Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Verschlüsselungstrojaner 2maliges Auftreten

Verschlüsselungstrojaner 2maliges Auftreten


Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner 2maliges Auftreten

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 3 1 23
Alt 19.03.2013, 09:41   #1
jf27
 
Verschlüsselungstrojaner 2maliges Auftreten - Standard

Verschlüsselungstrojaner 2maliges Auftreten


ich habe im Moment den Rechner meiner Tochter vor mir und nun das zweite Mal mit Malware einen Virus in Quarantäne genommen. Da dieses Mal alle erstelten Dateien verschlüsselt sind, habe ich mit clonezilla eine Platte kopiert von der aus ich jetzt arbeite.

1.) es sind keine Backups oder Spiegeldateien für mich greifbar und ich würde gerne die Bilder der letzten 3 Jahren meines Enkels wieder herstellen?

-screenshot2-dateiatribute.jpg

Auffällig ist neben der Dateibezeichnung auch das Erstellungsdatum.


2.) ist es möglich festzustellen ob der Rechner wirklich sauber ist da ja der Rechner nach dem ersten Mal sauber schien?

Wird hier am Board in der Du oder der Sie Form miteinander gesprochen?


-screenshot1-maleware.jpg


Seid bitte mit mir etwas geduldig (Bitte sehen Sie mir auch triviale Rückfragen nach),
meine Kenntnisse sind so gering, dass es mir jetzt unter Win7 spontan nicht mal gelingt die von Malware angegebenen Verzeichnisse zu finden. <Muss ich dazu "versteckte Dateien anzeigen" aufmachen>

Ist es sinnvoll von einer Diskette Win/Linux/Knoppix etc. zu booten?


jf27

Alt 19.03.2013, 11:14   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner 2maliges Auftreten - Standard

Verschlüsselungstrojaner 2maliges Auftreten


Hallo und

Zitat:
Wird hier am Board in der Du oder der Sie Form miteinander gesprochen?
In Boards wird idR das "du" verwendet

Zitat:
1.) es sind keine Backups oder Spiegeldateien für mich greifbar und ich würde gerne die Bilder der letzten 3 Jahren meines Enkels wieder herstellen?
Ohne Backups hast du da sehr schlechte Karten...

Zum Thema Verschlüsselungstrojaner haben wir oben extra einen Hinweis angepinnt!

Eine Entschlüsselung ist unwahrscheinlich bis unmöglich!

Zitat:
3. Bei Dateien wie locked-<DATEINAME>.<ENDUNG>.wxyz entschlüsseln:Übersicht der 8 Entschlüsselungs-Tools
ansonsten Daten retten / Daten wiederherstellen: Daten retten nach Verschlüsselungstrojaner
Wenn das keine einfache Verschlüsselung mit "locked-" im Dateinamen ist, sollte man sich um Datenrettung und nicht um Entschlüsselung kümmern!
Wenn Vista oder Win7 im Einsatz sind, den ShadowExplorer testen! Aber keine unnötige Zeit mit Entschlüsselungsversuchen verschwenden

Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html
__________________

__________________
Alt 19.03.2013, 13:15   #3
jf27
 
Verschlüsselungstrojaner 2maliges Auftreten - Standard

Verschlüsselungstrojaner 2maliges Auftreten


Hallo cosinus,

vielen Dank für die schnelle Antwort.
Ich werde nochmal versuchen der shadowgeschichte nachzugehen - nach der Anleitung im Bord. http://www.trojaner-board.de/116851-...strojaner.html

Den Virus hab ich mit den Daten von Malware an die Virusadresse versandt. Die log Dateien hefte ich hier an.
Hoffe es funktioniert so??? -sonst bitte ich um einen Hinweis.

Gruß
jf27
__________________
Alt 19.03.2013, 13:54   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner 2maliges Auftreten - Standard

Verschlüsselungstrojaner 2maliges Auftreten


Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.03.2013, 16:04   #5
jf27
 
Verschlüsselungstrojaner 2maliges Auftreten - Standard

Verschlüsselungstrojaner 2maliges Auftreten


Ja hab ich,

-screenshot4-malwarbyte_logs.jpg

kommst Du an die Virusemail ran? Oder soll ich die Quarantänedaten auch hier hinterlegen?

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.23.06

Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
KAISER :: KAICOM [Administrator]

Schutz: Deaktiviert

23.02.2013 17:56:30
MBAM-log-2013-02-23 (18-03-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 205605
Laufzeit: 4 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Owmyse (Trojan.Agent.MU) -> Daten: C:\Users\KAISER\AppData\Roaming\Itid\sowiv.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|F6E8DEA7 (Trojan.Agent.MU) -> Daten: C:\Users\KAISER\AppData\Local\Temp\Xdxn\ycykytywb.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|winel (Trojan.Bublik) -> Daten: "C:\Users\KAISER\AppData\Roaming\winel.exe" -autorun -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 8
C:\Users\KAISER\AppData\Roaming\Itid\sowiv.exe (Trojan.Agent.MU) -> Keine Aktion durchgeführt.
C:\Users\KAISER\AppData\Local\Temp\Xdxn\ycykytywb.exe (Trojan.Agent.MU) -> Keine Aktion durchgeführt.
C:\Users\KAISER\AppData\Roaming\winel.exe (Trojan.Bublik) -> Keine Aktion durchgeführt.
C:\Users\KAISER\AppData\Local\Temp\rzbnrniiis.pre (Trojan.Inject) -> Keine Aktion durchgeführt.
C:\Users\KAISER\AppData\Local\Temp\{1050C-76F558-76F958} (Trojan.Bublik) -> Keine Aktion durchgeführt.
C:\Users\KAISER\AppData\Local\Temp\{15997-D8F804-D8FC04} (Trojan.Bublik) -> Keine Aktion durchgeführt.
C:\Users\KAISER\AppData\Local\Temp\{18047-14DF510-14DF910} (Trojan.Bublik) -> Keine Aktion durchgeführt.
C:\Users\KAISER\AppData\Local\Temp\ssbnlrhhnz.pre (Trojan.Downloader.Gen) -> Keine Aktion durchgeführt.

(Ende)
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.23.06

Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
KAISER :: KAICOM [Administrator]

Schutz: Deaktiviert

23.02.2013 17:56:30
mbam-log-2013-02-23 (17-56-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 205605
Laufzeit: 4 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Owmyse (Trojan.Agent.MU) -> Daten: C:\Users\KAISER\AppData\Roaming\Itid\sowiv.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|F6E8DEA7 (Trojan.Agent.MU) -> Daten: C:\Users\KAISER\AppData\Local\Temp\Xdxn\ycykytywb.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|winel (Trojan.Bublik) -> Daten: "C:\Users\KAISER\AppData\Roaming\winel.exe" -autorun -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 8
C:\Users\KAISER\AppData\Roaming\Itid\sowiv.exe (Trojan.Agent.MU) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\KAISER\AppData\Local\Temp\Xdxn\ycykytywb.exe (Trojan.Agent.MU) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\KAISER\AppData\Roaming\winel.exe (Trojan.Bublik) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\KAISER\AppData\Local\Temp\rzbnrniiis.pre (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\KAISER\AppData\Local\Temp\{1050C-76F558-76F958} (Trojan.Bublik) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\KAISER\AppData\Local\Temp\{15997-D8F804-D8FC04} (Trojan.Bublik) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\KAISER\AppData\Local\Temp\{18047-14DF510-14DF910} (Trojan.Bublik) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\KAISER\AppData\Local\Temp\ssbnlrhhnz.pre (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.23.06

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
KAISER :: KAICOM [Administrator]

Schutz: Aktiviert

23.02.2013 18:41:15
mbam-log-2013-02-23 (18-41-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 379266
Laufzeit: 1 Stunde(n), 13 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.07.09

Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
KAISER :: KAICOM [Administrator]

Schutz: Deaktiviert

07.03.2013 14:57:59
MBAM-log-2013-03-07 (15-50-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 379562
Laufzeit: 47 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|winel (Trojan.Bublik) -> Daten: "C:\Users\KAISER\AppData\Roaming\winel.exe" -autorun -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Owmyse (Trojan.Agent.MU) -> Daten: C:\Users\KAISER\AppData\Roaming\Itid\sowiv.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|F6E8DEA7 (Trojan.Agent.MU) -> Daten: C:\Users\KAISER\AppData\Local\Temp\Xdxn\ycykytywb.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KB00456487.exe (Trojan.Agent.Gen) -> Daten: "C:\Users\KAISER\AppData\Roaming\KB00456487.exe" -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\KAISER\AppData\Roaming\winel.exe (Trojan.Bublik) -> Keine Aktion durchgeführt.
C:\Users\KAISER\AppData\Roaming\Itid\sowiv.exe (Trojan.Agent.MU) -> Keine Aktion durchgeführt.
C:\Users\KAISER\AppData\Local\Temp\Xdxn\ycykytywb.exe (Trojan.Agent.MU) -> Keine Aktion durchgeführt.
C:\Users\KAISER\AppData\Local\Temp\tmp8b322aaa\win86socket.exe (Trojan.Zbot.ST) -> Keine Aktion durchgeführt.
C:\Users\KAISER\AppData\Roaming\Rayzi\eweb.exe (Trojan.Zbot.ST) -> Keine Aktion durchgeführt.
C:\Users\KAISER\AppData\Roaming\KB00456487.exe (Trojan.Agent.Gen) -> Keine Aktion durchgeführt.

(Ende)
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.07.09

Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
KAISER :: KAICOM [Administrator]

Schutz: Deaktiviert

07.03.2013 14:57:59
mbam-log-2013-03-07 (14-57-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 379562
Laufzeit: 47 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|winel (Trojan.Bublik) -> Daten: "C:\Users\KAISER\AppData\Roaming\winel.exe" -autorun -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Owmyse (Trojan.Agent.MU) -> Daten: C:\Users\KAISER\AppData\Roaming\Itid\sowiv.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|F6E8DEA7 (Trojan.Agent.MU) -> Daten: C:\Users\KAISER\AppData\Local\Temp\Xdxn\ycykytywb.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KB00456487.exe (Trojan.Agent.Gen) -> Daten: "C:\Users\KAISER\AppData\Roaming\KB00456487.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\KAISER\AppData\Roaming\winel.exe (Trojan.Bublik) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\KAISER\AppData\Roaming\Itid\sowiv.exe (Trojan.Agent.MU) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\KAISER\AppData\Local\Temp\Xdxn\ycykytywb.exe (Trojan.Agent.MU) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\KAISER\AppData\Local\Temp\tmp8b322aaa\win86socket.exe (Trojan.Zbot.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\KAISER\AppData\Roaming\Rayzi\eweb.exe (Trojan.Zbot.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\KAISER\AppData\Roaming\KB00456487.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.07.10

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
KAISER :: KAICOM [Administrator]

Schutz: Aktiviert

07.03.2013 16:57:45
mbam-log-2013-03-07 (16-57-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 357466
Laufzeit: 1 Stunde(n), 8 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.15.06

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
KAISER :: KAICOM [Administrator]

15.03.2013 20:03:29
mbam-log-2013-03-15 (20-03-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 359048
Laufzeit: 1 Stunde(n), 11 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Danke auch für den CODE TAG Hinweis - da hab ich mich nicht richtig getraut.


was ich leider auch festellen musste ist, dass ich auf die Systemprogrammierung nicht mehr zugreifen kann.
Bei der Anzeige des Systems geht gar nichts auf anclicken und bzw. bei Festplattenpartitionen kommt nach Freigabeauffordeung für mmc-Programm
-screenshot5-systemverweigerung.jpg



Auch der normale Email account scheint von denen bei gmx geknackt - da kommen Anwortmails obwohl keine Mails von hier ausgegeben wurden ---- höchst Mysteriös???


Hoffe dass es mit dem posten so jetzt richtig ist.
Leider hab ich das Board hier erst gefunden nachdem ich mit malwar offensichtlich schon Sch.... gebaut habe und der Meinung war das Problem sei gelöst. Ob ich den Viruas beim ersten Mal nicht erwischt habe oder ob er ein zweites Mal herreingezogen wurde?????

Gruß und Danke
jf27


Alt 19.03.2013, 16:31   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner 2maliges Auftreten - Standard

Verschlüsselungstrojaner 2maliges Auftreten


Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Verschlüsselungstrojaner 2maliges Auftreten

Alt 19.03.2013, 19:38   #7
jf27
 
Verschlüsselungstrojaner 2maliges Auftreten - Standard

Verschlüsselungstrojaner 2maliges Auftreten


Nachdem beim starten von mbar
das Bild -screenshot6-vormbar.jpg erschien und ich es mit nein beantwortet habe ist es ohne Probleme durchgelaufen.


MBAR
Code:
ATTFilter
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_18

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.260000 GHz
Memory total: 3412627456, free: 1764265984

------------ Kernel report ------------
     03/19/2013 18:35:02
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\system32\DRIVERS\HECI.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x86.sys
\SystemRoot\system32\DRIVERS\rtl8192se.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Users\KAISER\AppData\Local\Temp\aswMBR.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\rpcrt4.dll
\Windows\System32\wininet.dll
\Windows\System32\difxapi.dll
\Windows\System32\imm32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ole32.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\iertutil.dll
\Windows\System32\user32.dll
\Windows\System32\urlmon.dll
\Windows\System32\lpk.dll
\Windows\System32\oleaut32.dll
\Windows\System32\nsi.dll
\Windows\System32\gdi32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msctf.dll
\Windows\System32\advapi32.dll
\Windows\System32\shell32.dll
\Windows\System32\psapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\sechost.dll
\Windows\System32\msvcrt.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ws2_32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\normaliz.dll
\Windows\System32\Wldap32.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87f803d8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff863cd028
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.03.19.08
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87f803d8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87f81020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87f803d8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff863cd028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffefb76c00, 0xffffffff87f803d8, 0xffffffff85c1f360
Lower DeviceData: 0xffffffffeb72ec30, 0xffffffff863cd028, 0xffffffffefe379a0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 75B66900

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 890576896

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 890783744  Numsec = 83886080

    Partition 3 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 974669824  Numsec = 2101248

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
aswMBR zeigt verdächtige und infizierte Dateien

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-19 16:49:52
-----------------------------
16:49:52.838    OS Version: Windows 6.1.7600 
16:49:52.838    Number of processors: 4 586 0x2502
16:49:52.838    ComputerName: KAICOM  UserName: KAISER
16:49:54.179    Initialize success
16:56:40.398    AVAST engine defs: 13031900
17:04:39.802    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:04:39.818    Disk 0 Vendor: WDC_WD75 03.0 Size: 715404MB BusType: 3
17:04:39.927    Disk 0 MBR read successfully
17:04:39.927    Disk 0 MBR scan
17:04:39.943    Disk 0 unknown MBR code
17:04:39.943    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:04:39.958    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       434852 MB offset 206848
17:04:39.990    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        40960 MB offset 890783744
17:04:40.021    Disk 0 Partition 4 00     12  Compaq diag NTFS         1026 MB offset 974669824
17:04:40.036    Disk 0 scanning sectors +976771072
17:04:40.130    Disk 0 scanning C:\Windows\system32\drivers
17:04:48.538    Service scanning
17:05:14.840    Modules scanning
17:05:20.222    Module: C:\Windows\System32\apisetschema.dll  **SUSPICIOUS**
17:05:20.284    Module: C:\Windows\System32\autochk.exe  **SUSPICIOUS**
17:05:20.378    Module: C:\Windows\System32\rpcrt4.dll  **SUSPICIOUS**
17:05:20.472    Module: C:\Windows\System32\wininet.dll  **SUSPICIOUS**
17:05:20.581    Module: C:\Windows\System32\imm32.dll  **SUSPICIOUS**
17:05:20.659    Module: C:\Windows\System32\shlwapi.dll  **SUSPICIOUS**
17:05:20.784    Module: C:\Windows\System32\ole32.dll  **SUSPICIOUS**
17:05:20.893    Module: C:\Windows\System32\kernel32.dll  **SUSPICIOUS**
17:05:20.986    Module: C:\Windows\System32\usp10.dll  **SUSPICIOUS**
17:05:21.127    Module: C:\Windows\System32\iertutil.dll  **SUSPICIOUS**
17:05:21.189    Module: C:\Windows\System32\user32.dll  **SUSPICIOUS**
17:05:21.376    Module: C:\Windows\System32\lpk.dll  **SUSPICIOUS**
17:05:21.548    Module: C:\Windows\System32\oleaut32.dll  **SUSPICIOUS**
17:05:21.595    Module: C:\Windows\System32\nsi.dll  **SUSPICIOUS**
17:05:21.688    Module: C:\Windows\System32\gdi32.dll  **SUSPICIOUS**
17:05:21.844    Module: C:\Windows\System32\msctf.dll  **SUSPICIOUS**
17:05:22.172    Module: C:\Windows\System32\psapi.dll  **SUSPICIOUS**
17:05:22.344    Module: C:\Windows\System32\msvcrt.dll  **SUSPICIOUS**
17:05:22.422    Module: C:\Windows\System32\imagehlp.dll  **SUSPICIOUS**
17:05:22.531    Module: C:\Windows\System32\normaliz.dll  **SUSPICIOUS**
17:05:22.687    Module: C:\Windows\System32\crypt32.dll  **SUSPICIOUS**
17:05:22.765    Module: C:\Windows\System32\KernelBase.dll  **SUSPICIOUS**
17:05:22.843    Module: C:\Windows\System32\wintrust.dll  **SUSPICIOUS**
17:05:23.061    Module: C:\Windows\System32\msasn1.dll  **SUSPICIOUS**
17:05:23.077    Disk 0 trace - called modules:
17:05:23.092    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
17:05:23.108    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87f803d8]
17:05:23.108    3 CLASSPNP.SYS[8c17959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x863cd028]
17:05:24.356    AVAST engine scan C:\Windows
17:05:26.556    AVAST engine scan C:\Windows\system32
17:07:54.678    AVAST engine scan C:\Windows\system32\drivers
17:08:05.707    AVAST engine scan C:\Users\KAISER
17:09:54.892    File: C:\Users\KAISER\AppData\Local\Temp\{15B06-12DF324-12DF724}  **INFECTED** Win32:Malware-gen
17:09:59.119    File: C:\Users\KAISER\AppData\Local\Temp\{D0B9-B8F2A8-B8F6A8}  **INFECTED** Win32:Malware-gen
17:10:37.199    File: C:\Users\KAISER\AppData\Roaming\Szryiyi\!uvrorotywb!.xxe  **INFECTED** Win32:Carberp-ANH [Trj]
17:16:08.279    AVAST engine scan C:\ProgramData
17:17:16.935    Scan finished successfully
18:21:28.593    Disk 0 MBR has been saved successfully to "C:\Users\KAISER\Documents\Virusablage\aswbrd_01\MBR.dat"
18:21:28.609    The log file has been saved successfully to "C:\Users\KAISER\Documents\Virusablage\aswbrd_01\aswMBRerstablage.txt"
Log vom TSSKiller folgt - Datei scheint zu groß zu werden.

Hoffentlich hab ich das alles richtig gemacht. Verstanden hab ich das ja nicht.



