B574B5 . 1059840 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll [-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll [-] 2009-03-21 . B055C64AABC1A3E3DE57EC8025CAD283 . 1063424 . . [5.1.2600.5781] . . c:\windows\$NtUninstallKB2758857$\kernel32.dll [-] 2009-03-21 . 3EB703BFC2ED26A3D8ACB8626AB2C006 . 1065472 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [-] 2009-03-21 . B6053A5FA67EAC4A292A44F585881FFF . 1062912 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll [-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll [-] 2008-04-14 . 4C897C69754D88F496339B1A666907C1 . 1063424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll [-] 2006-02-28 . E6CD85D0D37416CF138F01F4BB0FC872 . 1057280 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll . [-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll [-] 2008-04-14 . 5543A9D4A1D0F9F84092482A9373A024 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll [-] 2006-02-28 . 3898FFF548E2968CB3AC5A71D7F4E425 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll . [-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll [-] 2008-04-14 . F38F3C47BBFFD748C1359AB171C3A630 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll [-] 2006-02-28 . B4AD65C79F85C61D32C015B11E03CAAD . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll . [-] 2013-05-07 . B58C905D107E8E8F884F4D41053AA463 . 6015488 . . [8.00.6001.23487] . . c:\windows\SoftwareDistribution\Download\4b0978786d15e4e99869e76ba112785a\SP3QFE\mshtml.dll [-] 2013-05-07 . B58C905D107E8E8F884F4D41053AA463 . 6015488 . . [8.00.6001.23487] . . c:\windows\system32\mshtml.dll [-] 2013-05-07 . B58C905D107E8E8F884F4D41053AA463 . 6015488 . . [8.00.6001.23487] . . c:\windows\system32\dllcache\mshtml.dll [-] 2013-04-16 . F41ACFD0995036E71A2DC14FC43843ED . 6014976 . . [8.00.6001.23486] . . c:\windows\SoftwareDistribution\Download\8dd4b41e100ff95cdbf0efaa4817d9df\SP3QFE\mshtml.dll [-] 2013-03-02 . EA9230C5CF9E866AE60115D5200D0477 . 6012416 . . [8.00.6001.19412] . . c:\windows\ie8updates\KB2847204-IE8\mshtml.dll [-] 2013-03-02 . 0E34682AFAF8CAD72B4D80EF56678356 . 6013440 . . [8.00.6001.23480] . . c:\windows\$hf_mig$\KB2817183-IE8\SP3QFE\mshtml.dll [-] 2013-03-01 . E30201393D0444EAFBA113BF929C3A84 . 6011392 . . [8.00.6001.19403] . . c:\windows\ie8updates\KB2817183-IE8\mshtml.dll [-] 2013-03-01 . D0044B80AAB6E8CF061DBFF2A0D10916 . 6012928 . . [8.00.6001.23471] . . c:\windows\$hf_mig$\KB2809289-IE8\SP3QFE\mshtml.dll [-] 2013-01-09 . D20F3CA24ECC9FCD03311B4614596D80 . 6011904 . . [8.00.6001.23468] . . c:\windows\$hf_mig$\KB2792100-IE8\SP3QFE\mshtml.dll [-] 2013-01-08 . 4E791AFF01E8B2673706B0E3D926B8B8 . 6010368 . . [8.00.6001.19400] . . c:\windows\ie8updates\KB2809289-IE8\mshtml.dll [-] 2013-01-06 . 736266D91BA396EE6D17F4DA20B35317 . 6009856 . . [8.00.6001.19394] . . c:\windows\ie8updates\KB2792100-IE8\mshtml.dll [-] 2013-01-06 . 7E7AD1122829366ABFFD99282AA5E387 . 6011392 . . [8.00.6001.23462] . . c:\windows\$hf_mig$\KB2799329-IE8\SP3QFE\mshtml.dll [-] 2012-11-13 . 9EE11942F73A9CEB7AF2EC2316488F1E . 6010880 . . [8.00.6001.23461] . . c:\windows\$hf_mig$\KB2761465-IE8\SP3QFE\mshtml.dll [-] 2012-11-12 . 8382463AD283ED95C83436988A5467E8 . 6008832 . . [8.00.6001.19393] . . c:\windows\ie8updates\KB2799329-IE8\mshtml.dll [-] 2012-08-28 . 685AC6F538B3D4EBE03F19877187B4DF . 6008832 . . [8.00.6001.19328] . . c:\windows\ie8updates\KB2761465-IE8\mshtml.dll [-] 2012-08-28 . 871C7E18BC56164496CE97DE5C95E569 . 6010368 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\mshtml.dll [-] 2012-07-02 . A73EF51CB4D047AC0831D3BDB9036149 . 6008320 . . [8.00.6001.19298] . . c:\windows\ie8updates\KB2744842-IE8\mshtml.dll [-] 2012-07-02 . 4D2499E11D9F907ACD817CA76DD78024 . 6010368 . . [8.00.6001.23385] . . c:\windows\$hf_mig$\KB2722913-IE8\SP3QFE\mshtml.dll [-] 2012-05-11 . 610AFC1D924512EEB7797ADD9E5F9455 . 6007808 . . [8.00.6001.19258] . . c:\windows\ie8updates\KB2722913-IE8\mshtml.dll [-] 2012-05-11 . E3C9C5F75F06CECD02E0BE32E0BE7463 . 6009344 . . [8.00.6001.23345] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\mshtml.dll [-] 2012-03-01 . C34FC3162FE56D908A7285B5983D03FF . 5978624 . . [8.00.6001.19222] . . c:\windows\ie8updates\KB2699988-IE8\mshtml.dll [-] 2012-03-01 . AFF12544647103F756962F43BF60C238 . 5980672 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\mshtml.dll [-] 2011-12-17 . ED2A6223A232E6463E6168A0A7A6EA93 . 5979136 . . [8.00.6001.19190] . . c:\windows\ie8updates\KB2675157-IE8\mshtml.dll [-] 2011-12-17 . 384D5CD1286CA3364EE2DAA991CF4726 . 5980160 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\mshtml.dll [-] 2011-11-04 . 4823271E3A5F3A3D2229EACA01D849F1 . 5978112 . . [8.00.6001.19170] . . c:\windows\ie8updates\KB2647516-IE8\mshtml.dll [-] 2011-11-04 . CD31B8FA968485999C4B02802D8C482C . 5978624 . . [8.00.6001.23266] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll [-] 2011-10-03 . F591C3C571E547DDED6624EB3DCAB7C9 . 5971456 . . [8.00.6001.19154] . . c:\windows\ie8updates\KB2618444-IE8\mshtml.dll [-] 2011-10-03 . CC43AB1B8E1C5244B7F354307A3C9A77 . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll [-] 2011-07-25 . 9316AF4E14DC9C85A86A1A14A675F160 . 5969920 . . [8.00.6001.19120] . . c:\windows\ie8updates\KB2586448-IE8\mshtml.dll [-] 2011-07-25 . 1D96C20A4B27E16481C3E774EFC87E09 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll [-] 2011-05-30 . 930A3ED33CD772EA8A2C4BB226A81CAF . 5964800 . . [8.00.6001.19088] . . c:\windows\ie8updates\KB2559049-IE8\mshtml.dll [-] 2011-05-30 . F439589BF8C2B1B07DAED345CD2F710D . 5967360 . . [8.00.6001.23181] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll [-] 2011-02-22 . 581142E0B30A2457893EDCF11479BB6C . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll [-] 2011-02-22 . C37FC01CC7347AA073EA7AC3C70D7C7E . 5962240 . . [8.00.6001.19046] . . c:\windows\ie8updates\KB2530548-IE8\mshtml.dll [-] 2010-12-20 . 