Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 09.06.2012, 11:36   #1
ph.ie
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Hallo,

habe mir gestern diesen flirt-fever Verschlüsselungstrojaner eingefangen. Meine Dateien konnte ich soweit wiederherstellen und der Computer funktioniert auch wieder, aber woher weiß ich, dass der Trojaner wirklich weg ist? Habe gestern mehrfach einen Avira-Suchdurchlauf gemacht, in denen er gar nicht gefunden wurde, dann - nach dem Recherchieren hier im Forum habe ich mir das Malwarebytes- Programm runtergeladen, welches gestern Abend zwei (Quick-Suchlauf) und heute (vollständiger Suchlauf) eine Trojanerdatei gefunden hat (Trojan.Agent, Trojan.Spyeyes, Trojan.FakeAlert). Den letzten hat es auf einer Speicherkarte gefunden, auf die ich gestern so ein Entschlüsselungsprogramm von hier runtergeladen habe, was mir aber gar nichts nützt. - So. Die sind nun jedenfalls in Quarantäne...Und jetzt ist alles gut? Oder was muss ich jetzt noch machen, damit mein Computer wieder sicher ist?

Hier sind die Logdateien...


08.06.2012 23:58:12
mbam-log-2012-06-08 (23-58-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 209728
Laufzeit: 16 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Recycle.Bin (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 1
C:\Users\AppData\Roaming\Gmpdfruvg\wmpawecv.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

09.06.2012 08:47:28
mbam-log-2012-06-09 (08-47-28).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 455386
Laufzeit: 3 Stunde(n), 8 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
D:\Download\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Schonmal vielen Dank für die Hilfe...

Alt 11.06.2012, 21:18   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Warum postest du die Logs von Malwarebytes unvollständig?
Der Kopf mit den Versionsinfos fehlt!
__________________

__________________

Alt 11.06.2012, 21:57   #3
ph.ie
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Sorry, sah unbedeutsam aus. Also nochmal:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.08.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Phie :: PHIE-HP [Administrator]

08.06.2012 23:58:12
mbam-log-2012-06-08 (23-58-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 209728
Laufzeit: 16 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Recycle.Bin (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 1
C:\Users\Phie\AppData\Roaming\Gmpdfruvg\wmpawecv.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.08.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Phie :: PHIE-HP [Administrator]

09.06.2012 08:47:28
mbam-log-2012-06-09 (08-47-28).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 455386
Laufzeit: 3 Stunde(n), 8 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
D:\Studium\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Und das Neuste:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.10.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Phie :: PHIE-HP [Administrator]

10.06.2012 16:31:49
mbam-log-2012-06-10 (16-31-49).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211208
Laufzeit: 11 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
__________________

Alt 11.06.2012, 22:01   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
         
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
         
Poste nun den Inhalt der log.txt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.06.2012, 01:07   #5
ph.ie
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7208f263e01f3545bdd5fb4e436bab47
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-12 12:05:40
# local_time=2012-06-12 02:05:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 19462204 19462204 0 0
# compatibility_mode=5893 16776573 100 94 214478 91080869 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=268386
# found=2
# cleaned=0
# scan_time=9862
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe	a variant of Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
         


Alt 12.06.2012, 11:02   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Zitat:
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
Umgehend deinstallieren!

Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.
__________________
--> Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?

Alt 12.06.2012, 16:58   #7
ph.ie
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Okay, ich habe das gelöscht. Keine Ahnung, in welchem Zusammenhang ich das
mal gebraucht oder benutzt haben könnte...

Ist denn nun sonst noch etwas auffällig, oder bin ich jetzt erstmal frei
von Trojanern?

Alt 12.06.2012, 21:49   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.06.2012, 11:49   #9
ph.ie
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/13/2012 12:08:43 PM - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Phie\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 34.45% Memory free
3.49 Gb Paging File | 1.91 Gb Available in Paging File | 54.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.80 Gb Total Space | 165.40 Gb Free Space | 58.90% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.99 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
 
Computer Name: PHIE-HP | User Name: Phie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/06/10 19:25:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Phie\Downloads\OTL.exe
PRC - [2012/05/09 20:42:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/09 20:42:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/09 20:42:19 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/05/09 20:42:18 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/01 09:11:34 | 001,083,264 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/01/04 14:32:18 | 000,173,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012/01/04 14:32:06 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/01/25 17:38:44 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/12/03 20:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/08/04 08:52:00 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/04 08:51:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/30 17:49:34 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
PRC - [2009/07/30 17:49:34 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/30 17:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/28 01:32:56 | 000,076,344 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/07/14 01:56:02 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/07/14 01:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe
PRC - [2009/06/18 19:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 23:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/13 19:07:52 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/11 11:32:56 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/11 11:32:36 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll
MOD - [2012/05/11 11:32:25 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 11:32:20 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\7bc1e5196772dfcdc597401cc08098c8\System.Data.ni.dll
MOD - [2012/05/11 11:31:55 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
MOD - [2012/05/11 11:31:19 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/11 11:31:02 | 001,590,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/11 11:30:59 | 000,185,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll
MOD - [2012/05/11 11:30:57 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
MOD - [2012/05/11 11:30:39 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/11 11:30:30 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/11 11:30:22 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/11 11:30:21 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 11:29:39 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/01 09:12:34 | 000,423,808 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012/02/01 09:12:32 | 000,058,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
MOD - [2012/02/01 09:12:30 | 000,095,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\qjson.dll
MOD - [2012/02/01 09:12:14 | 000,384,896 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QxtCore.dll
MOD - [2012/02/01 09:12:14 | 000,165,248 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QxtWeb.dll
MOD - [2012/02/01 09:11:28 | 000,437,632 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
MOD - [2012/01/10 19:38:32 | 000,272,768 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
MOD - [2012/01/10 19:37:58 | 002,557,312 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012/01/10 19:37:56 | 000,346,496 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012/01/10 19:37:54 | 010,843,520 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012/01/10 19:37:48 | 000,196,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012/01/10 19:37:46 | 001,294,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012/01/10 19:37:44 | 000,682,880 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012/01/10 19:37:42 | 000,919,936 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012/01/10 19:37:40 | 000,517,504 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012/01/10 19:37:38 | 008,172,928 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012/01/10 19:37:36 | 002,252,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012/01/10 19:37:34 | 002,288,512 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012/01/10 19:37:32 | 000,422,272 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012/01/10 19:37:22 | 000,202,624 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll
MOD - [2012/01/10 19:37:20 | 000,034,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll
MOD - [2012/01/10 19:37:18 | 000,032,640 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll
MOD - [2012/01/10 19:36:38 | 000,388,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\OviShareLib.dll
MOD - [2012/01/10 19:36:02 | 001,037,696 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Maps Service API.dll
MOD - [2012/01/10 19:35:06 | 000,758,656 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012/01/05 17:00:24 | 000,112,640 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2011/06/17 21:50:20 | 000,123,448 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/11/13 02:02:22 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/03/17 01:57:06 | 001,732,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3503.18374__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/03/17 01:57:06 | 000,339,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3503.18350__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/03/17 01:57:06 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3503.18376__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/03/17 01:57:06 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3503.18446__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/03/17 01:57:06 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3503.18369__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/03/17 01:57:06 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3503.18406__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/03/17 01:57:06 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3503.18360__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/03/17 01:57:05 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3503.18471__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/03/17 01:57:05 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3503.18427__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/03/17 01:57:05 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3503.18360__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/03/17 01:57:05 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3503.18419__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/03/17 01:57:05 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3503.18472__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/03/17 01:57:04 | 000,331,776 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3503.18426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/03/17 01:57:04 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3503.18471__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2010/03/17 01:57:04 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3503.18426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/03/17 01:57:04 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3503.18470__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010/03/17 01:57:03 | 000,782,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3503.18409__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/03/17 01:57:03 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3503.18377__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/03/17 01:57:03 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3503.18439__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/03/17 01:57:03 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3503.18363__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010/03/17 01:57:03 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3503.18376__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/03/17 01:57:03 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3503.18415__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/03/17 01:57:03 | 000,081,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3503.18408__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/03/17 01:57:03 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3503.18382__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/03/17 01:57:03 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3503.18415__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/03/17 01:57:02 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3503.18407__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/03/17 01:57:02 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3503.18417__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010/03/17 01:57:02 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3503.18383__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010/03/17 01:57:02 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/03/17 01:57:02 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3503.18407__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/03/17 01:57:02 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3503.18408__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/03/17 01:57:02 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3503.18417__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/03/17 01:57:02 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/03/17 01:57:01 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/03/17 01:57:01 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/03/17 01:57:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/03/17 01:57:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/03/17 01:57:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/03/17 01:57:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/03/17 01:57:01 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/03/17 01:57:00 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/03/17 01:57:00 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/03/17 01:57:00 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/03/17 01:57:00 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/03/17 01:57:00 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/03/17 01:57:00 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/03/17 01:57:00 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/03/17 01:57:00 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/03/17 01:57:00 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/03/17 01:57:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/03/17 01:57:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/03/17 01:57:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/03/17 01:57:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/03/17 01:57:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/03/17 01:57:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/03/17 01:57:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/03/17 01:56:59 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/03/17 01:56:59 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/03/17 01:56:59 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/03/17 01:56:59 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/03/17 01:56:59 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/03/17 01:56:59 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010/03/17 01:56:59 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/03/17 01:56:59 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/03/17 01:56:59 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/03/17 01:56:58 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/03/17 01:56:58 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/03/17 01:56:58 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3503.18478__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/03/17 01:56:58 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/03/17 01:56:58 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/03/17 01:56:58 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/03/17 01:56:58 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/03/17 01:56:58 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/03/17 01:56:58 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3503.18344__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/03/17 01:56:57 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3503.18368__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/03/17 01:56:57 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3503.18465__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/03/17 01:56:57 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3503.18463__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/03/17 01:56:57 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3503.18348__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/03/17 01:56:57 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3503.18347__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/03/17 01:56:57 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/03/17 01:56:57 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/03/17 01:56:57 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/03/17 01:56:57 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/03/17 01:56:57 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/03/17 01:56:57 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/03/17 01:56:56 | 001,212,416 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3503.18356__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/03/17 01:56:56 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/03/17 01:56:56 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/03/17 01:56:56 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/03/17 01:56:56 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/03/17 01:56:56 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3503.18464__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/03/17 01:56:55 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3503.18346__90ba9c70f846762e\APM.Server.dll
MOD - [2010/03/17 01:56:55 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3503.18345__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/01/06 01:46:45 | 000,249,856 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010/01/06 01:46:45 | 000,110,592 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2009/07/16 03:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/16 03:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/16 03:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/16 03:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/16 03:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/16 03:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/16 03:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/16 03:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/06/17 21:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/06/17 21:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/06/17 21:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2008/12/19 00:03:42 | 000,020,480 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/06/10 12:33:25 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/01 17:37:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/09 20:42:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/09 20:42:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/11/24 20:40:47 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2009/12/03 20:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/08/04 08:51:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/30 17:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/07/14 01:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV)
SRV - [2009/06/18 19:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/13 20:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/03/02 23:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/05/09 20:42:20 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/09 20:42:20 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/03/07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 01:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 01:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/11/01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/11/01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/11/01 11:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011/10/11 16:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/05/18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011/05/05 19:03:38 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/05/05 19:03:38 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/01/26 17:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/11/02 15:37:42 | 000,565,440 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/08/04 09:25:00 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 01:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/02 11:40:34 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/05/16 04:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/05/16 04:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/16 04:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/16 04:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/05/16 04:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/05/04 20:30:00 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/04/29 18:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = {77409DB1-BC1B-4652-8DC9-83C158577578}
IE - HKLM\..\SearchScopes\{77409DB1-BC1B-4652-8DC9-83C158577578}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\SearchScopes\{77409DB1-BC1B-4652-8DC9-83C158577578}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/25 01:15:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/02/09 17:37:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/06/09 13:38:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/09 14:12:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/02/09 17:37:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/25 01:15:38 | 000,000,000 | ---D | M]
 
