Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner Win32/ransom.ej

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 07.02.2012, 18:04   #1
katjes204
 
Trojaner Win32/ransom.ej - Standard

Trojaner Win32/ransom.ej



Ich habe mir gestern abend den Trojan:Win32/Ransom.ej eingefangen. Wenn ich Windows hochfahre kommt gleich ein Fenster wo ich was bezahlen soll mit paysafecard.Ich bekomme mein Laptop nur im abgesicherten Modus gestartet bzw. so das ich arbeiten kann. Ich habe ein Virenscan mit dem Programm Microsoft Security Essentials gemacht dort hängt nun der Virus Trojan:Win32/Ransom.EJ mit der Warnstufe schwerwiegend. Ich habe keine Ahnung wie ich den jetzt wieder entfernen kann. Im Anhang habe ich wie bei der Checklist drauf stand die drei Lofiles im Anhang mit raufgebracht. Vielen Dank schon mal im voraus für eure Hilfe.

Alt 08.02.2012, 15:00   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Win32/ransom.ej - Standard

Trojaner Win32/ransom.ej



Funktioniert noch der abgesicherte Modus mit Netzwerktreibern?




Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________

__________________

Alt 08.02.2012, 17:11   #3
katjes204
 
Trojaner Win32/ransom.ej - Standard

Trojaner Win32/ransom.ej



Ja genauso fahre ich mein PC momentan hoch also das funktioniert:-)

Gruß
Katja
__________________

Alt 09.02.2012, 11:18   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Win32/ransom.ej - Standard

Trojaner Win32/ransom.ej



na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.02.2012, 18:58   #5
katjes204
 
Trojaner Win32/ransom.ej - Standard

Trojaner Win32/ransom.ej



ich weiß zwar nicht 100% wie das mit dem Code gehen aber ich versuch es mal:-)

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.09.05

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7600.16385
Katja :: KATJA204 [Administrator]

09.02.2012 17:26:26
mbam-log-2012-02-09 (18-18-32).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 415454
Laufzeit: 46 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Firefox helper (Trojan.Ransom) -> Daten: C:\Users\Katja\AppData\Local\Mozilla\Firefox\firefox.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Katja\AppData\Local\Mozilla\Firefox\firefox.exe (Trojan.Ransom) -> Keine Aktion durchgeführt.
C:\Users\Katja\AppData\Local\Temp\ms0cfg32.exe (Trojan.Ransom) -> Keine Aktion durchgeführt.
C:\Users\Katja\Documents\SoftonicDownloader_fuer_ac3filter.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.
C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Keine Aktion durchgeführt.

(Ende)
         
leider kann ich den ESIT Online Scanner nicht abschließen. Er startet zwar, aber mittendrin geht mein PC aus und ich muss ihn neu starten. Was nun?

Liebe Grüße
Katja


Alt 09.02.2012, 21:23   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Win32/ransom.ej - Standard

Trojaner Win32/ransom.ej



Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
Prüfe danach ob der normale Modus wieder geht.
__________________
--> Trojaner Win32/ransom.ej

Alt 11.02.2012, 09:35   #7
katjes204
 
Trojaner Win32/ransom.ej - Standard

Trojaner Win32/ransom.ej



Funde habe ich entfernt und nun kann ich mein PC wieder normal starten

Muss ich jetzt noch was machen oder reicht das?

Liebe Grüße
Katja

Alt 12.02.2012, 13:16   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Win32/ransom.ej - Standard

Trojaner Win32/ransom.ej



ESET musst du noch machen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.02.2012, 17:57   #9
katjes204
 
Trojaner Win32/ransom.ej - Standard

Trojaner Win32/ransom.ej



ESET hat nun geklappt:-)

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8a47eb7f6782a745b599203df5f5982f
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-10 07:25:11
# local_time=2012-02-10 08:25:11 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5893 16776574 66 85 57772235 80531593 0 0
# compatibility_mode=8192 67108863 100 0 96973 96973 0 0
# scanned=204
# found=0
# cleaned=0
# scan_time=167
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8a47eb7f6782a745b599203df5f5982f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-12 03:52:05
# local_time=2012-02-12 04:52:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5893 16776574 66 85 57919840 80679198 0 0
# compatibility_mode=8192 67108863 100 0 244578 244578 0 0
# scanned=244242
# found=12
# cleaned=0
# scan_time=12577
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarApp.dll	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarEng.dll	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarsrv.exe	probably a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Katja\AppData\Local\Babylon\Setup\MyBabylonTB.exe	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
E:\KATJA204\Backup Set 2011-09-04 190002\Backup Files 2011-09-04 190002\Backup files 6.zip	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
E:\KATJA204\Backup Set 2011-10-02 092345\Backup Files 2011-10-02 092345\Backup files 6.zip	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
E:\KATJA204\Backup Set 2011-10-02 092345\Backup Files 2011-12-11 190003\Backup files 1.zip	Win32/SoftonicDownloader application (unable to clean)	00000000000000000000000000000000	I
E:\KATJA204\Backup Set 2011-12-26 161054\Backup Files 2011-12-26 161054\Backup files 1.zip	Win32/SoftonicDownloader application (unable to clean)	00000000000000000000000000000000	I
E:\KATJA204\Backup Set 2011-12-26 161054\Backup Files 2011-12-26 161054\Backup files 7.zip	a variant of Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
${Memory}	Win32/Toolbar.Babylon application	00000000000000000000000000000000	I
         

Alt 12.02.2012, 18:43   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Win32/ransom.ej - Standard

Trojaner Win32/ransom.ej



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.02.2012, 19:48   #11
katjes204
 
Trojaner Win32/ransom.ej - Standard

Trojaner Win32/ransom.ej



Hallo Arne,

hier das Ergebnis.

Code:
ATTFilter
OTL logfile created on: 12.02.2012 19:21:50 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = E:\
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 46,93% Memory free
7,73 Gb Paging File | 5,89 Gb Available in Paging File | 76,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 304,32 Gb Total Space | 216,20 Gb Free Space | 71,04% Space Free | Partition Type: NTFS
Drive E: | 280,03 Gb Total Space | 52,86 Gb Free Space | 18,88% Space Free | Partition Type: NTFS
 
Computer Name: KATJA204 | User Name: Katja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.12 19:08:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2011.12.20 10:06:34 | 001,370,736 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe
PRC - [2011.09.11 15:21:38 | 000,837,656 | ---- | M] (hxxp://izloader.com/) -- C:\Program Files (x86)\Easy Downloads\easydownloads.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.07.29 08:47:08 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010.02.24 00:28:24 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2009.12.24 02:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.10.01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2008.12.08 14:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.20 18:54:20 | 001,960,560 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wfvie12.dll
MOD - [2011.12.20 17:44:09 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rsdcom47.dll
MOD - [2011.12.20 10:07:25 | 007,616,624 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wgui12.dll
MOD - [2011.12.20 10:07:07 | 002,961,008 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wcore12.dll
MOD - [2011.12.20 10:07:05 | 001,612,912 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wreli12.dll
MOD - [2011.12.20 10:07:00 | 001,533,552 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wsteu12.dll
MOD - [2011.12.20 10:06:58 | 000,318,064 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rsguiwinapi47.dll
MOD - [2011.12.20 10:06:55 | 000,261,232 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rscorewinapi47.dll
MOD - [2011.12.20 10:06:34 | 001,370,736 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe
MOD - [2011.12.20 10:06:21 | 000,135,792 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rsodbc47.dll
MOD - [2011.12.20 10:06:20 | 004,323,440 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wauff12.dll
MOD - [2011.11.04 13:47:20 | 000,865,280 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtcluceners47.dll
MOD - [2011.11.04 13:47:18 | 000,271,872 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\phononrs47.dll
MOD - [2011.11.04 13:47:16 | 011,163,648 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtwebkitrs47.dll
MOD - [2011.11.04 13:47:14 | 000,108,544 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qttestrs47.dll
MOD - [2011.11.04 13:47:12 | 001,340,416 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtscriptrs47.dll
MOD - [2011.11.04 13:47:12 | 000,704,000 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtsqlrs47.dll
MOD - [2011.11.04 13:47:12 | 000,281,088 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtsvgrs47.dll
MOD - [2011.11.04 13:47:10 | 008,934,400 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtguirs47.dll
MOD - [2011.11.04 13:47:10 | 002,395,648 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qt3supportrs47.dll
MOD - [2011.11.04 13:47:10 | 000,990,208 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtnetworkrs47.dll
MOD - [2011.11.04 13:47:10 | 000,358,400 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtxmlrs47.dll
MOD - [2011.11.04 13:47:08 | 002,356,736 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\qtcorers47.dll
MOD - [2011.10.14 02:32:18 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.04.27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.08.26 13:40:32 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.01.22 18:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.11.02 11:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 02:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV - [2011.03.21 12:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.10.15 16:00:02 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.08.26 13:45:00 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.08.26 13:40:24 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.04.12 19:02:18 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 00:28:24 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.02.05 19:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.12.24 02:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.10.01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.10.01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.21 20:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2008.12.08 14:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.04.27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.04.24 14:42:31 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.02 14:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010.12.02 14:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.12.02 14:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010.12.02 14:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.07.15 07:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2010.07.15 07:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.06.14 01:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.05.12 11:14:54 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010.05.12 11:14:54 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2010.05.12 11:14:52 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010.05.12 11:14:52 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.05.12 11:14:52 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.04.27 03:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.04.27 03:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.04.27 03:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.01.22 18:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.01.22 17:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.01.05 17:55:04 | 001,580,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.12.17 19:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.12.02 03:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.11.02 11:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.10.26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.10.16 12:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.09.30 18:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.18 05:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2010.07.15 07:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010.07.15 07:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010.06.14 01:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010.02.24 13:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460
IE - HKLM\..\URLSearchHook: {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {6844d7d2-99a7-4bb2-84b6-e1b865860cc4} - No CLSID value found
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101430&mntrId=80e8051800000000000076f1a11368f1
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\URLSearchHook: {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\URLSearchHook: {6844d7d2-99a7-4bb2-84b6-e1b865860cc4} - No CLSID value found
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=80e8051800000000000076f1a11368f1&tlver=1.4.35.10&affID=101430&babsrc=SP_FFUP"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.04.01 10:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.06.22 16:05:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.08 19:16:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.12 17:51:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.06.22 16:05:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.04.01 10:15:59 | 000,000,000 | ---D | M]
 