10669CF45FBCA6774260726D6D62282C . 5961216 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\mshtml.dll [-] 2010-12-20 . BE8A4C7BFF06DC3BCCBCE689FAC751F7 . 5962240 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll [-] 2010-11-06 . 40627E7D2717A6DD38337A54FDA03F34 . 5960704 . . [8.00.6001.23091] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll [-] 2010-11-06 . 3414295B9307D2EFE47EE89F5CC43125 . 5959168 . . [8.00.6001.18999] . . c:\windows\ie8updates\KB2482017-IE8\mshtml.dll [-] 2010-09-10 . 2EE27CDF8C897B5ABE5D86D1C03F1066 . 5957120 . . [8.00.6001.18975] . . c:\windows\ie8updates\KB2416400-IE8\mshtml.dll [-] 2010-09-10 . FC277C347BBAAE912A5B0748B3504483 . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll [-] 2010-06-24 . 7CF74ED1A2C05369C67531E7855742CF . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll [-] 2010-06-24 . AC2E0BBFA7C01FD7CBF858C764B745DE . 5951488 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll [-] 2010-05-06 . 91A9BB7F22F7D21E9C07E995C4E31F74 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll [-] 2010-05-06 . A0091E83B21A4C2627D1DD1A64C1B4B9 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll [-] 2010-04-16 . 164B4195439F7A0919A6CA7BDEC238AC . 3094016 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3GDR\mshtml.dll [-] 2010-04-16 . 65E4FEB30D4307C1425F8635EE75200D . 3094528 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\mshtml.dll [-] 2010-04-16 . F78A7680EC0A14F1D601364DD4635D7B . 3086336 . . [6.00.2900.3698] . . c:\windows\ie8\mshtml.dll [-] 2010-04-16 . 61244206F4B9840DE7AD5BF8DE5B9A49 . 3094016 . . [6.00.2900.3698] . . c:\windows\$hf_mig$\KB982381\SP2QFE\mshtml.dll [-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll [-] 2008-04-14 . 72AE55A9FFBC60650339CB12E35C7DD5 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll [-] 2006-02-28 . 3910C7977DF6C8BCB604350173066D79 . 3070464 . . [6.00.2900.2853] . . c:\windows\$NtUninstallKB982381$\mshtml.dll [-] 2006-02-20 . 01432C2102578F0AB9ADDFEC91043D06 . 3073024 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll . [-] 2008-04-14 . C536AAD8A71608FE33CD956214EDD366 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll [-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll [-] 2008-04-14 . C6A6E53A0C34EC87883137A6CB87AE5E . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll [-] 2006-02-28 . B30BAA48E5063E71C76280E34E7E4802 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll [-] 2006-02-28 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll [-] 2006-02-28 . 365B3C43810E1CF41B3BE1E7180F583B . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll . [-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll [-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll [-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll [-] 2008-06-20 . ACD8BD448A74F344D46FCAF21BAB92AF . 247296 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll [-] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll [-] 2008-06-20 . 4AA50627B01C0E9C6B4C6BD3AF648F12 . 247296 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll [-] 2008-06-20 . 774274C487493452DF3B0126DBE7FF3B . 247296 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll [-] 2008-06-20 . EB55B1D9978B61E9913EDCD27EEC4C7C . 247296 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll [-] 2008-06-20 . F1B67B6B0751AE0E6E964B02821206A3 . 247296 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB951748$\mswsock.dll [-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748_1$\mswsock.dll [-] 2008-04-14 . F12B9D9A069331877D006CC81B4735F9 . 247296 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll [-] 2006-02-28 . B36E08F680BAE4DFC5C24D00A2DFC9E7 . 247296 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll . [-] 2009-02-06 . ED4BBAD725A21632FB205452749FC8F5 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll [-] 2009-02-06 . ED4BBAD725A21632FB205452749FC8F5 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll [-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll [-] 2008-04-14 . 0098D35F91DEAB9C127360A877F2CF84 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll [-] 2006-02-28 . D27395EDCD3416AFD125A9370DCB585C . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll . [-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll [-] 2008-04-14 . C8C0BDABC966B6C24D337DF0A0A399E1 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll [-] 2006-02-28 . 5604574D490B798BD9A946B021A766AD . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll . [-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll [-] 2008-04-14 . 5132443DF6FC3771A17AB4AE55DCBC28 . 187904 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll [-] 2006-02-28 . 64DC26B3CF7BCCAD431CE360A4C625D5 . 186880 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll . [-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll [-] 2008-04-14 . 44161A59DC33AC2EA9C95438ADFFFB7F . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll [-] 2006-02-28 . F62934BC94299083EBFC8810242D8640 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll . [-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe [-] 2008-04-14 . 4FBC75B74479C7A6F829E0CA19DF3366 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe [-] 2006-02-28 . 65A819B121EB6FDAB4400EA42BDFFE64 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe . [-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll [-] 2008-04-14 . 05903CAC4B98908D55EA5774775B382E . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll [-] 2006-02-28 . 4584E2A5FE662AB3E7C32936E1449043 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll . [-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll [-] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2006-02-28 . 56785FD5236D7B22CF471A6DA9DB46D8 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll . [-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe [-] 2008-04-14 . 