Mit Smart Fortress 2012 infiziert

ComboJack · 09.04.2012, 14:35

Guten Tag,

heute Mittag hab ich mich mit Smart Fortress 2012 infiziert. Ich habe den PC gestartet und konnte nichts mehr ausführen, aber es startete die Fake Anti-Viren-Software.

Ich hab nach einer Lösung für das Problem gegoogelt und diesen Beitrag auf diesem Board gefunden. Diese Anleitung habe ich befolgt

http://www.trojaner-board.de/110669-...entfernen.html

Der PC funktioniert wieder soweit ich das beurteilen kann allerdings bin ich mir nicht sicher ob er wieder komplett sauber ist.
Die Verknüpfung von Smart Fortress 2012 befindet sich noch auf dem Desktop aber ohne Icon. Es sieht so aus, wie wenn man ein Programm deinstalliert hat, die Verknüpfung auf dem Desktop aber noch besteht.

Außerdem erscheint nach dem Hochfahren des PCs die Meldung, dass der Windows Defender nicht funktioniert

Die Logs habe ich im Anhang hinzugefügt

Schon im Vorraus möchte ich mich für die Hilfe bedanken und wünsche noch schöne rest Osterfeiertage.

cosinus · 09.04.2012, 19:29

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

ComboJack · 09.04.2012, 19:40

Nein ich habe bisher nur einen Scan Malwarebytes durchgeführt

cosinus · 09.04.2012, 19:46

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

ComboJack · 09.04.2012, 21:12

Der Scann mit ESET ist fertig

cosinus · 09.04.2012, 22:11

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

ComboJack · 09.04.2012, 22:16

Der normale Modus funktioniert einwandfrei. Ist auch nicht langsamer als vorher.

Leere Ordner sind mir nicht aufgefallen. Sieht so aus als wäre alles noch an seinem Platz

cosinus · 09.04.2012, 22:17

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

ComboJack · 09.04.2012, 22:42

Der OTL Scan ist fertig

Code:

ATTFilter

OTL logfile created on: 09.04.2012 23:25:19 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Installation\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 64,23% Memory free
6,73 Gb Paging File | 5,57 Gb Available in Paging File | 82,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698,63 Gb Total Space | 508,18 Gb Free Space | 72,74% Space Free | Partition Type: NTFS
 
Computer Name: GAME-PC | User Name: Installation | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.09 23:24:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Installation\Desktop\OTL.exe
PRC - [2010.07.19 19:57:32 | 002,231,616 | ---- | M] () -- C:\Program Files\devolo\dlan\devolonetsvc.exe
PRC - [2009.08.05 19:34:13 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.29 04:08:00 | 000,303,104 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.04.29 04:07:32 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009.02.19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008.07.24 17:35:30 | 000,773,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
PRC - [2008.07.24 17:35:28 | 002,054,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008.07.24 12:16:02 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.16 13:54:03 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll
MOD - [2012.02.16 13:53:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012.02.16 13:53:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012.02.16 13:46:22 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012.02.16 13:46:09 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012.02.16 13:46:02 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012.02.16 13:44:56 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011.10.13 14:48:39 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2011.10.13 12:14:04 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.12.12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.05.28 00:05:17 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3405.36844__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009.05.28 00:05:17 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3405.36902__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2009.05.28 00:05:17 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3405.36826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009.05.28 00:05:17 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3405.36845__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009.05.28 00:05:17 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3405.36840__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009.05.28 00:05:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3405.36834__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009.05.28 00:05:17 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3405.36929__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2009.05.28 00:05:17 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3405.36928__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2009.05.28 00:05:17 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3405.36933__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2009.05.28 00:05:17 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3405.36929__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2009.05.28 00:05:16 | 000,692,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3405.36889__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2009.05.28 00:05:16 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3405.36917__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009.05.28 00:05:16 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3405.36897__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009.05.28 00:05:16 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3405.36834__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009.05.28 00:05:16 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3405.36879__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009.05.28 00:05:16 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3405.36918__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009.05.28 00:05:16 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3405.36870__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009.05.28 00:05:15 | 000,782,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3405.36872__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009.05.28 00:05:15 | 000,749,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3405.36898__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2009.05.28 00:05:15 | 000,643,072 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3405.36927__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2009.05.28 00:05:15 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3405.36880__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2009.05.28 00:05:15 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3405.36846__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009.05.28 00:05:15 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3405.36835__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009.05.28 00:05:15 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3405.36892__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009.05.28 00:05:15 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3405.36870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009.05.28 00:05:15 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3405.36866__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009.05.28 00:05:15 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3405.36884__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009.05.28 00:05:15 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009.05.28 00:05:15 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3405.36846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009.05.28 00:05:15 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3405.36884__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009.05.28 00:05:15 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3405.36876__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009.05.28 00:05:15 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3405.36871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009.05.28 00:05:15 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3405.36927__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2009.05.28 00:05:15 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3405.36883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009.05.28 00:05:15 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3405.36870__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009.05.28 00:05:15 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3405.36916__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009.05.28 00:05:15 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3405.36850__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009.05.28 00:05:15 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3405.36871__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009.05.28 00:05:15 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3405.36876__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009.05.28 00:05:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3405.36877__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009.05.28 00:05:15 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3403.16829__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009.05.28 00:05:15 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3403.16821__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009.05.28 00:05:15 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3403.16841__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009.05.28 00:05:15 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3403.16853__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009.05.28 00:05:15 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3403.16853__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009.05.28 00:05:15 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3403.16839__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009.05.28 00:05:15 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3403.16852__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009.05.28 00:05:15 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009.05.28 00:05:14 | 000,602,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3405.36941__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2009.05.28 00:05:14 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3403.16818__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009.05.28 00:05:14 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3403.16845__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3403.16833__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3403.16854__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3403.16845__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3403.16844__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3403.16843__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3403.16843__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009.05.28 00:05:14 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3405.36922__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009.05.28 00:05:14 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3403.16850__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3403.16845__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3403.16813__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009.05.28 00:05:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3403.16836__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3403.16814__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009.05.28 00:05:14 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3403.16866__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009.05.28 00:05:14 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3403.16850__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3403.16843__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3403.16841__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3403.16839__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3403.16830__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3403.16844__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3403.16827__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009.05.28 00:05:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2009.05.28 00:05:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3403.16833__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3403.16823__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3403.16841__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3403.16838__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009.05.28 00:05:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3403.16838__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009.05.28 00:05:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009.05.28 00:05:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3403.16851__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009.05.28 00:05:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009.05.28 00:05:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3403.16828__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3403.16842__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3403.16841__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3403.16828__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009.05.28 00:05:14 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009.05.28 00:05:14 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009.05.28 00:05:14 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3405.36821__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009.05.28 00:05:13 | 001,212,416 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3405.36830__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009.05.28 00:05:13 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3405.36906__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009.05.28 00:05:13 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3405.36839__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009.05.28 00:05:13 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3405.36911__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009.05.28 00:05:13 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3405.36910__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009.05.28 00:05:13 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3405.36823__90ba9c70f846762e\APM.Server.dll
MOD - [2009.05.28 00:05:13 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3405.36825__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009.05.28 00:05:13 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3405.36824__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009.05.28 00:05:13 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3403.16840__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009.05.28 00:05:13 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3405.36822__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.05.28 00:05:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3403.16820__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009.05.28 00:05:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3403.16835__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009.05.28 00:05:13 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3403.16826__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009.05.28 00:05:13 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009.05.28 00:05:13 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3403.16839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009.05.28 00:05:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3403.16838__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009.05.28 00:05:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3403.16838__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009.05.28 00:05:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3403.16846__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009.05.28 00:05:13 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3405.36911__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.04.29 04:06:26 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 06:42:12 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.10.30 14:39:12 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2011.10.01 18:00:26 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.07.19 19:57:32 | 002,231,616 | ---- | M] () [Auto | Running] -- C:\Program Files\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.08.05 19:34:13 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.04.29 04:07:32 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.02.19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.07.24 17:35:28 | 002,054,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | On_Demand | Stopped] --  -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2011.04.02 14:21:34 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.04.02 14:21:33 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.06.10 13:32:14 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.02.26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.12.08 17:01:54 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.09.15 22:04:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009.05.28 07:49:14 | 000,539,104 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2009.05.28 07:49:14 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009.05.28 00:25:03 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.29 05:31:38 | 004,491,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.04.24 07:43:36 | 000,095,544 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.18 23:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008.12.18 23:43:54 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008.12.18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.12.18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.12.18 23:43:12 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008.12.18 23:43:06 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.06.05 05:58:50 | 000,165,984 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6032.sys -- (e1kexpress) Intel(R)
DRV - [2008.03.28 06:42:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2005.08.17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005.08.17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005.08.17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 04 E0 04 8F 09 CA 01  [binary data]
IE - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.MM3ProxySwitch.type: 1
FF - prefs.js..network.proxy.ftp: "205.251.132.51"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "187.72.145.53"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks: "91.121.16.86"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "187.72.145.53"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.08.22 16:05:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.14 23:12:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.17 18:57:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.08.22 16:05:02 | 000,000,000 | ---D | M]
 