[2012/06/09 14:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phie\AppData\Roaming\mozilla\Extensions
[2012/06/10 15:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phie\AppData\Roaming\mozilla\Firefox\Profiles\8mk9wiiv.default\extensions
[2012/06/09 14:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/06/01 17:38:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001..\Run: []  File not found
O4 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\Phie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Download by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: &Grab video by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Do&wnload selected by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: Down&load all by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Phie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Phie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5CA15FA-481E-4FF9-8374-3C33AF2BEA62}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/24 19:53:38 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{2d52ebf9-b456-11df-9aea-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{2d52ebf9-b456-11df-9aea-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2d52ebfd-b456-11df-9aea-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{2d52ebfd-b456-11df-9aea-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{79b95dd3-c1b0-11df-9025-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{79b95dd3-c1b0-11df-9025-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{79b95dd5-c1b0-11df-9025-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{79b95dd5-c1b0-11df-9025-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{79b95dd9-c1b0-11df-9025-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{79b95dd9-c1b0-11df-9025-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{983f9058-70b8-11df-a91b-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{983f9058-70b8-11df-a91b-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{983f905c-70b8-11df-a91b-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{983f905c-70b8-11df-a91b-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{983f905e-70b8-11df-a91b-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{983f905e-70b8-11df-a91b-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{983f9060-70b8-11df-a91b-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{983f9060-70b8-11df-a91b-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: DivX Download Manager - hkey= - key= -  File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: NokiaMServer - hkey= - key= -  File not found
MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= -  File not found
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9EFC9CF9-2629-F45E-83D3-6A3DDFDFAE18} - LightScribe Control Panel
ActiveX: {AC4F23F0-8CE7-7FA1-DDE7-60F3C6372988} - Microsoft Windows Media Player
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F756EAD2-4CC5-3CAD-086F-8AAAD5DA4D81} - LightScribe Control Panel
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/11 23:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/10 17:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus
[2012/06/10 17:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/06/10 12:47:54 | 000,000,000 | ---D | C] -- C:\Users\Phie\AppData\Local\Macromedia
[2012/06/09 14:13:01 | 000,000,000 | ---D | C] -- C:\Users\Phie\AppData\Local\Mozilla
[2012/06/09 14:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/09 14:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/09 14:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/06/09 13:53:06 | 000,000,000 | ---D | C] -- C:\Users\Phie\Desktop\Sicherheit
[2012/06/09 12:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/06/09 12:48:23 | 000,337,880 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2012/06/09 12:48:23 | 000,020,696 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2012/06/09 12:48:20 | 000,044,376 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2012/06/09 12:48:19 | 000,612,184 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2012/06/09 12:48:19 | 000,053,848 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2012/06/09 12:48:18 | 000,057,688 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2012/06/09 12:47:39 | 000,041,184 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2012/06/09 12:47:38 | 000,201,352 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2012/06/09 12:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/09 12:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/09 01:56:13 | 000,000,000 | ---D | C] -- C:\Users\Phie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2012/06/09 01:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\Recovery Toolbox for Word
[2012/06/08 23:55:10 | 000,000,000 | ---D | C] -- C:\Users\Phie\AppData\Roaming\Malwarebytes
[2012/06/08 23:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/08 23:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/08 23:55:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/06/08 23:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/08 17:47:56 | 000,000,000 | ---D | C] -- C:\Users\Phie\AppData\Roaming\Gmpdfruvg
[2012/05/30 18:23:24 | 000,000,000 | ---D | C] -- C:\Users\Phie\Documents\Stefan
[2012/05/23 22:07:30 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\windows\System32\QtCore4.dll
[2012/05/23 22:07:27 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\windows\System32\Newtonsoft.Json.Net20.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/13 12:12:51 | 000,019,536 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 12:12:51 | 000,019,536 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 12:04:39 | 000,569,544 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/06/13 12:04:34 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/13 12:04:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/13 12:04:13 | 1406,820,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/13 11:33:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/13 11:21:05 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/12 11:03:48 | 000,664,634 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/06/12 11:03:48 | 000,624,776 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/06/12 11:03:48 | 000,134,770 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/06/12 11:03:48 | 000,110,414 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/06/09 14:12:48 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/09 13:38:29 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/06/13 12:04:18 | 000,569,544 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2012/06/09 14:12:48 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/09 14:12:48 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/20 13:06:13 | 000,369,532 | ---- | C] () -- C:\windows\hpoins46.dat.temp
[2011/12/02 10:18:11 | 000,000,000 | ---- | C] () -- C:\Users\Phie\AppData\Local\{37EC9AA0-6538-4793-AD15-0BCCA4582601}
[2011/11/25 20:05:49 | 000,000,000 | ---- | C] () -- C:\Users\Phie\AppData\Roaming\wklnhst.dat
[2011/10/12 14:52:18 | 000,000,118 | ---- | C] () -- C:\windows\System32\MRT.INI
[2011/08/02 20:35:46 | 000,000,532 | ---- | C] () -- C:\windows\hpomdl46.dat.temp
[2011/08/01 02:13:31 | 000,000,000 | ---- | C] () -- C:\Users\Phie\AppData\Local\{DDA3A991-BDCA-42A3-BD62-1DA24341616D}
[2011/07/07 21:23:43 | 000,000,000 | ---- | C] () -- C:\Users\Phie\AppData\Local\{2525E744-2A56-4626-B07A-F96012EB662A}
[2011/02/01 20:31:35 | 000,001,849 | ---- | C] () -- C:\Users\Phie\AppData\Roaming\GhostObjGAFix.xml
[2010/12/25 01:08:13 | 000,217,306 | ---- | C] () -- C:\windows\hpoins46.dat
[2010/09/04 19:40:52 | 000,000,000 | ---- | C] () -- C:\Users\Phie\AppData\Local\rx_image32.Cache
[2010/09/04 19:35:22 | 000,000,403 | ---- | C] () -- C:\windows\ODBC.INI
 
========== LOP Check ==========
 
[2011/11/24 20:38:14 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Autodesk
[2010/11/12 16:23:07 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Canneverbe Limited
[2012/05/23 22:07:54 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\DVDVideoSoft
[2011/02/01 20:52:27 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/05/05 20:07:38 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Games
[2012/06/09 00:26:27 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Gmpdfruvg
[2011/12/04 19:44:06 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\GrabPro
[2011/10/25 17:54:24 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\gtk-2.0
[2012/02/28 14:38:12 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\ICQ
[2011/01/15 19:13:54 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Local
[2012/02/09 17:38:59 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Nokia
[2010/03/29 22:01:20 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Nokia Ovi Suite
[2012/02/09 18:13:34 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Nokia Suite
[2010/08/11 13:09:36 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\OpenOffice.org
[2011/04/29 12:22:42 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Opera
[2011/12/04 19:48:26 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Orbit
[2012/02/09 17:53:37 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\PC Suite
[2011/12/04 19:44:08 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\ProgSense
[2010/09/04 19:27:11 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\TerraTec
[2012/02/09 03:01:55 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Tropico 3
[2011/02/13 18:35:08 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Visan
[2012/05/23 10:14:06 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/05/05 20:08:25 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Adobe
[2010/03/17 01:57:36 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\ATI
[2011/11/24 20:38:14 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Autodesk
[2011/10/30 17:12:03 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Avira
[2010/11/12 16:23:07 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Canneverbe Limited
[2010/06/07 00:19:55 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\DivX
[2012/05/23 22:07:54 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\DVDVideoSoft
[2011/02/01 20:52:27 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/05/05 20:07:38 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Games
[2012/06/09 00:26:27 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Gmpdfruvg
[2011/12/04 19:44:06 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\GrabPro
[2011/10/25 17:54:24 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\gtk-2.0
[2011/05/21 13:29:51 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\hewlett-packard
[2011/01/05 17:36:37 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\HP
[2010/03/16 18:18:40 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\HP TCS
[2010/03/16 18:05:50 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\hpqLog
[2012/05/12 13:39:12 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\HpUpdate
[2012/02/28 14:38:12 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\ICQ
[2010/03/16 18:21:35 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Identities
[2010/03/16 18:11:21 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\InstallShield
[2011/01/15 19:13:54 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Local
[2010/03/16 19:17:51 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Macromedia
[2012/06/08 23:55:10 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Malwarebytes
[2012/06/10 12:47:54 | 000,000,000 | --SD | M] -- C:\Users\Phie\AppData\Roaming\Microsoft
[2010/09/04 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Microsoft Web Folders
[2012/06/09 14:13:23 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Mozilla
[2010/07/23 18:17:22 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Nero
[2012/02/09 17:38:59 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Nokia
[2010/03/29 22:01:20 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Nokia Ovi Suite
[2012/02/09 18:13:34 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Nokia Suite
[2010/08/11 13:09:36 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\OpenOffice.org
[2011/04/29 12:22:42 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Opera
[2011/12/04 19:48:26 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Orbit
[2012/02/09 17:53:37 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\PC Suite
[2011/12/04 19:44:08 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\ProgSense
[2011/12/04 19:42:33 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Real
[2010/09/04 19:40:34 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Roxio
[2010/09/04 19:27:11 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\TerraTec
[2012/02/09 03:01:55 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Tropico 3
[2011/02/13 18:35:08 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Visan
[2011/12/05 14:49:25 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\vlc
[2012/06/10 20:27:53 | 000,000,000 | ---D | M] -- C:\Users\Phie\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
[2011/02/07 19:11:29 | 000,010,134 | R--- | M] () -- C:\Users\Phie\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/08/04 08:52:00 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\windows\system32\ATIDEMGX.dll