Vielen Dank
jf27

Alt 19.03.2013, 19:46   #8
jf27
 
Verschlüsselungstrojaner 2maliges Auftreten - Standard

Verschlüsselungstrojaner 2maliges Auftreten


TDSSKILLER-LOG Teil1

Code:
ATTFilter
19:04:39.0825 2296  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:04:40.0169 2296  ============================================================
19:04:40.0169 2296  Current date / time: 2013/03/19 19:04:40.0169
19:04:40.0169 2296  SystemInfo:
19:04:40.0169 2296  
19:04:40.0169 2296  OS Version: 6.1.7600 ServicePack: 0.0
19:04:40.0169 2296  Product type: Workstation
19:04:40.0169 2296  ComputerName: KAICOM
19:04:40.0169 2296  UserName: KAISER
19:04:40.0169 2296  Windows directory: C:\Windows
19:04:40.0169 2296  System windows directory: C:\Windows
19:04:40.0169 2296  Processor architecture: Intel x86
19:04:40.0169 2296  Number of processors: 4
19:04:40.0169 2296  Page size: 0x1000
19:04:40.0169 2296  Boot type: Normal boot
19:04:40.0169 2296  ============================================================
19:04:40.0715 2296  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:04:40.0715 2296  ============================================================
19:04:40.0715 2296  \Device\Harddisk0\DR0:
19:04:40.0715 2296  MBR partitions:
19:04:40.0715 2296  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:04:40.0715 2296  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35152000
19:04:40.0715 2296  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x35184800, BlocksNum 0x5000000
19:04:40.0715 2296  ============================================================
19:04:40.0761 2296  C: <-> \Device\Harddisk0\DR0\Partition2
19:04:40.0808 2296  D: <-> \Device\Harddisk0\DR0\Partition3
19:04:40.0808 2296  ============================================================
19:04:40.0808 2296  Initialize success
19:04:40.0808 2296  ============================================================
19:08:03.0187 3960  ============================================================
19:08:03.0187 3960  Scan started
19:08:03.0187 3960  Mode: Manual; SigCheck; TDLFS; 
19:08:03.0187 3960  ============================================================
19:08:03.0718 3960  ================ Scan system memory ========================
19:08:03.0718 3960  System memory - ok
19:08:03.0718 3960  ================ Scan services =============================
19:08:03.0998 3960  [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
19:08:04.0045 3960  1394ohci ( UnsignedFile.Multi.Generic ) - warning
19:08:04.0045 3960  1394ohci - detected UnsignedFile.Multi.Generic (1)
19:08:04.0076 3960  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
19:08:04.0108 3960  ACPI - ok
19:08:04.0139 3960  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
19:08:04.0154 3960  AcpiPmi ( UnsignedFile.Multi.Generic ) - warning
19:08:04.0154 3960  AcpiPmi - detected UnsignedFile.Multi.Generic (1)
19:08:04.0264 3960  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:08:04.0295 3960  AdobeFlashPlayerUpdateSvc - ok
19:08:04.0357 3960  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:08:04.0388 3960  adp94xx - ok
19:08:04.0435 3960  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:08:04.0451 3960  adpahci - ok
19:08:04.0482 3960  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:08:04.0498 3960  adpu320 - ok
19:08:04.0513 3960  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:08:04.0529 3960  AeLookupSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:04.0529 3960  AeLookupSvc - detected UnsignedFile.Multi.Generic (1)
19:08:04.0576 3960  [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD             C:\Windows\system32\drivers\afd.sys
19:08:04.0622 3960  AFD ( UnsignedFile.Multi.Generic ) - warning
19:08:04.0622 3960  AFD - detected UnsignedFile.Multi.Generic (1)
19:08:04.0638 3960  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
19:08:04.0654 3960  agp440 - ok
19:08:04.0685 3960  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
19:08:04.0700 3960  aic78xx - ok
19:08:04.0716 3960  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
19:08:04.0747 3960  ALG ( UnsignedFile.Multi.Generic ) - warning
19:08:04.0747 3960  ALG - detected UnsignedFile.Multi.Generic (1)
19:08:04.0747 3960  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
19:08:04.0763 3960  aliide - ok
19:08:04.0778 3960  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
19:08:04.0794 3960  amdagp - ok
19:08:04.0810 3960  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
19:08:04.0825 3960  amdide - ok
19:08:04.0841 3960  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:08:04.0856 3960  AmdK8 ( UnsignedFile.Multi.Generic ) - warning
19:08:04.0856 3960  AmdK8 - detected UnsignedFile.Multi.Generic (1)
19:08:04.0872 3960  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:08:04.0888 3960  AmdPPM ( UnsignedFile.Multi.Generic ) - warning
19:08:04.0888 3960  AmdPPM - detected UnsignedFile.Multi.Generic (1)
19:08:04.0919 3960  [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:08:04.0919 3960  amdsata - ok
19:08:04.0950 3960  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:08:04.0966 3960  amdsbs - ok
19:08:04.0981 3960  [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:08:04.0997 3960  amdxata - ok
19:08:05.0028 3960  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID           C:\Windows\system32\drivers\appid.sys
19:08:05.0044 3960  AppID ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0044 3960  AppID - detected UnsignedFile.Multi.Generic (1)
19:08:05.0090 3960  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:08:05.0106 3960  AppIDSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0106 3960  AppIDSvc - detected UnsignedFile.Multi.Generic (1)
19:08:05.0137 3960  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo         C:\Windows\System32\appinfo.dll
19:08:05.0153 3960  Appinfo ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0153 3960  Appinfo - detected UnsignedFile.Multi.Generic (1)
19:08:05.0184 3960  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:08:05.0200 3960  arc - ok
19:08:05.0215 3960  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:08:05.0231 3960  arcsas - ok
19:08:05.0246 3960  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:08:05.0262 3960  AsyncMac ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0262 3960  AsyncMac - detected UnsignedFile.Multi.Generic (1)
19:08:05.0278 3960  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
19:08:05.0293 3960  atapi - ok
19:08:05.0340 3960  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:08:05.0371 3960  AudioEndpointBuilder ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0387 3960  AudioEndpointBuilder - detected UnsignedFile.Multi.Generic (1)
19:08:05.0402 3960  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:08:05.0418 3960  Audiosrv ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0418 3960  Audiosrv - detected UnsignedFile.Multi.Generic (1)
19:08:05.0465 3960  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:08:05.0480 3960  AxInstSV ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0480 3960  AxInstSV - detected UnsignedFile.Multi.Generic (1)
19:08:05.0543 3960  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
19:08:05.0574 3960  b06bdrv ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0574 3960  b06bdrv - detected UnsignedFile.Multi.Generic (1)
19:08:05.0621 3960  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
19:08:05.0636 3960  b57nd60x ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0636 3960  b57nd60x - detected UnsignedFile.Multi.Generic (1)
19:08:05.0761 3960  [ 483F1162EEEBD10BF77FBB32DB963370 ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
19:08:05.0792 3960  BBSvc - ok
19:08:05.0839 3960  [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate        C:\Program Files\Microsoft\BingBar\SeaPort.EXE
19:08:05.0855 3960  BBUpdate - ok
19:08:05.0902 3960  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:08:05.0917 3960  BDESVC ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0917 3960  BDESVC - detected UnsignedFile.Multi.Generic (1)
19:08:05.0948 3960  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:08:05.0964 3960  Beep ( UnsignedFile.Multi.Generic ) - warning
19:08:05.0964 3960  Beep - detected UnsignedFile.Multi.Generic (1)
19:08:06.0026 3960  [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE             C:\Windows\System32\bfe.dll
19:08:06.0058 3960  BFE ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0058 3960  BFE - detected UnsignedFile.Multi.Generic (1)
19:08:06.0104 3960  [ 53F476476F55A27F580661BDE09C4EC4 ] BITS            C:\Windows\System32\qmgr.dll
19:08:06.0136 3960  BITS ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0136 3960  BITS - detected UnsignedFile.Multi.Generic (1)
19:08:06.0151 3960  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:08:06.0167 3960  blbdrive ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0167 3960  blbdrive - detected UnsignedFile.Multi.Generic (1)
19:08:06.0198 3960  [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:08:06.0214 3960  bowser ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0214 3960  bowser - detected UnsignedFile.Multi.Generic (1)
19:08:06.0214 3960  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:08:06.0229 3960  BrFiltLo ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0229 3960  BrFiltLo - detected UnsignedFile.Multi.Generic (1)
19:08:06.0245 3960  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:08:06.0260 3960  BrFiltUp ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0260 3960  BrFiltUp - detected UnsignedFile.Multi.Generic (1)
19:08:06.0276 3960  [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser         C:\Windows\System32\browser.dll
19:08:06.0307 3960  Browser ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0307 3960  Browser - detected UnsignedFile.Multi.Generic (1)
19:08:06.0323 3960  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:08:06.0338 3960  Brserid ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0338 3960  Brserid - detected UnsignedFile.Multi.Generic (1)
19:08:06.0370 3960  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:08:06.0385 3960  BrSerWdm ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0385 3960  BrSerWdm - detected UnsignedFile.Multi.Generic (1)
19:08:06.0401 3960  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:08:06.0416 3960  BrUsbMdm ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0416 3960  BrUsbMdm - detected UnsignedFile.Multi.Generic (1)
19:08:06.0416 3960  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:08:06.0432 3960  BrUsbSer ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0432 3960  BrUsbSer - detected UnsignedFile.Multi.Generic (1)
19:08:06.0448 3960  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:08:06.0463 3960  BTHMODEM ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0463 3960  BTHMODEM - detected UnsignedFile.Multi.Generic (1)
19:08:06.0526 3960  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
19:08:06.0557 3960  bthserv ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0557 3960  bthserv - detected UnsignedFile.Multi.Generic (1)
19:08:06.0572 3960  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:08:06.0604 3960  cdfs ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0604 3960  cdfs - detected UnsignedFile.Multi.Generic (1)
19:08:06.0635 3960  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:08:06.0650 3960  cdrom ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0650 3960  cdrom - detected UnsignedFile.Multi.Generic (1)
19:08:06.0697 3960  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:08:06.0728 3960  CertPropSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0728 3960  CertPropSvc - detected UnsignedFile.Multi.Generic (1)
19:08:06.0728 3960  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:08:06.0744 3960  circlass ( UnsignedFile.Multi.Generic ) - warning
19:08:06.0744 3960  circlass - detected UnsignedFile.Multi.Generic (1)
19:08:06.0775 3960  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
19:08:06.0791 3960  CLFS - ok
19:08:06.0853 3960  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:08:06.0884 3960  clr_optimization_v2.0.50727_32 - ok
19:08:06.0962 3960  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:08:06.0978 3960  clr_optimization_v4.0.30319_32 - ok
19:08:07.0009 3960  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:08:07.0025 3960  CmBatt ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0025 3960  CmBatt - detected UnsignedFile.Multi.Generic (1)
19:08:07.0040 3960  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
19:08:07.0056 3960  cmdide - ok
19:08:07.0103 3960  [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:08:07.0134 3960  CNG - ok
19:08:07.0165 3960  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:08:07.0181 3960  Compbatt - ok
19:08:07.0228 3960  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:08:07.0243 3960  CompositeBus ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0243 3960  CompositeBus - detected UnsignedFile.Multi.Generic (1)
19:08:07.0259 3960  COMSysApp - ok
19:08:07.0274 3960  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:08:07.0290 3960  crcdisk - ok
19:08:07.0321 3960  [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:08:07.0352 3960  CryptSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0352 3960  CryptSvc - detected UnsignedFile.Multi.Generic (1)
19:08:07.0399 3960  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:08:07.0430 3960  DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0430 3960  DcomLaunch - detected UnsignedFile.Multi.Generic (1)
19:08:07.0446 3960  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:08:07.0477 3960  defragsvc ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0477 3960  defragsvc - detected UnsignedFile.Multi.Generic (1)
19:08:07.0524 3960  [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:08:07.0540 3960  DfsC ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0540 3960  DfsC - detected UnsignedFile.Multi.Generic (1)
19:08:07.0602 3960  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:08:07.0633 3960  Dhcp ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0633 3960  Dhcp - detected UnsignedFile.Multi.Generic (1)
19:08:07.0649 3960  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
19:08:07.0664 3960  discache ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0664 3960  discache - detected UnsignedFile.Multi.Generic (1)
19:08:07.0696 3960  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:08:07.0711 3960  Disk - ok
19:08:07.0727 3960  [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:08:07.0742 3960  Dnscache ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0742 3960  Dnscache - detected UnsignedFile.Multi.Generic (1)
19:08:07.0774 3960  [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:08:07.0805 3960  dot3svc ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0805 3960  dot3svc - detected UnsignedFile.Multi.Generic (1)
19:08:07.0820 3960  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS             C:\Windows\system32\dps.dll
19:08:07.0836 3960  DPS ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0836 3960  DPS - detected UnsignedFile.Multi.Generic (1)
19:08:07.0852 3960  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:08:07.0867 3960  drmkaud ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0867 3960  drmkaud - detected UnsignedFile.Multi.Generic (1)
19:08:07.0898 3960  [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:08:07.0930 3960  DXGKrnl - ok
19:08:07.0976 3960  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
19:08:07.0992 3960  EapHost ( UnsignedFile.Multi.Generic ) - warning
19:08:07.0992 3960  EapHost - detected UnsignedFile.Multi.Generic (1)
19:08:08.0086 3960  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
19:08:08.0210 3960  ebdrv ( UnsignedFile.Multi.Generic ) - warning
19:08:08.0210 3960  ebdrv - detected UnsignedFile.Multi.Generic (1)
19:08:08.0273 3960  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS             C:\Windows\System32\lsass.exe
19:08:08.0288 3960  EFS ( UnsignedFile.Multi.Generic ) - warning
19:08:08.0288 3960  EFS - detected UnsignedFile.Multi.Generic (1)
19:08:08.0351 3960  [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:08:08.0398 3960  ehRecvr ( UnsignedFile.Multi.Generic ) - warning
19:08:08.0398 3960  ehRecvr - detected UnsignedFile.Multi.Generic (1)
19:08:08.0429 3960  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
19:08:08.0444 3960  ehSched ( UnsignedFile.Multi.Generic ) - warning
19:08:08.0444 3960  ehSched - detected UnsignedFile.Multi.Generic (1)
19:08:08.0476 3960  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:08:08.0507 3960  elxstor - ok
19:08:08.0538 3960  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
19:08:08.0554 3960  ErrDev ( UnsignedFile.Multi.Generic ) - warning
19:08:08.0554 3960  ErrDev - detected UnsignedFile.Multi.Generic (1)
19:08:08.0585 3960  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
19:08:08.0616 3960  EventSystem ( UnsignedFile.Multi.Generic ) - warning
19:08:08.0616 3960  EventSystem - detected UnsignedFile.Multi.Generic (1)
19:08:08.0647 3960  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
19:08:08.0678 3960  exfat ( UnsignedFile.Multi.Generic ) - warning
19:08:08.0678 3960  exfat - detected UnsignedFile.Multi.Generic (1)
19:08:08.0741 3960  Fabs - ok
19:08:08.0772 3960  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:08:08.0803 3960  fastfat ( UnsignedFile.Multi.Generic ) - warning
19:08:08.0803 3960  fastfat - detected UnsignedFile.Multi.Generic (1)
19:08:08.0850 3960  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax             C:\Windows\system32\fxssvc.exe
19:08:08.0881 3960  Fax ( UnsignedFile.Multi.Generic ) - warning
19:08:08.0881 3960  Fax - detected UnsignedFile.Multi.Generic (1)
19:08:08.0928 3960  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:08:08.0944 3960  fdc ( UnsignedFile.Multi.Generic ) - warning
19:08:08.0944 3960  fdc - detected UnsignedFile.Multi.Generic (1)
19:08:08.0975 3960  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
19:08:08.0990 3960  fdPHost ( UnsignedFile.Multi.Generic ) - warning
19:08:08.0990 3960  fdPHost - detected UnsignedFile.Multi.Generic (1)
19:08:09.0006 3960  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
19:08:09.0022 3960  FDResPub ( UnsignedFile.Multi.Generic ) - warning
19:08:09.0022 3960  FDResPub - detected UnsignedFile.Multi.Generic (1)
19:08:09.0037 3960  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:08:09.0037 3960  FileInfo - ok
19:08:09.0053 3960  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:08:09.0068 3960  Filetrace ( UnsignedFile.Multi.Generic ) - warning
19:08:09.0068 3960  Filetrace - detected UnsignedFile.Multi.Generic (1)
19:08:09.0162 3960  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
19:08:09.0271 3960  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
19:08:09.0271 3960  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
19:08:09.0302 3960  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:08:09.0318 3960  flpydisk ( UnsignedFile.Multi.Generic ) - warning
19:08:09.0318 3960  flpydisk - detected UnsignedFile.Multi.Generic (1)
19:08:09.0349 3960  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:08:09.0380 3960  FltMgr - ok
19:08:09.0443 3960  [ 7FE4995528A7529A761875151EE3D512 ] FontCache       C:\Windows\system32\FntCache.dll
19:08:09.0490 3960  FontCache ( UnsignedFile.Multi.Generic ) - warning
19:08:09.0490 3960  FontCache - detected UnsignedFile.Multi.Generic (1)
19:08:09.0568 3960  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:08:09.0583 3960  FontCache3.0.0.0 - ok
19:08:09.0599 3960  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:08:09.0614 3960  FsDepends - ok
19:08:09.0661 3960  [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:08:09.0677 3960  Fs_Rec - ok
19:08:09.0692 3960  [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:08:09.0708 3960  fvevol - ok
19:08:09.0724 3960  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:08:09.0739 3960  gagp30kx - ok
19:08:09.0802 3960  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc           C:\Windows\System32\gpsvc.dll
19:08:09.0833 3960  gpsvc ( UnsignedFile.Multi.Generic ) - warning
19:08:09.0833 3960  gpsvc - detected UnsignedFile.Multi.Generic (1)
19:08:09.0848 3960  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:08:09.0864 3960  hcw85cir ( UnsignedFile.Multi.Generic ) - warning
19:08:09.0864 3960  hcw85cir - detected UnsignedFile.Multi.Generic (1)
19:08:09.0895 3960  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:08:09.0911 3960  HdAudAddService ( UnsignedFile.Multi.Generic ) - warning
19:08:09.0911 3960  HdAudAddService - detected UnsignedFile.Multi.Generic (1)
19:08:09.0942 3960  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:08:09.0958 3960  HDAudBus ( UnsignedFile.Multi.Generic ) - warning
19:08:09.0958 3960  HDAudBus - detected UnsignedFile.Multi.Generic (1)
19:08:10.0004 3960  [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
19:08:10.0020 3960  HECI ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0020 3960  HECI - detected UnsignedFile.Multi.Generic (1)
19:08:10.0036 3960  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:08:10.0051 3960  HidBatt ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0051 3960  HidBatt - detected UnsignedFile.Multi.Generic (1)
19:08:10.0067 3960  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:08:10.0082 3960  HidBth ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0082 3960  HidBth - detected UnsignedFile.Multi.Generic (1)
19:08:10.0114 3960  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:08:10.0129 3960  HidIr ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0129 3960  HidIr - detected UnsignedFile.Multi.Generic (1)
19:08:10.0160 3960  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
19:08:10.0176 3960  hidserv ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0176 3960  hidserv - detected UnsignedFile.Multi.Generic (1)
19:08:10.0223 3960  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:08:10.0254 3960  HidUsb ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0254 3960  HidUsb - detected UnsignedFile.Multi.Generic (1)
19:08:10.0301 3960  [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:08:10.0332 3960  hkmsvc ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0332 3960  hkmsvc - detected UnsignedFile.Multi.Generic (1)
19:08:10.0363 3960  [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:08:10.0394 3960  HomeGroupListener ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0394 3960  HomeGroupListener - detected UnsignedFile.Multi.Generic (1)
19:08:10.0426 3960  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:08:10.0441 3960  HomeGroupProvider ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0441 3960  HomeGroupProvider - detected UnsignedFile.Multi.Generic (1)
19:08:10.0457 3960  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
19:08:10.0472 3960  HpSAMD - ok
19:08:10.0504 3960  [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:08:10.0535 3960  HTTP ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0535 3960  HTTP - detected UnsignedFile.Multi.Generic (1)
19:08:10.0535 3960  [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:08:10.0550 3960  hwpolicy - ok
19:08:10.0582 3960  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:08:10.0597 3960  i8042prt ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0597 3960  i8042prt - detected UnsignedFile.Multi.Generic (1)
19:08:10.0644 3960  [ D5EDB998656E6ECF1A17C78DAB019A3C ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:08:10.0660 3960  iaStor - ok
19:08:10.0706 3960  [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:08:10.0706 3960  IAStorDataMgrSvc - ok
19:08:10.0722 3960  [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:08:10.0738 3960  iaStorV - ok
19:08:10.0800 3960  [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:08:10.0831 3960  idsvc - ok
19:08:11.0034 3960  [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
19:08:11.0284 3960  igfx ( UnsignedFile.Multi.Generic ) - warning
19:08:11.0284 3960  igfx - detected UnsignedFile.Multi.Generic (1)
19:08:11.0330 3960  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:08:11.0346 3960  iirsp - ok
19:08:11.0393 3960  [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:08:11.0424 3960  IKEEXT ( UnsignedFile.Multi.Generic ) - warning
19:08:11.0424 3960  IKEEXT - detected UnsignedFile.Multi.Generic (1)
19:08:11.0455 3960  [ 2DB41BA61D5E44D0667CF126D35DCF34 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
19:08:11.0471 3960  Impcd ( UnsignedFile.Multi.Generic ) - warning
19:08:11.0471 3960  Impcd - detected UnsignedFile.Multi.Generic (1)
19:08:11.0564 3960  [ 8C513F0F34CBA1E146922562BEA4C7A1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:08:11.0674 3960  IntcAzAudAddService - ok
19:08:11.0720 3960  [ 29061F25ABB6E60A5B49FBEED7A5698A ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
19:08:11.0736 3960  IntcDAud ( UnsignedFile.Multi.Generic ) - warning
19:08:11.0736 3960  IntcDAud - detected UnsignedFile.Multi.Generic (1)
19:08:11.0767 3960  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
19:08:11.0783 3960  intelide - ok
19:08:11.0814 3960  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:08:11.0830 3960  intelppm ( UnsignedFile.Multi.Generic ) - warning
19:08:11.0830 3960  intelppm - detected UnsignedFile.Multi.Generic (1)
19:08:11.0861 3960  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:08:11.0876 3960  IPBusEnum ( UnsignedFile.Multi.Generic ) - warning
19:08:11.0876 3960  IPBusEnum - detected UnsignedFile.Multi.Generic (1)