[2011.05.15 15:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katja\AppData\Roaming\mozilla\Extensions
[2012.02.02 18:19:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions
[2012.01.08 16:03:13 | 000,000,000 | ---D | M] (IsoBuster DE Community Toolbar) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5}
[2011.08.13 13:15:39 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\2lsbxp3g.vj3
[2011.07.12 15:41:14 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\DefaultManager@Microsoft
[2011.09.11 15:22:06 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com
[2011.12.27 14:45:12 | 000,000,933 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\11-suche.xml
[2012.01.27 20:03:51 | 000,002,401 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\askcom.xml
[2011.12.27 14:45:12 | 000,002,419 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\englische-ergebnisse.xml
[2011.12.27 14:45:12 | 000,010,525 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\gmx-suche.xml
[2011.12.27 14:45:12 | 000,002,457 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\lastminute.xml
[2011.12.27 14:45:12 | 000,005,508 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\webde-suche.xml
[2011.05.15 15:14:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.12.08 19:16:46 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\KATJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B35ODC10.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\KATJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B35ODC10.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.02.12 17:51:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.27 20:06:11 | 000,001,400 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.27 20:06:11 | 000,002,112 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.27 20:06:11 | 000,001,679 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.27 20:06:11 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.27 20:06:11 | 000,006,818 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.24 11:12:09 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.27 20:06:11 | 000,000,903 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IsoBuster DE Toolbar) - {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (IsoBuster DE Toolbar) - {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {6844d7d2-99a7-4bb2-84b6-e1b865860cc4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\Toolbar\WebBrowser: (IsoBuster DE Toolbar) - {134B012B-132D-4516-A786-2395828640B5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EasyDownloads] C:\Program Files (x86)\Easy Downloads\easydownloads.exe (hxxp://izloader.com/)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001..\Run: []  File not found
O4 - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0458700B-063D-4F6D-AC79-84ACDC9412A9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56956A4F-5F02-4A1F-8C09-00CCFE3908F2}: DhcpNameServer = 192.32.20.12
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.03.13 08:03:12 | 000,000,045 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{6123428e-1022-11e0-a278-00262d9e0149}\Shell - "" = AutoRun
O33 - MountPoints2\{6123428e-1022-11e0-a278-00262d9e0149}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{72dd93fa-4a6d-11e1-8661-00262d9e0149}\Shell - "" = AutoRun
O33 - MountPoints2\{72dd93fa-4a6d-11e1-8661-00262d9e0149}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk - C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe - ()
MsConfig:64bit - StartUpReg: Corel Photo Downloader - hkey= - key= - c:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: LManager - hkey= - key= - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig:64bit - StartUpReg: Standby - hkey= - key= - c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.dvacm - c:\Program Files (x86)\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - c:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - c:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.09 18:26:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.09 18:25:02 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Katja\Desktop\esetsmartinstaller_enu.exe
[2012.02.09 17:22:41 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Roaming\Malwarebytes
[2012.02.09 17:22:38 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.09 17:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.09 17:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.09 17:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.09 17:19:48 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Katja\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.07 18:02:48 | 000,000,000 | ---D | C] -- C:\Logfiles.zip
[2012.02.07 17:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.02.07 17:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.02.07 17:07:52 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Katja\Desktop\dds.com
[2012.01.30 20:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.30 20:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.30 20:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.01.30 20:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.01.30 20:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.01.30 20:04:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.01.30 19:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.01.30 19:59:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.01.27 20:06:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO
[2012.01.26 20:01:54 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Local\ElevatedDiagnostics
[2012.01.21 23:09:08 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Local\Ashampoo Music Studio 3
[2012.01.21 23:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012.01.21 23:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2012.01.21 18:01:46 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Local\{011FA7AF-9AB9-413A-9F74-A959D237B2E0}
[2012.01.21 18:01:23 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Local\{C5AF25A0-F517-4512-A23C-F99B2AE19BD5}
[2012.01.14 14:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2012
[2012.01.14 13:59:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.12 18:32:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.12 18:32:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.12 16:15:20 | 000,201,020 | ---- | M] () -- C:\Users\Katja\Desktop\discoturm-nautica-magdeburg-2012-02-11-066.jpg
[2012.02.12 11:50:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.11 22:19:52 | 001,534,268 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.11 22:19:52 | 000,666,968 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.11 22:19:52 | 000,627,110 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.11 22:19:52 | 000,136,004 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.11 22:19:52 | 000,111,648 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.11 09:37:52 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.11 09:37:52 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.09 18:25:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Katja\Desktop\esetsmartinstaller_enu.exe
[2012.02.09 17:22:39 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.09 17:20:08 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Katja\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.07 17:33:46 | 001,110,476 | ---- | M] () -- C:\Users\Katja\Desktop\7z920.exe
[2012.02.07 17:07:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Katja\Desktop\dds.com
[2012.02.07 17:07:02 | 000,000,168 | ---- | M] () -- C:\Users\Katja\defogger_reenable
[2012.02.07 17:05:43 | 000,050,477 | ---- | M] () -- C:\Users\Katja\Desktop\Defogger.exe
[2012.01.30 20:06:29 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.30 19:59:46 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.01.29 17:32:53 | 000,000,607 | ---- | M] () -- C:\Windows\wiso.ini
[2012.01.26 18:35:25 | 278,015,861 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.22 21:07:22 | 000,350,942 | ---- | M] () -- C:\Users\Katja\Desktop\Personalfachkauffrau Teil 1+ 001.jpg
[2012.01.21 23:36:02 | 000,020,992 | ---- | M] () -- C:\Users\Katja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.21 23:07:20 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Music Studio 3.lnk
[2012.01.19 13:54:07 | 000,001,203 | ---- | M] () -- C:\Users\Katja\Desktop\HP Officejet 4500 G510n-z - Verknüpfung.lnk
[2012.01.18 14:32:50 | 000,031,356 | ---- | M] () -- C:\Users\Katja\Desktop\G1203.pdf
[2012.01.18 14:32:12 | 000,445,489 | ---- | M] () -- C:\Users\Katja\Desktop\G1204_1205_1206.pdf
[2012.01.17 17:38:31 | 000,981,716 | ---- | M] () -- C:\Users\Katja\Desktop\Ernaehrung.pdf
[2012.01.14 14:08:37 | 000,002,101 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2012.01.14 14:08:37 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2012.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.12 16:14:45 | 000,201,020 | ---- | C] () -- C:\Users\Katja\Desktop\discoturm-nautica-magdeburg-2012-02-11-066.jpg
[2012.02.09 17:22:39 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.07 17:33:45 | 001,110,476 | ---- | C] () -- C:\Users\Katja\Desktop\7z920.exe
[2012.02.07 17:07:02 | 000,000,168 | ---- | C] () -- C:\Users\Katja\defogger_reenable
[2012.02.07 17:05:42 | 000,050,477 | ---- | C] () -- C:\Users\Katja\Desktop\Defogger.exe
[2012.01.30 20:06:29 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.30 19:59:46 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.01.22 21:07:38 | 000,350,942 | ---- | C] () -- C:\Users\Katja\Desktop\Personalfachkauffrau Teil 1+ 001.jpg
[2012.01.21 23:07:20 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Music Studio 3.lnk
[2012.01.19 13:54:07 | 000,001,203 | ---- | C] () -- C:\Users\Katja\Desktop\HP Officejet 4500 G510n-z - Verknüpfung.lnk
[2012.01.18 14:32:50 | 000,031,356 | ---- | C] () -- C:\Users\Katja\Desktop\G1203.pdf
[2012.01.18 14:32:11 | 000,445,489 | ---- | C] () -- C:\Users\Katja\Desktop\G1204_1205_1206.pdf
[2012.01.17 17:38:30 | 000,981,716 | ---- | C] () -- C:\Users\Katja\Desktop\Ernaehrung.pdf
[2012.01.14 17:41:38 | 278,015,861 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.01.14 14:08:37 | 000,002,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2012.01.14 14:08:37 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2012.lnk
[2011.12.24 11:18:44 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.12.05 12:32:43 | 131,684,208 | ---- | C] () -- C:\Program Files (x86)\Pixelnet_Software_Setup.exe
[2011.04.01 10:09:41 | 000,241,431 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011.02.12 18:18:02 | 000,000,607 | ---- | C] () -- C:\Windows\wiso.ini
[2011.01.23 16:59:09 | 000,020,992 | ---- | C] () -- C:\Users\Katja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.23 16:58:32 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.01.23 16:58:32 | 000,000,088 | RHS- | C] () -- C:\ProgramData\E0AC77F6BD.sys
[2011.01.09 21:00:31 | 000,004,990 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.12.11 18:29:32 | 000,000,093 | ---- | C] () -- C:\Users\Katja\AppData\Local\fusioncache.dat
[2010.12.11 18:28:19 | 001,555,946 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.15 17:01:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.10.05 16:02:48 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2010.09.27 17:40:17 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010.09.26 14:31:52 | 001,774,720 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2010.09.26 14:31:52 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2010.09.26 14:31:52 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2010.09.26 14:31:52 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2010.09.26 14:31:52 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2010.09.26 08:48:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.04.13 04:22:39 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.04.13 04:21:45 | 000,001,741 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010.04.12 19:02:48 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010.04.12 18:45:04 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.04.12 18:45:04 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini
[2010.04.12 18:40:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.02.11 20:20:02 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010.02.11 20:20:02 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010.02.11 20:20:02 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009.08.18 08:18:40 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.06.07 12:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\vbzlib1.dll
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2011.04.17 19:51:26 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Babylon
[2011.04.17 16:52:33 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Bioshock
[2011.04.10 18:16:23 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Buhl Data Service
[2011.09.12 16:00:06 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Canon
[2011.01.09 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Carambis
[2011.04.24 15:16:26 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\DAEMON Tools Lite
[2011.12.24 11:18:45 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\DesktopIconForAmazon
[2011.04.29 13:46:08 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\GoPal Assistant
[2011.01.20 20:30:09 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\gtk-2.0
[2011.07.28 19:51:13 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Gutscheinmieze
[2011.01.20 20:43:54 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\MAGIX
[2011.04.24 15:18:23 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Merscom
[2011.08.13 13:15:59 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\NCH Swift Sound
[2011.12.24 11:12:06 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\OCS
[2011.12.24 11:12:09 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Opera
[2011.06.26 11:35:49 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\PC Suite
[2011.08.12 10:18:51 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Samsung
[2010.10.15 15:59:52 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\TuneUp Software
[2010.12.11 18:31:14 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Turbine
[2011.01.23 16:57:47 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Ulead Systems
[2010.09.24 16:53:46 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\WildTangentv1002
[2010.10.15 17:44:11 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Windows SideBar
[2011.12.05 09:14:48 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.05.29 20:12:15 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Adobe
[2011.04.03 16:48:57 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Apple Computer
[2010.09.24 15:13:25 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\ATI
[2011.04.17 19:51:26 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Babylon
[2011.04.17 16:52:33 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Bioshock
[2011.04.10 18:16:23 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Buhl Data Service
[2011.09.12 16:00:06 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Canon
[2011.01.09 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Carambis
[2011.01.23 16:58:33 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Corel
[2010.12.16 19:10:38 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\CyberLink
[2011.04.24 15:16:26 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\DAEMON Tools Lite
[2011.12.24 11:18:45 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\DesktopIconForAmazon
[2011.11.05 15:04:56 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\DivX
[2012.01.06 23:26:13 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\dvdcss
[2010.09.24 15:20:39 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Google
[2011.04.29 13:46:08 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\GoPal Assistant
[2011.01.20 20:30:09 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\gtk-2.0
[2011.07.28 19:51:13 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Gutscheinmieze
[2011.04.01 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\HP
[2010.09.24 15:12:09 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Identities
[2011.04.17 12:38:49 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\InstallShield
[2010.09.24 15:12:50 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Intel Corporation
[2010.09.24 15:12:43 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Macromedia
[2011.01.20 20:43:54 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\MAGIX
[2012.02.09 17:22:41 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Malwarebytes
[2010.02.11 20:32:59 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Media Center Programs
[2011.04.24 15:18:23 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Merscom
[2011.11.10 18:59:57 | 000,000,000 | --SD | M] -- C:\Users\Katja\AppData\Roaming\Microsoft
[2011.05.15 15:14:34 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Mozilla
[2011.08.13 13:15:59 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\NCH Swift Sound
[2011.12.24 11:12:06 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\OCS
[2011.12.24 11:12:09 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Opera
[2011.06.26 11:35:49 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\PC Suite
[2011.08.12 10:18:51 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Samsung
[2011.04.17 12:57:22 | 000,000,000 | RH-D | M] -- C:\Users\Katja\AppData\Roaming\SecuROM
[2012.02.12 19:17:11 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Skype
[2010.10.15 15:59:52 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\TuneUp Software
[2010.12.11 18:31:14 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Turbine
[2011.01.23 16:57:47 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Ulead Systems
[2011.10.13 21:42:40 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\vlc
[2010.09.24 16:53:46 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\WildTangentv1002
[2010.10.15 17:44:11 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Windows SideBar
[2011.01.07 21:24:11 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\WinRAR
[2011.04.01 10:16:24 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Yahoo!
[2011.09.12 16:01:01 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\ZoomBrowser EX
 