[2009.06.01 12:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Installation\AppData\Roaming\mozilla\Extensions
[2012.02.02 23:57:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Installation\AppData\Roaming\mozilla\Firefox\Profiles\ui376qhf.default\extensions
[2012.04.07 21:17:00 | 000,000,944 | ---- | M] () -- C:\Users\Installation\AppData\Roaming\Mozilla\Firefox\Profiles\ui376qhf.default\searchplugins\icqplugin.xml
[2012.01.08 19:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.08.16 23:33:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
() (No name found) -- C:\USERS\INSTALLATION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UI376QHF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\INSTALLATION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UI376QHF.DEFAULT\EXTENSIONS\ADMIN@PROXY-LISTEN.DE.XPI
[2012.03.14 23:12:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.06 18:58:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.06 18:58:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.06 18:58:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 18:58:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.06 18:58:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 18:58:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000..\Run: []  File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools:  = 0
O7 - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\ShowInfoTip:  = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Installation\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59F67B89-1185-4388-A803-679C7E375DFD}: DhcpNameServer = 10.8.48.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F3BD826-3246-49C9-9F79-26871476D248}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Installation\Desktop\Downloads\floral-pattern-wallpaper-black-1600x1200.jpg
O24 - Desktop BackupWallPaper: C:\Users\Installation\Desktop\Downloads\floral-pattern-wallpaper-black-1600x1200.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{09568650-a871-11df-8967-00241d11289d}\Shell - "" = AutoRun
O33 - MountPoints2\{09568650-a871-11df-8967-00241d11289d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{249e9223-4bc9-11e0-84ed-00241d11289d}\Shell\AutoRun\command - "" = E:\ymxf2.exe
O33 - MountPoints2\{249e9223-4bc9-11e0-84ed-00241d11289d}\Shell\open\Command - "" = E:\ymxf2.exe
O33 - MountPoints2\{53b4e715-4b3f-11de-b44d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{53b4e715-4b3f-11de-b44d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe - (Audible, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.09 23:24:20 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Installation\Desktop\OTL.exe
[2012.04.09 20:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.09 14:32:40 | 000,000,000 | ---D | C] -- C:\Users\Installation\Desktop\Neuer Ordner
[2012.04.09 13:13:37 | 000,000,000 | ---D | C] -- C:\Users\Installation\AppData\Roaming\Malwarebytes
[2012.04.09 13:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.09 13:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.09 13:13:24 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.09 13:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.09 11:09:29 | 000,000,000 | ---D | C] -- C:\Users\Installation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012
[2012.04.08 19:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E858890C3886C200037EEA570F1C8B
[2012.03.30 21:12:48 | 000,000,000 | ---D | C] -- C:\Users\Installation\Desktop\tanja11111
[2012.03.28 11:13:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.27 22:28:09 | 000,000,000 | ---D | C] -- C:\Users\Installation\Desktop\iPod Photo Cache
[2012.03.13 23:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.13 23:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.13 23:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[6 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.09 23:28:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{81FDF4A8-0BC8-4ACF-8667-2170A5223DBA}.job
[2012.04.09 23:24:21 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Installation\Desktop\OTL.exe
[2012.04.09 23:16:30 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.09 23:16:30 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.09 22:40:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.09 15:23:48 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.09 15:23:48 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.09 15:23:48 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.09 15:23:48 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.09 15:16:41 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.09 15:16:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.09 15:16:27 | 3487,879,168 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.09 14:27:45 | 000,000,000 | ---- | M] () -- C:\Users\Installation\defogger_reenable
[2012.04.09 13:13:25 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.09 13:06:08 | 000,000,680 | ---- | M] () -- C:\Users\Installation\AppData\Local\d3d9caps.dat
[2012.04.09 11:09:29 | 000,001,043 | ---- | M] () -- C:\Users\Installation\Desktop\Smart Fortress 2012.lnk
[2012.04.06 18:36:52 | 000,002,591 | ---- | M] () -- C:\Users\Installation\Desktop\Microsoft Office Word 2007.lnk
[2012.04.06 11:22:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.03.30 10:59:13 | 002,586,603 | ---- | M] () -- C:\Users\Installation\Desktop\ecbhistoryrolefunctions2006de.pdf
[2012.03.29 17:13:36 | 000,330,798 | ---- | M] () -- C:\Users\Installation\Desktop\controller.pdf
[2012.03.28 21:28:02 | 000,001,482 | ---- | M] () -- C:\Users\Installation\AppData\Local\RecConfig.xml
[2012.03.28 18:03:26 | 000,002,593 | ---- | M] () -- C:\Users\Installation\Desktop\Microsoft Office Excel 2007.lnk
[2012.03.26 18:36:47 | 001,114,222 | ---- | M] () -- C:\Users\Installation\Desktop\print.pdf
[2012.03.14 17:31:46 | 000,318,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.13 23:59:06 | 000,001,631 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[6 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[12 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.09 14:27:45 | 000,000,000 | ---- | C] () -- C:\Users\Installation\defogger_reenable
[2012.04.09 14:04:31 | 3487,879,168 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.09 13:13:25 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.09 11:09:29 | 000,001,043 | ---- | C] () -- C:\Users\Installation\Desktop\Smart Fortress 2012.lnk
[2012.03.30 10:59:13 | 002,586,603 | ---- | C] () -- C:\Users\Installation\Desktop\ecbhistoryrolefunctions2006de.pdf
[2012.03.29 17:13:36 | 000,330,798 | ---- | C] () -- C:\Users\Installation\Desktop\controller.pdf
[2012.03.26 18:36:47 | 001,114,222 | ---- | C] () -- C:\Users\Installation\Desktop\print.pdf
[2012.03.13 23:59:06 | 000,001,631 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.15 00:44:03 | 000,007,699 | ---- | C] () -- C:\Users\Installation\AppData\Roaming\.freeciv-client-rc-2.3
[2011.04.16 16:15:33 | 000,006,907 | ---- | C] () -- C:\Users\Installation\AppData\Roaming\.freeciv-client-rc-2.2
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.04.02 14:21:34 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.04.02 14:21:33 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.03.04 23:58:51 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011.03.04 23:58:51 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011.03.04 23:58:51 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010.10.04 16:05:47 | 006,814,952 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010.07.11 03:01:33 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.05.24 16:04:59 | 000,001,482 | ---- | C] () -- C:\Users\Installation\AppData\Local\RecConfig.xml
 