19:08:11.0892 3960  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:08:11.0908 3960  IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning
19:08:11.0908 3960  IpFilterDriver - detected UnsignedFile.Multi.Generic (1)
19:08:11.0954 3960  [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:08:12.0001 3960  iphlpsvc ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0001 3960  iphlpsvc - detected UnsignedFile.Multi.Generic (1)
19:08:12.0017 3960  [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:08:12.0032 3960  IPMIDRV ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0032 3960  IPMIDRV - detected UnsignedFile.Multi.Generic (1)
19:08:12.0048 3960  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:08:12.0064 3960  IPNAT ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0064 3960  IPNAT - detected UnsignedFile.Multi.Generic (1)
19:08:12.0079 3960  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:08:12.0095 3960  IRENUM ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0095 3960  IRENUM - detected UnsignedFile.Multi.Generic (1)
19:08:12.0110 3960  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
19:08:12.0110 3960  isapnp - ok
19:08:12.0157 3960  [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:08:12.0173 3960  iScsiPrt - ok
19:08:12.0204 3960  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:08:12.0220 3960  kbdclass - ok
19:08:12.0235 3960  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:08:12.0251 3960  kbdhid ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0251 3960  kbdhid - detected UnsignedFile.Multi.Generic (1)
19:08:12.0266 3960  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso          C:\Windows\system32\lsass.exe
19:08:12.0282 3960  KeyIso ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0282 3960  KeyIso - detected UnsignedFile.Multi.Generic (1)
19:08:12.0298 3960  [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:08:12.0313 3960  KSecDD - ok
19:08:12.0329 3960  [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:08:12.0344 3960  KSecPkg - ok
19:08:12.0391 3960  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:08:12.0407 3960  KtmRm ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0407 3960  KtmRm - detected UnsignedFile.Multi.Generic (1)
19:08:12.0454 3960  [ 3705B2273E8EFC9A707864AB7324B614 ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys
19:08:12.0469 3960  L1C ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0469 3960  L1C - detected UnsignedFile.Multi.Generic (1)
19:08:12.0500 3960  [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:08:12.0516 3960  LanmanServer ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0516 3960  LanmanServer - detected UnsignedFile.Multi.Generic (1)
19:08:12.0547 3960  [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:08:12.0563 3960  LanmanWorkstation ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0563 3960  LanmanWorkstation - detected UnsignedFile.Multi.Generic (1)
19:08:12.0594 3960  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:08:12.0610 3960  lltdio ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0610 3960  lltdio - detected UnsignedFile.Multi.Generic (1)
19:08:12.0641 3960  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:08:12.0656 3960  lltdsvc ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0656 3960  lltdsvc - detected UnsignedFile.Multi.Generic (1)
19:08:12.0672 3960  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:08:12.0688 3960  lmhosts ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0688 3960  lmhosts - detected UnsignedFile.Multi.Generic (1)
19:08:12.0734 3960  [ 1E2F802846EB944E0333EFEE7C9532A8 ] LMS             C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:08:12.0750 3960  LMS - ok
19:08:12.0797 3960  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:08:12.0812 3960  LSI_FC - ok
19:08:12.0844 3960  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:08:12.0844 3960  LSI_SAS - ok
19:08:12.0875 3960  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:08:12.0875 3960  LSI_SAS2 - ok
19:08:12.0922 3960  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:08:12.0922 3960  LSI_SCSI - ok
19:08:12.0953 3960  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
19:08:12.0968 3960  luafv ( UnsignedFile.Multi.Generic ) - warning
19:08:12.0968 3960  luafv - detected UnsignedFile.Multi.Generic (1)
19:08:13.0015 3960  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
19:08:13.0031 3960  MBAMProtector - ok
19:08:13.0078 3960  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:08:13.0093 3960  MBAMScheduler - ok
19:08:13.0156 3960  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:08:13.0187 3960  MBAMService - ok
19:08:13.0265 3960  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
19:08:13.0280 3960  McComponentHostService - ok
19:08:13.0358 3960  [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:08:13.0390 3960  Mcx2Svc ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0390 3960  Mcx2Svc - detected UnsignedFile.Multi.Generic (1)
19:08:13.0421 3960  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:08:13.0436 3960  megasas - ok
19:08:13.0483 3960  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:08:13.0514 3960  MegaSR - ok
19:08:13.0530 3960  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
19:08:13.0561 3960  MMCSS ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0561 3960  MMCSS - detected UnsignedFile.Multi.Generic (1)
19:08:13.0577 3960  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
19:08:13.0592 3960  Modem ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0592 3960  Modem - detected UnsignedFile.Multi.Generic (1)
19:08:13.0608 3960  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:08:13.0624 3960  monitor ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0624 3960  monitor - detected UnsignedFile.Multi.Generic (1)
19:08:13.0670 3960  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:08:13.0686 3960  mouclass - ok
19:08:13.0702 3960  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:08:13.0717 3960  mouhid ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0717 3960  mouhid - detected UnsignedFile.Multi.Generic (1)
19:08:13.0748 3960  [ 921C18727C5920D6C0300736646931C2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:08:13.0764 3960  mountmgr - ok
19:08:13.0858 3960  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:08:13.0873 3960  MozillaMaintenance - ok
19:08:13.0904 3960  [ 2AF5997438C55FB79D33D015C30E1974 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
19:08:13.0920 3960  mpio - ok
19:08:13.0936 3960  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:08:13.0951 3960  mpsdrv ( UnsignedFile.Multi.Generic ) - warning
19:08:13.0951 3960  mpsdrv - detected UnsignedFile.Multi.Generic (1)
19:08:13.0982 3960  [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:08:14.0014 3960  MpsSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0014 3960  MpsSvc - detected UnsignedFile.Multi.Generic (1)
19:08:14.0060 3960  [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:08:14.0076 3960  MRxDAV ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0076 3960  MRxDAV - detected UnsignedFile.Multi.Generic (1)
19:08:14.0092 3960  [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:08:14.0107 3960  mrxsmb ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0107 3960  mrxsmb - detected UnsignedFile.Multi.Generic (1)
19:08:14.0123 3960  [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:08:14.0138 3960  mrxsmb10 ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0138 3960  mrxsmb10 - detected UnsignedFile.Multi.Generic (1)
19:08:14.0154 3960  [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:08:14.0170 3960  mrxsmb20 ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0170 3960  mrxsmb20 - detected UnsignedFile.Multi.Generic (1)
19:08:14.0185 3960  [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
19:08:14.0201 3960  msahci - ok
19:08:14.0216 3960  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
19:08:14.0232 3960  msdsm - ok
19:08:14.0248 3960  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
19:08:14.0279 3960  MSDTC ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0279 3960  MSDTC - detected UnsignedFile.Multi.Generic (1)
19:08:14.0310 3960  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:08:14.0326 3960  Msfs ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0326 3960  Msfs - detected UnsignedFile.Multi.Generic (1)
19:08:14.0341 3960  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:08:14.0357 3960  mshidkmdf ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0357 3960  mshidkmdf - detected UnsignedFile.Multi.Generic (1)
19:08:14.0372 3960  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
19:08:14.0388 3960  msisadrv - ok
19:08:14.0404 3960  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:08:14.0435 3960  MSiSCSI ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0435 3960  MSiSCSI - detected UnsignedFile.Multi.Generic (1)
19:08:14.0435 3960  msiserver - ok
19:08:14.0450 3960  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:08:14.0482 3960  MSKSSRV ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0482 3960  MSKSSRV - detected UnsignedFile.Multi.Generic (1)
19:08:14.0482 3960  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:08:14.0497 3960  MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0497 3960  MSPCLOCK - detected UnsignedFile.Multi.Generic (1)
19:08:14.0497 3960  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:08:14.0513 3960  MSPQM ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0513 3960  MSPQM - detected UnsignedFile.Multi.Generic (1)
19:08:14.0544 3960  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:08:14.0560 3960  MsRPC - ok
19:08:14.0606 3960  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:08:14.0606 3960  mssmbios - ok
19:08:14.0622 3960  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:08:14.0638 3960  MSTEE ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0638 3960  MSTEE - detected UnsignedFile.Multi.Generic (1)
19:08:14.0684 3960  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:08:14.0716 3960  MTConfig ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0716 3960  MTConfig - detected UnsignedFile.Multi.Generic (1)
19:08:14.0731 3960  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:08:14.0747 3960  Mup - ok
19:08:14.0794 3960  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent        C:\Windows\system32\qagentRT.dll
19:08:14.0825 3960  napagent ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0825 3960  napagent - detected UnsignedFile.Multi.Generic (1)
19:08:14.0856 3960  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:08:14.0887 3960  NativeWifiP ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0887 3960  NativeWifiP - detected UnsignedFile.Multi.Generic (1)
19:08:14.0918 3960  [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:08:14.0950 3960  NDIS - ok
19:08:14.0965 3960  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:08:14.0981 3960  NdisCap ( UnsignedFile.Multi.Generic ) - warning
19:08:14.0981 3960  NdisCap - detected UnsignedFile.Multi.Generic (1)
19:08:14.0996 3960  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:08:15.0012 3960  NdisTapi ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0012 3960  NdisTapi - detected UnsignedFile.Multi.Generic (1)
19:08:15.0043 3960  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:08:15.0059 3960  Ndisuio ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0059 3960  Ndisuio - detected UnsignedFile.Multi.Generic (1)
19:08:15.0059 3960  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:08:15.0090 3960  NdisWan ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0090 3960  NdisWan - detected UnsignedFile.Multi.Generic (1)
19:08:15.0106 3960  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:08:15.0121 3960  NDProxy ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0121 3960  NDProxy - detected UnsignedFile.Multi.Generic (1)
19:08:15.0121 3960  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:08:15.0137 3960  NetBIOS ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0137 3960  NetBIOS - detected UnsignedFile.Multi.Generic (1)
19:08:15.0168 3960  [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:08:15.0184 3960  NetBT ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0184 3960  NetBT - detected UnsignedFile.Multi.Generic (1)
19:08:15.0184 3960  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon        C:\Windows\system32\lsass.exe
19:08:15.0199 3960  Netlogon ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0199 3960  Netlogon - detected UnsignedFile.Multi.Generic (1)
19:08:15.0262 3960  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
19:08:15.0293 3960  Netman ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0293 3960  Netman - detected UnsignedFile.Multi.Generic (1)
19:08:15.0308 3960  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
19:08:15.0340 3960  netprofm ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0340 3960  netprofm - detected UnsignedFile.Multi.Generic (1)
19:08:15.0371 3960  [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:08:15.0386 3960  NetTcpPortSharing - ok
19:08:15.0418 3960  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:08:15.0418 3960  nfrd960 - ok
19:08:15.0464 3960  [ 2226496E34BD40734946A054B1CD657F ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:08:15.0480 3960  NlaSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0480 3960  NlaSvc - detected UnsignedFile.Multi.Generic (1)
19:08:15.0496 3960  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:08:15.0511 3960  Npfs ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0511 3960  Npfs - detected UnsignedFile.Multi.Generic (1)
19:08:15.0527 3960  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
19:08:15.0542 3960  nsi ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0542 3960  nsi - detected UnsignedFile.Multi.Generic (1)
19:08:15.0542 3960  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:08:15.0558 3960  nsiproxy ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0558 3960  nsiproxy - detected UnsignedFile.Multi.Generic (1)
19:08:15.0652 3960  [ 5126C5402C730C2A953275D8497A4715 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:08:15.0714 3960  Ntfs - ok
19:08:15.0730 3960  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
19:08:15.0730 3960  Null ( UnsignedFile.Multi.Generic ) - warning
19:08:15.0730 3960  Null - detected UnsignedFile.Multi.Generic (1)
19:08:15.0948 3960  [ 79E32439C1BFF32890BF47724C3074FF ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:08:16.0276 3960  nvlddmkm - ok
19:08:16.0322 3960  [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:08:16.0338 3960  nvraid - ok
19:08:16.0354 3960  [ 4520B63899E867F354EE012D34E11536 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:08:16.0354 3960  nvstor - ok
19:08:16.0416 3960  [ 4878BAEB44A818E8C094809082D52E08 ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:08:16.0432 3960  nvsvc - ok
19:08:16.0463 3960  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
19:08:16.0478 3960  nv_agp - ok
19:08:16.0556 3960  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:08:16.0572 3960  odserv - ok
19:08:16.0588 3960  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:08:16.0603 3960  ohci1394 ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0603 3960  ohci1394 - detected UnsignedFile.Multi.Generic (1)
19:08:16.0650 3960  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:08:16.0650 3960  ose - ok
19:08:16.0681 3960  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:08:16.0697 3960  p2pimsvc ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0697 3960  p2pimsvc - detected UnsignedFile.Multi.Generic (1)
19:08:16.0728 3960  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:08:16.0744 3960  p2psvc ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0744 3960  p2psvc - detected UnsignedFile.Multi.Generic (1)
19:08:16.0775 3960  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:08:16.0790 3960  Parport ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0790 3960  Parport - detected UnsignedFile.Multi.Generic (1)
19:08:16.0806 3960  [ 66D3415C159741ADE7038A277EFFF99F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:08:16.0822 3960  partmgr - ok
19:08:16.0853 3960  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
19:08:16.0868 3960  Parvdm ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0868 3960  Parvdm - detected UnsignedFile.Multi.Generic (1)
19:08:16.0868 3960  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:08:16.0900 3960  PcaSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:16.0900 3960  PcaSvc - detected UnsignedFile.Multi.Generic (1)
19:08:16.0900 3960  [ C858CB77C577780ECC456A892E7E7D0F ] pci             C:\Windows\system32\DRIVERS\pci.sys
19:08:16.0915 3960  pci - ok
19:08:16.0946 3960  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
19:08:16.0962 3960  pciide - ok
19:08:16.0993 3960  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:08:17.0009 3960  pcmcia - ok
19:08:17.0024 3960  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
19:08:17.0040 3960  pcw - ok
19:08:17.0056 3960  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:08:17.0087 3960  PEAUTH ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0087 3960  PEAUTH - detected UnsignedFile.Multi.Generic (1)
19:08:17.0149 3960  [ 9C1BFF7910C89A1D12E57343475840CB ] pla             C:\Windows\system32\pla.dll
19:08:17.0212 3960  pla ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0212 3960  pla - detected UnsignedFile.Multi.Generic (1)
19:08:17.0274 3960  [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:08:17.0305 3960  PlugPlay ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0305 3960  PlugPlay - detected UnsignedFile.Multi.Generic (1)
19:08:17.0336 3960  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:08:17.0352 3960  PNRPAutoReg ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0352 3960  PNRPAutoReg - detected UnsignedFile.Multi.Generic (1)
19:08:17.0368 3960  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:08:17.0399 3960  PNRPsvc ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0399 3960  PNRPsvc - detected UnsignedFile.Multi.Generic (1)
19:08:17.0461 3960  [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:08:17.0492 3960  PolicyAgent ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0492 3960  PolicyAgent - detected UnsignedFile.Multi.Generic (1)
19:08:17.0524 3960  [ DBFF83F709A91049621C1D35DD45C92C ] Power           C:\Windows\system32\umpo.dll
19:08:17.0555 3960  Power ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0555 3960  Power - detected UnsignedFile.Multi.Generic (1)
19:08:17.0586 3960  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:08:17.0602 3960  PptpMiniport ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0602 3960  PptpMiniport - detected UnsignedFile.Multi.Generic (1)
19:08:17.0617 3960  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:08:17.0633 3960  Processor ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0633 3960  Processor - detected UnsignedFile.Multi.Generic (1)
19:08:17.0680 3960  [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc         C:\Windows\system32\profsvc.dll
19:08:17.0695 3960  ProfSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0695 3960  ProfSvc - detected UnsignedFile.Multi.Generic (1)
19:08:17.0711 3960  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:08:17.0726 3960  ProtectedStorage ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0726 3960  ProtectedStorage - detected UnsignedFile.Multi.Generic (1)
19:08:17.0758 3960  [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
19:08:17.0773 3960  ProtexisLicensing - ok
19:08:17.0804 3960  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:08:17.0836 3960  Psched ( UnsignedFile.Multi.Generic ) - warning
19:08:17.0836 3960  Psched - detected UnsignedFile.Multi.Generic (1)
19:08:17.0882 3960  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:08:17.0945 3960  ql2300 - ok
19:08:17.0960 3960  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:08:17.0976 3960  ql40xx - ok
19:08:18.0023 3960  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
19:08:18.0038 3960  QWAVE ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0038 3960  QWAVE - detected UnsignedFile.Multi.Generic (1)
19:08:18.0054 3960  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:08:18.0070 3960  QWAVEdrv ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0070 3960  QWAVEdrv - detected UnsignedFile.Multi.Generic (1)
19:08:18.0101 3960  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:08:18.0116 3960  RasAcd ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0116 3960  RasAcd - detected UnsignedFile.Multi.Generic (1)
19:08:18.0148 3960  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:08:18.0163 3960  RasAgileVpn ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0163 3960  RasAgileVpn - detected UnsignedFile.Multi.Generic (1)
19:08:18.0194 3960  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
19:08:18.0210 3960  RasAuto ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0210 3960  RasAuto - detected UnsignedFile.Multi.Generic (1)
19:08:18.0226 3960  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:08:18.0241 3960  Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0241 3960  Rasl2tp - detected UnsignedFile.Multi.Generic (1)
19:08:18.0272 3960  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan          C:\Windows\System32\rasmans.dll
19:08:18.0304 3960  RasMan ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0304 3960  RasMan - detected UnsignedFile.Multi.Generic (1)
19:08:18.0319 3960  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:08:18.0335 3960  RasPppoe ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0335 3960  RasPppoe - detected UnsignedFile.Multi.Generic (1)
19:08:18.0350 3960  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:08:18.0366 3960  RasSstp ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0366 3960  RasSstp - detected UnsignedFile.Multi.Generic (1)
19:08:18.0413 3960  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:08:18.0428 3960  rdbss ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0428 3960  rdbss - detected UnsignedFile.Multi.Generic (1)
19:08:18.0444 3960  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:08:18.0460 3960  rdpbus ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0460 3960  rdpbus - detected UnsignedFile.Multi.Generic (1)
19:08:18.0475 3960  [ 1E016846895B15A99F9A176A05029075 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:08:18.0491 3960  RDPCDD ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0491 3960  RDPCDD - detected UnsignedFile.Multi.Generic (1)
19:08:18.0522 3960  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:08:18.0538 3960  RDPENCDD ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0538 3960  RDPENCDD - detected UnsignedFile.Multi.Generic (1)
19:08:18.0553 3960  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:08:18.0569 3960  RDPREFMP ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0569 3960  RDPREFMP - detected UnsignedFile.Multi.Generic (1)
19:08:18.0584 3960  [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:08:18.0600 3960  RDPWD ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0600 3960  RDPWD - detected UnsignedFile.Multi.Generic (1)
19:08:18.0631 3960  [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:08:18.0647 3960  rdyboost - ok
19:08:18.0678 3960  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:08:18.0694 3960  RemoteAccess ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0694 3960  RemoteAccess - detected UnsignedFile.Multi.Generic (1)
19:08:18.0725 3960  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:08:18.0740 3960  RemoteRegistry ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0740 3960  RemoteRegistry - detected UnsignedFile.Multi.Generic (1)
19:08:18.0803 3960  [ 616F6E52CAE254727A886BA8EDA1BEEA ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
19:08:18.0818 3960  RichVideo - ok
19:08:18.0834 3960  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:08:18.0850 3960  RpcEptMapper ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0850 3960  RpcEptMapper - detected UnsignedFile.Multi.Generic (1)
19:08:18.0881 3960  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
19:08:18.0896 3960  RpcLocator ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0896 3960  RpcLocator - detected UnsignedFile.Multi.Generic (1)
19:08:18.0928 3960  [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs           C:\Windows\system32\rpcss.dll
19:08:18.0943 3960  RpcSs ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0943 3960  RpcSs - detected UnsignedFile.Multi.Generic (1)
19:08:18.0974 3960  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:08:18.0990 3960  rspndr ( UnsignedFile.Multi.Generic ) - warning
19:08:18.0990 3960  rspndr - detected UnsignedFile.Multi.Generic (1)
19:08:19.0021 3960  [ EF8B2AFC3C0751C5E5A59983C8893260 ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
19:08:19.0037 3960  RSUSBSTOR ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0037 3960  RSUSBSTOR - detected UnsignedFile.Multi.Generic (1)
19:08:19.0084 3960  [ B5E9979FBB26FC059BD87A81F763D5DA ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
19:08:19.0146 3960  rtl8192se - ok
19:08:19.0162 3960  RtsUIR - ok
19:08:19.0177 3960  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs           C:\Windows\system32\lsass.exe
19:08:19.0193 3960  SamSs ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0193 3960  SamSs - detected UnsignedFile.Multi.Generic (1)
19:08:19.0240 3960  [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
19:08:19.0255 3960  sbp2port - ok