< %APPDATA%\*.exe /s >
[2011.12.24 11:18:44 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Katja\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2011.04.29 14:40:43 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\23A0B03D-F42B-4A4D-A64C-C4E946585B5E\AutoRunCE.exe
[2011.04.29 14:40:44 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\23A0B03D-F42B-4A4D-A64C-C4E946585B5E\1\module.exe
[2011.04.29 14:41:23 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\339E641C-73A4-44D0-AD2B-816E368225DF\AutoRunCE.exe
[2011.04.29 14:41:23 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\339E641C-73A4-44D0-AD2B-816E368225DF\1\module.exe
[2011.04.29 14:41:09 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\3EEA5F55-83AB-4448-98E4-C364B6DFAEF7\AutoRunCE.exe
[2011.04.29 14:41:10 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\3EEA5F55-83AB-4448-98E4-C364B6DFAEF7\1\module.exe
[2011.04.29 14:41:15 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\4F0ACCE4-F7AE-4923-A9F4-81C028596E55\AutoRunCE.exe
[2011.04.29 14:41:15 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\4F0ACCE4-F7AE-4923-A9F4-81C028596E55\1\module.exe
[2011.04.29 14:41:29 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\6274F28B-F345-4BA9-B53C-3E2E3D25E442\AutoRunCE.exe
[2011.04.29 14:41:29 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\6274F28B-F345-4BA9-B53C-3E2E3D25E442\1\module.exe
[2011.04.29 14:40:59 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\7AF495BA-85AD-4187-B21F-E26B6897C748\AutoRunCE.exe
[2011.04.29 14:40:59 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\7AF495BA-85AD-4187-B21F-E26B6897C748\1\module.exe
[2011.04.29 14:40:48 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\8BBB19C3-9C60-44CB-8A5E-BC8BCB78AC5D\AutoRunCE.exe
[2011.04.29 14:40:48 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\8BBB19C3-9C60-44CB-8A5E-BC8BCB78AC5D\1\module.exe
[2011.04.29 14:41:05 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\92746DE9-F77D-43A9-BAB3-87E12605CE35\AutoRunCE.exe
[2011.04.29 14:41:06 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\92746DE9-F77D-43A9-BAB3-87E12605CE35\1\module.exe
[2011.04.29 14:40:53 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\98B5E998-AD01-4E0C-A3D9-CC949E946A49\AutoRunCE.exe
[2011.04.29 14:40:54 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\98B5E998-AD01-4E0C-A3D9-CC949E946A49\1\module.exe
[2011.04.29 14:41:17 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\9F7A79D6-3A06-4F78-90D0-FA897A4FD783\AutoRunCE.exe
[2011.04.29 14:41:18 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\9F7A79D6-3A06-4F78-90D0-FA897A4FD783\1\module.exe
[2011.04.29 14:41:25 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\A2922E09-96FC-489E-B230-2712FFE6FE11\AutoRunCE.exe
[2011.04.29 14:41:26 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\A2922E09-96FC-489E-B230-2712FFE6FE11\1\module.exe
[2011.04.29 14:40:01 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\A7287F0A-05FE-408C-AB9A-5FEF470567C1\AutoRunCE.exe
[2011.04.29 14:40:16 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\A7287F0A-05FE-408C-AB9A-5FEF470567C1\1\module.exe
[2011.04.29 14:40:36 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\AD8325DB-A2BE-4F60-A78D-AB1748B0D4FA\AutoRunCE.exe
[2011.04.29 14:40:38 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\AD8325DB-A2BE-4F60-A78D-AB1748B0D4FA\1\module.exe
[2011.04.29 14:41:07 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\B77505EF-1AFD-46B9-B08A-036EF94F9AF4\AutoRunCE.exe
[2011.04.29 14:41:07 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\B77505EF-1AFD-46B9-B08A-036EF94F9AF4\1\module.exe
[2011.04.29 14:40:29 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\C31A8510-F49E-4961-A54B-F33A1BD80AFF\AutoRunCE.exe
[2011.04.29 14:40:30 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\C31A8510-F49E-4961-A54B-F33A1BD80AFF\1\module.exe
[2011.04.29 14:40:22 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\D14E9445-4543-4301-8AE3-CC56BC8D443D\AutoRunCE.exe
[2011.04.29 14:40:24 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\D14E9445-4543-4301-8AE3-CC56BC8D443D\1\module.exe
[2011.04.29 14:41:20 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\E57937F2-41B4-4D3C-B65A-D4A66F85A852\AutoRunCE.exe
[2011.04.29 14:41:21 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\E57937F2-41B4-4D3C-B65A-D4A66F85A852\1\module.exe
[2011.04.29 14:41:03 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\F504E7FB-12D2-4F6E-94B7-01FBA1B1985E\AutoRunCE.exe
[2011.04.29 14:41:04 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\F504E7FB-12D2-4F6E-94B7-01FBA1B1985E\1\module.exe
[2011.04.29 14:41:12 | 000,005,632 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\FDDB8B34-B577-41FB-98B9-AAC9D2A5FA75\AutoRunCE.exe
[2011.04.29 14:41:13 | 000,083,456 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\GoPal Assistant\Library\FDDB8B34-B577-41FB-98B9-AAC9D2A5FA75\1\module.exe
[2010.06.10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\Katja\AppData\Roaming\Gutscheinmieze\uninstall.exe
[2011.12.24 11:12:06 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Katja\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2011.12.24 11:12:06 | 000,040,960 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2011.08.12 11:20:13 | 000,704,512 | ---- | M] (TODO: <Company name>) -- C:\Users\Katja\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\NPSUpdateAgent.exe
 