< End of report >
         
--- --- ---

Alt 13.06.2012, 16:11   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\SearchScopes\{77409DB1-BC1B-4652-8DC9-83C158577578}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
FF - user.js - File not found
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001..\Run: []  File not found
O4 - HKU\S-1-5-21-3286414366-3311363010-1766297574-1001..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/24 19:53:38 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{2d52ebf9-b456-11df-9aea-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{2d52ebf9-b456-11df-9aea-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2d52ebfd-b456-11df-9aea-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{2d52ebfd-b456-11df-9aea-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{79b95dd3-c1b0-11df-9025-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{79b95dd3-c1b0-11df-9025-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{79b95dd5-c1b0-11df-9025-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{79b95dd5-c1b0-11df-9025-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{79b95dd9-c1b0-11df-9025-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{79b95dd9-c1b0-11df-9025-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{983f9058-70b8-11df-a91b-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{983f9058-70b8-11df-a91b-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{983f905c-70b8-11df-a91b-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{983f905c-70b8-11df-a91b-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{983f905e-70b8-11df-a91b-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{983f905e-70b8-11df-a91b-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{983f9060-70b8-11df-a91b-0027137715a3}\Shell - "" = AutoRun
O33 - MountPoints2\{983f9060-70b8-11df-a91b-0027137715a3}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
:Files
C:\Users\Phie\AppData\Roaming\Gmpdfruvg
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.06.2012, 16:37   #11
ph.ie
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3286414366-3311363010-1766297574-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\Microsoft\Internet Explorer\SearchScopes\{77409DB1-BC1B-4652-8DC9-83C158577578}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77409DB1-BC1B-4652-8DC9-83C158577578}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_USERS\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d52ebf9-b456-11df-9aea-0027137715a3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d52ebf9-b456-11df-9aea-0027137715a3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d52ebf9-b456-11df-9aea-0027137715a3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d52ebf9-b456-11df-9aea-0027137715a3}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d52ebfd-b456-11df-9aea-0027137715a3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d52ebfd-b456-11df-9aea-0027137715a3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d52ebfd-b456-11df-9aea-0027137715a3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d52ebfd-b456-11df-9aea-0027137715a3}\ not found.
File D:\AutoRun.exe not found.
         