788F95312E26389D596C0FA55834E106 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe [-] 2006-02-28 . D1E53DC57143F2584B1DD53B036C0633 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe . [-] 2013-04-16 . 10D06267C1B4AEA1B324F5EA32B9B922 . 920064 . . [8.00.6001.23486] . . c:\windows\SoftwareDistribution\Download\8dd4b41e100ff95cdbf0efaa4817d9df\SP3QFE\wininet.dll [-] 2013-04-16 . 10D06267C1B4AEA1B324F5EA32B9B922 . 920064 . . [8.00.6001.23486] . . c:\windows\system32\wininet.dll [-] 2013-04-16 . 10D06267C1B4AEA1B324F5EA32B9B922 . 920064 . . [8.00.6001.23486] . . c:\windows\system32\dllcache\wininet.dll [-] 2013-03-02 . 214501D3CC7007F42822D22B01D1D2F7 . 916480 . . [8.00.6001.19412] . . c:\windows\ie8updates\KB2829530-IE8\wininet.dll [-] 2013-03-02 . E7A3A46CB8E4CF41341BEFE9F7D9C9CE . 920064 . . [8.00.6001.23480] . . c:\windows\$hf_mig$\KB2817183-IE8\SP3QFE\wininet.dll [-] 2013-02-05 . A6E0E07C08C7BA620B7A098BBAFA4208 . 916480 . . [8.00.6001.19401] . . c:\windows\ie8updates\KB2817183-IE8\wininet.dll [-] 2013-02-05 . 08AE726D7115DB2CCE2D3C7CE12C5766 . 920064 . . [8.00.6001.23469] . . c:\windows\$hf_mig$\KB2809289-IE8\SP3QFE\wininet.dll [-] 2012-12-26 . 660331C8727EEFE8FC21A8F028833824 . 916480 . . [8.00.6001.19394] . . c:\windows\ie8updates\KB2809289-IE8\wininet.dll [-] 2012-12-26 . A852CCAA50A1571E7C05F16856A386C0 . 920064 . . [8.00.6001.23462] . . c:\windows\$hf_mig$\KB2792100-IE8\SP3QFE\wininet.dll [-] 2012-11-01 . 2EDCBEBCAC154808D4BED260D1CC5B3E . 916992 . . [8.00.6001.19389] . . c:\windows\ie8updates\KB2792100-IE8\wininet.dll [-] 2012-11-01 . 55DA1F687D28274A8257B78F72907300 . 920064 . . [8.00.6001.23458] . . c:\windows\$hf_mig$\KB2761465-IE8\SP3QFE\wininet.dll [-] 2012-08-28 . 8DA5C02D2CA9C2266C6E1ED1628388FF . 916992 . . [8.00.6001.19328] . . c:\windows\ie8updates\KB2761465-IE8\wininet.dll [-] 2012-08-28 . E51889F140ED2B32E986611E69DE148B . 920064 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\wininet.dll [-] 2012-07-02 . 0085D5288271FA641F95A5A1845C6512 . 916992 . . [8.00.6001.19298] . . c:\windows\ie8updates\KB2744842-IE8\wininet.dll [-] 2012-07-02 . 002E8799A0D811A9F611FFA72B0A405D . 920064 . . [8.00.6001.23385] . . c:\windows\$hf_mig$\KB2722913-IE8\SP3QFE\wininet.dll [-] 2012-05-16 . CB1B69A4306EAE327DE46277CA3BA9C9 . 916992 . . [8.00.6001.19272] . . c:\windows\ie8updates\KB2722913-IE8\wininet.dll [-] 2012-05-16 . FA932FB2522C5B8436DF9D2290F56A98 . 920064 . . [8.00.6001.23359] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\wininet.dll [-] 2012-03-01 . 9C4ABC4869FB2EB0E6F38E27A536B325 . 916992 . . [8.00.6001.19222] . . c:\windows\ie8updates\KB2699988-IE8\wininet.dll [-] 2012-03-01 . 4CF6DBF445D93CAB7986F8EB90F27DEC . 919552 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\wininet.dll [-] 2011-12-17 . 4C4FA27D15C83B59B16CED7DED66E33D . 916992 . . [8.00.6001.19190] . . c:\windows\ie8updates\KB2675157-IE8\wininet.dll [-] 2011-12-17 . 48F111BC456924B4F131E9FF11B4925E . 919552 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\wininet.dll [-] 2011-11-04 . 0BB4286D73CE2CF106F21C7D38C9F85A . 916992 . . [8.00.6001.19165] . . c:\windows\ie8updates\KB2647516-IE8\wininet.dll [-] 2011-11-04 . C87AFD199FB2BAA77BADC2974815A7A4 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll [-] 2011-08-22 . 5F841994DB0F2B3A3303F8E6ADFDB13E . 916480 . . [8.00.6001.19131] . . c:\windows\ie8updates\KB2618444-IE8\wininet.dll [-] 2011-08-22 . 15F8399C03B9717AC8F5722649CB017D . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll [-] 2011-06-23 . 0BF4985026EF2B7F22B91B3A4A56E222 . 916480 . . [8.00.6001.19098] . . c:\windows\ie8updates\KB2586448-IE8\wininet.dll [-] 2011-06-23 . 11C398190972B60689CA0E61FEC75C42 . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll [-] 2011-04-25 . 64F49D76DBEDDC28C676AF86A8613575 . 916480 . . [8.00.6001.19072] . . c:\windows\ie8updates\KB2559049-IE8\wininet.dll [-] 2011-04-25 . 69E2C6E3430C34698F72E735646B346E . 919552 . . [8.00.6001.23165] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll [-] 2011-02-22 . 0E05446F197207A173E06A27C70A1DF7 . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll [-] 2011-02-22 . A2B8733A4FB67717861CF97DB1F03053 . 916480 . . [8.00.6001.19044] . . c:\windows\ie8updates\KB2530548-IE8\wininet.dll [-] 2010-12-20 . 4E6109D5651FAB2D9C7ACEBFA5E49076 . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll [-] 2010-12-20 . B5FF24B723725959D6AE0904F53F74BC . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll [-] 2010-11-06 . 628696B409200762C12C5140C434CBFA . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll [-] 2010-11-06 . 24BC8815BBD3BB53829E0141529E49FD . 916480 . . [8.00.6001.18992] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll [-] 2010-09-10 . 41E62E6AA4D4C03322467FB0D2D29967 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll [-] 2010-09-10 . 7B7028B726053782DD9B98B729515567 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll [-] 2010-06-24 . 1ACB8E6FAD2A8690CBB41D3229A2B27D . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll [-] 2010-06-24 . 5AC0C1733D8C3DE781002F45A678E0FC . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll [-] 2010-05-06 . 12C5EEBBC10DB644B44131EE3ECBC430 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll [-] 2010-05-06 . B5B9887088B8168D52CB28020CF05498 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll [-] 2010-04-16 . 0CC0A30F7F06C6A5A40911616CA35085 . 672768 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3GDR\wininet.dll [-] 2010-04-16 . 68B82A22151D41988B3BCB7C881E2B0E . 674304 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\wininet.dll [-] 2010-04-16 . C7B31EF1A7F52D99E92BFF1B053D6EB2 . 667648 . . [6.00.2900.3698] . . c:\windows\ie8\wininet.dll [-] 2010-04-16 . 4350AD71E6C5F397BB76DFF7C4BCFCBD . 