< %SYSTEMDRIVE%\*.exe >
[2011.12.23 23:12:52 | 003,818,944 | ---- | M] (Smart Projects                                              ) -- C:\isobuster_all_lang.exe
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.12.17 19:42:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.12.17 19:42:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_f26ae7769ab43067\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2010.12.21 06:36:16 | 001,236,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msxml3.dll
[2009.07.14 02:16:13 | 000,163,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\scrrun.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >

< End of report >
         
LG
Katja

Alt 12.02.2012, 20:36   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Win32/ransom.ej - Standard

Trojaner Win32/ransom.ej



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460
IE - HKLM\..\URLSearchHook: {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm86&r=2736091056b6l0450z105f4551a460
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=101430&mntrId=80e8051800000000000076f1a11368f1
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\URLSearchHook: {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\URLSearchHook: {6844d7d2-99a7-4bb2-84b6-e1b865860cc4} - No CLSID value found
IE - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=80e8051800000000000076f1a11368f1&tlver=1.4.35.10&affID=101430&babsrc=SP_FFUP"
[2012.01.08 16:03:13 | 000,000,000 | ---D | M] (IsoBuster DE Community Toolbar) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5}
[2011.08.13 13:15:39 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\2lsbxp3g.vj3
[2011.07.12 15:41:14 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\DefaultManager@Microsoft
[2011.09.11 15:22:06 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com
[2011.12.27 14:45:12 | 000,000,933 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\11-suche.xml
[2012.01.27 20:03:51 | 000,002,401 | ---- | M] () -- C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\askcom.xml
[2012.01.27 20:06:11 | 000,002,112 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.27 20:06:11 | 000,001,679 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IsoBuster DE Toolbar) - {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (IsoBuster DE Toolbar) - {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {6844d7d2-99a7-4bb2-84b6-e1b865860cc4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\..\Toolbar\WebBrowser: (IsoBuster DE Toolbar) - {134B012B-132D-4516-A786-2395828640B5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-3633274054-4210021700-3697978090-1001..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.03.13 08:03:12 | 000,000,045 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{6123428e-1022-11e0-a278-00262d9e0149}\Shell - "" = AutoRun
O33 - MountPoints2\{6123428e-1022-11e0-a278-00262d9e0149}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{72dd93fa-4a6d-11e1-8661-00262d9e0149}\Shell - "" = AutoRun
O33 - MountPoints2\{72dd93fa-4a6d-11e1-8661-00262d9e0149}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
[2012.01.21 18:01:46 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Local\{011FA7AF-9AB9-413A-9F74-A959D237B2E0}
[2012.01.21 18:01:23 | 000,000,000 | ---D | C] -- C:\Users\Katja\AppData\Local\{C5AF25A0-F517-4512-A23C-F99B2AE19BD5}
[2011.07.28 19:51:13 | 000,000,000 | ---D | M] -- C:\Users\Katja\AppData\Roaming\Gutscheinmieze

:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.02.2012, 20:49   #13
katjes204
 
Trojaner Win32/ransom.ej - Standard

Trojaner Win32/ransom.ej



Das kam nach dem Neustart.