Alt 13.06.2012, 19:59   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.06.2012, 21:01   #13
ph.ie
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Code:
ATTFilter
21:56:37.0706 2444	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:56:38.0034 2444	============================================================
21:56:38.0034 2444	Current date / time: 2012/06/13 21:56:38.0034
21:56:38.0034 2444	SystemInfo:
21:56:38.0034 2444	
21:56:38.0034 2444	OS Version: 6.1.7601 ServicePack: 1.0
21:56:38.0034 2444	Product type: Workstation
21:56:38.0034 2444	ComputerName: PHIE-HP
21:56:38.0034 2444	UserName: Phie
21:56:38.0034 2444	Windows directory: C:\windows
21:56:38.0034 2444	System windows directory: C:\windows
21:56:38.0034 2444	Processor architecture: Intel x86
21:56:38.0034 2444	Number of processors: 2
21:56:38.0034 2444	Page size: 0x1000
21:56:38.0035 2444	Boot type: Normal boot
21:56:38.0035 2444	============================================================
21:56:39.0499 2444	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:56:39.0506 2444	============================================================
21:56:39.0506 2444	\Device\Harddisk0\DR0:
21:56:39.0507 2444	MBR partitions:
21:56:39.0507 2444	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
21:56:39.0507 2444	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x23197800
21:56:39.0507 2444	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2322E000, BlocksNum 0x1E00000
21:56:39.0507 2444	\Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x2502E000, BlocksNum 0x3FD800
21:56:39.0507 2444	============================================================
21:56:39.0531 2444	C: <-> \Device\Harddisk0\DR0\Partition1
21:56:39.0558 2444	E: <-> \Device\Harddisk0\DR0\Partition3
21:56:39.0559 2444	============================================================
21:56:39.0559 2444	Initialize success
21:56:39.0559 2444	============================================================
21:57:31.0875 5968	============================================================
21:57:31.0876 5968	Scan started
21:57:31.0876 5968	Mode: Manual; SigCheck; TDLFS; 
21:57:31.0876 5968	============================================================
21:57:32.0839 5968	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
21:57:32.0991 5968	1394ohci - ok
21:57:33.0034 5968	ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
21:57:33.0080 5968	ACPI - ok
21:57:33.0118 5968	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
21:57:33.0172 5968	AcpiPmi - ok
21:57:33.0250 5968	AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:57:33.0294 5968	AdobeFlashPlayerUpdateSvc - ok
21:57:33.0358 5968	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
21:57:33.0403 5968	adp94xx - ok
21:57:33.0435 5968	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
21:57:33.0474 5968	adpahci - ok
21:57:33.0503 5968	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
21:57:33.0539 5968	adpu320 - ok
21:57:33.0568 5968	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
21:57:33.0632 5968	AeLookupSvc - ok
21:57:33.0712 5968	AESTFilters     (827dbc22c96eecf6d36a13162fabafd3) C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe
21:57:33.0768 5968	AESTFilters - ok
21:57:33.0819 5968	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
21:57:33.0883 5968	AFD - ok
21:57:33.0951 5968	AgereModemAudio (48091a2374a69f473273c44951195452) C:\Program Files\LSI SoftModem\agrsmsvc.exe
21:57:38.0184 5968	AgereModemAudio - ok
21:57:38.0306 5968	AgereSoftModem  (c6fa08a8cca9001f3197525b07331715) C:\windows\system32\DRIVERS\AGRSM.sys
21:57:38.0389 5968	AgereSoftModem - ok
21:57:38.0424 5968	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
21:57:38.0454 5968	agp440 - ok
21:57:38.0487 5968	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
21:57:38.0517 5968	aic78xx - ok
21:57:38.0553 5968	ALG             (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
21:57:38.0619 5968	ALG - ok
21:57:38.0643 5968	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
21:57:38.0672 5968	aliide - ok
21:57:38.0741 5968	AMD External Events Utility (a236cee2bf90381e981ebb870429fa9b) C:\windows\system32\atiesrxx.exe
21:57:38.0786 5968	AMD External Events Utility - ok
21:57:38.0797 5968	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
21:57:38.0828 5968	amdagp - ok
21:57:38.0847 5968	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
21:57:38.0876 5968	amdide - ok
21:57:38.0904 5968	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
21:57:38.0941 5968	AmdK8 - ok
21:57:38.0962 5968	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
21:57:39.0010 5968	AmdPPM - ok
21:57:39.0043 5968	amdsata         (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
21:57:39.0074 5968	amdsata - ok
21:57:39.0110 5968	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
21:57:39.0142 5968	amdsbs - ok
21:57:39.0159 5968	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
21:57:39.0188 5968	amdxata - ok
21:57:39.0280 5968	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:57:39.0310 5968	AntiVirSchedulerService - ok
21:57:39.0364 5968	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:57:39.0392 5968	AntiVirService - ok
21:57:39.0438 5968	AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
21:57:39.0507 5968	AppID - ok
21:57:39.0551 5968	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
21:57:39.0628 5968	AppIDSvc - ok
21:57:39.0666 5968	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
21:57:39.0733 5968	Appinfo - ok
21:57:39.0763 5968	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
21:57:39.0794 5968	arc - ok
21:57:39.0806 5968	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
21:57:39.0838 5968	arcsas - ok
21:57:39.0910 5968	aspnet_state    (39cdcb109bf200cc8a05b9c7e6272d11) C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:57:39.0939 5968	aspnet_state - ok
21:57:39.0998 5968	aswFsBlk        (0ae43c6c411254049279c2ee55630f95) C:\windows\system32\drivers\aswFsBlk.sys
21:57:40.0025 5968	aswFsBlk - ok
21:57:40.0069 5968	aswMonFlt       (6693141560b1615d8dccf0d8eb00087e) C:\windows\system32\drivers\aswMonFlt.sys
21:57:40.0086 5968	aswMonFlt - ok
21:57:40.0108 5968	aswRdr          (225013c16fe096714d71649ad7a20e8b) C:\windows\System32\Drivers\aswrdr2.sys
21:57:40.0124 5968	aswRdr - ok
21:57:40.0168 5968	aswSnx          (dcb199b967375753b5019ec15f008f53) C:\windows\system32\drivers\aswSnx.sys
21:57:40.0207 5968	aswSnx - ok
21:57:40.0246 5968	aswSP           (b32873e5a1443c0a1e322266e203bf10) C:\windows\system32\drivers\aswSP.sys
21:57:40.0285 5968	aswSP - ok
21:57:40.0305 5968	aswTdi          (6ff544175a9180c5d88534d3d9c9a9f7) C:\windows\system32\drivers\aswTdi.sys
21:57:40.0332 5968	aswTdi - ok
21:57:40.0372 5968	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
21:57:40.0442 5968	AsyncMac - ok
21:57:40.0467 5968	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
21:57:40.0488 5968	atapi - ok
21:57:40.0842 5968	atikmdag        (a4252328d2b1520571102992ef0b0e5c) C:\windows\system32\DRIVERS\atikmdag.sys
21:57:41.0014 5968	atikmdag - ok
21:57:41.0124 5968	AtiPcie         (b73c832088dd54b55e04ff6f9646ad8c) C:\windows\system32\DRIVERS\AtiPcie.sys
21:57:41.0151 5968	AtiPcie - ok
21:57:41.0204 5968	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\windows\system32\DRIVERS\atksgt.sys
21:57:41.0242 5968	atksgt - ok
21:57:41.0304 5968	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
21:57:41.0386 5968	AudioEndpointBuilder - ok
21:57:41.0401 5968	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
21:57:41.0474 5968	Audiosrv - ok
21:57:41.0632 5968	Autodesk Licensing Service (ea2d28bbe98256654397cd1f6eaebdd8) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
21:57:41.0652 5968	Autodesk Licensing Service - ok
21:57:41.0715 5968	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:57:41.0744 5968	avast! Antivirus - ok
21:57:41.0789 5968	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\windows\system32\DRIVERS\avgntflt.sys
21:57:41.0820 5968	avgntflt - ok
21:57:41.0877 5968	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\windows\system32\DRIVERS\avipbb.sys
21:57:41.0915 5968	avipbb - ok
21:57:41.0943 5968	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\windows\system32\DRIVERS\avkmgr.sys
21:57:41.0973 5968	avkmgr - ok
21:57:42.0017 5968	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
21:57:42.0114 5968	AxInstSV - ok
21:57:42.0173 5968	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
21:57:42.0240 5968	b06bdrv - ok
21:57:42.0293 5968	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
21:57:42.0335 5968	b57nd60x - ok
21:57:42.0561 5968	BCM43XX         (40fb1d9065e668cd4beeff0a804c40e0) C:\windows\system32\DRIVERS\bcmwl6.sys
21:57:42.0664 5968	BCM43XX - ok
21:57:42.0835 5968	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
21:57:42.0901 5968	BDESVC - ok
21:57:42.0955 5968	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
21:57:43.0028 5968	Beep - ok
21:57:43.0126 5968	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
21:57:43.0218 5968	BFE - ok
21:57:43.0270 5968	BITS            (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
21:57:43.0369 5968	BITS - ok
21:57:43.0397 5968	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
21:57:43.0431 5968	blbdrive - ok
21:57:43.0459 5968	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
21:57:43.0501 5968	bowser - ok
21:57:43.0524 5968	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
21:57:43.0566 5968	BrFiltLo - ok
21:57:43.0586 5968	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
21:57:43.0644 5968	BrFiltUp - ok
21:57:43.0689 5968	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
21:57:43.0751 5968	Browser - ok
21:57:43.0779 5968	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
21:57:43.0828 5968	Brserid - ok
21:57:43.0856 5968	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
21:57:43.0892 5968	BrSerWdm - ok
21:57:43.0921 5968	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
21:57:43.0961 5968	BrUsbMdm - ok
21:57:43.0977 5968	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
21:57:44.0020 5968	BrUsbSer - ok
21:57:44.0071 5968	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
21:57:44.0132 5968	BthEnum - ok
21:57:44.0153 5968	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
21:57:44.0202 5968	BTHMODEM - ok
21:57:44.0233 5968	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
21:57:44.0300 5968	BthPan - ok
21:57:44.0484 5968	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
21:57:44.0536 5968	BTHPORT - ok
21:57:44.0570 5968	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
21:57:44.0647 5968	bthserv - ok
21:57:44.0679 5968	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
21:57:44.0717 5968	BTHUSB - ok
21:57:44.0757 5968	btwaudio        (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
21:57:44.0785 5968	btwaudio - ok
21:57:44.0821 5968	btwavdt         (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys
21:57:44.0849 5968	btwavdt - ok
21:57:44.0921 5968	btwdins         (7d2dd14e60ce4ff3308d66fda7990546) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:57:44.0965 5968	btwdins - ok
21:57:44.0985 5968	btwl2cap        (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
21:57:44.0998 5968	btwl2cap - ok
21:57:45.0020 5968	btwrchid        (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
21:57:45.0035 5968	btwrchid - ok
21:57:45.0071 5968	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
21:57:45.0137 5968	cdfs - ok
21:57:45.0188 5968	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
21:57:45.0228 5968	cdrom - ok
21:57:45.0278 5968	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
21:57:45.0348 5968	CertPropSvc - ok
21:57:45.0379 5968	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
21:57:45.0424 5968	circlass - ok
21:57:45.0469 5968	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
21:57:45.0508 5968	CLFS - ok
21:57:45.0572 5968	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:57:45.0603 5968	clr_optimization_v2.0.50727_32 - ok
21:57:45.0679 5968	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:57:45.0722 5968	clr_optimization_v4.0.30319_32 - ok
21:57:45.0737 5968	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
21:57:45.0781 5968	CmBatt - ok
21:57:45.0804 5968	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
21:57:45.0832 5968	cmdide - ok
21:57:45.0892 5968	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
21:57:45.0940 5968	CNG - ok
21:57:46.0037 5968	Com4QLBEx       (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:57:46.0071 5968	Com4QLBEx - ok
21:57:46.0088 5968	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
21:57:46.0117 5968	Compbatt - ok
21:57:46.0149 5968	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
21:57:46.0193 5968	CompositeBus - ok
21:57:46.0208 5968	COMSysApp - ok
21:57:46.0229 5968	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
21:57:46.0248 5968	crcdisk - ok
21:57:46.0299 5968	CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
21:57:46.0349 5968	CryptSvc - ok
21:57:46.0387 5968	CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\windows\system32\DRIVERS\CVirtA.sys
21:57:46.0425 5968	CVirtA - ok
21:57:46.0481 5968	dc3d            (7caaf4af453ef3582fef65dd72caa0aa) C:\windows\system32\DRIVERS\dc3d.sys
21:57:46.0519 5968	dc3d - ok
21:57:46.0587 5968	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
21:57:46.0677 5968	DcomLaunch - ok
21:57:46.0713 5968	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
21:57:46.0771 5968	defragsvc - ok
21:57:46.0824 5968	DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
21:57:46.0891 5968	DfsC - ok
21:57:46.0964 5968	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
21:57:47.0043 5968	Dhcp - ok
21:57:47.0073 5968	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
21:57:47.0135 5968	discache - ok