19:08:19.0286 3960  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:08:19.0302 3960  SCardSvr ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0302 3960  SCardSvr - detected UnsignedFile.Multi.Generic (1)
19:08:19.0302 3960  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:08:19.0318 3960  scfilter ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0318 3960  scfilter - detected UnsignedFile.Multi.Generic (1)
19:08:19.0380 3960  [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule        C:\Windows\system32\schedsvc.dll
19:08:19.0411 3960  Schedule ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0411 3960  Schedule - detected UnsignedFile.Multi.Generic (1)
19:08:19.0427 3960  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:08:19.0442 3960  SCPolicySvc ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0442 3960  SCPolicySvc - detected UnsignedFile.Multi.Generic (1)
19:08:19.0458 3960  [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:08:19.0474 3960  SDRSVC ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0474 3960  SDRSVC - detected UnsignedFile.Multi.Generic (1)
19:08:19.0505 3960  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:08:19.0520 3960  secdrv ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0520 3960  secdrv - detected UnsignedFile.Multi.Generic (1)
19:08:19.0536 3960  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
19:08:19.0552 3960  seclogon ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0552 3960  seclogon - detected UnsignedFile.Multi.Generic (1)
19:08:19.0567 3960  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
19:08:19.0583 3960  SENS ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0583 3960  SENS - detected UnsignedFile.Multi.Generic (1)
19:08:19.0598 3960  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:08:19.0630 3960  SensrSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0630 3960  SensrSvc - detected UnsignedFile.Multi.Generic (1)
19:08:19.0676 3960  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:08:19.0692 3960  Serenum ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0692 3960  Serenum - detected UnsignedFile.Multi.Generic (1)
19:08:19.0723 3960  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:08:19.0739 3960  Serial ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0739 3960  Serial - detected UnsignedFile.Multi.Generic (1)
19:08:19.0801 3960  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:08:19.0832 3960  sermouse ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0832 3960  sermouse - detected UnsignedFile.Multi.Generic (1)
19:08:19.0879 3960  [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv      C:\Windows\system32\sessenv.dll
19:08:19.0895 3960  SessionEnv ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0895 3960  SessionEnv - detected UnsignedFile.Multi.Generic (1)
19:08:19.0957 3960  [ 02DED435FCAA1C02959051AF636E154A ] sesvc           C:\Program Files\ShadowExplorer\sesvc.exe
19:08:19.0988 3960  sesvc ( UnsignedFile.Multi.Generic ) - warning
19:08:19.0988 3960  sesvc - detected UnsignedFile.Multi.Generic (1)
19:08:20.0004 3960  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
19:08:20.0020 3960  sffdisk ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0020 3960  sffdisk - detected UnsignedFile.Multi.Generic (1)
19:08:20.0035 3960  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:08:20.0051 3960  sffp_mmc ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0051 3960  sffp_mmc - detected UnsignedFile.Multi.Generic (1)
19:08:20.0051 3960  [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
19:08:20.0066 3960  sffp_sd ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0066 3960  sffp_sd - detected UnsignedFile.Multi.Generic (1)
19:08:20.0098 3960  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:08:20.0113 3960  sfloppy ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0113 3960  sfloppy - detected UnsignedFile.Multi.Generic (1)
19:08:20.0144 3960  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:08:20.0176 3960  SharedAccess ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0176 3960  SharedAccess - detected UnsignedFile.Multi.Generic (1)
19:08:20.0207 3960  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:08:20.0254 3960  ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0254 3960  ShellHWDetection - detected UnsignedFile.Multi.Generic (1)
19:08:20.0254 3960  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
19:08:20.0269 3960  sisagp - ok
19:08:20.0300 3960  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:08:20.0316 3960  SiSRaid2 - ok
19:08:20.0332 3960  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:08:20.0347 3960  SiSRaid4 - ok
19:08:20.0425 3960  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
19:08:20.0441 3960  SkypeUpdate - ok
19:08:20.0472 3960  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:08:20.0488 3960  Smb ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0488 3960  Smb - detected UnsignedFile.Multi.Generic (1)
19:08:20.0519 3960  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:08:20.0550 3960  SNMPTRAP ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0550 3960  SNMPTRAP - detected UnsignedFile.Multi.Generic (1)
19:08:20.0550 3960  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:08:20.0566 3960  spldr - ok
19:08:20.0597 3960  [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler         C:\Windows\System32\spoolsv.exe
19:08:20.0628 3960  Spooler ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0628 3960  Spooler - detected UnsignedFile.Multi.Generic (1)
19:08:20.0706 3960  [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc          C:\Windows\system32\sppsvc.exe
19:08:20.0815 3960  sppsvc ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0815 3960  sppsvc - detected UnsignedFile.Multi.Generic (1)
19:08:20.0831 3960  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:08:20.0846 3960  sppuinotify ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0846 3960  sppuinotify - detected UnsignedFile.Multi.Generic (1)
19:08:20.0893 3960  [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:08:20.0924 3960  srv ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0924 3960  srv - detected UnsignedFile.Multi.Generic (1)
19:08:20.0940 3960  [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:08:20.0956 3960  srv2 ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0956 3960  srv2 - detected UnsignedFile.Multi.Generic (1)
19:08:20.0971 3960  [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:08:20.0987 3960  srvnet ( UnsignedFile.Multi.Generic ) - warning
19:08:20.0987 3960  srvnet - detected UnsignedFile.Multi.Generic (1)
19:08:21.0018 3960  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:08:21.0049 3960  SSDPSRV ( UnsignedFile.Multi.Generic ) - warning
19:08:21.0049 3960  SSDPSRV - detected UnsignedFile.Multi.Generic (1)
19:08:21.0065 3960  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:08:21.0080 3960  SstpSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:21.0080 3960  SstpSvc - detected UnsignedFile.Multi.Generic (1)
19:08:21.0096 3960  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:08:21.0112 3960  stexstor - ok
19:08:21.0158 3960  [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc          C:\Windows\System32\wiaservc.dll
19:08:21.0205 3960  StiSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:21.0205 3960  StiSvc - detected UnsignedFile.Multi.Generic (1)
19:08:21.0221 3960  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:08:21.0236 3960  swenum - ok
19:08:21.0252 3960  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
19:08:21.0268 3960  swprv ( UnsignedFile.Multi.Generic ) - warning
19:08:21.0268 3960  swprv - detected UnsignedFile.Multi.Generic (1)
19:08:21.0314 3960  [ D776EB85A20696D9D43129CCF6E703E2 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:08:21.0346 3960  SynTP - ok
19:08:21.0408 3960  [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain         C:\Windows\system32\sysmain.dll
19:08:21.0486 3960  SysMain ( UnsignedFile.Multi.Generic ) - warning
19:08:21.0486 3960  SysMain - detected UnsignedFile.Multi.Generic (1)
19:08:21.0486 3960  [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:08:21.0517 3960  TabletInputService ( UnsignedFile.Multi.Generic ) - warning
19:08:21.0517 3960  TabletInputService - detected UnsignedFile.Multi.Generic (1)
19:08:21.0533 3960  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:08:21.0548 3960  TapiSrv ( UnsignedFile.Multi.Generic ) - warning
19:08:21.0548 3960  TapiSrv - detected UnsignedFile.Multi.Generic (1)
19:08:21.0580 3960  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
19:08:21.0611 3960  TBS ( UnsignedFile.Multi.Generic ) - warning
19:08:21.0611 3960  TBS - detected UnsignedFile.Multi.Generic (1)
19:08:21.0642 3960  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:08:21.0704 3960  Tcpip - ok
19:08:21.0720 3960  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:08:21.0767 3960  TCPIP6 - ok
19:08:21.0782 3960  [ E64444523ADD154F86567C469BC0B17F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:08:21.0798 3960  tcpipreg ( UnsignedFile.Multi.Generic ) - warning
19:08:21.0798 3960  tcpipreg - detected UnsignedFile.Multi.Generic (1)
19:08:21.0829 3960  [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:08:21.0845 3960  TDPIPE ( UnsignedFile.Multi.Generic ) - warning
19:08:21.0845 3960  TDPIPE - detected UnsignedFile.Multi.Generic (1)
19:08:21.0860 3960  [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:08:21.0876 3960  TDTCP ( UnsignedFile.Multi.Generic ) - warning
19:08:21.0876 3960  TDTCP - detected UnsignedFile.Multi.Generic (1)
19:08:21.0892 3960  [ CB39E896A2A83702D1737BFD402B3542 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:08:21.0907 3960  tdx ( UnsignedFile.Multi.Generic ) - warning
19:08:21.0907 3960  tdx - detected UnsignedFile.Multi.Generic (1)
19:08:21.0923 3960  [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:08:21.0938 3960  TermDD - ok
19:08:21.0970 3960  [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService     C:\Windows\System32\termsrv.dll
19:08:22.0001 3960  TermService ( UnsignedFile.Multi.Generic ) - warning
19:08:22.0001 3960  TermService - detected UnsignedFile.Multi.Generic (1)
19:08:22.0032 3960  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
19:08:22.0048 3960  Themes ( UnsignedFile.Multi.Generic ) - warning
19:08:22.0048 3960  Themes - detected UnsignedFile.Multi.Generic (1)
19:08:22.0063 3960  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
19:08:22.0079 3960  THREADORDER ( UnsignedFile.Multi.Generic ) - warning
19:08:22.0079 3960  THREADORDER - detected UnsignedFile.Multi.Generic (1)
19:08:22.0094 3960  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
19:08:22.0110 3960  TrkWks ( UnsignedFile.Multi.Generic ) - warning
19:08:22.0110 3960  TrkWks - detected UnsignedFile.Multi.Generic (1)
19:08:22.0172 3960  [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:08:22.0204 3960  TrustedInstaller ( UnsignedFile.Multi.Generic ) - warning
19:08:22.0204 3960  TrustedInstaller - detected UnsignedFile.Multi.Generic (1)
19:08:22.0219 3960  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:08:22.0250 3960  tssecsrv ( UnsignedFile.Multi.Generic ) - warning
19:08:22.0250 3960  tssecsrv - detected UnsignedFile.Multi.Generic (1)
19:08:22.0297 3960  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:08:22.0313 3960  tunnel ( UnsignedFile.Multi.Generic ) - warning
19:08:22.0313 3960  tunnel - detected UnsignedFile.Multi.Generic (1)
19:08:22.0344 3960  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:08:22.0360 3960  uagp35 - ok
19:08:22.0375 3960  [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:08:22.0406 3960  udfs ( UnsignedFile.Multi.Generic ) - warning
19:08:22.0406 3960  udfs - detected UnsignedFile.Multi.Generic (1)
19:08:22.0422 3960  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:08:22.0438 3960  UI0Detect ( UnsignedFile.Multi.Generic ) - warning
19:08:22.0438 3960  UI0Detect - detected UnsignedFile.Multi.Generic (1)
19:08:22.0453 3960  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
19:08:22.0469 3960  uliagpkx - ok
19:08:22.0484 3960  [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:08:22.0500 3960  umbus ( UnsignedFile.Multi.Generic ) - warning
19:08:22.0500 3960  umbus - detected UnsignedFile.Multi.Generic (1)
19:08:22.0531 3960  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:08:22.0547 3960  UmPass ( UnsignedFile.Multi.Generic ) - warning
19:08:22.0547 3960  UmPass - detected UnsignedFile.Multi.Generic (1)
19:08:22.0625 3960  [ AF905F4966CFC8B973623AB150CD4B2B ] UNS             C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:08:22.0718 3960  UNS - ok
19:08:22.0750 3960  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
19:08:22.0765 3960  upnphost ( UnsignedFile.Multi.Generic ) - warning
19:08:22.0765 3960  upnphost - detected UnsignedFile.Multi.Generic (1)
19:08:22.0796 3960  [ C31AE588E403042632DC796CF09E30B0 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:08:22.0812 3960  usbccgp ( UnsignedFile.Multi.Generic ) - warning
19:08:22.0812 3960  usbccgp - detected UnsignedFile.Multi.Generic (1)
19:08:22.0812 3960  USBCCID - ok
19:08:22.0828 3960  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
19:08:22.0843 3960  usbcir ( UnsignedFile.Multi.Generic ) - warning
19:08:22.0843 3960  usbcir - detected UnsignedFile.Multi.Generic (1)
19:08:22.0859 3960  [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:08:22.0874 3960  usbehci ( UnsignedFile.Multi.Generic ) - warning
19:08:22.0874 3960  usbehci - detected UnsignedFile.Multi.Generic (1)
19:08:22.0906 3960  [ BDCD7156EC37448F08633FD899823620 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:08:22.0921 3960  usbhub ( UnsignedFile.Multi.Generic ) - warning
19:08:22.0921 3960  usbhub - detected UnsignedFile.Multi.Generic (1)
19:08:22.0937 3960  [ EB2D819A639015253C871CDA09D91D58 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:08:22.0952 3960  usbohci ( UnsignedFile.Multi.Generic ) - warning
19:08:22.0952 3960  usbohci - detected UnsignedFile.Multi.Generic (1)
19:08:22.0984 3960  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:08:22.0999 3960  usbprint ( UnsignedFile.Multi.Generic ) - warning
19:08:22.0999 3960  usbprint - detected UnsignedFile.Multi.Generic (1)
19:08:23.0030 3960  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:08:23.0046 3960  usbscan ( UnsignedFile.Multi.Generic ) - warning
19:08:23.0046 3960  usbscan - detected UnsignedFile.Multi.Generic (1)
19:08:23.0077 3960  [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:08:23.0093 3960  USBSTOR ( UnsignedFile.Multi.Generic ) - warning
19:08:23.0093 3960  USBSTOR - detected UnsignedFile.Multi.Generic (1)
19:08:23.0093 3960  [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:08:23.0108 3960  usbuhci ( UnsignedFile.Multi.Generic ) - warning
19:08:23.0108 3960  usbuhci - detected UnsignedFile.Multi.Generic (1)
19:08:23.0140 3960  [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:08:23.0155 3960  usbvideo ( UnsignedFile.Multi.Generic ) - warning
19:08:23.0155 3960  usbvideo - detected UnsignedFile.Multi.Generic (1)
19:08:23.0186 3960  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
19:08:23.0202 3960  UxSms ( UnsignedFile.Multi.Generic ) - warning
19:08:23.0202 3960  UxSms - detected UnsignedFile.Multi.Generic (1)
19:08:23.0218 3960  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc        C:\Windows\system32\lsass.exe
19:08:23.0233 3960  VaultSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:23.0233 3960  VaultSvc - detected UnsignedFile.Multi.Generic (1)
19:08:23.0249 3960  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
19:08:23.0264 3960  vdrvroot - ok
19:08:23.0296 3960  [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds             C:\Windows\System32\vds.exe
19:08:23.0327 3960  vds ( UnsignedFile.Multi.Generic ) - warning
19:08:23.0327 3960  vds - detected UnsignedFile.Multi.Generic (1)
19:08:23.0358 3960  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:08:23.0374 3960  vga ( UnsignedFile.Multi.Generic ) - warning
19:08:23.0374 3960  vga - detected UnsignedFile.Multi.Generic (1)
19:08:23.0389 3960  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:08:23.0405 3960  VgaSave ( UnsignedFile.Multi.Generic ) - warning
19:08:23.0405 3960  VgaSave - detected UnsignedFile.Multi.Generic (1)
19:08:23.0452 3960  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
19:08:23.0467 3960  vhdmp - ok
19:08:23.0483 3960  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
19:08:23.0498 3960  viaagp - ok
19:08:23.0514 3960  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
19:08:23.0530 3960  ViaC7 ( UnsignedFile.Multi.Generic ) - warning
19:08:23.0530 3960  ViaC7 - detected UnsignedFile.Multi.Generic (1)
19:08:23.0545 3960  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
19:08:23.0561 3960  viaide - ok
19:08:23.0576 3960  [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
19:08:23.0576 3960  volmgr - ok
19:08:23.0608 3960  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:08:23.0623 3960  volmgrx - ok
19:08:23.0623 3960  [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:08:23.0639 3960  volsnap - ok
19:08:23.0686 3960  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:08:23.0701 3960  vsmraid - ok
19:08:23.0748 3960  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS             C:\Windows\system32\vssvc.exe
19:08:23.0795 3960  VSS ( UnsignedFile.Multi.Generic ) - warning
19:08:23.0795 3960  VSS - detected UnsignedFile.Multi.Generic (1)
19:08:23.0810 3960  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:08:23.0826 3960  vwifibus ( UnsignedFile.Multi.Generic ) - warning
19:08:23.0826 3960  vwifibus - detected UnsignedFile.Multi.Generic (1)
19:08:23.0842 3960  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:08:23.0857 3960  vwififlt ( UnsignedFile.Multi.Generic ) - warning
19:08:23.0857 3960  vwififlt - detected UnsignedFile.Multi.Generic (1)
19:08:23.0873 3960  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:08:23.0888 3960  vwifimp ( UnsignedFile.Multi.Generic ) - warning
19:08:23.0888 3960  vwifimp - detected UnsignedFile.Multi.Generic (1)
19:08:23.0935 3960  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
19:08:23.0951 3960  W32Time ( UnsignedFile.Multi.Generic ) - warning
19:08:23.0951 3960  W32Time - detected UnsignedFile.Multi.Generic (1)
19:08:23.0982 3960  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:08:23.0998 3960  WacomPen ( UnsignedFile.Multi.Generic ) - warning
19:08:23.0998 3960  WacomPen - detected UnsignedFile.Multi.Generic (1)
19:08:24.0029 3960  [ 692A712062146E96D28BA0B7D75DE31B ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:08:24.0044 3960  WANARP ( UnsignedFile.Multi.Generic ) - warning
19:08:24.0044 3960  WANARP - detected UnsignedFile.Multi.Generic (1)
19:08:24.0044 3960  [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:08:24.0060 3960  Wanarpv6 ( UnsignedFile.Multi.Generic ) - warning
19:08:24.0060 3960  Wanarpv6 - detected UnsignedFile.Multi.Generic (1)
19:08:24.0138 3960  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:08:24.0216 3960  WatAdminSvc - ok
19:08:24.0263 3960  [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine        C:\Windows\system32\wbengine.exe
19:08:24.0341 3960  wbengine ( UnsignedFile.Multi.Generic ) - warning
19:08:24.0341 3960  wbengine - detected UnsignedFile.Multi.Generic (1)
19:08:24.0372 3960  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:08:24.0388 3960  WbioSrvc ( UnsignedFile.Multi.Generic ) - warning
19:08:24.0388 3960  WbioSrvc - detected UnsignedFile.Multi.Generic (1)
19:08:24.0403 3960  [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:08:24.0419 3960  wcncsvc ( UnsignedFile.Multi.Generic ) - warning
19:08:24.0419 3960  wcncsvc - detected UnsignedFile.Multi.Generic (1)
19:08:24.0434 3960  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:08:24.0450 3960  WcsPlugInService ( UnsignedFile.Multi.Generic ) - warning
19:08:24.0450 3960  WcsPlugInService - detected UnsignedFile.Multi.Generic (1)
19:08:24.0466 3960  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:08:24.0481 3960  Wd - ok
19:08:24.0528 3960  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:08:24.0559 3960  Wdf01000 - ok
19:08:24.0559 3960  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:08:24.0575 3960  WdiServiceHost ( UnsignedFile.Multi.Generic ) - warning
19:08:24.0575 3960  WdiServiceHost - detected UnsignedFile.Multi.Generic (1)
19:08:24.0590 3960  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:08:24.0606 3960  WdiSystemHost ( UnsignedFile.Multi.Generic ) - warning
19:08:24.0606 3960  WdiSystemHost - detected UnsignedFile.Multi.Generic (1)
19:08:24.0622 3960  [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient       C:\Windows\System32\webclnt.dll
19:08:24.0637 3960  WebClient ( UnsignedFile.Multi.Generic ) - warning
19:08:24.0637 3960  WebClient - detected UnsignedFile.Multi.Generic (1)
19:08:24.0637 3960  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:08:24.0653 3960  Wecsvc ( UnsignedFile.Multi.Generic ) - warning
19:08:24.0653 3960  Wecsvc - detected UnsignedFile.Multi.Generic (1)
19:08:24.0715 3960  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:08:24.0731 3960  wercplsupport ( UnsignedFile.Multi.Generic ) - warning
19:08:24.0731 3960  wercplsupport - detected UnsignedFile.Multi.Generic (1)
19:08:24.0762 3960  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:08:24.0778 3960  WerSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:24.0778 3960  WerSvc - detected UnsignedFile.Multi.Generic (1)
19:08:24.0824 3960  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:08:24.0840 3960  WfpLwf ( UnsignedFile.Multi.Generic ) - warning
19:08:24.0840 3960  WfpLwf - detected UnsignedFile.Multi.Generic (1)
19:08:24.0856 3960  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:08:24.0871 3960  WIMMount - ok
19:08:24.0934 3960  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
19:08:24.0980 3960  WinDefend ( UnsignedFile.Multi.Generic ) - warning
19:08:24.0980 3960  WinDefend - detected UnsignedFile.Multi.Generic (1)
19:08:24.0996 3960  WinHttpAutoProxySvc - ok
19:08:25.0027 3960  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:08:25.0043 3960  Winmgmt ( UnsignedFile.Multi.Generic ) - warning
19:08:25.0043 3960  Winmgmt - detected UnsignedFile.Multi.Generic (1)
19:08:25.0105 3960  [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:08:25.0168 3960  WinRM ( UnsignedFile.Multi.Generic ) - warning
19:08:25.0168 3960  WinRM - detected UnsignedFile.Multi.Generic (1)
19:08:25.0230 3960  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:08:25.0261 3960  WinUsb ( UnsignedFile.Multi.Generic ) - warning
19:08:25.0261 3960  WinUsb - detected UnsignedFile.Multi.Generic (1)
19:08:25.0292 3960  [ 4C69A8E2E159C1C59BC4B688E9DD7F8C ] WisLMSvc        C:\Program Files\Launch Manager\WisLMSvc.exe
19:08:25.0308 3960  WisLMSvc - ok
19:08:25.0370 3960  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:08:25.0433 3960  Wlansvc ( UnsignedFile.Multi.Generic ) - warning
19:08:25.0433 3960  Wlansvc - detected UnsignedFile.Multi.Generic (1)
19:08:25.0558 3960  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:08:25.0636 3960  wlidsvc - ok
19:08:25.0682 3960  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:08:25.0714 3960  WmiAcpi ( UnsignedFile.Multi.Generic ) - warning
19:08:25.0714 3960  WmiAcpi - detected UnsignedFile.Multi.Generic (1)
19:08:25.0745 3960  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:08:25.0776 3960  wmiApSrv ( UnsignedFile.Multi.Generic ) - warning
19:08:25.0776 3960  wmiApSrv - detected UnsignedFile.Multi.Generic (1)
19:08:25.0838 3960  [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:08:25.0901 3960  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:25.0901 3960  WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
19:08:25.0932 3960  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:08:25.0948 3960  WPCSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:25.0948 3960  WPCSvc - detected UnsignedFile.Multi.Generic (1)
19:08:25.0979 3960  [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:08:25.0995 3960  WPDBusEnum ( UnsignedFile.Multi.Generic ) - warning
19:08:25.0995 3960  WPDBusEnum - detected UnsignedFile.Multi.Generic (1)
19:08:26.0026 3960  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:08:26.0041 3960  ws2ifsl ( UnsignedFile.Multi.Generic ) - warning
19:08:26.0041 3960  ws2ifsl - detected UnsignedFile.Multi.Generic (1)
19:08:26.0073 3960  [ A661A76333057B383A06E65F0073222F ] wscsvc          C:\Windows\System32\wscsvc.dll
19:08:26.0088 3960  wscsvc ( UnsignedFile.Multi.Generic ) - warning
19:08:26.0088 3960  wscsvc - detected UnsignedFile.Multi.Generic (1)
19:08:26.0104 3960  WSearch - ok
19:08:26.0182 3960  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
19:08:26.0275 3960  wuauserv - ok
19:08:26.0322 3960  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:08:26.0353 3960  WudfPf ( UnsignedFile.Multi.Generic ) - warning
19:08:26.0353 3960  WudfPf - detected UnsignedFile.Multi.Generic (1)
19:08:26.0385 3960  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:08:26.0400 3960  WUDFRd ( UnsignedFile.Multi.Generic ) - warning
19:08:26.0400 3960  WUDFRd - detected UnsignedFile.Multi.Generic (1)
19:08:26.0447 3960  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:08:26.0463 3960  wudfsvc ( UnsignedFile.Multi.Generic ) - warning
19:08:26.0463 3960  wudfsvc - detected UnsignedFile.Multi.Generic (1)
19:08:26.0494 3960  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:08:26.0509 3960  WwanSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:26.0509 3960  WwanSvc - detected UnsignedFile.Multi.Generic (1)