========== LOP Check ==========
 
[2011.12.15 00:47:28 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\.freeciv
[2011.02.28 22:15:29 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\.minecraft
[2010.02.18 21:02:36 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Amazon
[2011.03.30 15:12:09 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Ashampoo
[2012.01.14 18:56:08 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Azureus
[2012.01.14 18:53:47 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\BitCometLite
[2010.03.16 20:42:02 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Canneverbe Limited
[2009.12.12 00:57:45 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010.03.16 20:52:40 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\DeepBurner
[2011.05.27 23:26:22 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Dropbox
[2011.08.25 12:57:34 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\DVDVideoSoft
[2011.08.24 13:36:06 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.15 12:40:36 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Firaxis Games
[2010.02.12 18:43:35 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\gtk-2.0
[2009.08.16 23:34:55 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\ICQ
[2011.04.02 20:05:11 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\IObit
[2009.07.12 20:42:42 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\IrfanView
[2012.01.01 21:52:12 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\LolClient
[2011.12.27 12:56:46 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\My Games
[2010.08.22 16:52:47 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Nokia
[2010.08.22 16:52:47 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Nokia Ovi Suite
[2009.06.09 14:05:23 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\OpenOffice.org
[2010.11.23 23:48:19 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\PC Suite
[2009.10.15 19:33:35 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Samsung
[2009.06.22 01:37:43 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\springlobby
[2009.06.22 01:36:27 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\springsettings
[2009.07.11 20:04:42 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\streamripper
[2009.05.28 06:04:21 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\TeamViewer
[2009.05.28 00:14:43 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Template
[2010.01.27 19:51:23 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\TuneUp Software
[2009.08.15 19:55:42 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\uTorrent
[2009.06.01 12:20:19 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\OpenOffice.org
[2010.04.23 00:51:05 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\PC Suite
[2012.04.09 15:15:26 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.04.09 23:28:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{81FDF4A8-0BC8-4ACF-8667-2170A5223DBA}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.15 00:47:28 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\.freeciv
[2011.02.28 22:15:29 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\.minecraft
[2010.10.04 16:05:47 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\AccurateRip
[2011.07.21 17:21:01 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Adobe
[2010.02.18 21:02:36 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Amazon
[2012.01.17 19:10:28 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Apple Computer
[2011.03.30 15:12:09 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Ashampoo
[2009.05.28 00:07:43 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\ATI
[2012.01.14 18:56:08 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Azureus
[2012.01.14 18:53:47 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\BitCometLite
[2010.03.16 20:42:02 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Canneverbe Limited
[2009.12.12 00:57:45 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009.06.04 17:50:33 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\CyberLink
[2010.03.16 20:52:40 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\DeepBurner
[2011.05.27 23:26:22 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Dropbox
[2012.03.08 12:58:05 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\dvdcss
[2011.08.25 12:57:34 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\DVDVideoSoft
[2011.08.24 13:36:06 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.15 12:40:36 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Firaxis Games
[2010.02.12 18:43:35 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\gtk-2.0
[2009.08.16 23:34:55 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\ICQ
[2009.05.28 06:32:49 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Identities
[2009.05.28 00:25:37 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\InstallShield
[2011.04.02 20:05:11 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\IObit
[2009.07.12 20:42:42 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\IrfanView
[2009.06.01 12:53:34 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Logitech
[2012.01.01 21:52:12 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\LolClient
[2009.06.01 12:41:10 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Macromedia
[2012.04.09 13:13:37 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Malwarebytes
[2011.01.26 14:59:59 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Media Center Programs
[2012.01.27 12:09:14 | 000,000,000 | --SD | M] -- C:\Users\Installation\AppData\Roaming\Microsoft
[2009.12.25 20:57:13 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Microsoft Games
[2009.06.01 12:27:22 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Mozilla
[2011.12.27 12:56:46 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\My Games
[2009.05.31 14:25:58 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Nero
[2010.08.22 16:52:47 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Nokia
[2010.08.22 16:52:47 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Nokia Ovi Suite
[2009.06.09 14:05:23 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\OpenOffice.org
[2010.11.23 23:48:19 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\PC Suite
[2009.10.15 19:33:35 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Samsung
[2009.12.12 00:55:44 | 000,000,000 | RH-D | M] -- C:\Users\Installation\AppData\Roaming\SecuROM
[2009.06.22 01:37:43 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\springlobby
[2009.06.22 01:36:27 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\springsettings
[2009.07.11 20:04:42 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\streamripper
[2009.07.21 17:37:03 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\teamspeak2
[2009.05.28 06:04:21 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\TeamViewer
[2009.05.28 00:14:43 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\Template
[2010.01.27 19:51:23 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\TuneUp Software
[2009.08.15 19:55:42 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\uTorrent
[2012.03.24 12:46:25 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\vlc
[2010.02.06 00:33:17 | 000,000,000 | ---D | M] -- C:\Users\Installation\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.11.27 14:49:58 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Installation\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.07.03 23:57:23 | 000,003,262 | R--- | M] () -- C:\Users\Installation\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\controlPanelIcon.exe
[2010.07.03 23:57:23 | 000,010,134 | R--- | M] () -- C:\Users\Installation\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\SystemFolder_msiexec.exe
[2011.06.12 16:17:13 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Installation\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2011.06.12 16:17:13 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Installation\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2011.06.12 16:17:13 | 000,008,854 | R--- | M] () -- C:\Users\Installation\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
[2009.05.28 00:07:42 | 000,010,134 | R--- | M] () -- C:\Users\Installation\AppData\Roaming\Microsoft\Installer\{AA3DDA7B-A960-51C2-69C5-86F3AFB3E074}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Installation\AppData\Local\Temp\RarSFX1\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Installation\AppData\Local\Temp\RarSFX2\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Installation\AppData\Local\Temp\RarSFX3\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Installation\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Installation\AppData\Local\Temp\RarSFX2\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Installation\AppData\Local\Temp\RarSFX3\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.29 04:08:28 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2012.03.08 10:10:48 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2012.03.08 10:10:48 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[12 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

cosinus · 10.04.2012, 11:16

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
[2012.04.07 21:17:00 | 000,000,944 | ---- | M] () -- C:\Users\Installation\AppData\Roaming\Mozilla\Firefox\Profiles\ui376qhf.default\searchplugins\icqplugin.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000..\Run: []  File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools:  = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{09568650-a871-11df-8967-00241d11289d}\Shell - "" = AutoRun
O33 - MountPoints2\{09568650-a871-11df-8967-00241d11289d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{249e9223-4bc9-11e0-84ed-00241d11289d}\Shell\AutoRun\command - "" = E:\ymxf2.exe
O33 - MountPoints2\{249e9223-4bc9-11e0-84ed-00241d11289d}\Shell\open\Command - "" = E:\ymxf2.exe
O33 - MountPoints2\{53b4e715-4b3f-11de-b44d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{53b4e715-4b3f-11de-b44d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe
[2012.04.09 11:09:29 | 000,000,000 | ---D | C] -- C:\Users\Installation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012
[2012.04.08 19:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E858890C3886C200037EEA570F1C8B
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ComboJack · 10.04.2012, 13:02

Habe ich durchgeführt

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1902757388-2662892745-2604532924-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
File C:\Users\Installation\AppData\Roaming\Mozilla\Firefox\Profiles\ui376qhf.default\searchplugins\icqplugin.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-1902757388-2662892745-2604532924-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1902757388-2662892745-2604532924-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideSCAHealth not found.
Registry value HKEY_USERS\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction not found.
Registry value HKEY_USERS\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings not found.
Registry value HKEY_USERS\S-1-5-21-1902757388-2662892745-2604532924-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09568650-a871-11df-8967-00241d11289d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09568650-a871-11df-8967-00241d11289d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09568650-a871-11df-8967-00241d11289d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09568650-a871-11df-8967-00241d11289d}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{249e9223-4bc9-11e0-84ed-00241d11289d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{249e9223-4bc9-11e0-84ed-00241d11289d}\ not found.
File E:\ymxf2.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{249e9223-4bc9-11e0-84ed-00241d11289d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{249e9223-4bc9-11e0-84ed-00241d11289d}\ not found.
File E:\ymxf2.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53b4e715-4b3f-11de-b44d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53b4e715-4b3f-11de-b44d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53b4e715-4b3f-11de-b44d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53b4e715-4b3f-11de-b44d-806e6f6e6963}\ not found.
File E:\Run.exe not found.
Folder C:\Users\Installation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012\ not found.
Folder C:\ProgramData\B7E858890C3886C200037EEA570F1C8B\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Installation
->Temp folder emptied: 31911 bytes
->Temporary Internet Files folder emptied: 37294 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6415810 bytes
->Flash cache emptied: 0 bytes
 
User: ***
 
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 21963134 bytes
->Java cache emptied: 7618727 bytes
->FireFox cache emptied: 41054909 bytes
->Flash cache emptied: 2856 bytes
 
User: ***
 
User: ***
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8014160 bytes
RecycleBin emptied: 1824831141 bytes
 
Total Files Cleaned = 1.821,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Installation
->Flash cache emptied: 0 bytes
 
User: ***
 
User: ***
->Flash cache emptied: 0 bytes
 
User: Public
 
User: ***
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04102012_135707

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 10.04.2012, 14:21

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

ComboJack · 10.04.2012, 14:46

Ist fertig

Code:

ATTFilter

15:42:47.0503 3764	TDSS rootkit removing tool 2.7.27.0 Apr  9 2012 09:53:37
15:42:47.0635 3764	============================================================
15:42:47.0635 3764	Current date / time: 2012/04/10 15:42:47.0635
15:42:47.0635 3764	SystemInfo:
15:42:47.0635 3764	
15:42:47.0635 3764	OS Version: 6.0.6002 ServicePack: 2.0
15:42:47.0635 3764	Product type: Workstation
15:42:47.0635 3764	ComputerName: GAME-PC
15:42:47.0635 3764	UserName: Installation
15:42:47.0635 3764	Windows directory: C:\Windows
15:42:47.0635 3764	System windows directory: C:\Windows
15:42:47.0635 3764	Processor architecture: Intel x86
15:42:47.0635 3764	Number of processors: 4
15:42:47.0635 3764	Page size: 0x1000
15:42:47.0635 3764	Boot type: Normal boot
15:42:47.0635 3764	============================================================
15:42:48.0463 3764	Drive \Device\Harddisk0\DR0 - Size: 0xAEA8BD5E00 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:42:48.0464 3764	\Device\Harddisk0\DR0:
15:42:48.0465 3764	MBR used
15:42:48.0465 3764	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57544800
15:42:48.0489 3764	Initialize success
15:42:48.0489 3764	============================================================
15:43:45.0066 2656	============================================================
15:43:45.0066 2656	Scan started
15:43:45.0066 2656	Mode: Manual; SigCheck; TDLFS; 
15:43:45.0066 2656	============================================================
15:43:45.0643 2656	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:43:45.0705 2656	ACPI - ok
15:43:45.0752 2656	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:43:45.0768 2656	adp94xx - ok
15:43:45.0799 2656	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:43:45.0799 2656	adpahci - ok
15:43:45.0846 2656	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:43:45.0846 2656	adpu160m - ok
15:43:45.0877 2656	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:43:45.0877 2656	adpu320 - ok
15:43:45.0924 2656	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:43:45.0986 2656	AeLookupSvc - ok
15:43:46.0017 2656	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:43:46.0064 2656	AFD - ok
15:43:46.0111 2656	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:43:46.0111 2656	agp440 - ok
15:43:46.0142 2656	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:43:46.0142 2656	aic78xx - ok
15:43:46.0158 2656	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:43:46.0267 2656	ALG - ok
15:43:46.0298 2656	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:43:46.0298 2656	aliide - ok
15:43:46.0329 2656	AMD External Events Utility (ab04e0d25c677d350ced854b5d180495) C:\Windows\system32\atiesrxx.exe
15:43:46.0376 2656	AMD External Events Utility - ok
15:43:46.0407 2656	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:43:46.0423 2656	amdagp - ok
15:43:46.0438 2656	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:43:46.0438 2656	amdide - ok
15:43:46.0485 2656	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:43:46.0516 2656	AmdK7 - ok
15:43:46.0548 2656	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:43:46.0579 2656	AmdK8 - ok
15:43:46.0657 2656	AntiVirSchedulerService (9015bc03f62940527ec92d45ee89e46f) C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:43:46.0688 2656	AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - warning
15:43:46.0688 2656	AntiVirSchedulerService - detected UnsignedFile.Multi.Generic (1)
15:43:46.0704 2656	AntiVirService  (b8720a787c1223492e6f319465e996ce) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:43:46.0719 2656	AntiVirService ( UnsignedFile.Multi.Generic ) - warning
15:43:46.0719 2656	AntiVirService - detected UnsignedFile.Multi.Generic (1)
15:43:46.0735 2656	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:43:46.0766 2656	Appinfo - ok
15:43:46.0828 2656	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:43:46.0844 2656	Apple Mobile Device - ok
15:43:46.0860 2656	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:43:46.0875 2656	arc - ok
15:43:46.0891 2656	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:43:46.0906 2656	arcsas - ok
15:43:46.0922 2656	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:43:46.0953 2656	AsyncMac - ok
15:43:46.0984 2656	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:43:47.0000 2656	atapi - ok
15:43:47.0047 2656	AtiHdmiService  (30f8648437230abe8c7efe025194b0fc) C:\Windows\system32\drivers\AtiHdmi.sys
15:43:47.0047 2656	AtiHdmiService - ok
15:43:47.0125 2656	atikmdag        (18f4c1c503f1cdd39ad006aa54b79ea8) C:\Windows\system32\DRIVERS\atikmdag.sys
15:43:47.0530 2656	atikmdag - ok
15:43:47.0608 2656	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
15:43:47.0624 2656	atksgt - ok
15:43:47.0671 2656	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:43:47.0686 2656	AudioEndpointBuilder - ok
15:43:47.0702 2656	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:43:47.0718 2656	Audiosrv - ok
15:43:47.0764 2656	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
15:43:47.0764 2656	avgio - ok
15:43:47.0796 2656	avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
15:43:47.0796 2656	avgntflt - ok
15:43:47.0811 2656	avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
15:43:47.0827 2656	avipbb - ok
15:43:47.0858 2656	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:43:47.0905 2656	Beep - ok
15:43:47.0936 2656	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
15:43:47.0952 2656	BFE - ok
15:43:47.0998 2656	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
15:43:48.0045 2656	BITS - ok
15:43:48.0061 2656	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:43:48.0076 2656	blbdrive - ok
15:43:48.0123 2656	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:43:48.0139 2656	Bonjour Service - ok
15:43:48.0170 2656	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:43:48.0201 2656	bowser - ok
15:43:48.0217 2656	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:43:48.0248 2656	BrFiltLo - ok
15:43:48.0264 2656	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:43:48.0295 2656	BrFiltUp - ok
15:43:48.0310 2656	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:43:48.0342 2656	Browser - ok
15:43:48.0388 2656	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:43:48.0622 2656	Brserid - ok
15:43:48.0654 2656	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:43:48.0700 2656	BrSerWdm - ok
15:43:48.0716 2656	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:43:48.0778 2656	BrUsbMdm - ok
15:43:48.0794 2656	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:43:48.0841 2656	BrUsbSer - ok
15:43:48.0872 2656	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:43:48.0934 2656	BTHMODEM - ok
15:43:48.0981 2656	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:43:48.0997 2656	cdfs - ok
15:43:49.0028 2656	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:43:49.0044 2656	cdrom - ok
15:43:49.0075 2656	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:43:49.0122 2656	CertPropSvc - ok
15:43:49.0153 2656	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:43:49.0184 2656	circlass - ok
15:43:49.0231 2656	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:43:49.0246 2656	CLFS - ok
15:43:49.0293 2656	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:43:49.0309 2656	clr_optimization_v2.0.50727_32 - ok
15:43:49.0356 2656	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:43:49.0356 2656	clr_optimization_v4.0.30319_32 - ok
15:43:49.0387 2656	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:43:49.0402 2656	cmdide - ok
15:43:49.0434 2656	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
15:43:49.0449 2656	Compbatt - ok
15:43:49.0465 2656	COMSysApp - ok
15:43:49.0480 2656	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:43:49.0496 2656	crcdisk - ok
15:43:49.0527 2656	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:43:49.0558 2656	Crusoe - ok
15:43:49.0605 2656	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
15:43:49.0621 2656	CryptSvc - ok
15:43:49.0652 2656	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:43:49.0683 2656	DcomLaunch - ok
15:43:49.0933 2656	DevoloNetworkService (d2600494c45b98adfdae290205ad7cd3) C:\Program Files\devolo\dlan\devolonetsvc.exe
15:43:49.0995 2656	DevoloNetworkService - ok
15:43:50.0026 2656	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:43:50.0058 2656	DfsC - ok
15:43:50.0136 2656	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
15:43:50.0260 2656	DFSR - ok
15:43:50.0292 2656	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
15:43:50.0307 2656	Dhcp - ok
15:43:50.0338 2656	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:43:50.0338 2656	disk - ok
15:43:50.0370 2656	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
15:43:50.0401 2656	Dnscache - ok
15:43:50.0448 2656	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
15:43:50.0463 2656	dot3svc - ok
15:43:50.0494 2656	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:43:50.0526 2656	DPS - ok
15:43:50.0572 2656	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:43:50.0619 2656	drmkaud - ok
15:43:50.0650 2656	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:43:50.0682 2656	DXGKrnl - ok
15:43:50.0713 2656	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:43:50.0744 2656	E1G60 - ok
15:43:50.0775 2656	e1kexpress      (0916b8831f80cdd1819370d29350e60d) C:\Windows\system32\DRIVERS\e1k6032.sys
15:43:50.0791 2656	e1kexpress - ok
15:43:50.0822 2656	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:43:50.0853 2656	EapHost - ok
15:43:50.0884 2656	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:43:50.0900 2656	Ecache - ok
15:43:50.0916 2656	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
15:43:50.0947 2656	ehRecvr - ok
15:43:50.0962 2656	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
15:43:50.0978 2656	ehSched - ok
15:43:50.0994 2656	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
15:43:51.0009 2656	ehstart - ok
15:43:51.0040 2656	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:43:51.0056 2656	elxstor - ok
15:43:51.0103 2656	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
15:43:51.0165 2656	EMDMgmt - ok
15:43:51.0181 2656	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:43:51.0212 2656	ErrDev - ok
15:43:51.0259 2656	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
15:43:51.0274 2656	EventSystem - ok
15:43:51.0321 2656	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:43:51.0384 2656	exfat - ok
15:43:51.0415 2656	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:43:51.0430 2656	fastfat - ok
15:43:51.0462 2656	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:43:51.0493 2656	fdc - ok
15:43:51.0508 2656	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:43:51.0524 2656	fdPHost - ok
15:43:51.0555 2656	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:43:51.0618 2656	FDResPub - ok
15:43:51.0649 2656	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:43:51.0649 2656	FileInfo - ok
15:43:51.0664 2656	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:43:51.0696 2656	Filetrace - ok
15:43:51.0711 2656	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:43:51.0742 2656	flpydisk - ok
15:43:51.0758 2656	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:43:51.0774 2656	FltMgr - ok
15:43:51.0820 2656	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