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{134b012b-132d-4516-a786-2395828640b5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{134b012b-132d-4516-a786-2395828640b5}\ deleted successfully.
C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll moved successfully.
HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-3633274054-4210021700-3697978090-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3633274054-4210021700-3697978090-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{134b012b-132d-4516-a786-2395828640b5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{134b012b-132d-4516-a786-2395828640b5}\ not found.
File C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll not found.
Registry value HKEY_USERS\S-1-5-21-3633274054-4210021700-3697978090-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6844d7d2-99a7-4bb2-84b6-e1b865860cc4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6844d7d2-99a7-4bb2-84b6-e1b865860cc4}\ not found.
Registry value HKEY_USERS\S-1-5-21-3633274054-4210021700-3697978090-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=80e8051800000000000076f1a11368f1&tlver=1.4.35.10&affID=101430&babsrc=SP_FFUP" removed from keyword.URL
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5}\searchplugin folder moved successfully.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5}\modules folder moved successfully.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5}\META-INF folder moved successfully.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5}\defaults folder moved successfully.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5}\components folder moved successfully.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5}\chrome folder moved successfully.
Folder move failed. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5} scheduled to be moved on reboot.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\2lsbxp3g.vj3\chrome\content\skin folder moved successfully.
Folder move failed. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\2lsbxp3g.vj3\chrome\content scheduled to be moved on reboot.
Folder move failed. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\2lsbxp3g.vj3\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\2lsbxp3g.vj3 scheduled to be moved on reboot.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\DefaultManager@Microsoft\content folder moved successfully.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\DefaultManager@Microsoft\components folder moved successfully.
Folder move failed. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\DefaultManager@Microsoft scheduled to be moved on reboot.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
Folder move failed. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\defaults scheduled to be moved on reboot.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
Folder move failed. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\content\imgs scheduled to be moved on reboot.
Folder move failed. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\content scheduled to be moved on reboot.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
Folder move failed. C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com scheduled to be moved on reboot.
C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\11-suche.xml moved successfully.
C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\b35odc10.default\searchplugins\askcom.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{134b012b-132d-4516-a786-2395828640b5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{134b012b-132d-4516-a786-2395828640b5}\ not found.
File C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{134b012b-132d-4516-a786-2395828640b5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{134b012b-132d-4516-a786-2395828640b5}\ not found.
File C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6844d7d2-99a7-4bb2-84b6-e1b865860cc4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6844d7d2-99a7-4bb2-84b6-e1b865860cc4}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3633274054-4210021700-3697978090-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{134B012B-132D-4516-A786-2395828640B5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{134B012B-132D-4516-A786-2395828640B5}\ not found.
File C:\Program Files (x86)\IsoBuster_DE\prxtbIso0.dll not found.
Registry value HKEY_USERS\S-1-5-21-3633274054-4210021700-3697978090-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6123428e-1022-11e0-a278-00262d9e0149}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6123428e-1022-11e0-a278-00262d9e0149}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6123428e-1022-11e0-a278-00262d9e0149}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6123428e-1022-11e0-a278-00262d9e0149}\ not found.
File F:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72dd93fa-4a6d-11e1-8661-00262d9e0149}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72dd93fa-4a6d-11e1-8661-00262d9e0149}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72dd93fa-4a6d-11e1-8661-00262d9e0149}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72dd93fa-4a6d-11e1-8661-00262d9e0149}\ not found.
File "F:\WD SmartWare.exe" autoplay=true not found.
C:\Users\Katja\AppData\Local\{011FA7AF-9AB9-413A-9F74-A959D237B2E0} folder moved successfully.
C:\Users\Katja\AppData\Local\{C5AF25A0-F517-4512-A23C-F99B2AE19BD5} folder moved successfully.
C:\Users\Katja\AppData\Roaming\Gutscheinmieze folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Katja
->Temp folder emptied: 20707302 bytes
->Temporary Internet Files folder emptied: 127921973 bytes
->Java cache emptied: 30160994 bytes
->FireFox cache emptied: 197957971 bytes
->Flash cache emptied: 1483 bytes
 
User: Public
 
User: V574054
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5652989 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50300 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 365,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02122012_204147

Files\Folders moved on Reboot...
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\{134b012b-132d-4516-a786-2395828640b5} folder moved successfully.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\2lsbxp3g.vj3\chrome\content folder moved successfully.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\2lsbxp3g.vj3\chrome folder moved successfully.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\2lsbxp3g.vj3 folder moved successfully.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\DefaultManager@Microsoft folder moved successfully.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Katja\AppData\Roaming\mozilla\Firefox\Profiles\b35odc10.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\Katja\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Alt 13.02.2012, 09:53   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Win32/ransom.ej - Standard

Trojaner Win32/ransom.ej



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.02.2012, 19:22   #15
katjes204
 
Trojaner Win32/ransom.ej - Standard

Trojaner Win32/ransom.ej



Hallo Arne,

hier das Ergebnis.