Alt 19.03.2013, 19:55   #9
jf27
 
Verschlüsselungstrojaner 2maliges Auftreten - Standard

Verschlüsselungstrojaner 2maliges Auftreten



TDSSKILLER-LOG Teil2

Code:
ATTFilter
19:08:26.0541 3960  ================ Scan global ===============================
19:08:26.0572 3960  [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
19:08:26.0603 3960  [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
19:08:26.0619 3960  [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
19:08:26.0650 3960  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:08:26.0681 3960  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:08:26.0697 3960  [Global] - ok
19:08:26.0697 3960  ================ Scan MBR ==================================
19:08:26.0697 3960  [ 8A1C59E4DFEF87510470928550466632 ] \Device\Harddisk0\DR0
19:08:29.0645 3960  \Device\Harddisk0\DR0 - ok
19:08:29.0645 3960  ================ Scan VBR ==================================
19:08:29.0645 3960  [ DC9C2DF7D01B8BEAAB1FBB48A98AA20B ] \Device\Harddisk0\DR0\Partition1
19:08:29.0661 3960  \Device\Harddisk0\DR0\Partition1 - ok
19:08:29.0676 3960  [ B2A9444BFCA9CD68226A2D040A2811ED ] \Device\Harddisk0\DR0\Partition2
19:08:29.0692 3960  \Device\Harddisk0\DR0\Partition2 - ok
19:08:29.0707 3960  [ E58753FD3CDC39CCD7A6F6B10324191C ] \Device\Harddisk0\DR0\Partition3
19:08:29.0707 3960  \Device\Harddisk0\DR0\Partition3 - ok
19:08:29.0707 3960  ============================================================
19:08:29.0707 3960  Scan finished
19:08:29.0707 3960  ============================================================
19:08:29.0723 3552  Detected object count: 281
19:08:29.0723 3552  Actual detected object count: 281
19:09:58.0393 3552  1394ohci ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0393 3552  1394ohci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0393 3552  AcpiPmi ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0393 3552  AcpiPmi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0409 3552  AeLookupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0409 3552  AeLookupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0409 3552  AFD ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0409 3552  AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0409 3552  ALG ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0409 3552  ALG ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0409 3552  AmdK8 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0409 3552  AmdK8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0409 3552  AmdPPM ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0409 3552  AmdPPM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0409 3552  AppID ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0409 3552  AppID ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0409 3552  AppIDSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0409 3552  AppIDSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0409 3552  Appinfo ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0409 3552  Appinfo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0409 3552  AsyncMac ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0409 3552  AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0409 3552  AudioEndpointBuilder ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0409 3552  AudioEndpointBuilder ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0425 3552  Audiosrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0425 3552  Audiosrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0425 3552  AxInstSV ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0425 3552  AxInstSV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0425 3552  b06bdrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0425 3552  b06bdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0425 3552  b57nd60x ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0425 3552  b57nd60x ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0425 3552  BDESVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0425 3552  BDESVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0425 3552  Beep ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0425 3552  Beep ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0425 3552  BFE ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0425 3552  BFE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0425 3552  BITS ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0425 3552  BITS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0425 3552  blbdrive ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0425 3552  blbdrive ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0425 3552  bowser ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0425 3552  bowser ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0440 3552  BrFiltLo ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0440 3552  BrFiltLo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0440 3552  BrFiltUp ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0440 3552  BrFiltUp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0440 3552  Browser ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0440 3552  Browser ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0440 3552  Brserid ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0440 3552  Brserid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0440 3552  BrSerWdm ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0440 3552  BrSerWdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0440 3552  BrUsbMdm ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0440 3552  BrUsbMdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0440 3552  BrUsbSer ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0440 3552  BrUsbSer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0440 3552  BTHMODEM ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0440 3552  BTHMODEM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0440 3552  bthserv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0440 3552  bthserv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0440 3552  cdfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0440 3552  cdfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0440 3552  cdrom ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0440 3552  cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0440 3552  CertPropSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0440 3552  CertPropSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0456 3552  circlass ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0456 3552  circlass ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0456 3552  CmBatt ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0456 3552  CmBatt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0456 3552  CompositeBus ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0456 3552  CompositeBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0456 3552  CryptSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0456 3552  CryptSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0456 3552  DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0456 3552  DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0456 3552  defragsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0456 3552  defragsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0456 3552  DfsC ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0456 3552  DfsC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0456 3552  Dhcp ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0456 3552  Dhcp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0456 3552  discache ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0456 3552  discache ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0456 3552  Dnscache ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0456 3552  Dnscache ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0456 3552  dot3svc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0456 3552  dot3svc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0471 3552  DPS ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0471 3552  DPS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0471 3552  drmkaud ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0471 3552  drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0471 3552  EapHost ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0471 3552  EapHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0471 3552  ebdrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0471 3552  ebdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0471 3552  EFS ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0471 3552  EFS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0471 3552  ehRecvr ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0471 3552  ehRecvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0471 3552  ehSched ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0471 3552  ehSched ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0471 3552  ErrDev ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0471 3552  ErrDev ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0471 3552  EventSystem ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0471 3552  EventSystem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0471 3552  exfat ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0471 3552  exfat ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0471 3552  fastfat ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0471 3552  fastfat ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0471 3552  Fax ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0471 3552  Fax ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0487 3552  fdc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0487 3552  fdc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0487 3552  fdPHost ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0487 3552  fdPHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0487 3552  FDResPub ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0487 3552  FDResPub ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0487 3552  Filetrace ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0487 3552  Filetrace ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0487 3552  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0487 3552  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0487 3552  flpydisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0487 3552  flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0487 3552  FontCache ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0487 3552  FontCache ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0487 3552  gpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0487 3552  gpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0487 3552  hcw85cir ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0487 3552  hcw85cir ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0487 3552  HdAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0487 3552  HdAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0487 3552  HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0487 3552  HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0503 3552  HECI ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0503 3552  HECI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0503 3552  HidBatt ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0503 3552  HidBatt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0503 3552  HidBth ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0503 3552  HidBth ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0503 3552  HidIr ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0503 3552  HidIr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0503 3552  hidserv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0503 3552  hidserv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0503 3552  HidUsb ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0503 3552  HidUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0503 3552  hkmsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0503 3552  hkmsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0503 3552  HomeGroupListener ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0503 3552  HomeGroupListener ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0503 3552  HomeGroupProvider ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0503 3552  HomeGroupProvider ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0503 3552  HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0503 3552  HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0503 3552  i8042prt ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0503 3552  i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0518 3552  igfx ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0518 3552  igfx ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0518 3552  IKEEXT ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0518 3552  IKEEXT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0518 3552  Impcd ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0518 3552  Impcd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0518 3552  IntcDAud ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0518 3552  IntcDAud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0518 3552  intelppm ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0518 3552  intelppm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0518 3552  IPBusEnum ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0518 3552  IPBusEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0518 3552  IpFilterDriver ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0518 3552  IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0518 3552  iphlpsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0518 3552  iphlpsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0518 3552  IPMIDRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0518 3552  IPMIDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0518 3552  IPNAT ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0518 3552  IPNAT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0518 3552  IRENUM ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0518 3552  IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0518 3552  kbdhid ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0518 3552  kbdhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0534 3552  KeyIso ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0534 3552  KeyIso ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0534 3552  KtmRm ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0534 3552  KtmRm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0534 3552  L1C ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0534 3552  L1C ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0534 3552  LanmanServer ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0534 3552  LanmanServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0534 3552  LanmanWorkstation ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0534 3552  LanmanWorkstation ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0534 3552  lltdio ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0534 3552  lltdio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0534 3552  lltdsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0534 3552  lltdsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0534 3552  lmhosts ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0534 3552  lmhosts ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0534 3552  luafv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0534 3552  luafv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0534 3552  Mcx2Svc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0534 3552  Mcx2Svc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0534 3552  MMCSS ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0534 3552  MMCSS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0534 3552  Modem ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0534 3552  Modem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0549 3552  monitor ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0549 3552  monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0549 3552  mouhid ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0549 3552  mouhid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0549 3552  mpsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0549 3552  mpsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0549 3552  MpsSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0549 3552  MpsSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0549 3552  MRxDAV ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0549 3552  MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0549 3552  mrxsmb ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0549 3552  mrxsmb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0549 3552  mrxsmb10 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0549 3552  mrxsmb10 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0549 3552  mrxsmb20 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0549 3552  mrxsmb20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0549 3552  MSDTC ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0549 3552  MSDTC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0549 3552  Msfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0549 3552  Msfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0549 3552  mshidkmdf ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0549 3552  mshidkmdf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0549 3552  MSiSCSI ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0549 3552  MSiSCSI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0565 3552  MSKSSRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0565 3552  MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0565 3552  MSPCLOCK ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0565 3552  MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0565 3552  MSPQM ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0565 3552  MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0565 3552  MSTEE ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0565 3552  MSTEE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0565 3552  MTConfig ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0565 3552  MTConfig ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0565 3552  napagent ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0565 3552  napagent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0565 3552  NativeWifiP ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0565 3552  NativeWifiP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0565 3552  NdisCap ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0565 3552  NdisCap ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0565 3552  NdisTapi ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0565 3552  NdisTapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0565 3552  Ndisuio ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0565 3552  Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0565 3552  NdisWan ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0565 3552  NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0565 3552  NDProxy ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0565 3552  NDProxy ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0581 3552  NetBIOS ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0581 3552  NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0581 3552  NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0581 3552  NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0581 3552  Netlogon ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0581 3552  Netlogon ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0581 3552  Netman ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0581 3552  Netman ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0581 3552  netprofm ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0581 3552  netprofm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0581 3552  NlaSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0581 3552  NlaSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0581 3552  Npfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0581 3552  Npfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0581 3552  nsi ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0581 3552  nsi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0581 3552  nsiproxy ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0581 3552  nsiproxy ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0581 3552  Null ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0581 3552  Null ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0581 3552  ohci1394 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0581 3552  ohci1394 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0581 3552  p2pimsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0581 3552  p2pimsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0596 3552  p2psvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0596 3552  p2psvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0596 3552  Parport ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0596 3552  Parport ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0596 3552  Parvdm ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0596 3552  Parvdm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0596 3552  PcaSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0596 3552  PcaSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0596 3552  PEAUTH ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0596 3552  PEAUTH ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0596 3552  pla ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0596 3552  pla ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0596 3552  PlugPlay ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0596 3552  PlugPlay ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0596 3552  PNRPAutoReg ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0596 3552  PNRPAutoReg ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0596 3552  PNRPsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0596 3552  PNRPsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0596 3552  PolicyAgent ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0596 3552  PolicyAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0596 3552  Power ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0596 3552  Power ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0596 3552  PptpMiniport ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0596 3552  PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0596 3552  Processor ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0596 3552  Processor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0612 3552  ProfSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0612 3552  ProfSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0612 3552  ProtectedStorage ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0612 3552  ProtectedStorage ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0612 3552  Psched ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0612 3552  Psched ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0612 3552  QWAVE ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0612 3552  QWAVE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0612 3552  QWAVEdrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0612 3552  QWAVEdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0612 3552  RasAcd ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0612 3552  RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0612 3552  RasAgileVpn ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0612 3552  RasAgileVpn ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0612 3552  RasAuto ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0612 3552  RasAuto ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0612 3552  Rasl2tp ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0612 3552  Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0612 3552  RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0612 3552  RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0612 3552  RasPppoe ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0612 3552  RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0612 3552  RasSstp ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0627 3552  RasSstp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0627 3552  rdbss ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0627 3552  rdbss ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0627 3552  rdpbus ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0627 3552  rdpbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0627 3552  RDPCDD ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0627 3552  RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0627 3552  RDPENCDD ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0627 3552  RDPENCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0627 3552  RDPREFMP ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0627 3552  RDPREFMP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0627 3552  RDPWD ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0627 3552  RDPWD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0627 3552  RemoteAccess ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0627 3552  RemoteAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0627 3552  RemoteRegistry ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0627 3552  RemoteRegistry ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0627 3552  RpcEptMapper ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0627 3552  RpcEptMapper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0627 3552  RpcLocator ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0627 3552  RpcLocator ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0627 3552  RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0627 3552  RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0643 3552  rspndr ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0643 3552  rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0643 3552  RSUSBSTOR ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0643 3552  RSUSBSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0643 3552  SamSs ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0643 3552  SamSs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0643 3552  SCardSvr ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0643 3552  SCardSvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0643 3552  scfilter ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0643 3552  scfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0643 3552  Schedule ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0643 3552  Schedule ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0643 3552  SCPolicySvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0643 3552  SCPolicySvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0643 3552  SDRSVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0643 3552  SDRSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0643 3552  secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0643 3552  secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0643 3552  seclogon ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0643 3552  seclogon ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0643 3552  SENS ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0643 3552  SENS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0643 3552  SensrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0643 3552  SensrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0659 3552  Serenum ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0659 3552  Serenum ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0659 3552  Serial ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0659 3552  Serial ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0659 3552  sermouse ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0659 3552  sermouse ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0659 3552  SessionEnv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0659 3552  SessionEnv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0659 3552  sesvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0659 3552  sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0659 3552  sffdisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0659 3552  sffdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0659 3552  sffp_mmc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0659 3552  sffp_mmc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0659 3552  sffp_sd ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0659 3552  sffp_sd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0659 3552  sfloppy ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0659 3552  sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0659 3552  SharedAccess ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0659 3552  SharedAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0659 3552  ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0659 3552  ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0659 3552  Smb ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0659 3552  Smb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0674 3552  SNMPTRAP ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0674 3552  SNMPTRAP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0674 3552  Spooler ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0674 3552  Spooler ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0674 3552  sppsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0674 3552  sppsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0674 3552  sppuinotify ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0674 3552  sppuinotify ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0674 3552  srv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0674 3552  srv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0674 3552  srv2 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0674 3552  srv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0674 3552  srvnet ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0674 3552  srvnet ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0674 3552  SSDPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0674 3552  SSDPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0674 3552  SstpSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0674 3552  SstpSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0674 3552  StiSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0674 3552  StiSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0674 3552  swprv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0674 3552  swprv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0690 3552  SysMain ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0690 3552  SysMain ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0690 3552  TabletInputService ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0690 3552  TabletInputService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0690 3552  TapiSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0690 3552  TapiSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0690 3552  TBS ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0690 3552  TBS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0690 3552  tcpipreg ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0690 3552  tcpipreg ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0690 3552  TDPIPE ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0690 3552  TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0690 3552  TDTCP ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0690 3552  TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0690 3552  tdx ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0690 3552  tdx ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0690 3552  TermService ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0690 3552  TermService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0690 3552  Themes ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0690 3552  Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0690 3552  THREADORDER ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0690 3552  THREADORDER ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0690 3552  TrkWks ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0690 3552  TrkWks ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0705 3552  TrustedInstaller ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0705 3552  TrustedInstaller ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0705 3552  tssecsrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0705 3552  tssecsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0705 3552  tunnel ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0705 3552  tunnel ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0705 3552  udfs ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0705 3552  udfs ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0705 3552  UI0Detect ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0705 3552  UI0Detect ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0705 3552  umbus ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0705 3552  umbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0705 3552  UmPass ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0705 3552  UmPass ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0705 3552  upnphost ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0705 3552  upnphost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0705 3552  usbccgp ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0705 3552  usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0705 3552  usbcir ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0705 3552  usbcir ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0705 3552  usbehci ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0705 3552  usbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0705 3552  usbhub ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0721 3552  usbhub ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0721 3552  usbohci ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0721 3552  usbohci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0721 3552  usbprint ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0721 3552  usbprint ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0721 3552  usbscan ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0721 3552  usbscan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0721 3552  USBSTOR ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0721 3552  USBSTOR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0721 3552  usbuhci ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0721 3552  usbuhci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0721 3552  usbvideo ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0721 3552  usbvideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0721 3552  UxSms ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0721 3552  UxSms ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0721 3552  VaultSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0721 3552  VaultSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0721 3552  vds ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0721 3552  vds ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0721 3552  vga ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0721 3552  vga ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0721 3552  VgaSave ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0721 3552  VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0737 3552  ViaC7 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0737 3552  ViaC7 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0737 3552  VSS ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0737 3552  VSS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0737 3552  vwifibus ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0737 3552  vwifibus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0737 3552  vwififlt ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0737 3552  vwififlt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0737 3552  vwifimp ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0737 3552  vwifimp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0737 3552  W32Time ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0737 3552  W32Time ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0737 3552  WacomPen ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0737 3552  WacomPen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0737 3552  WANARP ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0737 3552  WANARP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0737 3552  Wanarpv6 ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0737 3552  Wanarpv6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0737 3552  wbengine ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0737 3552  wbengine ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0737 3552  WbioSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0737 3552  WbioSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0752 3552  wcncsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0752 3552  wcncsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0752 3552  WcsPlugInService ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0752 3552  WcsPlugInService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0752 3552  WdiServiceHost ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0752 3552  WdiServiceHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0752 3552  WdiSystemHost ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0752 3552  WdiSystemHost ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0752 3552  WebClient ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0752 3552  WebClient ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0752 3552  Wecsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0752 3552  Wecsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0752 3552  wercplsupport ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0752 3552  wercplsupport ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0752 3552  WerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0752 3552  WerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0752 3552  WfpLwf ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0752 3552  WfpLwf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0752 3552  WinDefend ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0752 3552  WinDefend ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0752 3552  Winmgmt ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0752 3552  Winmgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0752 3552  WinRM ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0752 3552  WinRM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0768 3552  WinUsb ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0768 3552  WinUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0768 3552  Wlansvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0768 3552  Wlansvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0768 3552  WmiAcpi ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0768 3552  WmiAcpi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0768 3552  wmiApSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0768 3552  wmiApSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0768 3552  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0768 3552  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0768 3552  WPCSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0768 3552  WPCSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0768 3552  WPDBusEnum ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0768 3552  WPDBusEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0768 3552  ws2ifsl ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0768 3552  ws2ifsl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0768 3552  wscsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0768 3552  wscsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0768 3552  WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0768 3552  WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0768 3552  WUDFRd ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0768 3552  WUDFRd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0783 3552  wudfsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0783 3552  wudfsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:09:58.0783 3552  WwanSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:58.0783 3552  WwanSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:11:25.0723 3768  Deinitialize success

Sollte das so nicht richtig gepostet sein -bitte um einen Hinweis.
Durchschauen das nicht wirklich, also meine Bitte: Sollten da irgendwas nicht öffentlich gemacht werden, lösche es bitte heraus oder verdecke es-Danke!

Ein verwirrter
jf27
Geändert von jf27 (19.03.2013 um 19:57 Uhr) Grund: Syntax

Alt 20.03.2013, 12:55   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner 2maliges Auftreten - Standard

Verschlüsselungstrojaner 2maliges Auftreten


Du hast leider das falsche Log von MBAR gepostet, bitte das richtige nachreichen

Zitat:
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.03.2013, 01:27   #11
jf27
 
Verschlüsselungstrojaner 2maliges Auftreten - Standard

Verschlüsselungstrojaner 2maliges Auftreten


Sorry,


Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.19.08

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
KAISER :: KAICOM [administrator]

19.03.2013 18:47:19
mbar-log-2013-03-19 (18-47-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29124
Time elapsed: 10 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Gruß
jf27

Alt 21.03.2013, 10:32   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner 2maliges Auftreten - Standard

Verschlüsselungstrojaner 2maliges Auftreten


Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.03.2013, 12:51   #13
jf27
 
Verschlüsselungstrojaner 2maliges Auftreten - Standard

Verschlüsselungstrojaner 2maliges Auftreten


Hallo Cosinus,

anbei der Inhalt der aufgegangenen txt-Datei.

Er hat während es Vorgangs 1xgebootet und bis auf die vorherige Sicherheitsabfrage ob Combofix was verändern dürfte keine Probleme gemacht. Da ich allerdings nicht in die Systemsteuerung komme, konnte ich an der Antivirensoftware nicht deaktivieren.

Dass ich das nicht vom Desktop aus laufen gelassen habe ist mir erst jetzt aufgefallen. Ich hoffe es geht so. Ansonsten sag mir bitte Bescheid.