15:43:51.0852 2656	FontCache - ok
15:43:51.0930 2656	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:43:51.0930 2656	FontCache3.0.0.0 - ok
15:43:51.0961 2656	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:43:51.0976 2656	Fs_Rec - ok
15:43:52.0039 2656	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:43:52.0054 2656	gagp30kx - ok
15:43:52.0070 2656	gdrv            (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\Windows\gdrv.sys
15:43:52.0086 2656	gdrv - ok
15:43:52.0117 2656	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:43:52.0117 2656	GEARAspiWDM - ok
15:43:52.0132 2656	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
15:43:52.0179 2656	gpsvc - ok
15:43:52.0257 2656	gupdate1c9f9cedf603745 (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:43:52.0257 2656	gupdate1c9f9cedf603745 - ok
15:43:52.0288 2656	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:43:52.0288 2656	gupdatem - ok
15:43:52.0320 2656	gusvc           (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:43:52.0335 2656	gusvc - ok
15:43:52.0382 2656	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:43:52.0429 2656	HdAudAddService - ok
15:43:52.0460 2656	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:43:52.0507 2656	HDAudBus - ok
15:43:52.0538 2656	HECI            (e4a123ad734a3731d29ebd3a01b3e535) C:\Windows\system32\DRIVERS\HECI.sys
15:43:52.0569 2656	HECI - ok
15:43:52.0616 2656	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:43:52.0647 2656	HidBth - ok
15:43:52.0663 2656	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:43:52.0710 2656	HidIr - ok
15:43:52.0756 2656	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
15:43:52.0788 2656	hidserv - ok
15:43:52.0803 2656	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:43:52.0819 2656	HidUsb - ok
15:43:52.0866 2656	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:43:52.0897 2656	hkmsvc - ok
15:43:52.0912 2656	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:43:52.0928 2656	HpCISSs - ok
15:43:53.0022 2656	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:43:53.0084 2656	HTTP - ok
15:43:53.0115 2656	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:43:53.0131 2656	i2omp - ok
15:43:53.0162 2656	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:43:53.0193 2656	i8042prt - ok
15:43:53.0209 2656	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:43:53.0224 2656	iaStorV - ok
15:43:53.0349 2656	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:43:53.0412 2656	idsvc - ok
15:43:53.0458 2656	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:43:53.0458 2656	iirsp - ok
15:43:53.0568 2656	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
15:43:53.0614 2656	IKEEXT - ok
15:43:53.0677 2656	IntcAzAudAddService (c3c499a704a2d7958d9d7e5a9db60ce4) C:\Windows\system32\drivers\RTKVHDA.sys
15:43:53.0755 2656	IntcAzAudAddService - ok
15:43:53.0817 2656	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:43:53.0833 2656	intelide - ok
15:43:53.0848 2656	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:43:53.0880 2656	intelppm - ok
15:43:53.0911 2656	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:43:53.0942 2656	IPBusEnum - ok
15:43:53.0958 2656	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:43:53.0989 2656	IpFilterDriver - ok
15:43:54.0020 2656	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
15:43:54.0051 2656	iphlpsvc - ok
15:43:54.0067 2656	IpInIp - ok
15:43:54.0098 2656	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:43:54.0129 2656	IPMIDRV - ok
15:43:54.0160 2656	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:43:54.0176 2656	IPNAT - ok
15:43:54.0238 2656	iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
15:43:54.0254 2656	iPod Service - ok
15:43:54.0285 2656	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:43:54.0301 2656	IRENUM - ok
15:43:54.0348 2656	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:43:54.0363 2656	isapnp - ok
15:43:54.0394 2656	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:43:54.0410 2656	iScsiPrt - ok
15:43:54.0441 2656	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:43:54.0441 2656	iteatapi - ok
15:43:54.0488 2656	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:43:54.0504 2656	iteraid - ok
15:43:54.0535 2656	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:43:54.0535 2656	kbdclass - ok
15:43:54.0582 2656	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:43:54.0613 2656	kbdhid - ok
15:43:54.0644 2656	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:43:54.0691 2656	KeyIso - ok
15:43:54.0722 2656	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:43:54.0738 2656	KSecDD - ok
15:43:54.0769 2656	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:43:54.0800 2656	KtmRm - ok
15:43:54.0847 2656	L8042Kbd        (d8d3f1c1e82117a3776a2d320a7b3694) C:\Windows\system32\DRIVERS\L8042Kbd.sys
15:43:54.0847 2656	L8042Kbd - ok
15:43:54.0862 2656	L8042mou        (5262222fb4a7b57b48115016ccfd1f4c) C:\Windows\system32\DRIVERS\L8042mou.Sys
15:43:54.0878 2656	L8042mou - ok
15:43:54.0940 2656	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
15:43:54.0987 2656	LanmanServer - ok
15:43:55.0003 2656	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
15:43:55.0050 2656	LanmanWorkstation - ok
15:43:55.0128 2656	LBTServ         (47c12f1a54b5c1b51008d7629c1d4f7b) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
15:43:55.0143 2656	LBTServ - ok
15:43:55.0174 2656	LHidFilt        (8b30311241f97b35167afe68d79e8530) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:43:55.0174 2656	LHidFilt - ok
15:43:55.0237 2656	LightScribeService (984ecb68ed2a2b2e6a544e87e24fba2d) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:43:55.0252 2656	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:43:55.0252 2656	LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:43:55.0299 2656	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
15:43:55.0299 2656	lirsgt - ok
15:43:55.0315 2656	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:43:55.0362 2656	lltdio - ok
15:43:55.0424 2656	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:43:55.0471 2656	lltdsvc - ok
15:43:55.0486 2656	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:43:55.0518 2656	lmhosts - ok
15:43:55.0549 2656	LMouFilt        (48d7422a6c4eec886b56ac534cfa3acf) C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:43:55.0564 2656	LMouFilt - ok
15:43:55.0611 2656	LMouKE          (96062ec1f26f08ebe056c026667744dd) C:\Windows\system32\DRIVERS\LMouKE.Sys
15:43:55.0627 2656	LMouKE - ok
15:43:55.0627 2656	LMS - ok
15:43:55.0658 2656	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:43:55.0674 2656	LSI_FC - ok
15:43:55.0720 2656	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:43:55.0736 2656	LSI_SAS - ok
15:43:55.0798 2656	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:43:55.0798 2656	LSI_SCSI - ok
15:43:55.0845 2656	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:43:55.0876 2656	luafv - ok
15:43:55.0908 2656	LUsbFilt        (0b808ff2f17c8396fb2ae202f75aed37) C:\Windows\system32\Drivers\LUsbFilt.Sys
15:43:55.0923 2656	LUsbFilt - ok
15:43:55.0954 2656	mcdbus          (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
15:43:55.0954 2656	mcdbus ( UnsignedFile.Multi.Generic ) - warning
15:43:55.0954 2656	mcdbus - detected UnsignedFile.Multi.Generic (1)
15:43:55.0986 2656	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
15:43:56.0032 2656	Mcx2Svc - ok
15:43:56.0064 2656	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:43:56.0079 2656	megasas - ok
15:43:56.0126 2656	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:43:56.0142 2656	MegaSR - ok
15:43:56.0173 2656	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:43:56.0204 2656	MMCSS - ok
15:43:56.0220 2656	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:43:56.0266 2656	Modem - ok
15:43:56.0313 2656	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:43:56.0329 2656	monitor - ok
15:43:56.0344 2656	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:43:56.0360 2656	mouclass - ok
15:43:56.0376 2656	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:43:56.0407 2656	mouhid - ok
15:43:56.0422 2656	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:43:56.0438 2656	MountMgr - ok
15:43:56.0469 2656	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:43:56.0469 2656	mpio - ok
15:43:56.0500 2656	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:43:56.0547 2656	mpsdrv - ok
15:43:56.0594 2656	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
15:43:56.0641 2656	MpsSvc - ok
15:43:56.0656 2656	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:43:56.0672 2656	Mraid35x - ok
15:43:56.0688 2656	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:43:56.0703 2656	MRxDAV - ok
15:43:56.0734 2656	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:43:56.0766 2656	mrxsmb - ok
15:43:56.0797 2656	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:43:56.0812 2656	mrxsmb10 - ok
15:43:56.0844 2656	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:43:56.0859 2656	mrxsmb20 - ok
15:43:56.0890 2656	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
15:43:56.0890 2656	msahci - ok
15:43:56.0922 2656	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:43:56.0922 2656	msdsm - ok
15:43:56.0953 2656	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:43:57.0000 2656	MSDTC - ok
15:43:57.0031 2656	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:43:57.0046 2656	Msfs - ok
15:43:57.0062 2656	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:43:57.0062 2656	msisadrv - ok
15:43:57.0109 2656	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:43:57.0140 2656	MSiSCSI - ok
15:43:57.0156 2656	msiserver - ok
15:43:57.0187 2656	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:43:57.0218 2656	MSKSSRV - ok
15:43:57.0249 2656	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:43:57.0265 2656	MSPCLOCK - ok
15:43:57.0312 2656	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:43:57.0327 2656	MSPQM - ok
15:43:57.0358 2656	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:43:57.0374 2656	MsRPC - ok
15:43:57.0405 2656	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:43:57.0421 2656	mssmbios - ok
15:43:57.0452 2656	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:43:57.0468 2656	MSTEE - ok
15:43:57.0468 2656	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:43:57.0483 2656	Mup - ok
15:43:57.0561 2656	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
15:43:57.0608 2656	napagent - ok
15:43:57.0670 2656	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:43:57.0686 2656	NativeWifiP - ok
15:43:57.0733 2656	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:43:57.0748 2656	NDIS - ok
15:43:57.0764 2656	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:43:57.0795 2656	NdisTapi - ok
15:43:57.0826 2656	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:43:57.0842 2656	Ndisuio - ok
15:43:57.0889 2656	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:43:57.0904 2656	NdisWan - ok
15:43:57.0904 2656	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:43:57.0920 2656	NDProxy - ok
15:43:57.0951 2656	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:43:57.0982 2656	NetBIOS - ok
15:43:58.0045 2656	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:43:58.0076 2656	netbt - ok