Code:
ATTFilter
19:17:36.0738 4640	TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
19:17:37.0190 4640	============================================================
19:17:37.0190 4640	Current date / time: 2012/02/24 19:17:37.0190
19:17:37.0190 4640	SystemInfo:
19:17:37.0190 4640	
19:17:37.0190 4640	OS Version: 6.1.7600 ServicePack: 0.0
19:17:37.0190 4640	Product type: Workstation
19:17:37.0190 4640	ComputerName: KATJA204
19:17:37.0190 4640	UserName: Katja
19:17:37.0190 4640	Windows directory: C:\Windows
19:17:37.0190 4640	System windows directory: C:\Windows
19:17:37.0190 4640	Running under WOW64
19:17:37.0190 4640	Processor architecture: Intel x64
19:17:37.0190 4640	Number of processors: 4
19:17:37.0190 4640	Page size: 0x1000
19:17:37.0190 4640	Boot type: Normal boot
19:17:37.0190 4640	============================================================
19:17:37.0499 4640	Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:17:37.0504 4640	\Device\Harddisk0\DR0:
19:17:37.0505 4640	MBR used
19:17:37.0505 4640	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
19:17:37.0505 4640	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x260A3AB0
19:17:37.0526 4640	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x27847000, BlocksNum 0x23010800
19:17:37.0611 4640	Initialize success
19:17:37.0611 4640	============================================================
19:17:58.0246 3124	============================================================
19:17:58.0246 3124	Scan started
19:17:58.0246 3124	Mode: Manual; 
19:17:58.0246 3124	============================================================
19:17:58.0589 3124	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:17:58.0589 3124	1394ohci - ok
19:17:58.0604 3124	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:17:58.0604 3124	ACPI - ok
19:17:58.0698 3124	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:17:58.0698 3124	AcpiPmi - ok
19:17:58.0807 3124	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:17:58.0807 3124	adp94xx - ok
19:17:58.0916 3124	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:17:58.0916 3124	adpahci - ok
19:17:59.0026 3124	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:17:59.0026 3124	adpu320 - ok
19:17:59.0135 3124	AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
19:17:59.0135 3124	AFD - ok
19:17:59.0244 3124	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:17:59.0244 3124	agp440 - ok
19:17:59.0353 3124	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:17:59.0353 3124	aliide - ok
19:17:59.0462 3124	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:17:59.0462 3124	amdide - ok
19:17:59.0509 3124	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:17:59.0509 3124	AmdK8 - ok
19:17:59.0743 3124	amdkmdag        (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
19:17:59.0774 3124	amdkmdag - ok
19:17:59.0868 3124	amdkmdap        (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
19:17:59.0884 3124	amdkmdap - ok
19:17:59.0930 3124	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:17:59.0930 3124	AmdPPM - ok
19:18:00.0008 3124	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:18:00.0008 3124	amdsata - ok
19:18:00.0071 3124	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:18:00.0071 3124	amdsbs - ok
19:18:00.0118 3124	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:18:00.0118 3124	amdxata - ok
19:18:00.0242 3124	AmUStor         (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
19:18:00.0242 3124	AmUStor - ok
19:18:00.0367 3124	androidusb      (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
19:18:00.0367 3124	androidusb - ok
19:18:00.0476 3124	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:18:00.0476 3124	AppID - ok
19:18:00.0586 3124	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:18:00.0586 3124	arc - ok
19:18:00.0632 3124	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:18:00.0632 3124	arcsas - ok
19:18:00.0742 3124	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:18:00.0742 3124	AsyncMac - ok
19:18:00.0804 3124	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:18:00.0804 3124	atapi - ok
19:18:00.0944 3124	athr            (afd6c8d783e100f7c46277c45175a96f) C:\Windows\system32\DRIVERS\athrx.sys
19:18:00.0960 3124	athr - ok
19:18:01.0085 3124	AtiHdmiService  (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
19:18:01.0085 3124	AtiHdmiService - ok
19:18:01.0194 3124	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:18:01.0194 3124	b06bdrv - ok
19:18:01.0241 3124	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:18:01.0241 3124	b57nd60a - ok
19:18:01.0381 3124	BCM43XX         (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:18:01.0397 3124	BCM43XX - ok
19:18:01.0475 3124	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:18:01.0475 3124	Beep - ok
19:18:01.0553 3124	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:18:01.0568 3124	blbdrive - ok
19:18:01.0662 3124	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:18:01.0662 3124	bowser - ok
19:18:01.0740 3124	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:18:01.0740 3124	BrFiltLo - ok
19:18:01.0756 3124	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:18:01.0756 3124	BrFiltUp - ok
19:18:01.0834 3124	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:18:01.0834 3124	Brserid - ok
19:18:01.0849 3124	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:18:01.0849 3124	BrSerWdm - ok
19:18:01.0927 3124	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:18:01.0927 3124	BrUsbMdm - ok
19:18:01.0927 3124	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:18:01.0927 3124	BrUsbSer - ok
19:18:01.0958 3124	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:18:01.0958 3124	BTHMODEM - ok
19:18:02.0052 3124	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:18:02.0052 3124	cdfs - ok
19:18:02.0068 3124	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:18:02.0068 3124	cdrom - ok
19:18:02.0161 3124	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:18:02.0161 3124	circlass - ok
19:18:02.0192 3124	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:18:02.0192 3124	CLFS - ok
19:18:02.0302 3124	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:18:02.0302 3124	CmBatt - ok
19:18:02.0333 3124	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:18:02.0333 3124	cmdide - ok
19:18:02.0411 3124	CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
19:18:02.0411 3124	CNG - ok
19:18:02.0504 3124	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:18:02.0504 3124	Compbatt - ok
19:18:02.0536 3124	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:18:02.0536 3124	CompositeBus - ok
19:18:02.0614 3124	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:18:02.0614 3124	crcdisk - ok
19:18:02.0707 3124	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:18:02.0707 3124	DfsC - ok
19:18:02.0785 3124	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:18:02.0785 3124	discache - ok
19:18:02.0832 3124	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:18:02.0832 3124	Disk - ok
19:18:02.0972 3124	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
19:18:02.0972 3124	Dot4 - ok
19:18:03.0019 3124	Dot4Print       (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:18:03.0019 3124	Dot4Print - ok
19:18:03.0050 3124	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
19:18:03.0050 3124	dot4usb - ok
19:18:03.0144 3124	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:18:03.0144 3124	drmkaud - ok
19:18:03.0253 3124	dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:18:03.0253 3124	dtsoftbus01 - ok
19:18:03.0300 3124	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:18:03.0300 3124	DXGKrnl - ok
19:18:03.0425 3124	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:18:03.0456 3124	ebdrv - ok
19:18:03.0550 3124	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:18:03.0550 3124	elxstor - ok
19:18:03.0628 3124	epmntdrv        (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
19:18:03.0628 3124	epmntdrv - ok
19:18:03.0674 3124	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:18:03.0674 3124	ErrDev - ok
19:18:03.0768 3124	EuGdiDrv        (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
19:18:03.0768 3124	EuGdiDrv - ok
19:18:03.0830 3124	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:18:03.0830 3124	exfat - ok
19:18:03.0893 3124	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:18:03.0893 3124	fastfat - ok
19:18:03.0986 3124	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:18:03.0986 3124	fdc - ok
19:18:04.0018 3124	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:18:04.0018 3124	FileInfo - ok
19:18:04.0080 3124	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:18:04.0080 3124	Filetrace - ok
19:18:04.0174 3124	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:18:04.0174 3124	flpydisk - ok
19:18:04.0189 3124	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:18:04.0189 3124	FltMgr - ok
19:18:04.0205 3124	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:18:04.0205 3124	FsDepends - ok
19:18:04.0267 3124	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:18:04.0267 3124	Fs_Rec - ok
19:18:04.0314 3124	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:18:04.0330 3124	fvevol - ok
19:18:04.0392 3124	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:18:04.0392 3124	gagp30kx - ok
19:18:04.0423 3124	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:18:04.0423 3124	GEARAspiWDM - ok
19:18:04.0548 3124	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:18:04.0548 3124	hcw85cir - ok
19:18:04.0579 3124	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:18:04.0579 3124	HdAudAddService - ok
19:18:04.0673 3124	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:18:04.0673 3124	HDAudBus - ok
19:18:04.0720 3124	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
19:18:04.0720 3124	HECIx64 - ok
19:18:04.0766 3124	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:18:04.0766 3124	HidBatt - ok
19:18:04.0782 3124	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:18:04.0782 3124	HidBth - ok
19:18:04.0860 3124	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:18:04.0860 3124	HidIr - ok
19:18:04.0938 3124	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:18:04.0938 3124	HidUsb - ok
19:18:05.0016 3124	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:18:05.0016 3124	HpSAMD - ok
19:18:05.0078 3124	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:18:05.0078 3124	HTTP - ok
19:18:05.0125 3124	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:18:05.0125 3124	hwpolicy - ok
19:18:05.0219 3124	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:18:05.0219 3124	i8042prt - ok
19:18:05.0250 3124	iaStor          (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
19:18:05.0250 3124	iaStor - ok
19:18:05.0359 3124	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:18:05.0359 3124	iaStorV - ok
19:18:05.0546 3124	igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:18:05.0578 3124	igfx - ok
19:18:05.0656 3124	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:18:05.0656 3124	iirsp - ok
19:18:05.0718 3124	Impcd           (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
19:18:05.0718 3124	Impcd - ok
19:18:05.0843 3124	IntcAzAudAddService (53019327813ff5ab2964b33b2c61307c) C:\Windows\system32\drivers\RTKVHD64.sys
19:18:05.0858 3124	IntcAzAudAddService - ok
19:18:05.0936 3124	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:18:05.0936 3124	intelide - ok
19:18:05.0968 3124	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:18:05.0983 3124	intelppm - ok
19:18:06.0061 3124	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:18:06.0061 3124	IpFilterDriver - ok
19:18:06.0092 3124	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:18:06.0092 3124	IPMIDRV - ok
19:18:06.0170 3124	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:18:06.0186 3124	IPNAT - ok
19:18:06.0280 3124	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:18:06.0280 3124	IRENUM - ok
19:18:06.0295 3124	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:18:06.0295 3124	isapnp - ok
19:18:06.0373 3124	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:18:06.0373 3124	iScsiPrt - ok
19:18:06.0404 3124	k57nd60a        (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
19:18:06.0404 3124	k57nd60a - ok
19:18:06.0482 3124	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:18:06.0482 3124	kbdclass - ok
19:18:06.0514 3124	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:18:06.0514 3124	kbdhid - ok
19:18:06.0592 3124	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
19:18:06.0592 3124	KSecDD - ok
19:18:06.0623 3124	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
19:18:06.0623 3124	KSecPkg - ok
19:18:06.0685 3124	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:18:06.0685 3124	ksthunk - ok
19:18:06.0779 3124	L1E             (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
19:18:06.0794 3124	L1E - ok
19:18:06.0857 3124	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:18:06.0857 3124	lltdio - ok
19:18:06.0919 3124	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:18:06.0935 3124	LSI_FC - ok
19:18:06.0997 3124	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:18:06.0997 3124	LSI_SAS - ok
19:18:07.0044 3124	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:18:07.0060 3124	LSI_SAS2 - ok
19:18:07.0091 3124	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:18:07.0091 3124	LSI_SCSI - ok
19:18:07.0106 3124	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:18:07.0106 3124	luafv - ok
19:18:07.0153 3124	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:18:07.0169 3124	megasas - ok
19:18:07.0200 3124	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:18:07.0200 3124	MegaSR - ok
19:18:07.0247 3124	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:18:07.0262 3124	Modem - ok
19:18:07.0340 3124	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:18:07.0340 3124	monitor - ok
19:18:07.0418 3124	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:18:07.0418 3124	mouclass - ok
19:18:07.0434 3124	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:18:07.0434 3124	mouhid - ok
19:18:07.0528 3124	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:18:07.0528 3124	mountmgr - ok
19:18:07.0621 3124	MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
19:18:07.0621 3124	MpFilter - ok
19:18:07.0637 3124	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:18:07.0637 3124	mpio - ok
19:18:07.0730 3124	MpNWMon         (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:18:07.0730 3124	MpNWMon - ok
19:18:07.0762 3124	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:18:07.0762 3124	mpsdrv - ok
19:18:07.0824 3124	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:18:07.0824 3124	MRxDAV - ok
19:18:07.0871 3124	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:18:07.0871 3124	mrxsmb - ok
19:18:07.0949 3124	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:18:07.0964 3124	mrxsmb10 - ok
19:18:07.0996 3124	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:18:07.0996 3124	mrxsmb20 - ok
19:18:08.0058 3124	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:18:08.0058 3124	msahci - ok
19:18:08.0074 3124	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:18:08.0074 3124	msdsm - ok
19:18:08.0152 3124	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:18:08.0152 3124	Msfs - ok
19:18:08.0167 3124	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:18:08.0167 3124	mshidkmdf - ok
19:18:08.0183 3124	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:18:08.0183 3124	msisadrv - ok