674304 . . [6.00.2900.3698] . . c:\windows\$hf_mig$\KB982381\SP2QFE\wininet.dll [-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll [-] 2008-04-14 . B4AEE98A48917B274FACFB78BBE0BC84 . 671744 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll [-] 2006-02-28 . B1A1DA99C4A6EBFD59F86A453BF02F39 . 662016 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB982381$\wininet.dll . [-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll [-] 2008-04-14 . 6A35E2D6F5F052C84EC2CEB296389439 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll [-] 2006-02-28 . D569240A22421D5F670BB6FB6DD522B5 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll . [-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll [-] 2008-04-14 . C7D8A0517CBF16B84F657DE87EBE9D4B . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll [-] 2006-02-28 . B3ADA72D1E3E10A8F6430669DFC38ED0 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll . [-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2006-02-28 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe . [-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\regedit.exe [-] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe [-] 2006-02-28 . 8193CE5FB09E83F2699FD65BBCBE2FD2 . 153600 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe . [-] 2011-11-01 . 6AD6619E7523E27B771569C26F408F0A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll [-] 2011-11-01 . 6AD6619E7523E27B771569C26F408F0A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll [-] 2011-11-01 . D684C601EC79D9543D50EB2DB124FE78 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll [-] 2010-07-16 . B28AF7976F2D8109C0DC2CF2460BEDC2 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll [-] 2010-07-16 . B3D7633CF83B09042A49810A7A72ADED . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll [-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll [-] 2008-04-14 . E08D638BA3D3DD6DF6E31216AB66AE0B . 1287680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll [-] 2006-02-28 . D700449AD3045E81680C25A79620A171 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll . [-] 2010-04-16 . 45954AFB7AE6E29B23C56B830C820A11 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll [-] 2010-04-16 . 45954AFB7AE6E29B23C56B830C820A11 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll [-] 2010-04-16 . EB2AD9C7DADE6C63F5F933881BA2A430 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll [-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll [-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll [-] 2006-02-28 . E4E40EAFF464EBE7752BAD3D82AF1715 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll . [-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll [-] 2008-04-14 . 671ABB33C712B1585A5BF7ADD36AD96E . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll [-] 2004-08-03 . 4721744CE11F385073F6F9F7831752C7 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll . [-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2006-02-28 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe . [-] 2009-07-27 . 2DB7D303C36DDD055215052F118E8E75 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll [-] 2009-07-27 . 2DB7D303C36DDD055215052F118E8E75 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll [-] 2009-07-27 . 927666F4228E3FBBC3D1171581DC8BDC . 135680 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll [-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll [-] 2008-04-14 . 40602EBFBE06AA075C8E4560743F6883 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll [-] 2006-02-28 . BAC5F7F0C2B8C1B9832594851E0F9914 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll . [-] 2008-04-14 . DC4E223F5813150073FB5CC63D13293B . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll [-] 2008-04-14 . DC4E223F5813150073FB5CC63D13293B . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll [-] 2006-02-28 . 3B8A9C87027BF8D6D156BE5FA6E8EBC6 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll . [-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll [-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2006-02-28 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll . [-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe [-] 2008-04-14 . EDAFBE25FB6480CE68F688BA691890DC . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe [-] 2006-02-28 . 7D3E0BEB62799112F5C9FF717D72BF29 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe . [-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll [-] 2008-04-14 . 0ADA34871A2E1CD2CAAFED1237A47750 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll [-] 2006-02-28 . 8302DE1C64618D72346DD0034DBC5D9B . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll . [-] 2010-12-09 . 0314B25236E38383DACD4527C40156E8 . 743936 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll [-] 2010-12-09 . E3BDD71DA7EAB0A503129D4D127AF1CB . 743936 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll [-] 2010-12-09 . E3BDD71DA7EAB0A503129D4D127AF1CB . 743936 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll [-] 2009-02-09 . 06DA2C9091606174BFC6F46037AAFFF8 . 740864 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll [-] 2009-02-09 . 1392B1FB3CD232D4439418DB91DB57A1 . 740352 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntdll.dll [-] 2009-02-09 . 1392B1FB3CD232D4439418DB91DB57A1 . 740352 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll [-] 2009-02-09 . 00396DB3298F569268C854D8192A6524 . 740352 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntdll.dll [-] 2009-02-09 . 13F65D69BC90600C2F0274A4D42D38B5 . 740864 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntdll.dll [-] 2008-04-14 . 95092EFBE367A108ECDD5D6E439754C3 . 731648 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572_1$\ntdll.dll [-] 2008-04-14 . 95092EFBE367A108ECDD5D6E439754C3 . 731648 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll [-] 2006-02-28 . 