21:57:47.0171 5968	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
21:57:47.0201 5968	Disk - ok
21:57:47.0253 5968	DNE             (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\windows\system32\DRIVERS\dne2000.sys
21:57:47.0280 5968	DNE - ok
21:57:47.0331 5968	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
21:57:47.0378 5968	Dnscache - ok
21:57:47.0440 5968	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
21:57:47.0525 5968	dot3svc - ok
21:57:47.0560 5968	Dot4            (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys
21:57:47.0603 5968	Dot4 - ok
21:57:47.0639 5968	Dot4Print       (caefd09b6a6249c53a67d55a9a9fcabf) C:\windows\system32\DRIVERS\Dot4Prt.sys
21:57:47.0680 5968	Dot4Print - ok
21:57:47.0699 5968	dot4usb         (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys
21:57:47.0746 5968	dot4usb - ok
21:57:47.0793 5968	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
21:57:47.0883 5968	DPS - ok
21:57:47.0922 5968	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
21:57:47.0956 5968	drmkaud - ok
21:57:48.0031 5968	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
21:57:48.0085 5968	DXGKrnl - ok
21:57:48.0115 5968	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
21:57:48.0193 5968	EapHost - ok
21:57:48.0422 5968	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
21:57:48.0551 5968	ebdrv - ok
21:57:48.0676 5968	EFS             (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
21:57:48.0727 5968	EFS - ok
21:57:48.0811 5968	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
21:57:48.0894 5968	ehRecvr - ok
21:57:48.0917 5968	ehSched         (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
21:57:48.0973 5968	ehSched - ok
21:57:49.0043 5968	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
21:57:49.0088 5968	elxstor - ok
21:57:49.0115 5968	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
21:57:49.0155 5968	ErrDev - ok
21:57:49.0216 5968	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
21:57:49.0296 5968	EventSystem - ok
21:57:49.0331 5968	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
21:57:49.0402 5968	exfat - ok
21:57:49.0430 5968	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
21:57:49.0482 5968	fastfat - ok
21:57:49.0683 5968	Fax             (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
21:57:49.0753 5968	Fax - ok
21:57:49.0782 5968	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
21:57:49.0820 5968	fdc - ok
21:57:49.0846 5968	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
21:57:49.0911 5968	fdPHost - ok
21:57:49.0929 5968	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
21:57:49.0992 5968	FDResPub - ok
21:57:50.0011 5968	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
21:57:50.0026 5968	FileInfo - ok
21:57:50.0040 5968	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
21:57:50.0074 5968	Filetrace - ok
21:57:50.0088 5968	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
21:57:50.0119 5968	flpydisk - ok
21:57:50.0152 5968	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
21:57:50.0172 5968	FltMgr - ok
21:57:50.0243 5968	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
21:57:50.0339 5968	FontCache - ok
21:57:50.0410 5968	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:57:50.0434 5968	FontCache3.0.0.0 - ok
21:57:50.0458 5968	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
21:57:50.0487 5968	FsDepends - ok
21:57:50.0516 5968	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
21:57:50.0543 5968	Fs_Rec - ok
21:57:50.0602 5968	fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
21:57:50.0649 5968	fvevol - ok
21:57:50.0689 5968	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
21:57:50.0719 5968	gagp30kx - ok
21:57:50.0784 5968	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
21:57:50.0883 5968	gpsvc - ok
21:57:50.0989 5968	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:57:51.0024 5968	gupdate - ok
21:57:51.0052 5968	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:57:51.0080 5968	gupdatem - ok
21:57:51.0109 5968	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
21:57:51.0168 5968	hcw85cir - ok
21:57:51.0239 5968	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
21:57:51.0286 5968	HdAudAddService - ok
21:57:51.0326 5968	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
21:57:51.0382 5968	HDAudBus - ok
21:57:51.0400 5968	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
21:57:51.0438 5968	HidBatt - ok
21:57:51.0464 5968	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
21:57:51.0507 5968	HidBth - ok
21:57:51.0529 5968	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
21:57:51.0564 5968	HidIr - ok
21:57:51.0591 5968	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
21:57:51.0663 5968	hidserv - ok
21:57:51.0698 5968	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
21:57:51.0736 5968	HidUsb - ok
21:57:51.0776 5968	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
21:57:51.0829 5968	hkmsvc - ok
21:57:51.0876 5968	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
21:57:51.0939 5968	HomeGroupListener - ok
21:57:51.0991 5968	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
21:57:52.0063 5968	HomeGroupProvider - ok
21:57:52.0180 5968	HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
21:57:52.0207 5968	HP Health Check Service - ok
21:57:52.0261 5968	HPDrvMntSvc.exe (f55442690a70a0278a7eed4faaebf576) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:57:52.0286 5968	HPDrvMntSvc.exe - ok
21:57:52.0362 5968	hpqcxs08        (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:57:52.0398 5968	hpqcxs08 - ok
21:57:52.0424 5968	hpqddsvc        (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:57:52.0455 5968	hpqddsvc - ok
21:57:52.0532 5968	HpqKbFiltr      (1210960ff8928950d2a786895b0c424a) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
21:57:52.0569 5968	HpqKbFiltr - ok
21:57:52.0655 5968	hpqwmiex        (640e51db253265c3eac075866b3d2b33) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:57:52.0714 5968	hpqwmiex - ok
21:57:52.0767 5968	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
21:57:52.0797 5968	HpSAMD - ok
21:57:52.0915 5968	HPSLPSVC        (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:57:52.0965 5968	HPSLPSVC - ok
21:57:53.0044 5968	HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
21:57:53.0116 5968	HTTP - ok
21:57:53.0137 5968	hwdatacard - ok
21:57:53.0179 5968	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
21:57:53.0207 5968	hwpolicy - ok
21:57:53.0262 5968	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
21:57:53.0301 5968	i8042prt - ok
21:57:53.0355 5968	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
21:57:53.0394 5968	iaStorV - ok
21:57:53.0540 5968	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:57:53.0603 5968	idsvc - ok
21:57:54.0063 5968	igfx            (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
21:57:54.0241 5968	igfx - ok
21:57:54.0359 5968	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
21:57:54.0388 5968	iirsp - ok
21:57:54.0495 5968	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
21:57:54.0578 5968	IKEEXT - ok
21:57:54.0611 5968	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
21:57:54.0631 5968	intelide - ok
21:57:54.0752 5968	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
21:57:54.0784 5968	intelppm - ok
21:57:54.0830 5968	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
21:57:54.0916 5968	IPBusEnum - ok
21:57:54.0954 5968	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:57:55.0025 5968	IpFilterDriver - ok
21:57:55.0082 5968	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
21:57:55.0146 5968	iphlpsvc - ok
21:57:55.0176 5968	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
21:57:55.0210 5968	IPMIDRV - ok
21:57:55.0237 5968	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
21:57:55.0302 5968	IPNAT - ok
21:57:55.0321 5968	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
21:57:55.0359 5968	IRENUM - ok
21:57:55.0386 5968	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
21:57:55.0403 5968	isapnp - ok
21:57:55.0449 5968	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
21:57:55.0483 5968	iScsiPrt - ok
21:57:55.0514 5968	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
21:57:55.0543 5968	kbdclass - ok
21:57:55.0571 5968	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
21:57:55.0603 5968	kbdhid - ok
21:57:55.0641 5968	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:57:55.0676 5968	KeyIso - ok
21:57:55.0697 5968	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
21:57:55.0727 5968	KSecDD - ok
21:57:55.0754 5968	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
21:57:55.0773 5968	KSecPkg - ok
21:57:55.0825 5968	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
21:57:55.0923 5968	KtmRm - ok
21:57:55.0985 5968	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
21:57:56.0069 5968	LanmanServer - ok
21:57:56.0123 5968	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
21:57:56.0196 5968	LanmanWorkstation - ok
21:57:56.0288 5968	LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:57:56.0307 5968	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:57:56.0307 5968	LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:57:56.0352 5968	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\windows\system32\DRIVERS\lirsgt.sys
21:57:56.0379 5968	lirsgt - ok
21:57:56.0417 5968	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
21:57:56.0487 5968	lltdio - ok
21:57:56.0527 5968	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
21:57:56.0619 5968	lltdsvc - ok
21:57:56.0638 5968	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
21:57:56.0677 5968	lmhosts - ok
21:57:56.0723 5968	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
21:57:56.0754 5968	LSI_FC - ok
21:57:56.0782 5968	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
21:57:56.0814 5968	LSI_SAS - ok
21:57:56.0839 5968	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
21:57:56.0868 5968	LSI_SAS2 - ok
21:57:56.0890 5968	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
21:57:56.0921 5968	LSI_SCSI - ok
21:57:56.0946 5968	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
21:57:57.0009 5968	luafv - ok
21:57:57.0052 5968	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
21:57:57.0096 5968	Mcx2Svc - ok
21:57:57.0198 5968	MDM             (7d552e9b906020bc2fcfe70fcdb96aea) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
21:57:57.0225 5968	MDM ( UnsignedFile.Multi.Generic ) - warning
21:57:57.0226 5968	MDM - detected UnsignedFile.Multi.Generic (1)
21:57:57.0245 5968	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
21:57:57.0274 5968	megasas - ok
21:57:57.0298 5968	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
21:57:57.0335 5968	MegaSR - ok
21:57:57.0375 5968	MfeAVFK         (64b96de8c492bd435372d9130a535f1d) C:\windows\system32\drivers\MfeAVFK.sys
21:57:57.0397 5968	MfeAVFK - ok
21:57:57.0417 5968	MfeBOPK         (078e87a89d36cc3516f19d5fb518bddc) C:\windows\system32\drivers\MfeBOPK.sys
21:57:57.0441 5968	MfeBOPK - ok
21:57:57.0483 5968	mfehidk         (168c565101fd5b9db694efdec91fafa9) C:\windows\system32\drivers\mfehidk.sys
21:57:57.0515 5968	mfehidk - ok
21:57:57.0538 5968	MfeRKDK         (e0842f67dc9bc4d21d1e319610ebe9e5) C:\windows\system32\drivers\MfeRKDK.sys
21:57:57.0563 5968	MfeRKDK - ok
21:57:57.0593 5968	mfetdik         (43a7acbbd70ecd62f0b63486c72089a3) C:\windows\system32\drivers\mfetdik.sys
21:57:57.0619 5968	mfetdik - ok
21:57:57.0651 5968	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:57:57.0720 5968	MMCSS - ok
21:57:57.0787 5968	mod7700         (e821a366aa77f6e4f76056f35f76dee8) C:\windows\system32\DRIVERS\dvb7700all.sys
21:57:57.0837 5968	mod7700 - ok
21:57:57.0864 5968	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
21:57:57.0940 5968	Modem - ok
21:57:57.0973 5968	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
21:57:58.0017 5968	monitor - ok
21:57:58.0058 5968	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
21:57:58.0087 5968	mouclass - ok
21:57:58.0119 5968	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
21:57:58.0160 5968	mouhid - ok
21:57:58.0198 5968	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
21:57:58.0230 5968	mountmgr - ok
21:57:58.0295 5968	MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:57:58.0326 5968	MozillaMaintenance - ok
21:57:58.0370 5968	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
21:57:58.0403 5968	mpio - ok
21:57:58.0424 5968	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
21:57:58.0481 5968	mpsdrv - ok
21:57:58.0546 5968	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
21:57:58.0637 5968	MpsSvc - ok
21:57:58.0679 5968	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
21:57:58.0724 5968	MRxDAV - ok
21:57:58.0768 5968	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
21:57:58.0801 5968	mrxsmb - ok
21:57:58.0843 5968	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:57:58.0892 5968	mrxsmb10 - ok
21:57:58.0916 5968	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:57:58.0950 5968	mrxsmb20 - ok
21:57:58.0980 5968	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
21:57:59.0009 5968	msahci - ok
21:57:59.0043 5968	msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
21:57:59.0075 5968	msdsm - ok
21:57:59.0104 5968	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
21:57:59.0154 5968	MSDTC - ok
21:57:59.0191 5968	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
21:57:59.0253 5968	Msfs - ok
21:57:59.0267 5968	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
21:57:59.0338 5968	mshidkmdf - ok
21:57:59.0359 5968	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
21:57:59.0386 5968	msisadrv - ok
21:57:59.0443 5968	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
21:57:59.0538 5968	MSiSCSI - ok
21:57:59.0547 5968	msiserver - ok