19:18:08.0276 3124	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:18:08.0276 3124	MSKSSRV - ok
19:18:08.0370 3124	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:18:08.0370 3124	MSPCLOCK - ok
19:18:08.0448 3124	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:18:08.0448 3124	MSPQM - ok
19:18:08.0464 3124	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:18:08.0479 3124	MsRPC - ok
19:18:08.0495 3124	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:18:08.0495 3124	mssmbios - ok
19:18:08.0573 3124	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:18:08.0573 3124	MSTEE - ok
19:18:08.0604 3124	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:18:08.0604 3124	MTConfig - ok
19:18:08.0620 3124	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:18:08.0620 3124	Mup - ok
19:18:08.0729 3124	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:18:08.0729 3124	NativeWifiP - ok
19:18:08.0822 3124	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:18:08.0822 3124	NDIS - ok
19:18:08.0932 3124	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:18:08.0932 3124	NdisCap - ok
19:18:08.0947 3124	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:18:08.0947 3124	NdisTapi - ok
19:18:09.0025 3124	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:18:09.0025 3124	Ndisuio - ok
19:18:09.0056 3124	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:18:09.0056 3124	NdisWan - ok
19:18:09.0150 3124	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:18:09.0150 3124	NDProxy - ok
19:18:09.0244 3124	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:18:09.0244 3124	NetBIOS - ok
19:18:09.0275 3124	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:18:09.0275 3124	NetBT - ok
19:18:09.0368 3124	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:18:09.0368 3124	nfrd960 - ok
19:18:09.0415 3124	NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:18:09.0415 3124	NisDrv - ok
19:18:09.0509 3124	nmwcd           (903681bab213d5f84717c0fc42afb28a) C:\Windows\system32\drivers\ccdcmbx64.sys
19:18:09.0509 3124	nmwcd - ok
19:18:09.0540 3124	nmwcdc          (ec4c5ebd003e0395bf4ea5a2efd13ce6) C:\Windows\system32\drivers\ccdcmbox64.sys
19:18:09.0540 3124	nmwcdc - ok
19:18:09.0618 3124	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:18:09.0618 3124	Npfs - ok
19:18:09.0634 3124	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:18:09.0634 3124	nsiproxy - ok
19:18:09.0696 3124	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:18:09.0712 3124	Ntfs - ok
19:18:09.0774 3124	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:18:09.0774 3124	Null - ok
19:18:09.0805 3124	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:18:09.0805 3124	nvraid - ok
19:18:09.0868 3124	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:18:09.0868 3124	nvstor - ok
19:18:09.0914 3124	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:18:09.0914 3124	nv_agp - ok
19:18:09.0977 3124	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:18:09.0977 3124	ohci1394 - ok
19:18:10.0008 3124	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:18:10.0008 3124	Parport - ok
19:18:10.0070 3124	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:18:10.0070 3124	partmgr - ok
19:18:10.0164 3124	pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:18:10.0164 3124	pccsmcfd - ok
19:18:10.0195 3124	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:18:10.0195 3124	pci - ok
19:18:10.0273 3124	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:18:10.0273 3124	pciide - ok
19:18:10.0304 3124	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:18:10.0320 3124	pcmcia - ok
19:18:10.0382 3124	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:18:10.0382 3124	pcw - ok
19:18:10.0414 3124	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:18:10.0414 3124	PEAUTH - ok
19:18:10.0538 3124	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:18:10.0538 3124	PptpMiniport - ok
19:18:10.0554 3124	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:18:10.0554 3124	Processor - ok
19:18:10.0648 3124	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:18:10.0648 3124	Psched - ok
19:18:10.0710 3124	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:18:10.0710 3124	PxHlpa64 - ok
19:18:10.0804 3124	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:18:10.0819 3124	ql2300 - ok
19:18:10.0897 3124	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:18:10.0897 3124	ql40xx - ok
19:18:10.0913 3124	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:18:10.0913 3124	QWAVEdrv - ok
19:18:11.0022 3124	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:18:11.0022 3124	RasAcd - ok
19:18:11.0069 3124	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:18:11.0069 3124	RasAgileVpn - ok
19:18:11.0147 3124	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:18:11.0147 3124	Rasl2tp - ok
19:18:11.0209 3124	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:18:11.0209 3124	RasPppoe - ok
19:18:11.0256 3124	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:18:11.0256 3124	RasSstp - ok
19:18:11.0303 3124	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:18:11.0303 3124	rdbss - ok
19:18:11.0350 3124	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:18:11.0350 3124	rdpbus - ok
19:18:11.0396 3124	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:18:11.0396 3124	RDPCDD - ok
19:18:11.0459 3124	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:18:11.0459 3124	RDPENCDD - ok
19:18:11.0490 3124	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:18:11.0490 3124	RDPREFMP - ok
19:18:11.0552 3124	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
19:18:11.0552 3124	RDPWD - ok
19:18:11.0599 3124	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:18:11.0615 3124	rdyboost - ok
19:18:11.0708 3124	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:18:11.0708 3124	rspndr - ok
19:18:11.0740 3124	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:18:11.0740 3124	sbp2port - ok
19:18:11.0818 3124	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:18:11.0818 3124	scfilter - ok
19:18:11.0880 3124	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:18:11.0880 3124	secdrv - ok
19:18:11.0927 3124	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:18:11.0927 3124	Serenum - ok
19:18:12.0005 3124	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:18:12.0005 3124	Serial - ok
19:18:12.0052 3124	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:18:12.0052 3124	sermouse - ok
19:18:12.0161 3124	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:18:12.0161 3124	sffdisk - ok
19:18:12.0176 3124	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:18:12.0192 3124	sffp_mmc - ok
19:18:12.0239 3124	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:18:12.0239 3124	sffp_sd - ok
19:18:12.0254 3124	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:18:12.0254 3124	sfloppy - ok
19:18:12.0348 3124	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:18:12.0348 3124	SiSRaid2 - ok
19:18:12.0379 3124	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:18:12.0379 3124	SiSRaid4 - ok
19:18:12.0457 3124	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:18:12.0457 3124	Smb - ok
19:18:12.0535 3124	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:18:12.0535 3124	spldr - ok
19:18:12.0598 3124	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:18:12.0598 3124	srv - ok
19:18:12.0660 3124	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:18:12.0660 3124	srv2 - ok
19:18:12.0691 3124	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:18:12.0691 3124	srvnet - ok
19:18:12.0785 3124	ssadbus         (866f8212ef7e75bac8bca03331e30cb4) C:\Windows\system32\DRIVERS\ssadbus.sys
19:18:12.0785 3124	ssadbus - ok
19:18:12.0816 3124	ssadmdfl        (73e2ba39e7eb024dc686412e2e924a74) C:\Windows\system32\DRIVERS\ssadmdfl.sys
19:18:12.0816 3124	ssadmdfl - ok
19:18:12.0925 3124	ssadmdm         (74b032d6c1e36ae2f790752fde8ce055) C:\Windows\system32\DRIVERS\ssadmdm.sys
19:18:12.0925 3124	ssadmdm - ok
19:18:12.0988 3124	ssadserd        (2b44ca7dafa820dc5756006cfccc8d72) C:\Windows\system32\DRIVERS\ssadserd.sys
19:18:12.0988 3124	ssadserd - ok
19:18:13.0034 3124	sscdbus         (f4f1e1ff6986fe8914525af751ea3eac) C:\Windows\system32\DRIVERS\sscdbus.sys
19:18:13.0034 3124	sscdbus - ok
19:18:13.0128 3124	sscdmdfl        (5447690d2cfe1bde1be3a5a5a3e2f796) C:\Windows\system32\DRIVERS\sscdmdfl.sys
19:18:13.0128 3124	sscdmdfl - ok
19:18:13.0222 3124	sscdmdm         (bfda292053aeb76a0c1d63b2279d5138) C:\Windows\system32\DRIVERS\sscdmdm.sys
19:18:13.0222 3124	sscdmdm - ok
19:18:13.0315 3124	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:18:13.0315 3124	stexstor - ok
19:18:13.0409 3124	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
19:18:13.0409 3124	StillCam - ok
19:18:13.0502 3124	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:18:13.0502 3124	swenum - ok
19:18:13.0596 3124	SynTP           (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
19:18:13.0596 3124	SynTP - ok
19:18:13.0736 3124	Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
19:18:13.0736 3124	Tcpip - ok
19:18:13.0861 3124	TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
19:18:13.0877 3124	TCPIP6 - ok
19:18:13.0955 3124	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:18:13.0955 3124	tcpipreg - ok
19:18:13.0970 3124	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:18:13.0970 3124	TDPIPE - ok
19:18:13.0986 3124	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:18:13.0986 3124	TDTCP - ok
19:18:14.0064 3124	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:18:14.0064 3124	tdx - ok
19:18:14.0095 3124	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:18:14.0095 3124	TermDD - ok
19:18:14.0220 3124	TFsExDisk       (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
19:18:14.0220 3124	TFsExDisk - ok
19:18:14.0267 3124	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:18:14.0267 3124	tssecsrv - ok
19:18:14.0360 3124	TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
19:18:14.0360 3124	TuneUpUtilitiesDrv - ok
19:18:14.0423 3124	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:18:14.0438 3124	tunnel - ok
19:18:14.0501 3124	TurboB          (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
19:18:14.0501 3124	TurboB - ok
19:18:14.0548 3124	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:18:14.0563 3124	uagp35 - ok
19:18:14.0610 3124	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:18:14.0610 3124	udfs - ok
19:18:14.0688 3124	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:18:14.0688 3124	uliagpkx - ok
19:18:14.0719 3124	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:18:14.0719 3124	umbus - ok
19:18:14.0766 3124	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:18:14.0766 3124	UmPass - ok
19:18:14.0891 3124	upperdev        (7168819f30fe9622284ea19bde7f8ab4) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
19:18:14.0891 3124	upperdev - ok
19:18:14.0984 3124	USBAAPL64       (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
19:18:14.0984 3124	USBAAPL64 - ok
19:18:15.0078 3124	usbccgp         (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:18:15.0078 3124	usbccgp - ok
19:18:15.0140 3124	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:18:15.0140 3124	usbcir - ok
19:18:15.0234 3124	usbehci         (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
19:18:15.0250 3124	usbehci - ok
19:18:15.0265 3124	usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:18:15.0265 3124	usbhub - ok
19:18:15.0343 3124	usbohci         (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
19:18:15.0343 3124	usbohci - ok
19:18:15.0374 3124	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:18:15.0374 3124	usbprint - ok
19:18:15.0406 3124	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:18:15.0406 3124	usbscan - ok
19:18:15.0499 3124	UsbserFilt      (66c25cb20b2974e0c0cfdab49fb72a02) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
19:18:15.0499 3124	UsbserFilt - ok
19:18:15.0515 3124	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:18:15.0530 3124	USBSTOR - ok
19:18:15.0608 3124	usbuhci         (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
19:18:15.0608 3124	usbuhci - ok
19:18:15.0655 3124	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
19:18:15.0655 3124	usbvideo - ok
19:18:15.0733 3124	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:18:15.0733 3124	vdrvroot - ok
19:18:15.0827 3124	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:18:15.0827 3124	vga - ok
19:18:15.0842 3124	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:18:15.0842 3124	VgaSave - ok
19:18:15.0920 3124	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:18:15.0920 3124	vhdmp - ok
19:18:15.0952 3124	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:18:15.0952 3124	viaide - ok
19:18:16.0030 3124	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:18:16.0030 3124	volmgr - ok
19:18:16.0061 3124	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:18:16.0061 3124	volmgrx - ok
19:18:16.0139 3124	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:18:16.0139 3124	volsnap - ok
19:18:16.0232 3124	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:18:16.0232 3124	vsmraid - ok
19:18:16.0264 3124	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:18:16.0264 3124	vwifibus - ok
19:18:16.0326 3124	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:18:16.0326 3124	vwififlt - ok
19:18:16.0373 3124	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:18:16.0373 3124	vwifimp - ok
19:18:16.0451 3124	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:18:16.0451 3124	WacomPen - ok
19:18:16.0498 3124	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:18:16.0498 3124	WANARP - ok
19:18:16.0498 3124	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:18:16.0498 3124	Wanarpv6 - ok
19:18:16.0560 3124	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:18:16.0560 3124	Wd - ok
19:18:16.0622 3124	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:18:16.0622 3124	Wdf01000 - ok
19:18:16.0716 3124	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:18:16.0716 3124	WfpLwf - ok
19:18:16.0763 3124	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:18:16.0763 3124	WIMMount - ok
19:18:16.0856 3124	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
19:18:16.0856 3124	WinUsb - ok
19:18:16.0997 3124	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:18:16.0997 3124	WmiAcpi - ok
19:18:17.0106 3124	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:18:17.0106 3124	ws2ifsl - ok
19:18:17.0137 3124	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:18:17.0137 3124	WudfPf - ok
19:18:17.0231 3124	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:18:17.0231 3124	WUDFRd - ok
19:18:17.0293 3124	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:18:17.0356 3124	\Device\Harddisk0\DR0 - ok
19:18:17.0356 3124	Boot (0x1200)   (b75f3197fab78ff0c95e24771e1155cb) \Device\Harddisk0\DR0\Partition0
19:18:17.0356 3124	\Device\Harddisk0\DR0\Partition0 - ok
19:18:17.0371 3124	Boot (0x1200)   (0dfc673b63ce4a1efb6acdcb496b0ce7) \Device\Harddisk0\DR0\Partition1
19:18:17.0371 3124	\Device\Harddisk0\DR0\Partition1 - ok
19:18:17.0387 3124	Boot (0x1200)   (b8bfee9dbbd77bd28564a3699778c111) \Device\Harddisk0\DR0\Partition2
19:18:17.0402 3124	\Device\Harddisk0\DR0\Partition2 - ok
19:18:17.0402 3124	============================================================
19:18:17.0402 3124	Scan finished
19:18:17.0402 3124	============================================================
19:18:17.0402 1892	Detected object count: 0
19:18:17.0402 1892	Actual detected object count: 0
         