00E9FF65CC5C4F965ABB0C7BBDAE8309 . 733696 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\ntdll.dll . [-] 2009-02-27 . B97AFE7A2A3D47E3BBBA37F913E50732 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\msctfime.ime [-] 2009-02-27 . B97AFE7A2A3D47E3BBBA37F913E50732 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime [-] 2009-02-27 . 29DAAEB07885C57AD6E5860BACDF6EAA . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime [-] 2008-04-14 . 275CAC40038A2643833B5F48FB474857 . 177152 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB961503$\msctfime.ime [-] 2008-04-14 . 275CAC40038A2643833B5F48FB474857 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime [-] 2006-02-28 . C7329927E2C73450323565DCFE17D78E . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime . [-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll [-] 2008-04-14 . 04955AA695448C181B367D964AF158AA . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll [-] 2006-02-28 . B932C077D5A65B71B4512544AC404CB4 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll . [-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll [-] 2008-04-14 . 5251425B86EA4A3532B8BB8D14044E61 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll [-] 2006-02-28 . 80F7B7198B869C07C98627AF812D68B6 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll . [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys [-] 2006-02-28 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys . [-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll [-] 2008-04-14 . E4CD1F3D84E1C2CA0B8CF7501E201593 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll [-] 2006-02-28 . AE81CF7D7CFA79CD03E8FB99788A7E09 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll . [-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll [-] 2008-04-14 . A050194A44D7FA8D7186ED2F4E8367AE . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll [-] 2006-02-28 . D5E73842F38E24457C63FEF8CEFFBE19 . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll . [-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll [-] 2008-04-14 . 4DF5B05DFAEC29E13E1ED6F6EE12C500 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll [-] 2006-02-28 . 6FA03B462B2FFFE2627171B7FE73EE29 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll . [-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll [-] 2008-04-14 . B7DE02C863D8F5A005A7BF375375A6A4 . 297472 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll [-] 2006-02-28 . 1850BC10DE5DCCCEDE063FC2D0F2CEDA . 297472 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll . [-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll [-] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll [-] 2006-02-28 . AE93E415220A4C0112768A0DEE36D28D . 348672 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll . [-] 2006-02-28 . 9E1CA3160DAFB159CA14F83B1E317F75 . 12160 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys . [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys [-] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys . [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys . [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys [-] 2006-02-28 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys . [-] 2010-09-18 07:18 . 4891FCDAE77486BFB56999AA217651FA . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll [-] 2010-09-18 06:52 . 1614669828A32BCD06E1BE6F334BB888 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll [-] 2010-09-18 06:52 . 1614669828A32BCD06E1BE6F334BB888 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll [-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll [-] 2008-04-14 02:22 . ACC19BA6876AF18768EE87931CAD14E2 . 927504 . . [] . . c:\windows\ServicePackFiles\i386\mfc40u.dll [-] 2006-02-28 12:00 . 31DD27AB47F62D383505F35CA972748B . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll . [-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll [-] 2008-04-14 . B7550A7107281D170CE85524B1488C98 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll [-] 2006-02-28 . E5215AB942C5AC5F7EB0E54871D7A27C . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll . [-] 2008-04-14 02:22 . 6E18978B749F0696A774DE3F2CB142DD . 52736 . . [] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll [-] 2006-02-28 12:00 . D68CC4EBF7B03FD770D5962295AD814E . 52736 . . [] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll . [-] 2013-03-07 . F6D0ADD14A380F027A0863A1EE337B93 . 2072320 . . [5.1.2600.6368] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2013-03-07 . F6D0ADD14A380F027A0863A1EE337B93 . 2072320 . . [5.1.2600.6368] . . c:\windows\system32\dllcache\ntkrnlpa.exe [-] 2013-03-07 . 7AC180C47638A8394E9BCA27BD2EC5E7 . 2031104 . . [5.1.2600.6368] . . c:\windows\system32\ntkrnlpa.exe [-] 2013-03-07 . 55A21C67E41EC94ECE980B33152E87F1 . 2072320 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntkrnlpa.exe [-] 2013-01-07 . 6DA536958A593E44B5EE3881C5B74575 . 2030080 . . [5.1.2600.6335] . . c:\windows\$NtUninstallKB2813170$\ntkrnlpa.exe [-] 2013-01-07 . 02CFD7C5E7F3EC63D6754D6B259A3BB6 . 2072064 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntkrnlpa.exe [-] 2012-08-23 . 2A212067C4734FD67095DA9FF522B503 . 2030080 . . [5.1.2600.6284] . . c:\windows\$NtUninstallKB2799494$\ntkrnlpa.exe [-] 2012-08-23 . 3E6F700819774FD290FA8A79465E41DA . 2071936 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe [-] 2012-05-05 . BE4A6D3DB8E11A1B644B8675FE7D1A43 . 2029056 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntkrnlpa.exe [-] 2012-05-05 . 339D9DA45F631C9D9D7132D9F6957943 . 2071424 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe [-] 2012-04-11 . 12E964E3514BC6ECD028A792F23E1976 . 2029056 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2707511$\ntkrnlpa.exe [-] 2012-04-11 . C3124524EDDDA49504AE558352440F65 . 2071424 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe [-] 2011-10-26 . 