21:57:59.0588 5968	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
21:57:59.0652 5968	MSKSSRV - ok
21:57:59.0671 5968	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
21:57:59.0733 5968	MSPCLOCK - ok
21:57:59.0743 5968	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
21:57:59.0802 5968	MSPQM - ok
21:57:59.0842 5968	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
21:57:59.0861 5968	MsRPC - ok
21:57:59.0889 5968	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
21:57:59.0906 5968	mssmbios - ok
21:57:59.0920 5968	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
21:57:59.0955 5968	MSTEE - ok
21:57:59.0977 5968	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
21:57:59.0995 5968	MTConfig - ok
21:58:00.0016 5968	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
21:58:00.0032 5968	Mup - ok
21:58:00.0077 5968	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
21:58:00.0122 5968	napagent - ok
21:58:00.0172 5968	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
21:58:00.0196 5968	NativeWifiP - ok
21:58:00.0273 5968	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
21:58:00.0332 5968	NDIS - ok
21:58:00.0352 5968	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
21:58:00.0411 5968	NdisCap - ok
21:58:00.0438 5968	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
21:58:00.0492 5968	NdisTapi - ok
21:58:00.0527 5968	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
21:58:00.0593 5968	Ndisuio - ok
21:58:00.0650 5968	NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
21:58:00.0740 5968	NdisWan - ok
21:58:00.0770 5968	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
21:58:00.0819 5968	NDProxy - ok
21:58:00.0859 5968	Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\windows\system32\HPZinw12.dll
21:58:00.0882 5968	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:58:00.0882 5968	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:58:00.0916 5968	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
21:58:00.0993 5968	NetBIOS - ok
21:58:01.0038 5968	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
21:58:01.0119 5968	NetBT - ok
21:58:01.0148 5968	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:58:01.0167 5968	Netlogon - ok
21:58:01.0208 5968	Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
21:58:01.0268 5968	Netman - ok
21:58:01.0308 5968	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
21:58:01.0403 5968	netprofm - ok
21:58:01.0482 5968	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:58:01.0519 5968	NetTcpPortSharing - ok
21:58:01.0548 5968	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
21:58:01.0578 5968	nfrd960 - ok
21:58:01.0631 5968	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
21:58:01.0715 5968	NlaSvc - ok
21:58:01.0800 5968	nmwcd           (f6c40e0a565ee3ce5aeeb325e10054f2) C:\windows\system32\drivers\ccdcmb.sys
21:58:01.0888 5968	nmwcd - ok
21:58:01.0938 5968	nmwcdc          (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\windows\system32\drivers\ccdcmbo.sys
21:58:02.0013 5968	nmwcdc - ok
21:58:02.0063 5968	nmwcdnsu        (99b224f8026cb534724aa3c408561e45) C:\windows\system32\drivers\nmwcdnsu.sys
21:58:02.0129 5968	nmwcdnsu - ok
21:58:02.0169 5968	nmwcdnsuc       (d23257682d349a5e2e4507ed33decc16) C:\windows\system32\drivers\nmwcdnsuc.sys
21:58:02.0245 5968	nmwcdnsuc - ok
21:58:02.0275 5968	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
21:58:02.0343 5968	Npfs - ok
21:58:02.0373 5968	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
21:58:02.0462 5968	nsi - ok
21:58:02.0481 5968	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
21:58:02.0550 5968	nsiproxy - ok
21:58:02.0664 5968	Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
21:58:02.0740 5968	Ntfs - ok
21:58:02.0852 5968	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
21:58:02.0913 5968	Null - ok
21:58:02.0952 5968	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
21:58:02.0984 5968	nvraid - ok
21:58:03.0014 5968	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
21:58:03.0047 5968	nvstor - ok
21:58:03.0072 5968	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
21:58:03.0111 5968	nv_agp - ok
21:58:03.0236 5968	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
21:58:03.0290 5968	ohci1394 - ok
21:58:03.0446 5968	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:58:03.0482 5968	ose - ok
21:58:03.0827 5968	osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:58:03.0991 5968	osppsvc - ok
21:58:04.0243 5968	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:58:04.0317 5968	p2pimsvc - ok
21:58:04.0352 5968	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
21:58:04.0410 5968	p2psvc - ok
21:58:04.0464 5968	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
21:58:04.0499 5968	Parport - ok
21:58:04.0538 5968	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
21:58:04.0568 5968	partmgr - ok
21:58:04.0585 5968	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
21:58:04.0630 5968	Parvdm - ok
21:58:04.0663 5968	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
21:58:04.0719 5968	PcaSvc - ok
21:58:04.0753 5968	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\windows\system32\DRIVERS\pccsmcfd.sys
21:58:04.0822 5968	pccsmcfd - ok
21:58:04.0860 5968	pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
21:58:04.0894 5968	pci - ok
21:58:04.0913 5968	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
21:58:04.0932 5968	pciide - ok
21:58:04.0965 5968	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
21:58:04.0996 5968	pcmcia - ok
21:58:05.0029 5968	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
21:58:05.0046 5968	pcw - ok
21:58:05.0105 5968	pdfcDispatcher - ok
21:58:05.0165 5968	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
21:58:05.0243 5968	PEAUTH - ok
21:58:05.0409 5968	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
21:58:05.0541 5968	pla - ok
21:58:05.0680 5968	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
21:58:05.0750 5968	PlugPlay - ok
21:58:05.0815 5968	Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\windows\system32\HPZipm12.dll
21:58:05.0838 5968	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:58:05.0838 5968	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:58:05.0868 5968	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
21:58:05.0924 5968	PNRPAutoReg - ok
21:58:05.0966 5968	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:58:06.0011 5968	PNRPsvc - ok
21:58:06.0070 5968	Point32         (896d916de06f5502d301e8c4dc442ae8) C:\windows\system32\DRIVERS\point32.sys
21:58:06.0095 5968	Point32 - ok
21:58:06.0150 5968	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
21:58:06.0226 5968	PolicyAgent - ok
21:58:06.0273 5968	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
21:58:06.0328 5968	Power - ok
21:58:06.0370 5968	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
21:58:06.0417 5968	PptpMiniport - ok
21:58:06.0442 5968	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
21:58:06.0480 5968	Processor - ok
21:58:06.0524 5968	ProfSvc         (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll
21:58:06.0582 5968	ProfSvc - ok
21:58:06.0623 5968	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:58:06.0658 5968	ProtectedStorage - ok
21:58:06.0694 5968	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
21:58:06.0786 5968	Psched - ok
21:58:06.0823 5968	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\windows\system32\Drivers\PxHelp20.sys
21:58:06.0851 5968	PxHelp20 - ok
21:58:06.0959 5968	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
21:58:07.0041 5968	ql2300 - ok
21:58:07.0168 5968	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
21:58:07.0201 5968	ql40xx - ok
21:58:07.0242 5968	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
21:58:07.0301 5968	QWAVE - ok
21:58:07.0332 5968	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
21:58:07.0370 5968	QWAVEdrv - ok
21:58:07.0393 5968	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
21:58:07.0467 5968	RasAcd - ok
21:58:07.0499 5968	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
21:58:07.0570 5968	RasAgileVpn - ok
21:58:07.0598 5968	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
21:58:07.0659 5968	RasAuto - ok
21:58:07.0675 5968	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
21:58:07.0729 5968	Rasl2tp - ok
21:58:07.0799 5968	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
21:58:07.0887 5968	RasMan - ok
21:58:07.0907 5968	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
21:58:07.0979 5968	RasPppoe - ok
21:58:08.0012 5968	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
21:58:08.0077 5968	RasSstp - ok
21:58:08.0119 5968	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
21:58:08.0182 5968	rdbss - ok
21:58:08.0209 5968	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
21:58:08.0247 5968	rdpbus - ok
21:58:08.0279 5968	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
21:58:08.0376 5968	RDPCDD - ok
21:58:08.0418 5968	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
21:58:08.0491 5968	RDPENCDD - ok
21:58:08.0515 5968	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
21:58:08.0562 5968	RDPREFMP - ok
21:58:08.0593 5968	RDPWD           (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
21:58:08.0643 5968	RDPWD - ok
21:58:08.0693 5968	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
21:58:08.0727 5968	rdyboost - ok
21:58:08.0771 5968	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
21:58:08.0853 5968	RemoteAccess - ok
21:58:08.0886 5968	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
21:58:08.0974 5968	RemoteRegistry - ok
21:58:09.0024 5968	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
21:58:09.0047 5968	RFCOMM - ok
21:58:09.0353 5968	RoxMediaDB10    (85f9924fb26d924c4a10dc620ae2c350) c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
21:58:09.0422 5968	RoxMediaDB10 - ok
21:58:09.0523 5968	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
21:58:09.0633 5968	RpcEptMapper - ok
21:58:09.0655 5968	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
21:58:09.0676 5968	RpcLocator - ok
21:58:09.0744 5968	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
21:58:09.0818 5968	RpcSs - ok
21:58:09.0862 5968	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
21:58:09.0925 5968	rspndr - ok
21:58:09.0968 5968	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:58:10.0003 5968	SamSs - ok
21:58:10.0047 5968	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
21:58:10.0064 5968	sbp2port - ok
21:58:10.0213 5968	SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
21:58:10.0276 5968	SBSDWSCService - ok
21:58:10.0391 5968	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
21:58:10.0476 5968	SCardSvr - ok
21:58:10.0519 5968	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
21:58:10.0584 5968	scfilter - ok
21:58:10.0686 5968	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
21:58:10.0783 5968	Schedule - ok
21:58:10.0838 5968	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
21:58:10.0897 5968	SCPolicySvc - ok
21:58:10.0938 5968	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
21:58:10.0989 5968	SDRSVC - ok
21:58:11.0025 5968	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
21:58:11.0095 5968	secdrv - ok
21:58:11.0119 5968	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
21:58:11.0201 5968	seclogon - ok
21:58:11.0229 5968	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
21:58:11.0316 5968	SENS - ok
21:58:11.0342 5968	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
21:58:11.0397 5968	SensrSvc - ok
21:58:11.0422 5968	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
21:58:11.0443 5968	Serenum - ok
21:58:11.0460 5968	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
21:58:11.0493 5968	Serial - ok
21:58:11.0522 5968	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
21:58:11.0561 5968	sermouse - ok
21:58:11.0681 5968	ServiceLayer    (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:58:11.0738 5968	ServiceLayer - ok
21:58:11.0803 5968	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
21:58:11.0862 5968	SessionEnv - ok
21:58:11.0893 5968	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
21:58:11.0939 5968	sffdisk - ok
21:58:11.0963 5968	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
21:58:12.0007 5968	sffp_mmc - ok
21:58:12.0023 5968	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
21:58:12.0055 5968	sffp_sd - ok
21:58:12.0070 5968	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
21:58:12.0107 5968	sfloppy - ok
21:58:12.0160 5968	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
21:58:12.0257 5968	SharedAccess - ok
21:58:12.0308 5968	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
21:58:12.0391 5968	ShellHWDetection - ok
21:58:12.0422 5968	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
21:58:12.0451 5968	sisagp - ok
21:58:12.0489 5968	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
21:58:12.0505 5968	SiSRaid2 - ok
21:58:12.0519 5968	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
21:58:12.0539 5968	SiSRaid4 - ok
21:58:12.0574 5968	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
21:58:12.0625 5968	Smb - ok
21:58:12.0664 5968	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
21:58:12.0707 5968	SNMPTRAP - ok
21:58:12.0855 5968	SNP2UVC         (d8aba1293b82e7af2f78b67ca46fcb3d) C:\windows\system32\DRIVERS\snp2uvc.sys
21:58:12.0950 5968	SNP2UVC - ok
21:58:13.0055 5968	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
21:58:13.0083 5968	spldr - ok
21:58:13.0139 5968	Spooler         (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
21:58:13.0208 5968	Spooler - ok
21:58:13.0456 5968	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
21:58:13.0592 5968	sppsvc - ok
21:58:13.0691 5968	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