Code:
ATTFilter
ComboFix 13-03-20.02 - KAISER 21.03.2013  11:37:23.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3255.2137 [GMT 1:00]
ausgeführt von:: c:\users\KAISER\Documents\Virusablage\Combofix\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Windows Live\Messenger\msacm32.dll
c:\users\KAISER\AppData\Roaming\.#
c:\users\KAISER\AppData\Roaming\Ywhy
c:\users\KAISER\AppData\Roaming\Ywhy\yplut.emr
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-21 bis 2013-03-21  ))))))))))))))))))))))))))))))
.
.
2013-03-21 10:43 . 2013-03-21 10:45	--------	d-----w-	c:\users\KAISER\AppData\Local\temp
2013-03-19 20:30 . 2013-03-19 20:30	--------	d-----w-	c:\users\KAISER\AppData\Roaming\JPEGsnoop
2013-03-19 20:18 . 2013-03-19 20:18	--------	d-----w-	c:\program files\JPEG Recovery Pro
2013-03-19 20:17 . 2013-03-19 20:17	--------	d-----w-	c:\users\KAISER\AppData\Roaming\Iminent
2013-03-19 20:17 . 2013-03-19 20:17	--------	d-----w-	c:\program files\Common Files\Umbrella
2013-03-19 20:17 . 2013-03-19 20:17	--------	d-----w-	c:\program files\Iminent
2013-03-19 20:16 . 2013-03-19 20:16	--------	d-----w-	c:\users\KAISER\AppData\Roaming\Babylon
2013-03-19 20:16 . 2013-03-19 20:16	--------	d-----w-	c:\program files\Wajam
2013-03-19 17:27 . 2013-03-19 17:27	--------	d-----w-	c:\users\KAISER\Neuer Ordner (2)
2013-03-19 12:41 . 2013-03-19 12:41	--------	d-----w-	c:\users\KAISER\AppData\Roaming\www.shadowexplorer.com
2013-03-19 12:41 . 2013-03-19 12:41	--------	d-----w-	c:\program files\ShadowExplorer
2013-03-19 06:52 . 2013-03-19 06:52	--------	d-----w-	c:\program files\7-Zip
2013-03-07 13:56 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-07 13:49 . 2013-03-07 13:49	--------	d--h--w-	c:\users\KAISER\AppData\Roaming\D0B87AFB
2013-02-23 16:55 . 2013-02-23 16:55	--------	d-----w-	c:\users\KAISER\AppData\Roaming\Malwarebytes
2013-02-23 16:55 . 2013-03-07 13:56	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-02-23 16:54 . 2013-02-23 16:54	--------	d-----w-	c:\users\KAISER\AppData\Local\Programs
2013-02-23 12:24 . 2013-02-23 12:24	--------	d-----w-	c:\windows\system32\EventProviders
2013-02-23 12:24 . 2013-02-23 23:47	--------	d-----w-	C:\4297307fd8791c22c94fe1
2013-02-22 17:07 . 2013-03-07 14:52	--------	d-----w-	c:\users\KAISER\AppData\Roaming\Rayzi
2013-02-22 17:07 . 2013-02-22 17:07	--------	d-----w-	c:\users\KAISER\AppData\Roaming\Reco
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 11:46 . 2013-01-30 20:50	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 11:46 . 2013-01-30 20:50	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-17 00:28 . 2010-01-14 05:58	232336	------w-	c:\windows\system32\MpSigStub.exe
2013-01-08 22:11 . 2013-02-12 21:09	1800704	----a-w-	c:\windows\system32\jscript9.dll
2013-01-08 22:03 . 2013-02-12 21:09	1129472	----a-w-	c:\windows\system32\wininet.dll
2013-01-08 22:03 . 2013-02-12 21:09	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2013-01-08 21:59 . 2013-02-12 21:09	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2013-01-08 21:58 . 2013-02-12 21:09	420864	----a-w-	c:\windows\system32\vbscript.dll
2013-01-08 21:56 . 2013-02-12 21:09	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-01-05 05:02 . 2013-02-12 20:12	3957608	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:02 . 2013-02-12 20:12	3902312	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-04 04:55 . 2013-02-12 20:12	1287528	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-04 04:55 . 2013-02-12 20:12	187240	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-04 04:50 . 2013-02-12 20:12	169984	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 04:46 . 2013-02-12 20:12	293376	----a-w-	c:\windows\system32\KernelBase.dll
2013-01-04 04:43 . 2013-02-12 20:12	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	3072	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	4096	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	3584	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 04:43 . 2013-02-12 20:12	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-04 03:00 . 2013-02-12 20:12	2345984	----a-w-	c:\windows\system32\win32k.sys
2013-01-04 02:59 . 2013-02-12 20:12	271360	----a-w-	c:\windows\system32\conhost.exe
2013-01-04 02:43 . 2013-02-12 20:12	3584	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 02:43 . 2013-02-12 20:12	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-04 02:43 . 2013-02-12 20:12	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 02:43 . 2013-02-12 20:12	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-03-08 10:03 . 2013-03-08 10:03	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-13 . ADD2ADE1C2B285AB8378D2DAAF991481 . 17920 . . [6.1.7600.16385] . . c:\windows\System32\drivers\asyncmac.sys
[-] 2009-07-13 . ADD2ADE1C2B285AB8378D2DAAF991481 . 17920 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_242e2506962cd3e0\asyncmac.sys
.
[-] 2009-07-13 . 505506526A9D467307B3C393DEDAF858 . 6144 . . [6.1.7600.16385] . . c:\windows\System32\drivers\beep.sys
[-] 2009-07-13 . 505506526A9D467307B3C393DEDAF858 . 6144 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys
.
[-] 2009-07-13 . F9756A98D69098DCA8945D62858A812C . 4608 . . [6.1.7600.16385] . . c:\windows\System32\drivers\null.sys
[-] 2009-07-13 . F9756A98D69098DCA8945D62858A812C . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_a93c43a07c50a038\null.sys
.
[-] 2012-07-04 . F319BC3931655B9D5D145AC4F6EAE7E2 . 102912 . . [6.1.7600.21256] . . c:\windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.21256_none_796a6f2218568f7f\browser.dll
[-] 2012-07-04 . A0E691DC6589D4D2CBE373171D1A49E5 . 102912 . . [6.1.7600.16385] . . c:\windows\System32\browser.dll
[-] 2012-07-04 . A0E691DC6589D4D2CBE373171D1A49E5 . 102912 . . [6.1.7600.17056] . . c:\windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.17056_none_78e0d070ff38f28e\browser.dll
[-] 2012-07-04 . 28B0CF997DE2852E9D27A36CDD6884C8 . 102912 . . [6.1.7601.22044] . . c:\windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.22044_none_7b599b801576accc\browser.dll
[-] 2012-07-04 . 3DAA727B5B0A45039B0E1C9A211B8400 . 102912 . . [6.1.7601.17887] . . c:\windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17887_none_7aa7e7c0fc769589\browser.dll
[-] 2009-07-14 . 598E1280E7FF3744F4B8329366CC5635 . 102400 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.16385_none_78bf7cdcff520ade\browser.dll
.
[-] 2012-06-02 . FA7B950E4CA6AA260C4EABA19E03644D . 22528 . . [6.1.7601.22010] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_a8d76e24d42eb666\lsass.exe
[-] 2012-06-02 . A6034689ACF9D14973F8384AD5A5451E . 22528 . . [6.1.7600.21225] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_a6eb42a4d70be51e\lsass.exe
[-] 2011-11-17 . 05F38CB7CAB3CE8E9A1812D517DA93EF . 22528 . . [6.1.7600.21092] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe
[-] 2011-11-17 . C2243FF9E9AAD0C30E8B1A0914DA15B6 . 22528 . . [6.1.7600.16915] . . c:\windows\System32\lsass.exe
[-] 2011-11-17 . C2243FF9E9AAD0C30E8B1A0914DA15B6 . 22528 . . [6.1.7600.16915] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe
[-] 2011-11-17 . C2243FF9E9AAD0C30E8B1A0914DA15B6 . 22528 . . [6.1.7600.16915] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_a656d407bdf6641e\lsass.exe
[-] 2011-11-17 . 81951F51E318AECC2D68559E47485CC4 . 22528 . . [6.1.7601.17725] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[-] 2011-11-17 . 81951F51E318AECC2D68559E47485CC4 . 22528 . . [6.1.7601.17725] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_a828bb43bb2beb28\lsass.exe
[-] 2011-11-17 . FBCB2DFA40862DAA7B1534C9538208A5 . 22528 . . [6.1.7601.21861] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe
[-] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[-] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[-] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[-] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
.
[-] 2009-07-14 . 7CCCFCA7510684768DA22092D1FA4DB2 . 280576 . . [6.1.7600.16385] . . c:\windows\System32\netman.dll
[-] 2009-07-14 . 7CCCFCA7510684768DA22092D1FA4DB2 . 280576 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll
.
[-] 2009-07-14 . 808D8A8B2A3074002852BC856D419576 . 1297408 . . [2001.12.8530.16385] . . c:\windows\System32\comres.dll
[-] 2009-07-14 . 808D8A8B2A3074002852BC856D419576 . 1297408 . . [2001.12.8530.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_2c8730fb47856e94\comres.dll
.
[-] 2009-07-14 . 53F476476F55A27F580661BDE09C4EC4 . 589312 . . [7.5.7600.16385] . . c:\windows\System32\qmgr.dll
[-] 2009-07-14 . 53F476476F55A27F580661BDE09C4EC4 . 589312 . . [7.5.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
.
[-] 2009-07-14 . B82CD39E336973359D7C9BF911E8E84F . 376320 . . [6.1.7600.16385] . . c:\windows\System32\rpcss.dll
[-] 2009-07-14 . B82CD39E336973359D7C9BF911E8E84F . 376320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
.
[-] 2009-07-14 . 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 . 259072 . . [6.1.7600.16385] . . c:\windows\System32\services.exe
[-] 2009-07-14 . 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 . 259072 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
.
[-] 2012-02-11 . E17323B0AA9FB3FF9945731D736EDA2F . 316928 . . [6.1.7600.16385] . . c:\windows\System32\spoolsv.exe
[-] 2012-02-11 . E17323B0AA9FB3FF9945731D736EDA2F . 316928 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16962_none_d634a3a322cec58a\spoolsv.exe
[-] 2012-02-11 . 9AEA093B8F9C37CF45538382CABA2475 . 317440 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_d815322f1ff8cc1a\spoolsv.exe
[-] 2012-02-11 . 13B48314BF02091B30597DF20B71CBAC . 316928 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.21149_none_d6daba6e3bd61215\spoolsv.exe
[-] 2012-02-11 . CAE10A25F936C053E41CBE0FA06FF15D . 317952 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_d8cedec038f3454c\spoolsv.exe
[-] 2010-08-21 . D1BB750EB51694DE183E08B9C33BE5B2 . 316928 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe
[-] 2010-08-20 . 2FB4CE429488156B19C0D8E5C4552043 . 316928 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe
[-] 2009-07-14 . 49B6DD6AB3715B7A67965F17194E98A9 . 316416 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe
.
[-] 2009-10-28 . 37CDB7E72EB66BA85A87CBE37E7F03FD . 285696 . . [6.1.7600.16385] . . c:\windows\System32\winlogon.exe
[-] 2009-10-28 . 37CDB7E72EB66BA85A87CBE37E7F03FD . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[-] 2009-10-28 . 3BABE6767C78FBF5FB8435FEED187F30 . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[-] 2009-07-14 . 8EC6A4AB12B8F3759E21F8E3A388F2CF . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
.
[-] 2009-07-13 . CB39E896A2A83702D1737BFD402B3542 . 74240 . . [6.1.7600.16385] . . c:\windows\System32\drivers\tdx.sys
[-] 2009-07-13 . CB39E896A2A83702D1737BFD402B3542 . 74240 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
.
[-] 2010-08-21 . BF5D71B4A40687A90C8B47F776758A6F . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.20787_none_39fe18355266e2d8\comctl32.dll
[-] 2010-08-21 . BF5D71B4A40687A90C8B47F776758A6F . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.20787_none_ede2ad2969983532\comctl32.dll
[-] 2010-08-21 . 70EF5DFEF7069164EACF7140C2CC6344 . 1680896 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.20787_none_2b43b51e45274037\comctl32.dll
[-] 2010-08-21 . D3EAD1CF16BA729A7F7C9A5D94AA7C05 . 530432 . . [5.82] . . c:\windows\System32\comctl32.dll
[-] 2010-08-21 . D3EAD1CF16BA729A7F7C9A5D94AA7C05 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16661_none_39841986393e7322\comctl32.dll
[-] 2010-08-21 . D3EAD1CF16BA729A7F7C9A5D94AA7C05 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll
[-] 2010-08-21 . 4B8DD8541C0E26602005DD0137333615 . 1680896 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
[-] 2009-07-14 . B62AA1BB1F63839051441D2C6DD7B775 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16385_none_39727524394b18eb\comctl32.dll
[-] 2009-07-14 . B62AA1BB1F63839051441D2C6DD7B775 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_ebf82fc36c758ad5\comctl32.dll
[-] 2009-07-14 . 0FA436A553408CBEBA070E3182658DE3 . 1680896 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
.
[-] 2012-06-02 . 063DD65889D21035311463337BD268E7 . 142336 . . [6.1.7601.22010] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[-] 2012-06-02 . F2FDE6C8DBAAD44CC58D1E07E4AF4EED . 139264 . . [6.1.7600.16385] . . c:\windows\System32\cryptsvc.dll
[-] 2012-06-02 . F2FDE6C8DBAAD44CC58D1E07E4AF4EED . 139264 . . [6.1.7600.17035] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_760be2a9fbfa79d1\cryptsvc.dll
[-] 2012-06-02 . EA8C26ECF1656D9647EF044F115EC6DA . 141312 . . [6.1.7600.21225] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_76a05147150ffad1\cryptsvc.dll
[-] 2012-06-02 . 96C0E38905CFD788313BE8E11DAE3F2F . 140288 . . [6.1.7601.17856] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[-] 2012-04-24 . 520A108A2657F4BCA7FCED9CA7D885DE . 139264 . . [6.1.7600.17008] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[-] 2012-04-24 . 06E771AA596B8761107AB57E99F128D7 . 140288 . . [6.1.7601.17827] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[-] 2012-04-24 . F522279B4717E2BFF269C771FAC2B78E . 141312 . . [6.1.7600.21199] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll
[-] 2012-04-24 . 21993009E0CCB9B4FA195F14D3408626 . 142336 . . [6.1.7601.21979] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[-] 2009-07-14 . 9C231178CE4FB385F4B54B0A9080B8A4 . 135680 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
.
[-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] . . c:\windows\System32\es.dll
[-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll
.
[-] 2009-07-14 . 5DF8132ADF721329234403189FC94E16 . 118272 . . [6.1.7600.16385] . . c:\windows\System32\imm32.dll
[-] 2009-07-14 . 5DF8132ADF721329234403189FC94E16 . 118272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_5c2c7439dbbe9273\imm32.dll
.
[-] 2013-01-04 . F14125F0B2ACB29963E896E3441DC30C . 868352 . . [6.1.7601.22209] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22209_none_965e9ef5cd9ec94a\kernel32.dll
[-] 2013-01-04 . A2CB61B68566F6DB067607273119D27B . 868352 . . [6.1.7600.17179] . . c:\windows\System32\kernel32.dll
[-] 2013-01-04 . A2CB61B68566F6DB067607273119D27B . 868352 . . [6.1.7600.17179] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17206_none_93eba260b75d7468\kernel32.dll
[-] 2013-01-04 . 89C816E5DA817EB6E97BAC7E644041E8 . 868352 . . [6.1.7600.21416] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21416_none_946a7125d0832d4a\kernel32.dll
[-] 2012-11-30 . 6D0D4B00C7CB4FA829F396A83B327894 . 868352 . . [6.1.7601.22177] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_9610ed07cdd95d0c\kernel32.dll
[-] 2012-11-30 . E9F8A2515D2ADCB9B1208E3576AB31D2 . 868352 . . [6.1.7600.17179] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17179_none_93a2f1e4b79386dd\kernel32.dll
[-] 2012-11-30 . AE09B85158C66E2C154C5C9B3C0027B3 . 868352 . . [6.1.7601.18015] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_95c62f30b48ce2ee\kernel32.dll
[-] 2012-11-30 . 22BB6AFDE3D162C3F5E631267070E46D . 868352 . . [6.1.7600.21386] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21386_none_941ebfcbd0bbf3ba\kernel32.dll
[-] 2012-10-04 . A49F39AD51987F9360C316D85040D763 . 868352 . . [6.1.7600.21335] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21335_none_9453cf1dd0944eae\kernel32.dll
[-] 2012-10-04 . 5EB52C62998CF36BAE774FC67775EAEB . 868352 . . [6.1.7600.17135] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17135_none_93ca306cb776b1bd\kernel32.dll
[-] 2012-10-04 . 3ED262888758E350C29E02207AF9AC59 . 868352 . . [6.1.7601.17965] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_95904772b4b53b61\kernel32.dll
[-] 2012-10-04 . 63350392C018D28C87E6FCB638DFCFE8 . 868352 . . [6.1.7601.22125] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_9644fc0fcdb29ea9\kernel32.dll
[-] 2012-08-20 . 0B0ACE1E9F27AA44B4FAC72F881B908C . 868352 . . [6.1.7600.21306] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21306_none_94753f2bd07b1432\kernel32.dll
[-] 2012-08-20 . 6F93A0F455963DC8A9A16BB682C8D589 . 868352 . . [6.1.7601.17932] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_95adb658b49f9b89\kernel32.dll
[-] 2012-08-20 . 9139B25AA9CA8749A11F2BE863EF391B . 868352 . . [6.1.7601.22091] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_95f5498dcdeeffbd\kernel32.dll
[-] 2012-08-18 . 8EA21D5227121072B985525B6C0C36A0 . 868352 . . [6.1.7600.17107] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17107_none_93eca0c4b75c9098\kernel32.dll
[-] 2011-07-16 . 921F8B3FF01501C9934CCB3C270833D7 . 868352 . . [6.1.7601.21772] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_960c0dc1cdddb3a2\kernel32.dll
[-] 2011-07-16 . 7E99A20C758ABB5AE89C7AEEA3A9AEB2 . 868352 . . [6.1.7600.16850] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_93afb334b78b3d5c\kernel32.dll
[-] 2011-07-16 . E570CBD732848438EAC574EB3442A2A8 . 868352 . . [6.1.7601.17651] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_95971084b4b0c29f\kernel32.dll
[-] 2011-07-16 . 12DD18C6ECADEDB922E40B494D315206 . 868352 . . [6.1.7600.21010] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_946467d1d088a0a4\kernel32.dll
[-] 2011-06-03 . 11826814AA8C1177CBF6BC40105E9A87 . 868352 . . [6.1.7600.20978] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_942bb277d0b1dfc0\kernel32.dll
[-] 2011-05-14 . 5717FC9D2A1DAA0596DC7D940F2D613C . 868352 . . [6.1.7601.21728] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_96481f19cdafbff7\kernel32.dll
[-] 2011-05-14 . 4F9C07F0D68E135F1E07C20647FC54F9 . 868352 . . [6.1.7600.16816] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_93e0f4a0b76565a2\kernel32.dll
[-] 2011-05-14 . 02D5E2D9D9497F314C97E082A1CB9808 . 868352 . . [6.1.7601.17617] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_95c851f0b48aeae5\kernel32.dll
[-] 2009-12-08 . EB7B2309A2B16EEB73C2C13477FEF8FB . 857088 . . [6.1.7600.20591] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20591_none_940f0901d0c871a5\kernel32.dll
[-] 2009-12-08 . 0369BA73CE6D918745579B24339765E8 . 857088 . . [6.1.7600.16481] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16481_none_93903c22b7a2b5ea\kernel32.dll
[-] 2009-07-14 . 4605F7EE9805F7E1C98D6C959DD2949C . 857088 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_93943b64b79f1e1f\kernel32.dll
.
[-] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] . . c:\windows\System32\linkinfo.dll
[-] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_383b884006a7a723\linkinfo.dll
.
[-] 2012-12-16 . 1953E31A9290333FEEB28A002D92F68A . 26112 . . [6.1.7600.21402] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.21402_none_aa867320d4b9809b\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\System32\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_a9a96e9bbbd9f2bd\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_a9fcef03bb9bc457\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_a9d3afe7bbba66c9\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16600_none_a9faf23bbb9d8bf7\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16691_none_a99aa339bbe5a0c7\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16734_none_a9de8585bbb2424d\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_a9bd1577bbcb7cc9\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.17159_none_a9cdc4f3bbbe2399\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.17194_none_a99d83d1bbe314aa\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_aa2b3c58d4fcfa7d\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_aa517c7cd4e1092d\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20720_none_aa6eef2ed4cb63a3\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20821_none_aa6ff15ed4ca7a21\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20875_none_aa3de2ead4ef6b32\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_aa899444d4b6a4c2\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.21362_none_aa4591b2d4ea2b1a\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_abda8263b8c87657\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_abc7e369b8d5fa3e\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_aba3727db8f1e8b5\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17991_none_ab8109bdb90bfe76\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18032_none_abc2c1b1b8daa369\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_ac507fead1f480b1\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_ac2e0f92d20ea1d6\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22153_none_ac37beeed207946c\lpk.dll
[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_ac0e7fd2d22636de\lpk.dll
.
[-] 2013-01-08 . C97434C851C4821BD92D2831FDF1ECBE . 12321280 . . [9.00.8112.16421] . . c:\windows\System32\mshtml.dll
[-] 2013-01-08 . C97434C851C4821BD92D2831FDF1ECBE . 12321280 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16464_none_2b9a76883c8d885a\mshtml.dll
[-] 2013-01-08 . B6AD225B3BCC07332FBB2C2824315534 . 12322304 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20573_none_2c18431d55b42abe\mshtml.dll
[-] 2012-11-14 . 07F649CD36F266BBE33B814FA678AA43 . 12320256 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16457_none_2ba847523c82b86e\mshtml.dll
[-] 2012-11-14 . 8021EF27048F9ECE5286EA8C8EED23B8 . 12321280 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20565_none_2c25139d55aa417b\mshtml.dll
[-] 2012-10-08 . 8D1BB1E5A033E8817EF94A9047630165 . 12320768 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16455_none_2ba646be3c8485c0\mshtml.dll
[-] 2012-10-08 . F7B251DA2FA89933771289793DCAA08B . 12321280 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20562_none_2c2212bf55acf576\mshtml.dll
[-] 2012-08-24 . 975D1EA99A0FE8104B72440995B3C20B . 12319744 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20557_none_2c31e41d55a05838\mshtml.dll
[-] 2012-08-24 . BB197F54A8F69EEA8356B7F70E6D3A20 . 12319744 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16450_none_2ba1454c3c89070d\mshtml.dll
[-] 2012-06-29 . 5E8E869E1342308752A37A2C90CCA79D . 12317184 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16448_none_2bb417883c79b5d4\mshtml.dll
[-] 2012-06-28 . AEC51857AEC2F5CE4520366240AFC671 . 12317184 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20554_none_2c2ee33f55a30c33\mshtml.dll
[-] 2012-06-02 . 6820A9E91AFF7CB3A510360D8CCD9BDD . 12314624 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_2bb3173e3c7a9c7d\mshtml.dll
[-] 2012-06-02 . 1ABF770552EA9D4FE90F654468FAF4CE . 12314624 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_2c2de2f555a3f2dc\mshtml.dll
[-] 2012-05-17 . 9FB58F71104107D44540AF1195F7A14D . 12314624 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16446_none_2bb216f43c7b8326\mshtml.dll
[-] 2012-05-17 . 761D9111F5A2619CB5060661D36FBFFF . 12314624 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20551_none_2c2be26155a5c02e\mshtml.dll
[-] 2012-03-08 . 497C9C3DB953A60EC4F43A097E15F75E . 12282368 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_2bad15823c800473\mshtml.dll
[-] 2012-02-28 . F82BF2CB075B49E9FAB5FF213C45C020 . 12281856 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_2baf16163c7e3721\mshtml.dll
[-] 2012-02-28 . B9E083B14B1994F1255983F2DF31C7DF . 12281856 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_2c3db4535597559e\mshtml.dll
[-] 2011-12-16 . D829890A3CE83EE4332D2BE11755E590 . 5998080 . . [8.00.7601.21878] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21878_none_305185f610b833be\mshtml.dll
[-] 2011-12-16 . 65631F456004E4DF6ADD6F8C2550FEA2 . 5999104 . . [8.00.7600.16930] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16930_none_2e04c984fa5aed8c\mshtml.dll
[-] 2011-12-16 . BDB0402589BDD0D47D0CE9B2A0187D94 . 5997568 . . [8.00.7601.17744] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17744_none_2fe457c6f785dac5\mshtml.dll
[-] 2011-12-16 . 41ADBC5327BBDD802266B965B9DC9C9B . 6000640 . . [8.00.7600.21108] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21108_none_2eb6b0861359377d\mshtml.dll
[-] 2011-11-05 . 9B2203A026436B0CE445819356619C06 . 5997568 . . [8.00.7600.16912] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16912_none_2e1c69f0fa48e858\mshtml.dll
[-] 2011-11-05 . 1F0D01939CADBFE8945E788F39662E8E . 5999616 . . [8.00.7600.21085] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21085_none_2e5d2e62139ccdd9\mshtml.dll
[-] 2011-11-05 . 61C09B5AD2932538659D133C875DBB0F . 5997056 . . [8.00.7601.17720] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17720_none_2ff5f676f7793d87\mshtml.dll
[-] 2011-11-05 . 3E218028099F62CA630E2AFE936F1F0D . 5997568 . . [8.00.7601.21855] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21855_none_306424f010aaafd7\mshtml.dll
[-] 2011-10-01 . E16F0A71B984E06FE0A90A2E2E227B23 . 5991936 . . [8.00.7601.21830] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21830_none_3074c356109ef942\mshtml.dll
[-] 2011-10-01 . BE58B60C0FFCD769DB77BB072DDBCDA7 . 5990912 . . [8.00.7600.16891] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16891_none_2dc4e860fa8ab162\mshtml.dll
[-] 2011-10-01 . 146D5F5CEB1A89369B6D559ED5182B07 . 5991936 . . [8.00.7600.21062] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21062_none_2e6fcd5c138f49f2\mshtml.dll
[-] 2011-10-01 . 009751094A5A9041723D635AF249DC6F . 5990400 . . [8.00.7601.17699] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17699_none_2fb347b6f7a9e806\mshtml.dll
[-] 2011-07-22 . CF3C3365DC28AB97636BF11E9BB67927 . 5988864 . . [8.00.7601.21776] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21776_none_304f837c10ba03e9\mshtml.dll
[-] 2011-07-22 . A56EBB1297F12728CF8EE028B7964E06 . 5989376 . . [8.00.7600.16853] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16853_none_2df228a4fa68744c\mshtml.dll
[-] 2011-07-22 . DD64818174A695E8EC766E50297AB854 . 5988864 . . [8.00.7601.17655] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17655_none_2fda863ef78d12e6\mshtml.dll
[-] 2011-07-22 . A3EF4E2490DD7CD6C4601FE3FDE34535 . 5990912 . . [8.00.7600.21013] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21013_none_2ea6dd421365d794\mshtml.dll
[-] 2011-05-28 . 0C32D9FF0FC163239C4B052FE6EFA8E7 . 5984768 . . [8.00.7601.21735] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21735_none_3079c2e2109a7ace\mshtml.dll
[-] 2011-05-28 . C57C1B54D6038C0B5AC031C8E920BAF4 . 5984768 . . [8.00.7600.20975] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20975_none_2e68262c13947ea6\mshtml.dll
[-] 2011-05-28 . 1816D4CF1A7CBB72298AB120059226D4 . 5984256 . . [8.00.7600.16821] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16821_none_2e1097d4fa51edcb\mshtml.dll
[-] 2011-05-28 . F5B7C30075207A165FF2EED1FF89AB8D . 5984768 . . [8.00.7601.17622] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17622_none_2ff7f524f777730e\mshtml.dll