07FD1B85212CB29D3D75932B8C3FD210 . 2029568 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntkrnlpa.exe [-] 2011-10-26 . ADD968B4D4A095407FD5B915F89BA8B5 . 2071680 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe [-] 2010-12-09 . 7B1CA0A6C042E4B90A18B49ED73CBA76 . 2071680 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe [-] 2010-12-09 . 56371A8F18F7D9570A11B1C54D602A2A . 2029568 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe [-] 2010-04-28 . 4EACA49489EB3C4A2E83C5546EB5884C . 2069248 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe [-] 2010-04-28 . 6D8D53C3EE866AB72AC73A68808E7371 . 2027008 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe [-] 2010-02-17 . FEDB0FDF1FE02ECC7A823A690175B876 . 2066048 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntkrnlpa.exe [-] 2010-02-16 . 4C56EC495229ABC2F62862A7E145A852 . 2019328 . . [5.1.2600.3670] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe [-] 2010-02-16 . 9F24D01B6027FED0423FD28F1055E3DD . 2069120 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe [-] 2010-02-16 . 1DFCBCFD1C9016C051BE6D7243459CCA . 2027008 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe [-] 2010-02-16 . CEE28C8C47E52F185F9F8F3A2E31880C . 2069248 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe [-] 2009-02-10 . 321917CFF934663C48C1E91A930E5D71 . 2068352 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe [-] 2009-02-09 . 6A2980D9805A4285271FE50D91BC5C2A . 2018304 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB979683_0$\ntkrnlpa.exe [-] 2009-02-09 . 84C1C109552E9E276FF004E181B80C25 . 2065280 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe [-] 2009-02-09 . 43FBA8A9CBEEA36EA95AF77CD538200A . 2026496 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB979683_1$\ntkrnlpa.exe [-] 2009-02-09 . 1F9DA92672B8B5720C5FB1E87D8F249F . 2068480 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe [-] 2008-04-14 . FEFB3BDA35CF469809B0C89AB6833AFC . 2026496 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572_1$\ntkrnlpa.exe [-] 2008-04-14 . E51980EF65CED4490A7395A06C08DA34 . 2068224 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [-] 2006-02-28 . F8D35488D41B19A306A454FFC0ED0336 . 2017792 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe . [-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll [-] 2008-04-14 02:22 . 56AF4064996FA5BAC9C449B1514B4770 . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll [-] 2006-02-28 12:00 . 428AA946A8D9F32DBB4260C8E6E13377 . 438272 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll . [-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll [-] 2008-04-14 . 1DFD8975D8C89214B98D9387C1125B49 . 186880 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll [-] 2006-02-28 . 09D4A2D7C5A8ABEC227D118765FAADDF . 185856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll . [-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll [-] 2008-04-14 . 9236E736EDB57BE7D1EF6274410E3BAC . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll [-] 2006-02-28 . 7DB3393F98E4211F5CE8F003DE0615CF . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll . [-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll [-] 2008-04-14 . 36969CF86E51EC8ED202B40F2FA80AA6 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll [-] 2006-02-28 . 20AE7889467887B869F30308EEED9A2A . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll . [-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll [-] 2008-04-14 . 4A37188B83B00DD9CFBA049687AD0DAF . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll [-] 2006-02-28 . CAC545A56482DE01640E6B791DE19944 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll . [-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll [-] 2008-04-14 02:22 . 5D7F5A46975D2E59A6FECB6C231D200F . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll [-] 2006-02-28 12:00 . 1404D3DD4ED4F5E2A938B43794049A81 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll . [-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll [-] 2008-04-14 . C47FD93010649AC0D79022D9B69ADBE4 . 41984 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll [-] 2006-02-28 . 007BFD01772B5202C5CE4F208A2F3F46 . 41984 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll . [-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll [-] 2008-04-14 . F86000634319F71535BCE6B06995EE99 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll [-] 2006-02-28 . 4EF2FDC0A085C8339ED4D9C59CE8FC60 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll . [-] 2013-03-07 . DACE71DFE04588B54C0396C6C2AC92EB . 2195712 . . [5.1.2600.6368] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2013-03-07 . DACE71DFE04588B54C0396C6C2AC92EB . 2195712 . . [5.1.2600.6368] . . c:\windows\system32\dllcache\ntoskrnl.exe [-] 2013-03-07 . FE473D39B38D8542770F7C339914A8DF . 2152448 . . [5.1.2600.6368] . . c:\windows\system32\ntoskrnl.exe [-] 2013-03-07 . 8FE0900688FFDA8BBA1701D9E543F867 . 2195840 . . [5.1.2600.6368] . . c:\windows\$hf_mig$\KB2813170\SP3QFE\ntoskrnl.exe [-] 2013-01-07 . AF1C9AABC52AC0BA50F3CCA696D3F8B1 . 2151424 . . [5.1.2600.6335] . . c:\windows\$NtUninstallKB2813170$\ntoskrnl.exe [-] 2013-01-07 . E3C3A9F90C77AEE8F70650109963E52D . 2195456 . . [5.1.2600.6335] . . c:\windows\$hf_mig$\KB2799494\SP3QFE\ntoskrnl.exe [-] 2012-08-23 . 36E49FA67679847C40F452219D871163 . 2151424 . . [5.1.2600.6284] . . c:\windows\$NtUninstallKB2799494$\ntoskrnl.exe [-] 2012-08-23 . DEF6103237BB417D4082DB5077837853 . 2195328 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe [-] 2012-05-05 . 916B2FD262DDD2DD31EB5B80B5645516 . 2150912 . . [5.1.2600.6223] . . c:\windows\$NtUninstallKB2724197$\ntoskrnl.exe [-] 2012-05-05 . C11516E90F6D8C45329A070429392A04 . 2194944 . . [5.1.2600.6223] . . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe [-] 2012-04-11 . 1055CB3C62F7007EBD5ECB1E5CC8069E . 