15:43:58.0076 2656	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:43:58.0092 2656	Netlogon - ok
15:43:58.0123 2656	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:43:58.0154 2656	Netman - ok
15:43:58.0170 2656	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:43:58.0201 2656	netprofm - ok
15:43:58.0263 2656	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:43:58.0263 2656	NetTcpPortSharing - ok
15:43:58.0279 2656	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:43:58.0294 2656	nfrd960 - ok
15:43:58.0326 2656	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:43:58.0357 2656	NlaSvc - ok
15:43:58.0388 2656	nmwcd           (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys
15:43:58.0419 2656	nmwcd - ok
15:43:58.0450 2656	nmwcdc          (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys
15:43:58.0497 2656	nmwcdc - ok
15:43:58.0528 2656	nmwcdnsu        (338f83ee9cb9e15eeacf0cbb90218cbf) C:\Windows\system32\drivers\nmwcdnsu.sys
15:43:58.0575 2656	nmwcdnsu - ok
15:43:58.0591 2656	nmwcdnsuc       (d15bac979144fb69ed28f97b2dd84d48) C:\Windows\system32\drivers\nmwcdnsuc.sys
15:43:58.0606 2656	nmwcdnsuc - ok
15:43:58.0653 2656	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:43:58.0684 2656	Npfs - ok
15:43:58.0716 2656	NPF_devolo      (75ac610a7481cb1f343dc971249bcb19) C:\Windows\system32\drivers\npf_devolo.sys
15:43:58.0731 2656	NPF_devolo ( UnsignedFile.Multi.Generic ) - warning
15:43:58.0731 2656	NPF_devolo - detected UnsignedFile.Multi.Generic (1)
15:43:58.0731 2656	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:43:58.0762 2656	nsi - ok
15:43:58.0778 2656	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:43:58.0809 2656	nsiproxy - ok
15:43:58.0856 2656	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:43:58.0887 2656	Ntfs - ok
15:43:58.0918 2656	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:43:58.0950 2656	ntrigdigi - ok
15:43:58.0981 2656	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:43:58.0996 2656	Null - ok
15:43:59.0028 2656	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:43:59.0028 2656	nvraid - ok
15:43:59.0074 2656	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:43:59.0074 2656	nvstor - ok
15:43:59.0121 2656	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:43:59.0137 2656	nv_agp - ok
15:43:59.0152 2656	NwlnkFlt - ok
15:43:59.0168 2656	NwlnkFwd - ok
15:43:59.0308 2656	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:43:59.0340 2656	odserv - ok
15:43:59.0386 2656	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
15:43:59.0418 2656	ohci1394 - ok
15:43:59.0449 2656	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:43:59.0464 2656	ose - ok
15:43:59.0511 2656	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:43:59.0558 2656	p2pimsvc - ok
15:43:59.0558 2656	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:43:59.0589 2656	p2psvc - ok
15:43:59.0620 2656	Parport         (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
15:43:59.0636 2656	Parport - ok
15:43:59.0667 2656	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:43:59.0683 2656	partmgr - ok
15:43:59.0698 2656	Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
15:43:59.0730 2656	Parvdm - ok
15:43:59.0761 2656	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:43:59.0792 2656	PcaSvc - ok
15:43:59.0854 2656	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
15:43:59.0886 2656	pccsmcfd - ok
15:43:59.0917 2656	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:43:59.0932 2656	pci - ok
15:43:59.0948 2656	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
15:43:59.0948 2656	pciide - ok
15:43:59.0979 2656	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:43:59.0979 2656	pcmcia - ok
15:44:00.0026 2656	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:44:00.0073 2656	PEAUTH - ok
15:44:00.0291 2656	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:44:00.0354 2656	pla - ok
15:44:00.0432 2656	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
15:44:00.0463 2656	PlugPlay - ok
15:44:00.0510 2656	PnkBstrA        (1713d9de407313138118d501b0e3c05b) C:\Windows\system32\PnkBstrA.exe
15:44:00.0510 2656	PnkBstrA - ok
15:44:00.0556 2656	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:44:00.0588 2656	PNRPAutoReg - ok
15:44:00.0588 2656	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:44:00.0619 2656	PNRPsvc - ok
15:44:00.0650 2656	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
15:44:00.0697 2656	PolicyAgent - ok
15:44:00.0728 2656	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:44:00.0775 2656	PptpMiniport - ok
15:44:00.0790 2656	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:44:00.0806 2656	Processor - ok
15:44:00.0853 2656	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
15:44:00.0884 2656	ProfSvc - ok
15:44:00.0915 2656	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:44:00.0915 2656	ProtectedStorage - ok
15:44:00.0962 2656	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:44:00.0978 2656	PSched - ok
15:44:01.0040 2656	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:44:01.0071 2656	ql2300 - ok
15:44:01.0102 2656	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:44:01.0102 2656	ql40xx - ok
15:44:01.0165 2656	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:44:01.0212 2656	QWAVE - ok
15:44:01.0227 2656	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:44:01.0243 2656	QWAVEdrv - ok
15:44:01.0290 2656	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:44:01.0321 2656	RasAcd - ok
15:44:01.0383 2656	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:44:01.0414 2656	RasAuto - ok
15:44:01.0430 2656	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:44:01.0446 2656	Rasl2tp - ok
15:44:01.0461 2656	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
15:44:01.0508 2656	RasMan - ok
15:44:01.0524 2656	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:44:01.0555 2656	RasPppoe - ok
15:44:01.0570 2656	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:44:01.0586 2656	RasSstp - ok
15:44:01.0602 2656	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:44:01.0617 2656	rdbss - ok
15:44:01.0617 2656	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:44:01.0648 2656	RDPCDD - ok
15:44:01.0726 2656	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:44:01.0742 2656	rdpdr - ok
15:44:01.0773 2656	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:44:01.0789 2656	RDPENCDD - ok
15:44:01.0836 2656	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
15:44:01.0867 2656	RDPWD - ok
15:44:01.0914 2656	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:44:01.0945 2656	RemoteAccess - ok
15:44:01.0976 2656	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
15:44:02.0007 2656	RemoteRegistry - ok
15:44:02.0023 2656	RichVideo - ok
15:44:02.0054 2656	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:44:02.0085 2656	RpcLocator - ok
15:44:02.0116 2656	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:44:02.0132 2656	RpcSs - ok
15:44:02.0163 2656	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:44:02.0194 2656	rspndr - ok
15:44:02.0226 2656	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:44:02.0226 2656	SamSs - ok
15:44:02.0272 2656	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:44:02.0288 2656	sbp2port - ok
15:44:02.0335 2656	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
15:44:02.0350 2656	SCardSvr - ok
15:44:02.0460 2656	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
15:44:02.0506 2656	Schedule - ok
15:44:02.0538 2656	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:44:02.0553 2656	SCPolicySvc - ok
15:44:02.0569 2656	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:44:02.0600 2656	SDRSVC - ok
15:44:02.0616 2656	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:44:02.0647 2656	secdrv - ok
15:44:02.0662 2656	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:44:02.0694 2656	seclogon - ok
15:44:02.0725 2656	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
15:44:02.0756 2656	SENS - ok
15:44:02.0787 2656	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
15:44:02.0803 2656	Serenum - ok
15:44:02.0834 2656	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
15:44:02.0865 2656	Serial - ok
15:44:02.0896 2656	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:44:02.0912 2656	sermouse - ok
15:44:03.0130 2656	ServiceLayer    (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
15:44:03.0162 2656	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
15:44:03.0162 2656	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
15:44:03.0177 2656	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:44:03.0193 2656	SessionEnv - ok
15:44:03.0240 2656	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:44:03.0255 2656	sffdisk - ok
15:44:03.0286 2656	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:44:03.0318 2656	sffp_mmc - ok
15:44:03.0349 2656	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:44:03.0380 2656	sffp_sd - ok
15:44:03.0427 2656	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:44:03.0474 2656	sfloppy - ok
15:44:03.0552 2656	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:44:03.0583 2656	SharedAccess - ok
15:44:03.0614 2656	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
15:44:03.0645 2656	ShellHWDetection - ok
15:44:03.0676 2656	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:44:03.0676 2656	sisagp - ok
15:44:03.0723 2656	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:44:03.0723 2656	SiSRaid2 - ok
15:44:03.0770 2656	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:44:03.0786 2656	SiSRaid4 - ok
15:44:04.0254 2656	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
15:44:04.0347 2656	slsvc - ok
15:44:04.0456 2656	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
15:44:04.0519 2656	SLUINotify - ok
15:44:04.0550 2656	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:44:04.0597 2656	Smb - ok
15:44:04.0612 2656	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:44:04.0628 2656	SNMPTRAP - ok
15:44:04.0644 2656	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:44:04.0659 2656	spldr - ok
15:44:04.0675 2656	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
15:44:04.0722 2656	Spooler - ok
15:44:04.0753 2656	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:44:04.0800 2656	srv - ok
15:44:04.0831 2656	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:44:04.0878 2656	srv2 - ok
15:44:04.0909 2656	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:44:04.0924 2656	srvnet - ok
15:44:04.0940 2656	sscdbus         (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
15:44:04.0971 2656	sscdbus - ok
15:44:05.0002 2656	sscdmdfl        (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:44:05.0034 2656	sscdmdfl - ok
15:44:05.0065 2656	sscdmdm         (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
15:44:05.0065 2656	sscdmdm - ok
15:44:05.0096 2656	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:44:05.0143 2656	SSDPSRV - ok
15:44:05.0174 2656	ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
15:44:05.0174 2656	ssmdrv - ok
15:44:05.0205 2656	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:44:05.0221 2656	SstpSvc - ok
15:44:05.0252 2656	StarOpen - ok
15:44:05.0283 2656	Steam Client Service - ok
15:44:05.0314 2656	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