21:58:13.0771 5968	sppuinotify - ok
21:58:13.0827 5968	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
21:58:13.0869 5968	srv - ok
21:58:13.0918 5968	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
21:58:13.0964 5968	srv2 - ok
21:58:13.0998 5968	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
21:58:14.0043 5968	srvnet - ok
21:58:14.0078 5968	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
21:58:14.0146 5968	SSDPSRV - ok
21:58:14.0196 5968	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
21:58:14.0220 5968	ssmdrv - ok
21:58:14.0250 5968	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
21:58:14.0328 5968	SstpSvc - ok
21:58:14.0414 5968	STacSV          (a8d11fb4733af636a96fc7c67417d893) C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
21:58:14.0447 5968	STacSV - ok
21:58:14.0472 5968	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
21:58:14.0502 5968	stexstor - ok
21:58:14.0565 5968	STHDA           (901703459c668331df0c0245f6b8160a) C:\windows\system32\DRIVERS\stwrt.sys
21:58:14.0604 5968	STHDA - ok
21:58:14.0638 5968	StillCam        (edb05bd63148796f23ea78506404a538) C:\windows\system32\DRIVERS\serscan.sys
21:58:14.0670 5968	StillCam - ok
21:58:14.0753 5968	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
21:58:14.0834 5968	StiSvc - ok
21:58:14.0908 5968	stllssvr        (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:58:14.0935 5968	stllssvr - ok
21:58:14.0963 5968	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
21:58:14.0995 5968	swenum - ok
21:58:15.0037 5968	swprv           (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
21:58:15.0110 5968	swprv - ok
21:58:15.0161 5968	SynTP           (1de40024679cde0e573465253519730e) C:\windows\system32\DRIVERS\SynTP.sys
21:58:15.0195 5968	SynTP - ok
21:58:15.0308 5968	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
21:58:15.0408 5968	SysMain - ok
21:58:15.0448 5968	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
21:58:15.0518 5968	TabletInputService - ok
21:58:15.0573 5968	TapiSrv         (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
21:58:15.0657 5968	TapiSrv - ok
21:58:15.0680 5968	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
21:58:15.0777 5968	TBS - ok
21:58:15.0928 5968	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
21:58:16.0013 5968	Tcpip - ok
21:58:16.0196 5968	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
21:58:16.0263 5968	TCPIP6 - ok
21:58:16.0355 5968	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
21:58:16.0414 5968	tcpipreg - ok
21:58:16.0472 5968	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
21:58:16.0525 5968	TDPIPE - ok
21:58:16.0560 5968	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
21:58:16.0602 5968	TDTCP - ok
21:58:16.0641 5968	tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
21:58:16.0710 5968	tdx - ok
21:58:16.0742 5968	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
21:58:16.0770 5968	TermDD - ok
21:58:16.0849 5968	TermService     (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
21:58:16.0946 5968	TermService - ok
21:58:16.0975 5968	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
21:58:17.0024 5968	Themes - ok
21:58:17.0056 5968	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:58:17.0096 5968	THREADORDER - ok
21:58:17.0133 5968	TPM             (5ad05191dc8b444a7ba4d79b76c42a30) C:\windows\system32\drivers\tpm.sys
21:58:17.0180 5968	TPM - ok
21:58:17.0208 5968	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
21:58:17.0290 5968	TrkWks - ok
21:58:17.0354 5968	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
21:58:17.0410 5968	TrustedInstaller - ok
21:58:17.0436 5968	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
21:58:17.0509 5968	tssecsrv - ok
21:58:17.0558 5968	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
21:58:17.0613 5968	TsUsbFlt - ok
21:58:17.0682 5968	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
21:58:17.0738 5968	tunnel - ok
21:58:17.0761 5968	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
21:58:17.0783 5968	uagp35 - ok
21:58:17.0822 5968	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
21:58:17.0892 5968	udfs - ok
21:58:17.0927 5968	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
21:58:17.0983 5968	UI0Detect - ok
21:58:18.0030 5968	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
21:58:18.0063 5968	uliagpkx - ok
21:58:18.0095 5968	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
21:58:18.0125 5968	umbus - ok
21:58:18.0152 5968	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
21:58:18.0175 5968	UmPass - ok
21:58:18.0211 5968	upnphost        (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
21:58:18.0289 5968	upnphost - ok
21:58:18.0343 5968	upperdev        (47f5f9d837d80ffd5882a14db9da0a67) C:\windows\system32\DRIVERS\usbser_lowerflt.sys
21:58:18.0407 5968	upperdev - ok
21:58:18.0434 5968	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
21:58:18.0492 5968	usbccgp - ok
21:58:18.0539 5968	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
21:58:18.0586 5968	usbcir - ok
21:58:18.0605 5968	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
21:58:18.0628 5968	usbehci - ok
21:58:18.0676 5968	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
21:58:18.0720 5968	usbhub - ok
21:58:18.0744 5968	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\DRIVERS\usbohci.sys
21:58:18.0766 5968	usbohci - ok
21:58:18.0801 5968	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
21:58:18.0828 5968	usbprint - ok
21:58:18.0852 5968	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
21:58:18.0900 5968	usbscan - ok
21:58:18.0932 5968	usbser          (31181de6190b39fc8007dffd1a48ffd6) C:\windows\system32\DRIVERS\usbser.sys
21:58:18.0988 5968	usbser - ok
21:58:19.0022 5968	UsbserFilt      (e44f0d17be0908b58dcc99ccb99c6c32) C:\windows\system32\DRIVERS\usbser_lowerfltj.sys
21:58:19.0094 5968	UsbserFilt - ok
21:58:19.0116 5968	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:58:19.0159 5968	USBSTOR - ok
21:58:19.0178 5968	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
21:58:19.0210 5968	usbuhci - ok
21:58:19.0240 5968	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
21:58:19.0289 5968	usbvideo - ok
21:58:19.0320 5968	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
21:58:19.0388 5968	UxSms - ok
21:58:19.0474 5968	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:58:19.0510 5968	VaultSvc - ok
21:58:19.0678 5968	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
21:58:19.0708 5968	vdrvroot - ok
21:58:19.0785 5968	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
21:58:19.0902 5968	vds - ok
21:58:19.0940 5968	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
21:58:19.0961 5968	vga - ok
21:58:19.0983 5968	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
21:58:20.0026 5968	VgaSave - ok
21:58:20.0070 5968	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
21:58:20.0103 5968	vhdmp - ok
21:58:20.0129 5968	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
21:58:20.0147 5968	viaagp - ok
21:58:20.0175 5968	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
21:58:20.0195 5968	ViaC7 - ok
21:58:20.0213 5968	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
21:58:20.0235 5968	viaide - ok
21:58:20.0248 5968	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
21:58:20.0274 5968	volmgr - ok
21:58:20.0311 5968	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
21:58:20.0349 5968	volmgrx - ok
21:58:20.0382 5968	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
21:58:20.0421 5968	volsnap - ok
21:58:20.0470 5968	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
21:58:20.0504 5968	vsmraid - ok
21:58:20.0633 5968	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
21:58:20.0746 5968	VSS - ok
21:58:20.0774 5968	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
21:58:20.0810 5968	vwifibus - ok
21:58:20.0837 5968	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
21:58:20.0880 5968	vwififlt - ok
21:58:20.0896 5968	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
21:58:20.0935 5968	vwifimp - ok
21:58:20.0985 5968	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
21:58:21.0069 5968	W32Time - ok
21:58:21.0105 5968	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
21:58:21.0142 5968	WacomPen - ok
21:58:21.0192 5968	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
21:58:21.0254 5968	WANARP - ok
21:58:21.0260 5968	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
21:58:21.0300 5968	Wanarpv6 - ok
21:58:21.0423 5968	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
21:58:21.0533 5968	wbengine - ok
21:58:21.0566 5968	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
21:58:21.0628 5968	WbioSrvc - ok
21:58:21.0684 5968	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
21:58:21.0758 5968	wcncsvc - ok
21:58:21.0779 5968	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
21:58:21.0841 5968	WcsPlugInService - ok
21:58:21.0888 5968	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
21:58:21.0917 5968	Wd - ok
21:58:21.0974 5968	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
21:58:22.0028 5968	Wdf01000 - ok
21:58:22.0053 5968	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:58:22.0139 5968	WdiServiceHost - ok
21:58:22.0146 5968	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:58:22.0185 5968	WdiSystemHost - ok
21:58:22.0224 5968	WebClient       (e2cbb708dd2e12c8437eb7bfb90cc77e) C:\windows\System32\webclnt.dll
21:58:22.0264 5968	WebClient - ok
21:58:22.0293 5968	Wecsvc          (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
21:58:22.0373 5968	Wecsvc - ok
21:58:22.0393 5968	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
21:58:22.0471 5968	wercplsupport - ok
21:58:22.0506 5968	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
21:58:22.0573 5968	WerSvc - ok
21:58:22.0592 5968	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
21:58:22.0651 5968	WfpLwf - ok
21:58:22.0670 5968	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
21:58:22.0693 5968	WIMMount - ok
21:58:22.0806 5968	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:58:22.0873 5968	WinDefend - ok
21:58:22.0887 5968	WinHttpAutoProxySvc - ok
21:58:22.0959 5968	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
21:58:23.0025 5968	Winmgmt - ok
21:58:23.0149 5968	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
21:58:23.0262 5968	WinRM - ok
21:58:23.0338 5968	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
21:58:23.0373 5968	WinUsb - ok
21:58:23.0439 5968	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
21:58:23.0522 5968	Wlansvc - ok
21:58:23.0542 5968	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
21:58:23.0586 5968	WmiAcpi - ok
21:58:23.0650 5968	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
21:58:23.0715 5968	wmiApSrv - ok
21:58:23.0873 5968	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:58:23.0952 5968	WMPNetworkSvc - ok
21:58:24.0057 5968	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
21:58:24.0114 5968	WPCSvc - ok
21:58:24.0159 5968	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
21:58:24.0218 5968	WPDBusEnum - ok
21:58:24.0259 5968	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
21:58:24.0330 5968	ws2ifsl - ok
21:58:24.0351 5968	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll
21:58:24.0414 5968	wscsvc - ok
21:58:24.0456 5968	WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\windows\system32\DRIVERS\WSDPrint.sys
21:58:24.0503 5968	WSDPrintDevice - ok
21:58:24.0517 5968	WSearch - ok
21:58:24.0813 5968	wuauserv        (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
21:58:24.0939 5968	wuauserv - ok
21:58:25.0054 5968	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
21:58:25.0123 5968	WudfPf - ok
21:58:25.0158 5968	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
21:58:25.0192 5968	WUDFRd - ok
21:58:25.0245 5968	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
21:58:25.0324 5968	wudfsvc - ok
21:58:25.0367 5968	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
21:58:25.0420 5968	WwanSvc - ok
21:58:25.0477 5968	yukonw7         (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
21:58:25.0536 5968	yukonw7 - ok
21:58:25.0584 5968	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:58:25.0855 5968	\Device\Harddisk0\DR0 - ok
21:58:25.0863 5968	Boot (0x1200)   (4e3619f56baa38ea815305e247946fee) \Device\Harddisk0\DR0\Partition0
21:58:25.0865 5968	\Device\Harddisk0\DR0\Partition0 - ok
21:58:25.0901 5968	Boot (0x1200)   (7767350a73b6965d2c50d0d391c3f53e) \Device\Harddisk0\DR0\Partition1
21:58:25.0903 5968	\Device\Harddisk0\DR0\Partition1 - ok
21:58:25.0936 5968	Boot (0x1200)   (11f0b82b4b52611bf869506288575b48) \Device\Harddisk0\DR0\Partition2
21:58:25.0938 5968	\Device\Harddisk0\DR0\Partition2 - ok
21:58:25.0953 5968	Boot (0x1200)   (01319dff9858d048481254ef9d1a5d8a) \Device\Harddisk0\DR0\Partition3
21:58:25.0955 5968	\Device\Harddisk0\DR0\Partition3 - ok
21:58:25.0956 5968	============================================================
21:58:25.0956 5968	Scan finished
21:58:25.0956 5968	============================================================
21:58:25.0990 3192	Detected object count: 4
21:58:25.0990 3192	Actual detected object count: 4
21:58:51.0502 3192	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:51.0502 3192	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:58:51.0507 3192	MDM ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:51.0507 3192	MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:58:51.0513 3192	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:51.0513 3192	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:58:51.0517 3192	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:51.0517 3192	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 13.06.2012, 21:39   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.06.2012, 18:19   #15
ph.ie
 
Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Standard

Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-06-14.01 - Phie 14.06.2012  17:57:21.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.1789.760 [GMT 2:00]
ausgeführt von:: c:\users\Phie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Maintenance Service
c:\program files\Mozilla Maintenance Service\maintenanceservice.exe
c:\program files\Mozilla Maintenance Service\Uninstall.exe
c:\program files\Mozilla Maintenance Service\updater.ini
c:\users\Phie\AppData\Roaming\Local
c:\users\Phie\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Phie\AppData\Roaming\Local\Temp\DDM\Settings\Arielle.Die.Meerjungfrau.1989.German.Alte.Orginal.Synchro.DVDRiP.XviD.avi.ddr
c:\users\Phie\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Phie\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Arielle.Die.Meerjungfrau.1989.German.Alte.Orginal.Synchro.DVDRiP.XviD.avi.ddp
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MozillaMaintenance
-------\Service_MozillaMaintenance
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-14 bis 2012-06-14  ))))))))))))))))))))))))))))))
.
.
2012-06-13 15:32 . 2012-06-13 15:32	--------	d-----w-	C:\_OTL
2012-06-13 14:33 . 2012-04-28 03:17	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-13 14:33 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\system32\msi.dll
2012-06-13 14:33 . 2012-05-15 01:05	2343936	----a-w-	c:\windows\system32\win32k.sys
2012-06-13 14:33 . 2012-04-26 04:45	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-13 14:33 . 2012-04-26 04:45	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-13 14:33 . 2012-04-26 04:41	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-13 14:33 . 2012-05-01 04:44	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-06-13 14:33 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\system32\crypt32.dll
2012-06-13 14:33 . 2012-04-24 04:36	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-13 14:33 . 2012-04-24 04:36	103936	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-12 12:38 . 2012-05-08 16:40	6737808	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F87E230-9730-4770-B20D-C1852147E98D}\mpengine.dll
2012-06-11 21:16 . 2012-06-11 21:16	--------	d-----w-	c:\program files\ESET
2012-06-10 15:07 . 2012-06-10 15:07	--------	d-----w-	c:\program files\Microsoft IntelliPoint
2012-06-10 10:47 . 2012-06-10 10:47	--------	d-----w-	c:\users\Phie\AppData\Local\Macromedia
2012-06-09 12:13 . 2012-06-09 12:13	--------	d-----w-	c:\users\Phie\AppData\Local\Mozilla
2012-06-09 10:48 . 2012-03-06 23:03	337880	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-06-09 10:48 . 2012-03-06 23:01	20696	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-06-09 10:48 . 2012-03-06 23:02	44376	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-06-09 10:48 . 2012-03-06 23:03	612184	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-06-09 10:48 . 2012-03-06 23:01	53848	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-06-09 10:48 . 2012-03-06 23:01	57688	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-06-09 10:47 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr
2012-06-09 10:47 . 2012-03-06 23:15	201352	----a-w-	c:\windows\system32\aswBoot.exe
2012-06-09 10:47 . 2012-06-09 10:47	--------	d-----w-	c:\programdata\AVAST Software
2012-06-09 10:47 . 2012-06-09 10:47	--------	d-----w-	c:\program files\AVAST Software
2012-06-08 23:51 . 2012-06-09 10:44	--------	d-----w-	c:\program files\Recovery Toolbox for Word
2012-06-08 21:55 . 2012-06-08 21:55	--------	d-----w-	c:\users\Phie\AppData\Roaming\Malwarebytes
2012-06-08 21:55 . 2012-06-08 21:55	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-08 21:55 . 2012-06-08 21:55	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-08 21:55 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-23 20:07 . 2012-03-22 11:43	2557952	----a-w-	c:\windows\system32\QtCore4.dll
2012-05-23 20:07 . 2012-04-18 11:49	405176	----a-w-	c:\windows\system32\Newtonsoft.Json.Net20.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 10:33 . 2012-03-30 09:00	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-10 10:33 . 2011-05-26 19:58	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-09 18:42 . 2011-10-30 15:11	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-09 18:42 . 2011-10-30 15:11	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-03-31 04:39 . 2012-05-11 07:28	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 07:28	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-11 07:28	1291632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:27 . 2012-05-11 07:28	56176	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-06-01 15:38 . 2012-06-09 12:12	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	123536	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-02-01 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-13 458844]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 257224]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 136176]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 10:33]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 14:22]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-15 14:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: &Download by Orbit
IE: &Grab video by Orbit
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Do&wnload selected by Orbit
IE: Down&load all by Orbit
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Phie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Phie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Phie\AppData\Roaming\Mozilla\Firefox\Profiles\8mk9wiiv.default\
FF - prefs.js: browser.startup.homepage - google.de
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-MozillaMaintenanceService - c:\program files\Mozilla Maintenance Service\uninstall.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3286414366-3311363010-1766297574-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1444)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-14  19:13:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-14 17:13
.
Vor Suchlauf: 11 Verzeichnis(se), 177.024.569.344 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 176.563.986.432 Bytes frei
.
- - End Of File - - 45DAC15D057BA721F64ED02BBE0E0DA5
         
--- --- ---

Antwort

Themen zu Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?
appdata, autostart, bösartige, computer, dateien, dateisystem, download, erfolgreich, forum, funktioniert, gelöscht, gestern, heuristiks/extra, heuristiks/shuriken, heute, konnte, mehrfach, minute, nichts, programm, recycle.bin, registrierung, roaming, speicherkarte, trojan.agent, trojan.fakealert, verzeichnisse, wiederherstellen, wirklich



Ähnliche Themen: Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?


  1. iPad mit IOS 8.4 und TaiG Jailbreak - "pay-pollice.com" will, dass ich Strafe zahle...
    Alles rund um Mac OSX & Linux - 05.08.2015 (8)
  2. BSI-Kongress zur IT-Sicherheit: "Keiner kann sagen, dass er nicht gewarnt ist"
    Nachrichten - 21.05.2015 (0)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. iPhone-"Entführung" per Fernzugriff: Apple betont, dass iCloud sicher ist
    Nachrichten - 28.05.2014 (0)
  5. Win7: Pop Up "wissen sie, dass sie haben eine kostenlose pc backup"
    Plagegeister aller Art und deren Bekämpfung - 26.03.2014 (9)
  6. Datei namens "Enhance views hack tool.vbs" verhindert, dass USB Stick zip- Dateien anzeigt.
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (5)
  7. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  8. Dateien bleiben Verschlüsselt "Windows Update Verschlüsselungstrojaner"
    Plagegeister aller Art und deren Bekämpfung - 14.06.2012 (1)
  9. Verschlüsselungstrojaner "Windows Update" (Rechnung.zip) incl. Sperrung aller Dateien
    Log-Analyse und Auswertung - 31.05.2012 (3)
  10. Verschlüsselungstrojaner hat zugeschlagen - Dateien sind ohne "Lock" Bezeichnung
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (1)
  11. Antwort zu "Exploit EXP/Pidief.X - Wer weiß Rat?"
    Plagegeister aller Art und deren Bekämpfung - 23.08.2011 (0)
  12. heur\html.malware woher weiß ich dass es entfernt ist?
    Plagegeister aller Art und deren Bekämpfung - 20.11.2010 (5)
  13. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  14. Woher weiß ich, ob ein "Trojaner Horse" komplett weg ist?
    Plagegeister aller Art und deren Bekämpfung - 30.01.2007 (4)
  15. Wer weiß etwas über den Trojaner "TR/Pakes.2" ?
    Plagegeister aller Art und deren Bekämpfung - 26.06.2005 (10)
  16. Problem mit "Home Search", wer weiß was ich löschen muss ???
    Plagegeister aller Art und deren Bekämpfung - 09.10.2004 (4)
  17. Der Beweis dass AOL doch an Rechner "rumfummelt" ??
    Netzwerk und Hardware - 26.10.2003 (1)

Zum Thema Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? - Hallo, habe mir gestern diesen flirt-fever Verschlüsselungstrojaner eingefangen. Meine Dateien konnte ich soweit wiederherstellen und der Computer funktioniert auch wieder, aber woher weiß ich, dass der Trojaner wirklich weg ist? - Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist?...
Archiv
Du betrachtest: Verschlüsselungstrojaner: Woher weiß ich, dass er "weg" ist? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.