2150912 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2707511$\ntoskrnl.exe [-] 2012-04-11 . 35BEC26067274CCFE4BE16CA22E54557 . 2194944 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe [-] 2011-10-26 . 63907C9E2D9EEA3ADA8263F0A8D79797 . 2151424 . . [5.1.2600.6165] . . c:\windows\$NtUninstallKB2676562$\ntoskrnl.exe [-] 2011-10-26 . 43BA9F58FD87BBF57F958C06241F2C9C . 2195072 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe [-] 2010-12-09 . 2A5A8BE47E1F8E55520FB4031E21D129 . 2195072 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe [-] 2010-12-09 . DAC0BE266F11618A2B9A6EC4D1F255ED . 2151424 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe [-] 2010-04-28 . 490911C4B913989D4958543FED2C8F21 . 2148864 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe [-] 2010-04-28 . 6AF2E8CEB03F7CB3B8183359563DBB87 . 2192384 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe [-] 2010-02-17 . 786F98EFD090AD93F03E3BD95FB68714 . 2192256 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe [-] 2010-02-16 . 22FB992849C75B08F3A9BFB19B87935D . 2139648 . . [5.1.2600.3670] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [-] 2010-02-16 . B76CEA13602DC99EE0E655E4798C24AA . 2189184 . . [5.1.2600.3670] . . c:\windows\$hf_mig$\KB979683\SP2QFE\ntoskrnl.exe [-] 2010-02-16 . E1BD0FAFF2C1D0A825CBA97DCF0DDDAE . 2148864 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe [-] 2010-02-16 . 4456016C2FF1A8CCCAC8309C9B76E2F5 . 2192384 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe [-] 2009-02-10 . D3453310FC92736E674FFDC6E3F455B7 . 2191488 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [-] 2009-02-09 . AA84FFABC07AD44176598F6E253EF5EE . 2138624 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB979683_0$\ntoskrnl.exe [-] 2009-02-09 . E22124EC3A33F40755DCD2F4B1BE8A87 . 2188416 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe [-] 2009-02-09 . FEE1600B76B196D9993CD468DA7524F7 . 2191360 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe [-] 2009-02-09 . 18D976FE984BDA3DAC8164B05D69205D . 2147840 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB979683_1$\ntoskrnl.exe [-] 2008-04-14 . 354C9291513BCE4D0ED6B0C6A15470F8 . 2191360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe [-] 2008-04-14 . 88077F757C6C793C33408D878B6E0F76 . 2147840 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572_1$\ntoskrnl.exe [-] 2006-02-28 . C3EC5DD56E3EB15D80AF9FCEE030CABD . 2150912 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe . [-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll [-] 2008-04-14 . FE77A85495065F3AD59C5C65B6C54182 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2006-02-28 . 015F302C4CF961F20C3F98F3A7CA7917 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll . [-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll [-] 2008-04-14 . 7B353059E665F8B7AD2BBEAEF597CF45 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll [-] 2006-02-28 . C6D874CD2A5B83CD11CDEBD28A638584 . 176640 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll . [-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll [-] 2008-04-14 . BC2C5985611C5356B24AEB370953DED9 . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll [-] 2006-02-28 . 7E751068ADA60FC77638622E86A7CD9E . 333824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll . [-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll [-] 2008-04-14 . 2CF969B9BF1EF069075DCDCE309FAAE1 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll [-] 2006-02-28 . 32641AE4D340C1AC2D9B3A3BD71F5C47 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll . [-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll [-] 2008-04-14 . 469FED8597896DB77B49384BE90E2E0A . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll [-] 2006-02-28 . 84028E2EBE7A25494766673A5FF4B304 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll . [-] 2008-04-14 . 02AF8A799D173C2D0C71F399C03AC9E1 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll [-] 2008-04-14 . 02AF8A799D173C2D0C71F399C03AC9E1 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll [-] 2006-02-28 . 3FEADE4D0B41D22E8B8460739A9B4FEE . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}] 2013-01-28 14:49 281760 ----a-w- c:\programme\Gemeinsame Dateien\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\dokumente und einstellungen\GunnarW\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\dokumente und einstellungen\GunnarW\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\dokumente und einstellungen\GunnarW\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\dokumente und einstellungen\GunnarW\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wireless Console 2"="c:\programme\Wireless Console 2\wcourier.exe" [2007-07-05 1040384] "ACU"="c:\programme\Atheros\ACU.exe" [2007-10-23 376921] "ATKMEDIA"="c:\programme\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2010-08-16 37232] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2010-08-16 33136] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312] "QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2012-10-25 421888] "APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2013-02-18 152392] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\dokumente und einstellungen\GunnarW\Startmenü\Programme\Autostart\ Dropbox.lnk - c:\dokumente und einstellungen\GunnarW\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\programme\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon] "shell"=hex(4486008):45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,\ . [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^GunnarW^Startmenü^Programme^Autostart^Dropbox.lnk] path=c:\dokumente und einstellungen\GunnarW\Startmenü\Programme\Autostart\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-10-06 00:52 59240 ----a-w- c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-01-28 