15:44:05.0330 2656	stisvc - ok
15:44:05.0361 2656	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:44:05.0361 2656	swenum - ok
15:44:05.0408 2656	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
15:44:05.0439 2656	swprv - ok
15:44:05.0470 2656	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:44:05.0470 2656	Symc8xx - ok
15:44:05.0502 2656	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:44:05.0517 2656	Sym_hi - ok
15:44:05.0533 2656	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:44:05.0548 2656	Sym_u3 - ok
15:44:05.0829 2656	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
15:44:05.0892 2656	SysMain - ok
15:44:05.0907 2656	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:44:05.0938 2656	TabletInputService - ok
15:44:06.0016 2656	taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
15:44:06.0016 2656	taphss - ok
15:44:06.0157 2656	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
15:44:06.0204 2656	TapiSrv - ok
15:44:06.0235 2656	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:44:06.0250 2656	TBS - ok
15:44:06.0297 2656	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:44:06.0328 2656	Tcpip - ok
15:44:06.0360 2656	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:44:06.0375 2656	Tcpip6 - ok
15:44:06.0438 2656	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:44:06.0469 2656	tcpipreg - ok
15:44:06.0500 2656	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:44:06.0516 2656	TDPIPE - ok
15:44:06.0531 2656	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:44:06.0547 2656	TDTCP - ok
15:44:06.0609 2656	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:44:06.0640 2656	tdx - ok
15:44:06.0703 2656	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:44:06.0703 2656	TermDD - ok
15:44:06.0843 2656	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
15:44:06.0890 2656	TermService - ok
15:44:06.0921 2656	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
15:44:06.0937 2656	Themes - ok
15:44:07.0062 2656	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:44:07.0077 2656	THREADORDER - ok
15:44:07.0202 2656	tifsfilter      (d28aaf9a30b4b1a43310dcbdb4fd13bf) C:\Windows\system32\DRIVERS\tifsfilt.sys
15:44:07.0202 2656	tifsfilter - ok
15:44:07.0264 2656	timounter       (4362215c82a3abe14ebb409289136a8b) C:\Windows\system32\DRIVERS\timntr.sys
15:44:07.0280 2656	timounter - ok
15:44:07.0311 2656	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:44:07.0327 2656	TrkWks - ok
15:44:07.0436 2656	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
15:44:07.0452 2656	TrustedInstaller - ok
15:44:07.0514 2656	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:44:07.0545 2656	tssecsrv - ok
15:44:07.0576 2656	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:44:07.0576 2656	tunmp - ok
15:44:07.0748 2656	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:44:07.0779 2656	tunnel - ok
15:44:07.0842 2656	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:44:07.0842 2656	uagp35 - ok
15:44:07.0966 2656	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:44:07.0998 2656	udfs - ok
15:44:08.0029 2656	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:44:08.0044 2656	UI0Detect - ok
15:44:08.0076 2656	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:44:08.0076 2656	uliagpkx - ok
15:44:08.0200 2656	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:44:08.0216 2656	uliahci - ok
15:44:08.0247 2656	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:44:08.0247 2656	UlSata - ok
15:44:08.0278 2656	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:44:08.0278 2656	ulsata2 - ok
15:44:08.0388 2656	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:44:08.0403 2656	umbus - ok
15:44:08.0934 2656	UNS             (36ea26d6ebbe5c858f4954e5ff7d1e8a) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
15:44:09.0012 2656	UNS - ok
15:44:09.0121 2656	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:44:09.0168 2656	upnphost - ok
15:44:09.0214 2656	upperdev        (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
15:44:09.0246 2656	upperdev - ok
15:44:09.0292 2656	USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
15:44:09.0339 2656	USBAAPL - ok
15:44:09.0370 2656	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:44:09.0386 2656	usbccgp - ok
15:44:09.0402 2656	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:44:09.0448 2656	usbcir - ok
15:44:09.0495 2656	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:44:09.0526 2656	usbehci - ok
15:44:09.0542 2656	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:44:09.0558 2656	usbhub - ok
15:44:09.0589 2656	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:44:09.0620 2656	usbohci - ok
15:44:09.0792 2656	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:44:09.0823 2656	usbprint - ok
15:44:09.0963 2656	usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
15:44:09.0979 2656	usbser - ok
15:44:10.0135 2656	UsbserFilt      (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
15:44:10.0150 2656	UsbserFilt - ok
15:44:10.0260 2656	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:44:10.0306 2656	USBSTOR - ok
15:44:10.0322 2656	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:44:10.0338 2656	usbuhci - ok
15:44:10.0369 2656	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
15:44:10.0400 2656	UxSms - ok
15:44:10.0462 2656	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
15:44:10.0509 2656	vds - ok
15:44:10.0556 2656	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:44:10.0587 2656	vga - ok
15:44:10.0603 2656	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:44:10.0634 2656	VgaSave - ok
15:44:10.0665 2656	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:44:10.0665 2656	viaagp - ok
15:44:10.0681 2656	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:44:10.0712 2656	ViaC7 - ok
15:44:10.0774 2656	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:44:10.0774 2656	viaide - ok
15:44:10.0915 2656	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:44:10.0915 2656	volmgr - ok
15:44:11.0149 2656	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:44:11.0180 2656	volmgrx - ok
15:44:11.0211 2656	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:44:11.0211 2656	volsnap - ok
15:44:11.0242 2656	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:44:11.0258 2656	vsmraid - ok
15:44:11.0430 2656	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
15:44:11.0476 2656	VSS - ok
15:44:11.0554 2656	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
15:44:11.0586 2656	W32Time - ok
15:44:11.0601 2656	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:44:11.0648 2656	WacomPen - ok
15:44:11.0710 2656	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:44:11.0757 2656	Wanarp - ok
15:44:11.0757 2656	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:44:11.0773 2656	Wanarpv6 - ok
15:44:11.0866 2656	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
15:44:11.0898 2656	wcncsvc - ok
15:44:11.0929 2656	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:44:11.0960 2656	WcsPlugInService - ok
15:44:11.0976 2656	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:44:11.0976 2656	Wd - ok
15:44:12.0116 2656	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:44:12.0147 2656	Wdf01000 - ok
15:44:12.0178 2656	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:44:12.0210 2656	WdiServiceHost - ok
15:44:12.0210 2656	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:44:12.0225 2656	WdiSystemHost - ok
15:44:12.0288 2656	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
15:44:12.0319 2656	WebClient - ok
15:44:12.0350 2656	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
15:44:12.0397 2656	Wecsvc - ok
15:44:12.0412 2656	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:44:12.0444 2656	wercplsupport - ok
15:44:12.0444 2656	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
15:44:12.0459 2656	WerSvc - ok
15:44:12.0537 2656	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:44:12.0553 2656	WinDefend - ok
15:44:12.0553 2656	WinHttpAutoProxySvc - ok
15:44:12.0631 2656	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
15:44:12.0646 2656	Winmgmt - ok
15:44:13.0052 2656	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
15:44:13.0114 2656	WinRM - ok
15:44:13.0255 2656	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
15:44:13.0317 2656	Wlansvc - ok
15:44:13.0520 2656	wlidsvc         (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:44:13.0598 2656	wlidsvc - ok
15:44:13.0692 2656	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
15:44:13.0723 2656	WmiAcpi - ok
15:44:13.0785 2656	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
15:44:13.0785 2656	wmiApSrv - ok
15:44:14.0066 2656	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:44:14.0128 2656	WMPNetworkSvc - ok
15:44:14.0160 2656	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
15:44:14.0206 2656	WPCSvc - ok
15:44:14.0253 2656	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
15:44:14.0284 2656	WPDBusEnum - ok
15:44:14.0316 2656	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:44:14.0316 2656	WpdUsb - ok
15:44:14.0550 2656	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:44:14.0581 2656	WPFFontCache_v0400 - ok
15:44:14.0628 2656	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:44:14.0674 2656	ws2ifsl - ok
15:44:14.0690 2656	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
15:44:14.0706 2656	wscsvc - ok
15:44:14.0721 2656	WSearch - ok
15:44:15.0267 2656	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
15:44:15.0330 2656	wuauserv - ok
15:44:15.0408 2656	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
15:44:15.0439 2656	WudfPf - ok
15:44:15.0486 2656	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:44:15.0486 2656	WUDFRd - ok
15:44:15.0501 2656	wudfsvc         (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
15:44:15.0564 2656	wudfsvc - ok
15:44:15.0579 2656	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:44:16.0546 2656	\Device\Harddisk0\DR0 - ok
15:44:16.0546 2656	Boot (0x1200)   (69f201615a11d262cb62a73fb826114b) \Device\Harddisk0\DR0\Partition0
15:44:16.0546 2656	\Device\Harddisk0\DR0\Partition0 - ok
15:44:16.0546 2656	============================================================
15:44:16.0546 2656	Scan finished
15:44:16.0546 2656	============================================================
15:44:16.0562 2732	Detected object count: 6
15:44:16.0562 2732	Actual detected object count: 6
15:44:28.0964 2732	AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:28.0964 2732	AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:44:28.0964 2732	AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:28.0964 2732	AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:44:28.0964 2732	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:28.0964 2732	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:44:28.0964 2732	mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:28.0964 2732	mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:44:28.0964 2732	NPF_devolo ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:28.0964 2732	NPF_devolo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:44:28.0964 2732	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:28.0964 2732	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 10.04.2012, 15:25