Antwort

Themen zu Trojaner Win32/ransom.ej
abgesicherten, ahnung, anhang, arbeiten, bezahlen, checklist, entferne, entfernen, essen, fenster, gestartet, gestern, hängt, laptop, microsoft, microsoft security, microsoft security essentials, modus, programm, scan, security, trojan, trojaner, virenscan, virus, win, win32/ransom.ej, windows



Ähnliche Themen: Trojaner Win32/ransom.ej


  1. deeprybka: Trojan-Ransom.Win32.Foreign ist weg
    Lob, Kritik und Wünsche - 29.06.2014 (1)
  2. Trojaner: Trojan-Ransom.Win32.Foreign blockiert Rechner
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (19)
  3. Trojan-Ransom.Win32.Crypren.prr
    Plagegeister aller Art und deren Bekämpfung - 28.03.2014 (5)
  4. Kaspersky findet Backdoor.Win32.Zaccess, Trojan-Ransom.Win32.Gimeno, Trojan.Win32.Inject
    Log-Analyse und Auswertung - 01.02.2014 (17)
  5. Win7 ransomware wgsdgsdgdsgsd.dll, Win32/Reveton!lnk (runctf.lnk), Trojan.Ransom.Win32.Foreign.AMN (A)
    Plagegeister aller Art und deren Bekämpfung - 30.12.2012 (9)
  6. TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)
    Log-Analyse und Auswertung - 20.07.2012 (18)
  7. Tojan.Ransom.Win32 Gimemo.uov
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (1)
  8. trojan-ransom.win32.gimemo
    Plagegeister aller Art und deren Bekämpfung - 26.05.2012 (1)
  9. Trojan-Ransom.Win32.Gumemo.roq
    Log-Analyse und Auswertung - 11.05.2012 (20)
  10. RannohDecryptor: Verschlüsselungs-Trojaner Trojan-Ransom.Win32.Rannoh
    Diskussionsforum - 07.05.2012 (3)
  11. Trojan:Win32/Ransom.EZ
    Log-Analyse und Auswertung - 29.04.2012 (1)
  12. XoristDecryptor: Verschlüsselungs-Trojaner Trojan-Ransom.Win32.Xorist
    Anleitungen, FAQs & Links - 28.02.2012 (0)
  13. Trojaner Befall durch win32/ransom.ej
    Log-Analyse und Auswertung - 14.02.2012 (1)
  14. Trojaner Win32/ransom.ej + Auswertungen
    Log-Analyse und Auswertung - 05.02.2012 (1)
  15. Trojaner Win32/ransom.ej
    Log-Analyse und Auswertung - 21.01.2012 (3)
  16. Trojan:Win32/Ransom.EJ
    Plagegeister aller Art und deren Bekämpfung - 02.01.2012 (3)
  17. Trojaner , Trojan:Win32/Ransom.EJ auf dem Netbook. Windows Version blockiert.
    Plagegeister aller Art und deren Bekämpfung - 18.12.2011 (1)

Zum Thema Trojaner Win32/ransom.ej - Ich habe mir gestern abend den Trojan:Win32/Ransom.ej eingefangen. Wenn ich Windows hochfahre kommt gleich ein Fenster wo ich was bezahlen soll mit paysafecard.Ich bekomme mein Laptop nur im abgesicherten Modus - Trojaner Win32/ransom.ej...
Archiv
Du betrachtest: Trojaner Win32/ransom.ej auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.