12:08 59720 ----a-w- c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKHOTKEY] 2007-07-12 08:25 225280 ----a-w- c:\programme\ATK Hotkey\HControl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2] 2007-10-17 17:04 7737344 ----a-w- c:\programme\ATKOSD2\ATKOSD2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 16:36 30040 ----a-w- c:\programme\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2013-02-18 15:01 152392 ----a-w- c:\programme\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:22 1695232 ------w- c:\programme\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 20:12 3872080 ----a-w- c:\programme\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 02:12 421888 ----a-w- c:\programme\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2006-10-30 11:49 16269312 ------r- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify] 2012-08-18 16:54 5576408 ----a-w- c:\dokumente und einstellungen\GunnarW\Anwendungsdaten\Spotify\spotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2012-08-18 16:54 1193176 ----a-w- c:\dokumente und einstellungen\GunnarW\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-04-08 10:59 254696 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2006-05-25 12:02 786521 ----a-w- c:\programme\Synaptics\SynTP\SynTPEnh.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Dokumente und Einstellungen\\GunnarW\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"= "c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Dokumente und Einstellungen\\GunnarW\\Anwendungsdaten\\Spotify\\spotify.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "15783:UDP"= 15783:UDP:UDP 15783 "17711:TCP"= 17711:TCP:TCP 17711 "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [14.02.2013 00:03 37352] R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [14.02.2013 00:03 86752] R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [16.08.2010 22:49 24576] R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [16.08.2010 22:49 1260672] S2 Skype C2C Service;Skype C2C Service;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe [02.10.2012 13:13 3064000] S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [08.01.2013 13:55 161536] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [14.02.2013 01:21 21104] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 79581326 *Deregistered* - 79581326 . Inhalt des "geplante Tasks" Ordners . 2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 15:31] . 2013-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2013-05-15 c:\windows\Tasks\User_Feed_Synchronization-{A42691D2-4E50-44F7-8D45-525364F2FD6C}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank mStart Page = hxxp://search.easylifeapp.com/?pid=499&r=2013/02/14&hid=817904650&lg=EN&cc=DE uInternet Settings,ProxyOverride = *.local IE: Free YouTube Download - c:\programme\Gemeinsame Dateien\DVDVideoSoft\plugins\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\programme\Gemeinsame Dateien\DVDVideoSoft\plugins\freeytmp3downloader.htm IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\programme\Gemeinsame Dateien\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll TCP: DhcpNameServer = . - - - - Entfernte verwaiste Registrierungseinträge - - - - . MSConfigStartUp-FreePDF Assistant - c:\programme\FreePDF_XP\fpassist.exe MSConfigStartUp-ICQ - c:\programme\ICQ7.2\ICQ.exe MSConfigStartUp-swg - c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe HKLM_ActiveSetup-ccc-core-static - msiexec AddRemove-Free Audio CD Burner_is1 - c:\programme\DVDVideoSoft\Free Audio CD Burner\unins000.exe AddRemove-Uninstall_is1 - c:\programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2013-05-15 18:00 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'winlogon.exe'(848) c:\windows\system32\Ati2evxx.dll . Zeit der Fertigstellung: 2013-05-15 18:04:55 ComboFix-quarantined-files.txt 2013-05-15 16:04 . Vor Suchlauf: 7 Verzeichnis(se), 43.672.915.968 Bytes frei Nach Suchlauf: 9 Verzeichnis(se), 43.998.154.752 Bytes frei . WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - CB3D3793CBC9FB7319CBF2CD5A166B44 |
![]() | #10 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU-Trojaner! Benötige dringend Hilfe! Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
![]() | #11 |
| ![]() GVU-Trojaner! Benötige dringend Hilfe! Malwarebytes Anti-Malware www.malwarebytes.org Datenbank Version: v2013.05.15.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 GunnarW :: GUNNAR [Administrator] 15.05.2013 18:30:25 mbam-log-2013-05-15 (18-30-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 321581 Laufzeit: 52 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
![]() | #12 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU-Trojaner! Benötige dringend Hilfe! Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
![]() | #13 |
| ![]() GVU-Trojaner! Benötige dringend Hilfe! Meine Liste befindet sich im Anhang! |
![]() | #14 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU-Trojaner! Benötige dringend Hilfe! deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: BitZipper BrowseToSave Free PDF Free YouTube GPL Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: MyScript PDFKey Safari Spotify Windows Live : alle für dich unnötigen Öffne bitte CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte ![]()
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
![]() | #15 |
| ![]() GVU-Trojaner! Benötige dringend Hilfe! Siehe Anhang! |
![]() |
Themen zu GVU-Trojaner! Benötige dringend Hilfe! |
avira, bho, bonjour, browser, canon, converter, dringend, dvdvideosoft ltd., error, excel, firefox, flash player, fontcache, help, helper, home, homepage, iexplore.exe, mp3, msiexec, msiinstaller, ntdll.dll, object, plug-in, realtek, registry, required, scan, security, server, software, spotify web helper, svchost, win32k.sys, windows internet |