[-] 2011-03-07 . 3D2F69861D7B24A3C5B0473583FE3D9D . 5981696 . . [8.00.7601.17573] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17573_none_2fc2e3ecf79f1af3\mshtml.dll
[-] 2011-03-07 . 5E87C06B924495F6FA381391FDE0C9D4 . 5981696 . . [8.00.7601.21676] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21676_none_304f819610ba06c2\mshtml.dll
[-] 2011-02-24 . F861A76F208BD31031A91412AA77BD4F . 5982720 . . [8.00.7600.20908] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20908_none_2eb6d67e13590714\mshtml.dll
[-] 2011-02-24 . C75417DD80FE9D56A906DD9DA791ED6F . 5981696 . . [8.00.7600.16766] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16766_none_2dea57b0fa6ddf1b\mshtml.dll
[-] 2011-01-07 . 1C6045D48179D15A843486D12BEC0EAF . 5980672 . . [8.00.7601.17537] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_2ff224c4f77b108b\mshtml.dll
[-] 2011-01-07 . 1011333570E1CECAE8FAC34C8D9461BC . 5980672 . . [8.00.7601.21636] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_307ac146109996fe\mshtml.dll
[-] 2010-12-18 . 6E9E2D2DC298FE9A3A3C164FB8A2C9EA . 5980672 . . [8.00.7600.16722] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16722_none_2e119638fa5109fb\mshtml.dll
[-] 2010-12-18 . A8B89A12E7A379AC443FB002F4AAB51F . 5980672 . . [8.00.7600.20861] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20861_none_2e6ef30a13900032\mshtml.dll
[-] 2010-11-04 . 61854D1111E33A09603452B32A84B5F0 . 5979136 . . [8.00.7600.20831] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20831_none_2e8f62ce1377ac5f\mshtml.dll
[-] 2010-11-04 . 9145EF1A437A3FCA06069FC649E16E32 . 5978112 . . [8.00.7600.16700] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16700_none_2e25357cfa429f6b\mshtml.dll
[-] 2010-09-08 . 4F3DEEE94B0F650862F7AB7ABBE40CA1 . 5977088 . . [8.00.7600.20795] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20795_none_2e52828813a4bc3a\mshtml.dll
[-] 2010-09-08 . BAF92C3C3D5A0958817B661439A81FD9 . 5977600 . . [8.00.7600.16671] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16671_none_2dda846cfa7a7f32\mshtml.dll
[-] 2010-06-30 . BDFD710842C8A25DD27254D91DE60AC6 . 5971456 . . [8.00.7600.16625] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16625_none_2e149530fa4e58d9\mshtml.dll
[-] 2010-06-30 . 25C1646ADC24C371B594544C3D530967 . 5972992 . . [8.00.7600.20745] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20745_none_2e889224137c3085\mshtml.dll
[-] 2010-05-06 . 1186C9E0759E0AC7CC6C9A0F66D003ED . 5972992 . . [8.00.7600.20708] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20708_none_2eb6d2b213590cc6\mshtml.dll
[-] 2010-05-06 . C5A57D9A8C055643BBB2E65D5E181D52 . 5970944 . . [8.00.7600.16588] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16588_none_2dd6b4a0fa7c4f5d\mshtml.dll
[-] 2010-02-23 . 49E3588AFD08BE40A9775BF3FB9D43F1 . 5964800 . . [8.00.7600.16535] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16535_none_2e09c35efa5677a3\mshtml.dll
[-] 2010-02-23 . DA9D73D95D2B74742D4936739B1D9669 . 5966336 . . [8.00.7600.20651] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20651_none_2e79bf2a1387e9f3\mshtml.dll
[-] 2009-12-19 . 96990605689B601287D4A83DD2B05F0B . 5962240 . . [8.00.7600.20600] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20600_none_2eaece7c136044e7\mshtml.dll
[-] 2009-12-19 . 6EE36579E69E37D2AB2926A40B16DBB3 . 5961728 . . [8.00.7600.16490] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16490_none_2dc3e07efa8ba36f\mshtml.dll
[-] 2009-11-19 . F8F43D14BA21CF92D16B3A16A958778B . 5958656 . . [8.00.7600.16466] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16466_none_2dea51fefa6de7a6\mshtml.dll
[-] 2009-11-19 . 31F80311F487ABA186A10E551B212573 . 5959168 . . [8.00.7600.20579] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20579_none_2e6c1fbc1390ef66\mshtml.dll
[-] 2009-07-14 . 43592D31AFF84DD957199248898D9430 . 5957632 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_2dd3aff6fa7f090a\mshtml.dll
.
[-] 2011-12-16 . 2F740C4B458331357E825E94AFB0953A . 690688 . . [7.0.7601.21878] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_d3a962431672ddd2\msvcrt.dll
[-] 2011-12-16 . F8A61B2E713309B4616D107919BDAB6E . 690688 . . [7.0.7600.16930] . . c:\windows\System32\msvcrt.dll
[-] 2011-12-16 . F8A61B2E713309B4616D107919BDAB6E . 690688 . . [7.0.7600.16930] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16930_none_d15ca5d2001597a0\msvcrt.dll
[-] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_d33c3413fd4084d9\msvcrt.dll
[-] 2011-12-16 . 10142C1975202A767C0EDB3BC066FD88 . 690688 . . [7.0.7600.21108] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.21108_none_d20e8cd31913e191\msvcrt.dll
[-] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll
.
[-] 2009-07-14 . 11A41F17527ED75D6B758FDD7F4FD00D . 232448 . . [6.1.7600.16385] . . c:\windows\System32\mswsock.dll
[-] 2009-07-14 . 11A41F17527ED75D6B758FDD7F4FD00D . 232448 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
.
[-] 2009-07-14 . EAA75D9000B71F10EEC04D2AE6C60E81 . 563712 . . [6.1.7600.16385] . . c:\windows\System32\netlogon.dll
[-] 2009-07-14 . EAA75D9000B71F10EEC04D2AE6C60E81 . 563712 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
.
[-] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] . . c:\windows\System32\powrprof.dll
[-] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll
.
[-] 2009-07-14 . 26073302DAEA83CC5B944C546D6B47D2 . 175616 . . [6.1.7600.16385] . . c:\windows\System32\scecli.dll
[-] 2009-07-14 . 26073302DAEA83CC5B944C546D6B47D2 . 175616 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
.
[-] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] . . c:\windows\System32\sfc.dll
[-] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll
.
[-] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] . . c:\windows\System32\svchost.exe
[-] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
[-] 2009-07-14 . 2F46B0C70A4ADC8C90CF825DA3B4FEAF . 241664 . . [6.1.7600.16385] . . c:\windows\System32\tapisrv.dll
[-] 2009-07-14 . 2F46B0C70A4ADC8C90CF825DA3B4FEAF . 241664 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7600.16385_none_e3132eff46462df0\tapisrv.dll
.
[-] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[-] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
[-] 2009-07-14 . 6DE80F60D7DE9CE6B8C2DDFDF79EF175 . 26112 . . [6.1.7600.16385] . . c:\windows\System32\userinit.exe
[-] 2009-07-14 . 6DE80F60D7DE9CE6B8C2DDFDF79EF175 . 26112 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
.
[-] 2013-01-08 . B49B56B64F57699A1A663D2CF7D0A56F . 1129472 . . [9.00.8112.16421] . . c:\windows\System32\wininet.dll
[-] 2013-01-08 . B49B56B64F57699A1A663D2CF7D0A56F . 1129472 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16464_none_1a405769bc371f24\wininet.dll
[-] 2013-01-08 . 16C45E6881449C6330567E51C13920FA . 1129472 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20573_none_1abe23fed55dc188\wininet.dll
[-] 2012-11-14 . 7FA3A810F383588D46220967DE8B64FF . 1129472 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16457_none_1a4e2833bc2c4f38\wininet.dll
[-] 2012-11-14 . 0635D714351F842D43EA184E75C4A3FF . 1129472 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20565_none_1acaf47ed553d845\wininet.dll
[-] 2012-10-08 . 9CB0D2A9A77D91D9614355EE9FF00519 . 1129472 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16455_none_1a4c279fbc2e1c8a\wininet.dll
[-] 2012-10-08 . 6E3AC8A54A1881806BA2B58539483788 . 1129472 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20562_none_1ac7f3a0d5568c40\wininet.dll
[-] 2012-08-24 . 2895E29EFCFC0B1BCF8AEE1A0C67913C . 1129472 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20557_none_1ad7c4fed549ef02\wininet.dll
[-] 2012-08-24 . 5553611E2F9EA6F613079177F1233068 . 1129472 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16450_none_1a47262dbc329dd7\wininet.dll
[-] 2012-06-29 . 75A97A2C060E72AB49E071E08C7DD2BA . 1129472 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16448_none_1a59f869bc234c9e\wininet.dll
[-] 2012-06-28 . 54C30A4066A28F9A017E095E283B2762 . 1129472 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20554_none_1ad4c420d54ca2fd\wininet.dll
[-] 2012-06-02 . 8E87270C4704CF2951E1E7820D6C8A2B . 1129472 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16447_none_1a58f81fbc243347\wininet.dll
[-] 2012-06-02 . E430161A632F9A8FE512DE0CA5685559 . 1129472 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20553_none_1ad3c3d6d54d89a6\wininet.dll
[-] 2012-05-17 . 1C191A4F0960F21B5D58C8A65BAF5427 . 1129472 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_1a57f7d5bc2519f0\wininet.dll
[-] 2012-05-17 . 43BAC67996D8765A5F1B3A4EA6231E21 . 1129472 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_1ad1c342d54f56f8\wininet.dll
[-] 2012-03-08 . 1D94FA7C81D2FFE494AF094619BA706F . 1127424 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_1a52f663bc299b3d\wininet.dll
[-] 2012-02-28 . 44465367256D1C72B58F5ABAA19E7016 . 1127424 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_1a54f6f7bc27cdeb\wininet.dll
[-] 2012-02-28 . 11A34DCA08EB2A586246F2D6C2A81D58 . 1127424 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_1ae39534d540ec68\wininet.dll
[-] 2011-12-16 . 808C0CE9D4DBC0A6F72761294EB10FB2 . 982016 . . [8.00.7601.21878] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21878_none_1ef766d79061ca88\wininet.dll
[-] 2011-12-16 . 653109C31F7F190072C9E4DF31154225 . 981504 . . [8.00.7600.16930] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16930_none_1caaaa667a048456\wininet.dll
[-] 2011-12-16 . BDB7450CC556F238FD973C9DA300FEB8 . 981504 . . [8.00.7601.17744] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17744_none_1e8a38a8772f718f\wininet.dll
[-] 2011-12-16 . 8DFDD881CEF74ED749BA968E060418CA . 982016 . . [8.00.7600.21108] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21108_none_1d5c91679302ce47\wininet.dll
[-] 2011-11-05 . E49448ACD38A375E4FBCCB87056E1467 . 982016 . . [8.00.7600.21085] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21085_none_1d030f43934664a3\wininet.dll
[-] 2011-11-05 . 7F5B51FACA193430346970283C50769F . 981504 . . [8.00.7600.16912] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16912_none_1cc24ad279f27f22\wininet.dll
[-] 2011-11-05 . 19714FA7D7204D9BEE1EE12791DA9010 . 981504 . . [8.00.7601.17720] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17720_none_1e9bd7587722d451\wininet.dll
[-] 2011-11-05 . 1903228FE0C7D402B26A217F8D7713FD . 982016 . . [8.00.7601.21855] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21855_none_1f0a05d1905446a1\wininet.dll
[-] 2011-08-20 . 7570FA3FC82E08FB637E32D2D95DB41D . 981504 . . [8.00.7601.21795] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21795_none_1edec43b9074b93e\wininet.dll
[-] 2011-08-20 . 1DBC7303366C0C9B80E51C4B4BECB7ED . 981504 . . [8.00.7600.16869] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16869_none_1c933b567a14bf11\wininet.dll
[-] 2011-08-20 . 79FFA6C81F9F5B2244C5668D08387EA6 . 982016 . . [8.00.7600.21033] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21033_none_1d371e4b931fa640\wininet.dll
[-] 2011-08-20 . DBF24E87CB605A4F6E7424DD86F7A62C . 981504 . . [8.00.7601.17671] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17671_none_1e66c620774a7c36\wininet.dll
[-] 2011-06-21 . D1E7C4FA045B34C32D12BFBB415EBE1B . 981504 . . [8.00.7601.21754] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21754_none_1f0903a190553023\wininet.dll
[-] 2011-06-21 . EE0D7471EBF9CE40CC4A203B1F90F028 . 981504 . . [8.00.7600.16839] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16839_none_1cb3ab1a79fc6b3e\wininet.dll
[-] 2011-06-21 . 748FD4CAB1AFFD90A9556EB7D5AA1FEB . 981504 . . [8.00.7601.17638] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17638_none_1e9907d67723bdd3\wininet.dll
[-] 2011-06-21 . 6DC5A5F57FACFF20149F04440BB4523C . 982016 . . [8.00.7600.20992] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20992_none_1cf566579351014d\wininet.dll
[-] 2011-04-22 . 7A11DB452989040AD8570A3DCE2E9DE2 . 981504 . . [8.00.7601.21710] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_1f30422990385b03\wininet.dll
[-] 2011-04-22 . 27CDAF355CCE3762C7F13719E814418B . 981504 . . [8.00.7600.16800] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16800_none_1ccb184479ec335c\wininet.dll
[-] 2011-04-22 . E391DB6E8CA3638B9772A990E6D280FF . 982016 . . [8.00.7600.20949] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20949_none_1d3277f9932226f9\wininet.dll
[-] 2011-04-22 . 2CA020EACDC6DDB2BEA89FEA02C90945 . 981504 . . [8.00.7601.17601] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_1eb275947711b89f\wininet.dll
[-] 2011-03-07 . A5B19B240901CAB0C8E7767D2873613E . 981504 . . [8.00.7601.17573] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_1e68c4ce7748b1bd\wininet.dll
[-] 2011-03-07 . EDEB2904636B657782F824D8FF97D0B8 . 981504 . . [8.00.7601.21676] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_1ef5627790639d8c\wininet.dll
[-] 2011-02-24 . DA2950BAD7306006EBA77DD93CC42690 . 982016 . . [8.00.7600.20908] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20908_none_1d5cb75f93029dde\wininet.dll
[-] 2011-02-24 . 214605C48AE416BC067C39D227CFCC57 . 981504 . . [8.00.7600.16766] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16766_none_1c9038927a1775e5\wininet.dll
[-] 2010-12-21 . 78B9ADA2BC8946AF7B17678E0D07A773 . 981504 . . [8.00.7600.16723] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_1cb8776479f9ba1c\wininet.dll
[-] 2010-12-21 . 1B3DD46BC6396143A205EAAF05F38039 . 981504 . . [8.00.7600.20862] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_1d15d4359338b053\wininet.dll
[-] 2010-12-18 . F019FCA21F609E34B79AE130681D08F7 . 981504 . . [8.00.7600.16722] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_1cb7771a79faa0c5\wininet.dll
[-] 2010-12-18 . 025031C16D3A486F6AFE1C9B2FB1ADE0 . 981504 . . [8.00.7600.20861] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_1d14d3eb933996fc\wininet.dll
[-] 2010-11-04 . 749A4DDB8915066566E2BB38C2618048 . 981504 . . [8.00.7600.20831] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20831_none_1d3543af93214329\wininet.dll
[-] 2010-11-04 . A7360A3B20B38F1D6A09402FB6E9E2C3 . 978944 . . [8.00.7600.16700] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16700_none_1ccb165e79ec3635\wininet.dll
[-] 2010-09-08 . 84795F28EB2E942951138827B8704819 . 980480 . . [8.00.7600.20795] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20795_none_1cf86369934e5304\wininet.dll
[-] 2010-09-08 . 3D6AA6DD4D0F3BB41B804747EB489831 . 978432 . . [8.00.7600.16671] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16671_none_1c80654e7a2415fc\wininet.dll
[-] 2010-06-30 . 250267CE6217C1AB4517F22FB7EA13E8 . 978432 . . [8.00.7600.16625] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_1cba761279f7efa3\wininet.dll
[-] 2010-06-30 . 91A9CCAD9829A89C840899932B9EC2DF . 980480 . . [8.00.7600.20745] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_1d2e73059325c74f\wininet.dll
[-] 2010-05-21 . ABE73A2F762A74B6AD2C9BE636915595 . 977920 . . [8.00.7600.16596] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16596_none_1c6fc5027a2fcf6a\wininet.dll
[-] 2010-05-21 . 5FF3118C688D43ED77DEADC6F4895EF9 . 980480 . . [8.00.7600.20716] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20716_none_1d4fe313930c8cd3\wininet.dll
[-] 2010-02-23 . 99A6F1253A886C4A9C1F8E1822B10A80 . 977920 . . [8.00.7600.16535] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16535_none_1cafa4407a000e6d\wininet.dll
[-] 2010-02-23 . 0962CB2A9E6B4363C74249A4A5CCDBBF . 980480 . . [8.00.7600.20651] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20651_none_1d1fa00b933180bd\wininet.dll
[-] 2009-12-19 . 23587164011EC849E58E229ABC49E239 . 977920 . . [8.00.7600.20600] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20600_none_1d54af5d9309dbb1\wininet.dll
[-] 2009-12-19 . F1C359CE656BD76F90E0E6C4BC04A4BE . 977920 . . [8.00.7600.16490] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16490_none_1c69c1607a353a39\wininet.dll
[-] 2009-07-14 . 0D874F3BC751CC2198AF2E6783FB8B35 . 977920 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll
.
[-] 2009-07-14 . DAAE8A9B8C0ACC7F858454132553C30D . 206336 . . [6.1.7600.16385] . . c:\windows\System32\ws2_32.dll
[-] 2009-07-14 . DAAE8A9B8C0ACC7F858454132553C30D . 206336 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
.
[-] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] . . c:\windows\System32\ws2help.dll
[-] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\ws2help.dll
.
[-] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[-] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[-] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[-] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[-] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[-] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[-] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[-] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[-] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
[-] 2009-07-14 . 8A4883F5E7AC37444F23279239553878 . 398336 . . [6.1.7600.16385] . . c:\windows\regedit.exe
[-] 2009-07-14 . 8A4883F5E7AC37444F23279239553878 . 398336 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
.
[-] 2010-06-29 . E2C2D8C982316C8ABF800C6CE3F28FAB . 1413632 . . [6.1.7600.16385] . . c:\windows\System32\ole32.dll
[-] 2010-06-29 . E2C2D8C982316C8ABF800C6CE3F28FAB . 1413632 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16624_none_ac33e26f53752c6d\ole32.dll
[-] 2010-06-29 . 40E6BF57F6A923038B94C07387118089 . 1414144 . . [6.1.7600.20744] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.20744_none_aca7df626ca30419\ole32.dll
[-] 2009-07-14 . 4ACB903AD1693858A918907358CBD9E4 . 1412608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16385_none_abf3fd7f53a4f5f5\ole32.dll
.
[-] 2012-11-22 . 011B7A81E28C748D7631CF3D72323DD2 . 627712 . . [1.0626.7600.17174] . . c:\windows\System32\usp10.dll
[-] 2012-11-22 . 011B7A81E28C748D7631CF3D72323DD2 . 627712 . . [1.0626.7600.17174] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7600.17174_none_acda843fb9c8dfaa\usp10.dll
[-] 2012-11-22 . CA68408922B02E8D955A2967C7CBF8CE . 626688 . . [1.0626.7601.22171] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.22171_none_af477f18d00f9c82\usp10.dll
[-] 2012-11-22 . 36CD8D6EBCE6468BBEEB8BF175980F53 . 626688 . . [1.0626.7600.21379] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7600.21379_none_ad692462d2e1fb4e\usp10.dll
[-] 2012-11-22 . B7230010D97787AF3D25E4C82F2B06B9 . 626688 . . [1.0626.7601.18009] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.18009_none_af119411b6b203d9\usp10.dll
[-] 2009-07-14 . 0BA19F3198C40AC4E8CC66EE02EDA6C6 . 627200 . . [1.0626.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7600.16385_none_acd0cf31b9cff59f\usp10.dll
.
[-] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] . . c:\windows\System32\ksuser.dll
[-] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_e7d7f27ff89fda02\ksuser.dll
[-] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_ea090647f58e5d9c\ksuser.dll
.
[-] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] . . c:\windows\System32\ctfmon.exe
[-] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
.
[-] 2009-07-14 . CD2E48FA5B29EE2B3B5858056D246EF2 . 328192 . . [6.1.7600.16385] . . c:\windows\System32\shsvcs.dll
[-] 2009-07-14 . CD2E48FA5B29EE2B3B5858056D246EF2 . 328192 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7600.16385_none_cd06b34d7e412c53\shsvcs.dll
.
[-] 2009-07-14 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385] . . c:\windows\System32\msimg32.dll
[-] 2009-07-14 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_77422e3e7d5fa732\msimg32.dll
.
[-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] . . c:\windows\System32\cngaudit.dll
[-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
.
[-] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] . . c:\windows\System32\wininit.exe
[-] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
.
[-] 2009-07-14 . CB9A8683F4EF2BF99E123D79950D7935 . 112640 . . [6.1.7600.16385] . . c:\windows\System32\regsvc.dll
[-] 2009-07-14 . CB9A8683F4EF2BF99E123D79950D7935 . 112640 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_893c5bdce4cae672\regsvc.dll
.
[-] 2010-11-02 . DF1E5C82E4D09CF8105CC644980C4803 . 749056 . . [6.1.7600.16385] . . c:\windows\System32\schedsvc.dll
[-] 2010-11-02 . DF1E5C82E4D09CF8105CC644980C4803 . 749056 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16699_none_2ed0aba2f85a86eb\schedsvc.dll
[-] 2010-11-02 . 0F7A8520F0895E6F0F1A0A3FD3EA40D4 . 749056 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.20830_none_2f922742114f9827\schedsvc.dll
[-] 2009-07-14 . 3E8B0C453E25613A1F59762A5C42AA75 . 743424 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16385_none_2ed774b4f8560e29\schedsvc.dll
.
[-] 2009-07-14 . D887C9FD02AC9FA880F6E5027A43E118 . 162816 . . [6.1.7600.16385] . . c:\windows\System32\ssdpsrv.dll
[-] 2009-07-14 . D887C9FD02AC9FA880F6E5027A43E118 . 162816 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_7f9fc90f328bdf26\ssdpsrv.dll
.
[-] 2009-07-14 . A01E50A04D7B1960B33E92B9080E6A94 . 543232 . . [6.1.7600.16385] . . c:\windows\System32\termsrv.dll
[-] 2009-07-14 . A01E50A04D7B1960B33E92B9080E6A94 . 543232 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll
.
[-] 2009-07-14 . 6383C60EC0133B14F5705F96369421B2 . 288256 . . [6.1.7600.16385] . . c:\windows\System32\hnetcfg.dll
[-] 2009-07-14 . 6383C60EC0133B14F5705F96369421B2 . 288256 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_b00c9bd7f5ed1c02\hnetcfg.dll
.
[-] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] . . c:\windows\System32\ias.dll
[-] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7600.16385_none_f8d730c7a3d9d889\ias.dll
[-] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_fb08448fa0c85c23\ias.dll
.
[-] 2010-08-31 04:32 . 1B3A500340AC40F08D03A2C45213A17D . 954288 . . [4.1.6140] . . c:\windows\System32\mfc40u.dll
[-] 2010-08-31 04:32 . 1B3A500340AC40F08D03A2C45213A17D . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16666_none_f3000dfcb6d2a7e4\mfc40u.dll
[-] 2010-08-31 04:25 . A716981A8BB41F4149203687EE2D1BE4 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.20791_none_f3643991d00d1cce\mfc40u.dll
[-] 2009-07-14 01:15 . F8742FC618ECBDA92A406725197E93AE . 924944 . . [4.1.6140] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16385_none_f2e96828b6e3cefa\mfc40u.dll
.
[-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] . . c:\windows\System32\upnphost.dll
[-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_c1be8a9895d79340\upnphost.dll
.
[-] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] . . c:\windows\System32\dsound.dll
[-] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll
.
[-] 2009-07-14 . 7459301D21C2E21468823F73042D9F87 . 1826816 . . [6.1.7600.16385] . . c:\windows\System32\d3d9.dll
[-] 2009-07-14 . 7459301D21C2E21468823F73042D9F87 . 1826816 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_c223c2c8c219cb6a\d3d9.dll
.
[-] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] . . c:\windows\System32\ddraw.dll
[-] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll
.
[-] 2009-07-14 01:16 . C10459DBDC2099C5A8428CB7D87DB85F . 90112 . . [6.1.7600.16385] . . c:\windows\System32\olepro32.dll
[-] 2009-07-14 01:16 . C10459DBDC2099C5A8428CB7D87DB85F . 90112 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7600.16385_none_39ea10b66307dbef\olepro32.dll
.
[-] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] . . c:\windows\System32\perfctrs.dll
[-] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_314993e6be6d6809\perfctrs.dll
.
[-] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] . . c:\windows\System32\version.dll
[-] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll
.
[-] 2009-07-14 . 55187FD710E27D5095D10A472C8BAF1C . 288768 . . [6.1.7600.16385] . . c:\windows\System32\w32time.dll
[-] 2009-07-14 . 55187FD710E27D5095D10A472C8BAF1C . 288768 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_887db9d2ce9e3aa0\w32time.dll
.
[-] 2009-07-14 . A22825E7BB7018E8AF3E229A5AF17221 . 462336 . . [6.1.7600.16385] . . c:\windows\System32\wiaservc.dll
[-] 2009-07-14 . A22825E7BB7018E8AF3E229A5AF17221 . 462336 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7600.16385_none_326a913514a6f178\wiaservc.dll
.
[-] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] . . c:\windows\System32\midimap.dll
[-] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll
.
[-] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] . . c:\windows\System32\rasadhlp.dll
[-] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_0fb054d9c6a6b4d4\rasadhlp.dll
.
[-] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] . . c:\windows\System32\WSHTCPIP.DLL
[-] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\WSHTCPIP.DLL
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-10 1594664]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-12 8423968]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-01-12 678432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-14 14817896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Iminent"="c:\program files\Iminent\Iminent.exe" [2013-01-25 1074736]
"IminentMessenger"="c:\program files\Iminent\Iminent.Messengers.exe" [2013-01-25 884784]
.
c:\users\KAISER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 WajamUpdater;WajamUpdater;c:\program files\Wajam\Updater\WajamUpdater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 sesvc;ShadowExplorer Service;c:\program files\ShadowExplorer\sesvc.exe [x]
S2 SProtection;SProtection;c:\program files\Common Files\Umbrella\umbrella.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-30 11:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\KAISER\AppData\Roaming\Mozilla\Firefox\Profiles\pyr3phq6.default\
FF - ExtSQL: 2013-02-14 16:41; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; c:\program files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF - ExtSQL: 2013-03-19 16:38; alterechtschreibung@gmail.com; c:\users\KAISER\AppData\Roaming\Mozilla\Firefox\Profiles\pyr3phq6.default\extensions\alterechtschreibung@gmail.com
FF - ExtSQL: 2013-03-19 21:17; webbooster@iminent.com; c:\program files\Iminent\webbooster@iminent.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-uvyntywb - c:\users\KAISER\AppData\Roaming\Szryiyi\uvrorotywb.exe
HKLM-Run-LMgrOSD - c:\program files\Launch Manager\OSDCtrl.exe
SafeBoot-BsScanner
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2360)
c:\program files\Iminent\Iminent.WinCore.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-21  11:53:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-03-21 10:53
.
Vor Suchlauf: 12 Verzeichnis(se), 328.625.721.344 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 329.574.166.528 Bytes frei
.
- - End Of File - - BCF7E3A02DE90FD9F1F3CB47F1DDFA82
Gruß
jf27

Alt 21.03.2013, 16:27   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner 2maliges Auftreten - Standard

Verschlüsselungstrojaner 2maliges Auftreten


JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.03.2013, 17:55   #15
jf27
 
Verschlüsselungstrojaner 2maliges Auftreten - Standard

Verschlüsselungstrojaner 2maliges Auftreten


jrt

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x86
Ran by KAISER on 21.03.2013 at 16:41:13,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] sprotection 
Successfully deleted: [Service] sprotection 
Successfully stopped: [Service] wajamupdater 
Successfully deleted: [Service] wajamupdater 



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\iminent
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\iminentmessenger



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\iminent
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\wajam
Successfully deleted: [Registry Key] hkey_local_machine\software\wajam
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\iminent.webbooster.internetexplorer.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\priam_bho.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.downloadargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.linktopromoteargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.rawdataargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.tinyurlargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.virallinkargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.clientcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.contractbase
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.addtousercontentcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.checkloginstatuscommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.cleancachecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.gameovercallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getcreditcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getinstallationcontextcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getloginstatuscommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getloginstatusresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getvariablecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getvariableresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.installationcontextresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.loadcontentcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.loadcontentcommandresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.logincommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.loginstatuschangedcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.logoutcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.mergeidentitycommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.myaccountcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.playcontentcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.postcontentcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.recycleviewscommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.setvariablecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.showbrowserwindowcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.showcontrolcentercommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.showpluginwindowcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.testcontentcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.usercontentchangedcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.variablechangedcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.warmupcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.welcomecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.servercommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.serverresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.lightcontent
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.lighturi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.mediatorserviceproxy
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.activecontenthandle.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.activecontenthandler
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.browserhelperobject
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.browserhelperobject.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.scriptextender
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.scriptextender.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.tinyurlhandler
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.tinyurlhandler.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajambho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajambho.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajamdownloader
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajamdownloader.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_nonsearch_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_nonsearch_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajam_install_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajam_install_rasmancs
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a09ab6eb-31b5-454c-97ec-9b294d92ee2a}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{a09ab6eb-31b5-454c-97ec-9b294d92ee2a}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a7a6995d-6ee1-4fd1-a258-49395d5bf99c}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{a7a6995d-6ee1-4fd1-a258-49395d5bf99c}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\iminent"
Successfully deleted: [Folder] "C:\Users\KAISER\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\KAISER\AppData\Roaming\iminent"
Failed to delete: [Folder] "C:\Program Files\iminent"
Successfully deleted: [Folder] "C:\Program Files\wajam"
Successfully deleted: [Folder] "C:\Program Files\Common Files\umbrella"
Successfully deleted: [Folder] "C:\Users\KAISER\AppData\Roaming\microsoft\windows\start menu\programs\wajam"



~~~ FireFox

Successfully deleted: [File] C:\Users\KAISER\AppData\Roaming\mozilla\firefox\profiles\pyr3phq6.default\user.js
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\webbooster@iminent.com
Emptied folder: C:\Users\KAISER\AppData\Roaming\mozilla\firefox\profiles\pyr3phq6.default\minidumps [26 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.03.2013 at 16:43:04,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

adwcleaner
Zitat:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x86
Ran by KAISER on 21.03.2013 at 16:41:13,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] sprotection
Successfully deleted: [Service] sprotection
Successfully stopped: [Service] wajamupdater
Successfully deleted: [Service] wajamupdater



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\iminent
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\iminentmessenger



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\iminent
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\wajam
Successfully deleted: [Registry Key] hkey_local_machine\software\wajam
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\iminent.webbooster.internetexplorer.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\priam_bho.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.downloadargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.linktopromoteargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.rawdataargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.tinyurlargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.business.tinyfying.virallinkargs
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.clientcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.contractbase
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.addtousercontentcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.checkloginstatuscommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.cleancachecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.gameovercallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getcreditcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getinstallationcontextcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getloginstatuscommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getloginstatusresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getvariablecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.getvariableresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.installationcontextresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.loadcontentcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.loadcontentcommandresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.logincommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.loginstatuschangedcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.logoutcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.mergeidentitycommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.myaccountcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.playcontentcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.postcontentcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.recycleviewscommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.setvariablecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.showbrowserwindowcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.showcontrolcentercommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.showpluginwindowcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.testcontentcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.usercontentchangedcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.variablechangedcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.warmupcommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.datacontracts.welcomecommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.servercommand
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.communication.serverresult
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.lightcontent
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.lighturi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminent.mediator.mediatorserviceproxy
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.activecontenthandle.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.activecontenthandler
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.browserhelperobject
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.browserhelperobject.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.scriptextender
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.scriptextender.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.tinyurlhandler
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\iminentwebbooster.tinyurlhandler.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajambho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajambho.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajamdownloader
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajamdownloader.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_nonsearch_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_nonsearch_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajam_install_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajam_install_rasmancs
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a09ab6eb-31b5-454c-97ec-9b294d92ee2a}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{a09ab6eb-31b5-454c-97ec-9b294d92ee2a}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a7a6995d-6ee1-4fd1-a258-49395d5bf99c}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{a7a6995d-6ee1-4fd1-a258-49395d5bf99c}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\iminent"
Successfully deleted: [Folder] "C:\Users\KAISER\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\KAISER\AppData\Roaming\iminent"
Failed to delete: [Folder] "C:\Program Files\iminent"
Successfully deleted: [Folder] "C:\Program Files\wajam"
Successfully deleted: [Folder] "C:\Program Files\Common Files\umbrella"
Successfully deleted: [Folder] "C:\Users\KAISER\AppData\Roaming\microsoft\windows\start menu\programs\wajam"



~~~ FireFox

Successfully deleted: [File] C:\Users\KAISER\AppData\Roaming\mozilla\firefox\profiles\pyr3phq6.default\user.js
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\webbooster@iminent.com
Emptied folder: C:\Users\KAISER\AppData\Roaming\mozilla\firefox\profiles\pyr3phq6.default\minidumps [26 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.03.2013 at 16:43:04,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL.txt


Code:
ATTFilter
OTL logfile created on: 21.03.2013 17:20:08 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\KAISER\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,18 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 61,80% Memory free
6,35 Gb Paging File | 5,14 Gb Available in Paging File | 80,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 305,07 Gb Free Space | 71,84% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,29 Gb Free Space | 75,72% Space Free | Partition Type: NTFS
 
Computer Name: KAICOM | User Name: KAISER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\KAISER\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Launch Manager\WButton.exe (Wistron Corp.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (sesvc) -- C:\Programme\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (UNS) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (catchme) -- C:\Users\KAISER\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3597920641-1353319528-1994449092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-3597920641-1353319528-1994449092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3597920641-1353319528-1994449092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-3597920641-1353319528-1994449092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3597920641-1353319528-1994449092-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-21-3597920641-1353319528-1994449092-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3597920641-1353319528-1994449092-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3597920641-1353319528-1994449092-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3597920641-1353319528-1994449092-1000\..\SearchScopes\{45920007-509B-4580-B64C-B3DD9BCA81C1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-3597920641-1353319528-1994449092-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3597920641-1353319528-1994449092-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: antiphishing@bullguard:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 11:03:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.19 16:36:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.02.19 14:02:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 11:03:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.19 16:36:08 | 000,000,000 | ---D | M]
 
[2010.02.19 14:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAISER\AppData\Roaming\mozilla\Extensions
[2010.02.19 14:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAISER\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.02.19 13:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAISER\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013.03.19 16:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAISER\AppData\Roaming\mozilla\Firefox\Profiles\pyr3phq6.default\extensions
[2013.02.24 00:47:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\KAISER\AppData\Roaming\mozilla\Firefox\Profiles\pyr3phq6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.03.19 16:38:56 | 000,000,000 | ---D | M] (German Dictionary (de-DE), classical and reformed) -- C:\Users\KAISER\AppData\Roaming\mozilla\Firefox\Profiles\pyr3phq6.default\extensions\alterechtschreibung@gmail.com
[2013.03.08 11:03:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 11:03:14 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.03.08 11:03:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2006.10.26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2012.07.30 22:52:13 | 000,103,904 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2013.03.07 15:40:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 15:40:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.07 15:40:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 15:40:04 | 000,002,669 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2013.03.07 15:40:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 15:40:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 15:40:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.21 11:44:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3597920641-1353319528-1994449092-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - Startup: C:\Users\KAISER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3597920641-1353319528-1994449092-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3597920641-1353319528-1994449092-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3597920641-1353319528-1994449092-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-3597920641-1353319528-1994449092-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AECFE797-20E1-407E-B749-9A758EE0D5C1}: DhcpNameServer = 61.177.7.1 218.104.32.106 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9054822-0E09-481C-9540-687A254040D7}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.21 16:41:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.21 16:40:37 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.21 11:53:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.21 11:44:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.21 11:43:19 | 000,000,000 | ---D | C] -- C:\Users\KAISER\AppData\Local\temp
[2013.03.21 11:36:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.21 11:36:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.21 11:36:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.21 11:35:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.21 11:35:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.19 21:30:27 | 000,000,000 | ---D | C] -- C:\Users\KAISER\AppData\Roaming\JPEGsnoop
[2013.03.19 21:18:26 | 000,000,000 | ---D | C] -- C:\Users\KAISER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JPEG Recovery Pro
[2013.03.19 21:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\JPEG Recovery Pro
[2013.03.19 18:27:28 | 000,000,000 | ---D | C] -- C:\Users\KAISER\Neuer Ordner (2)
[2013.03.19 13:41:31 | 000,000,000 | ---D | C] -- C:\Users\KAISER\AppData\Roaming\www.shadowexplorer.com
[2013.03.19 13:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2013.03.19 13:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\ShadowExplorer
[2013.03.19 09:00:38 | 000,000,000 | ---D | C] -- C:\Users\KAISER\Documents\Virusablage
[2013.03.19 07:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.03.19 07:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.03.08 11:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.07 14:56:37 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.07 14:49:02 | 000,000,000 | -H-D | C] -- C:\Users\KAISER\AppData\Roaming\D0B87AFB
[2013.02.23 17:55:33 | 000,000,000 | ---D | C] -- C:\Users\KAISER\AppData\Roaming\Malwarebytes
[2013.02.23 17:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.23 17:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.23 17:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.23 17:54:46 | 000,000,000 | ---D | C] -- C:\Users\KAISER\AppData\Local\Programs
[2013.02.23 13:24:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013.02.23 13:24:38 | 000,000,000 | ---D | C] -- C:\4297307fd8791c22c94fe1
[2013.02.22 18:07:58 | 000,000,000 | ---D | C] -- C:\Users\KAISER\AppData\Roaming\Reco
[2013.02.22 18:07:58 | 000,000,000 | ---D | C] -- C:\Users\KAISER\AppData\Roaming\Rayzi
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.21 17:07:18 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.21 17:07:18 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.21 17:04:39 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.21 17:04:39 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.21 17:04:39 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.21 17:04:39 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.21 17:00:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.21 16:59:57 | 2559,467,520 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.21 16:56:02 | 000,609,993 | ---- | M] () -- C:\Users\KAISER\Cyberlink\Desktop\adwcleaner.exe
[2013.03.21 16:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.21 11:44:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.19 21:18:26 | 000,001,926 | ---- | M] () -- C:\Users\KAISER\Cyberlink\Desktop\JPEG Recovery Pro 5.lnk
[2013.03.19 21:17:36 | 000,000,611 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.03.19 13:41:22 | 000,001,857 | ---- | M] () -- C:\Users\KAISER\Cyberlink\Desktop\ShadowExplorer.lnk
[2013.03.19 11:01:33 | 000,000,000 | ---- | M] () -- C:\Users\KAISER\defogger_reenable
[2013.03.13 12:46:17 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.13 12:46:17 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.07 16:02:23 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.03.07 14:56:38 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.21 16:57:14 | 000,609,993 | ---- | C] () -- C:\Users\KAISER\Cyberlink\Desktop\adwcleaner.exe
[2013.03.21 11:36:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.21 11:36:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.21 11:36:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.21 11:36:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.21 11:36:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.19 21:18:26 | 000,001,926 | ---- | C] () -- C:\Users\KAISER\Cyberlink\Desktop\JPEG Recovery Pro 5.lnk
[2013.03.19 21:17:30 | 000,000,611 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.03.19 13:41:22 | 000,001,857 | ---- | C] () -- C:\Users\KAISER\Cyberlink\Desktop\ShadowExplorer.lnk
[2013.03.19 11:01:33 | 000,000,000 | ---- | C] () -- C:\Users\KAISER\defogger_reenable
[2013.03.07 14:56:38 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.08 17:37:53 | 000,000,229 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.02.08 17:37:53 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.02.08 17:37:22 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2012.02.08 17:36:45 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010.05.12 10:28:32 | 000,000,056 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsidmv.dat
[2010.02.21 17:46:01 | 000,078,848 | ---- | C] () -- C:\Users\KAISER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.19 15:01:10 | 000,000,000 | ---- | C] () -- C:\Users\KAISER\AppData\Roaming\wklnhst.dat
[1601.02.13 09:28:18 | 005,971,324 | ---- | C] () -- C:\Users\KAISER\GgspjojLrJOQTlEjLgQd
[1601.02.13 09:28:18 | 000,005,632 | ---- | C] () -- C:\Users\KAISER\fsXtEqEyGdeplXrJgndt
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---


OTLetras
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.03.2013 17:20:08 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\KAISER\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,18 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 61,80% Memory free
6,35 Gb Paging File | 5,14 Gb Available in Paging File | 80,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 305,07 Gb Free Space | 71,84% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,29 Gb Free Space | 75,72% Space Free | Partition Type: NTFS
 
Computer Name: KAICOM | User Name: KAISER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3597920641-1353319528-1994449092-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08AEA047-6B08-4A1C-ABC7-098414B59834}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{1E423D07-ED45-45C4-82D2-22844B7D4308}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{20BC29EC-DE55-432C-B1D2-CC4059AC4F5F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3028186D-7434-465E-93F3-8E7321AB5BF1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{44B9AEFD-FCB7-48DA-83AC-E7241D9BF780}" = rport=139 | protocol=6 | dir=out | app=system | 
"{47EE438E-0DD1-43C8-A3B4-152C7C354106}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4F9731E0-E330-41DD-831D-8AEF1B651E4D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{58D5A879-2099-40AD-8E33-7CAB5F644EF4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5CFC21D9-9A1E-4CF6-969B-603611781F0A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6756D8FD-9D96-4F55-8666-86686C796ECB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6DBA1C66-5C8F-4010-B7A8-2C34AD0CC97B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{71141A48-1E48-4962-953E-DCF3BD67A394}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{885958F3-769F-47E1-B0A9-4F20305BB06B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8F274466-01E7-4CAD-B5BC-4B01D2E84224}" = lport=137 | protocol=17 | dir=in | app=system | 
"{901924DE-AB3C-4AD5-BFA1-2824C0F4CFA1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9C8C1CA4-A7FB-4EDB-AFD0-F51C732FE301}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B1CBFFC6-C0AA-4FBD-B1C0-83E4B31DB90B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B5C48F12-A16C-4FEB-B0F8-57FAF5E675F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C8EF5D58-545A-49D5-8303-9DAAB325C4A8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D3A42811-EB47-48FF-9458-0C1E687A58C0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D5B487C2-73CE-41CD-8B0E-92FE3E5ADB56}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D65948E3-C936-407F-9A96-63E133371710}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D8DE41AB-81EA-4650-9E11-9B92F85A1E52}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DF4036A3-C531-45E6-93DE-D360D32E6BEA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E140A084-B31F-4C87-88BA-0AB28D221435}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C4F587-C347-4401-83B4-EC24E74A0051}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{12C0B73F-C834-4359-AB29-05B1E501E140}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe | 
"{347C90F0-CD98-4C66-A4B8-CA9D9303002D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{39572B89-77E7-42B5-9D0E-210AF6A6806F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3ABAD351-EB5D-40A3-A653-E55AF3751288}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{55FC11CC-7BE4-407E-9EE4-965AD8582507}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{59B680C1-7ACD-4DC4-9450-3242DF37C6DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5A4BD2D4-EA1B-46B5-9557-AD4F19B09DA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{623333B0-90F6-42D2-A06F-C02846E32954}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{699EAA9A-329A-4DA9-AA5D-D6143C2DB54C}" = protocol=6 | dir=out | app=system | 
"{7266F0E6-22C9-4B72-8525-679BD009A38F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7907BCD7-51C3-4EB2-92C2-D17C03192EE7}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{7BEF8953-55C0-4072-9C20-BD80CF94093C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{80B75353-1CFC-4819-9591-85AAC2B5D658}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{89C22033-DE43-420F-AA4F-9AABD1E689F7}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | 
"{89C5E800-6D49-4A44-BE26-5B43C23D8CCE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{A83AD4EF-1857-47F0-937C-08843B8FA948}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B94113EB-924C-4065-9303-745660173C4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BD8DA3DB-5F23-4582-96D2-9090DEFB64A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BEEE970E-B452-47E4-BFDB-397F61FB64C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C5156426-CF0F-4ED3-9308-3F6B1C354CC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D12D33AB-F7C8-4263-B624-F0E06144C73D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D24056ED-ACAD-4205-8782-CF0C9CCD2CFB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D4C49693-09DB-487E-A929-893D05FBDE1F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E1B16B5B-9197-472A-90B9-5CA32BF992A5}" = dir=in | app=c:\program files\iminent\iminent.exe | 
"{F34C2623-ABB1-426A-8682-4921D9AE2168}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F4622A74-F9FB-4EC0-AA9C-EA7D3F9EF662}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{2FABA01A-0B4E-46AA-8B9A-AFD72FC5B176}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{A303B343-855D-494E-8401-97BC182B545E}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{BE0F676C-8DC7-4A0C-BA6B-227A3F490F63}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{D379D801-7700-4193-B78E-FAB65BA147BE}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{540D8B8B-B5D1-4E0D-BF63-82B2663948B3}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{84772D1C-4AD7-44D1-8602-09ADF594ED5B}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{850D31DC-AFA3-45C9-8202-09C61DF4629C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{A5A4CCE4-DB83-4A0E-8299-4944F3411000}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-290C
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
"ALDI Süd Foto Service D" = ALDI Süd Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Designer 2.0_is1" = Designer 2.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"IrfanView" = IrfanView (remove only)
"JPEG Recovery Pro5.0" = JPEG Recovery Pro 5.0
"kreawi Prüfungstrainer" = kreawi Prüfungstrainer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"ShadowExplorer_is1" = ShadowExplorer 0.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.03.2013 12:07:54 | Computer Name = KAICOM | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 21.03.2013 12:07:54 | Computer Name = KAICOM | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 21.03.2013 12:10:14 | Computer Name = KAICOM | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -583.
 
Error - 21.03.2013 12:10:14 | Computer Name = KAICOM | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -583.
 
Error - 21.03.2013 12:16:42 | Computer Name = KAICOM | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -583.
 
Error - 21.03.2013 12:16:42 | Computer Name = KAICOM | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -583.
 
Error - 21.03.2013 12:16:43 | Computer Name = KAICOM | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -583.
 
Error - 21.03.2013 12:16:43 | Computer Name = KAICOM | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -583.
 
Error - 21.03.2013 12:16:43 | Computer Name = KAICOM | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -583.
 
Error - 21.03.2013 12:16:43 | Computer Name = KAICOM | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
 werden. "ESENT"-Fehler: -583.
 
[ OSession Events ]
Error - 20.08.2010 01:13:10 | Computer Name = KAICOM | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 21.03.2013 12:04:15 | Computer Name = KAICOM | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147217025.
 
Error - 21.03.2013 12:04:15 | Computer Name = KAICOM | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 6 Mal passiert.
 
Error - 21.03.2013 12:04:21 | Computer Name = KAICOM | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147217025.
 
Error - 21.03.2013 12:04:21 | Computer Name = KAICOM | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 7 Mal passiert.
 
Error - 21.03.2013 12:04:36 | Computer Name = KAICOM | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147217025.
 
Error - 21.03.2013 12:04:36 | Computer Name = KAICOM | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 8 Mal passiert.
 
Error - 21.03.2013 12:07:42 | Computer Name = KAICOM | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147217025.
 
Error - 21.03.2013 12:07:42 | Computer Name = KAICOM | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 9 Mal passiert.
 
Error - 21.03.2013 12:07:54 | Computer Name = KAICOM | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147217025.
 
Error - 21.03.2013 12:07:54 | Computer Name = KAICOM | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 10 Mal passiert.
 
 
< End of report >
--- --- ---



Ich hoffe ich hab die richtigen

Danke
jf27

Antwort
Seite 1 von 3 1 23

Themen zu Verschlüsselungstrojaner 2maliges Auftreten
anzeige, anzeigen, bilder, board, booten, dateien, diskette, herstellen, jahre, malware, miteinander, platte, quarantäne, rechner, sauber, sinnvoll, tan, versteckte, versteckte dateien, virus, voll, wieder herstellen, win, win7, wirklich, würde


« Schadsoftware eingefangen - ja oder nein? | GVU Trojaner (März 2013, Windows 7) bekämpft, was fehlt aber noch? »


Ähnliche Themen: Verschlüsselungstrojaner 2maliges Auftreten


  1. Win7: Ständiges Auftreten eines Trojaners
    Log-Analyse und Auswertung - 06.05.2015 (13)
  2. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 11.02.2013 (1)
  3. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 27.07.2012 (1)
  4. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (25)
  5. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 24.06.2012 (1)
  6. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 20.06.2012 (3)
  7. verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  8. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 18.06.2012 (2)
  9. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  10. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  11. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 15.06.2012 (44)
  12. Verschlüsselungstrojaner die X-te :-(
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  13. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 05.06.2012 (1)
  14. Verschlüsselungstrojaner 1.140.1
    Log-Analyse und Auswertung - 30.05.2012 (3)
  15. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 24.05.2012 (1)
  16. Weißes Fenster mit "Die Webseite kann diese Seite nicht anzeigen" beim ersten Auftreten
    Log-Analyse und Auswertung - 08.04.2012 (27)
  17. Logfile nach auftreten des Problems "Security Toolbar 7.1"
    Log-Analyse und Auswertung - 05.10.2007 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Verschlüsselungstrojaner 2maliges Auftreten - ich habe im Moment den Rechner meiner Tochter vor mir und nun das zweite Mal mit Malware einen Virus in Quarantäne genommen. Da dieses Mal alle erstelten Dateien verschlüsselt sind, - Verschlüsselungstrojaner 2maliges Auftreten...
Archiv
Du betrachtest: Verschlüsselungstrojaner 2maliges Auftreten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129