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

ComboJack · 10.04.2012, 16:12

ComboFix ist fertig

Code:

ATTFilter

ComboFix 12-04-10.01 - Installation 10.04.2012  16:55:01.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3325.2083 [GMT 2:00]
ausgeführt von:: c:\users\Installation\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\etc
c:\program files\etc\configuration.xml
c:\program files\etc\keymap
c:\program files\etc\updater.xml
c:\users\Installation\AppData\Local\lame_enc.dll
c:\users\Installation\AppData\Local\no23xwrapper.dll
c:\users\Installation\AppData\Local\ogg.dll
c:\users\Installation\AppData\Local\vorbis.dll
c:\users\Installation\AppData\Local\vorbisenc.dll
c:\users\Installation\AppData\Local\vorbisfile.dll
c:\windows\IsUn0407.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-10 bis 2012-04-10  ))))))))))))))))))))))))))))))
.
.
2012-04-10 14:45 . 2012-04-10 14:45	9310	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-04-10 11:15 . 2012-04-10 11:15	--------	d-----w-	C:\_OTL
2012-04-09 18:52 . 2012-04-09 18:52	--------	d-----w-	c:\program files\ESET
2012-04-09 11:13 . 2012-04-09 11:13	--------	d-----w-	c:\users\Installation\AppData\Roaming\Malwarebytes
2012-04-09 11:13 . 2012-04-09 11:13	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-09 11:13 . 2012-04-09 11:13	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-04-09 11:13 . 2011-12-10 13:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-08 17:42 . 2012-04-09 12:03	--------	d-----w-	c:\programdata\B7E858890C3886C200037EEA570F1C8B
2012-04-06 09:23 . 2012-03-14 02:15	6582328	------w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{57E4133F-8649-40B4-A4E9-2E66F639FD1E}\mpengine.dll
2012-03-14 21:12 . 2012-03-14 21:12	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-14 21:12 . 2012-03-14 21:12	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 10:53 . 2012-02-02 15:16	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 10:53 . 2012-02-14 15:45	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-03-14 10:53 . 2012-02-14 15:45	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-03-14 10:53 . 2012-02-13 14:12	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-03-14 10:53 . 2012-02-13 13:47	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-03-14 10:53 . 2012-02-13 13:44	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 10:53 . 2012-01-31 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-03-14 10:53 . 2012-01-09 15:54	613376	----a-w-	c:\windows\system32\rdpencom.dll
2012-03-14 10:53 . 2012-01-09 13:58	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-13 21:58 . 2012-03-13 21:58	--------	d-----w-	c:\program files\iPod
2012-03-13 21:58 . 2012-03-13 21:58	--------	d-----w-	c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-17 20:17 . 2012-01-06 20:25	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-08 08:10 . 2012-03-08 08:10	86528	----a-w-	c:\windows\system32\iesysprep.dll
2012-03-08 08:10 . 2012-03-08 08:10	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-03-08 08:10 . 2012-03-08 08:10	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-03-08 08:10 . 2012-03-08 08:10	63488	----a-w-	c:\windows\system32\tdc.ocx
2012-03-08 08:10 . 2012-03-08 08:10	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-03-08 08:10 . 2012-03-08 08:10	367104	----a-w-	c:\windows\system32\html.iec
2012-03-08 08:10 . 2012-03-08 08:10	161792	----a-w-	c:\windows\system32\msls31.dll
2012-03-08 08:10 . 2012-03-08 08:10	1127424	----a-w-	c:\windows\system32\wininet.dll
2012-03-08 08:10 . 2012-03-08 08:10	74752	----a-w-	c:\windows\system32\iesetup.dll
2012-03-08 08:10 . 2012-03-08 08:10	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-03-08 08:10 . 2012-03-08 08:10	23552	----a-w-	c:\windows\system32\licmgr10.dll
2012-03-08 08:10 . 2012-03-08 08:10	152064	----a-w-	c:\windows\system32\wextract.exe
2012-03-08 08:10 . 2012-03-08 08:10	150528	----a-w-	c:\windows\system32\iexpress.exe
2012-03-08 08:10 . 2012-03-08 08:10	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2012-03-08 08:10 . 2012-03-08 08:10	35840	----a-w-	c:\windows\system32\imgutil.dll
2012-03-08 08:10 . 2012-03-08 08:10	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-03-08 08:10 . 2012-03-08 08:10	1798656	----a-w-	c:\windows\system32\jscript9.dll
2012-03-08 08:10 . 2012-03-08 08:10	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-03-08 08:10 . 2012-03-08 08:10	11776	----a-w-	c:\windows\system32\mshta.exe
2012-03-08 08:10 . 2012-03-08 08:10	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-03-08 08:10 . 2012-03-08 08:10	101888	----a-w-	c:\windows\system32\admparse.dll
2012-02-23 08:18 . 2009-10-03 10:41	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 10:01 . 2012-02-15 10:01	4547944	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01 . 2012-02-15 10:01	43520	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2008-08-24 16:07 . 2009-07-20 23:04	67	----a-w-	c:\program files\debuglbz.bat
2008-08-14 14:33 . 2009-07-20 23:04	320512	----a-w-	c:\program files\SDL.dll
2008-03-09 10:15 . 2009-07-20 23:04	23	----a-w-	c:\program files\safemode.bat
2005-12-28 13:44 . 2009-07-20 23:04	162816	----a-w-	c:\program files\fmod.dll
2012-03-14 21:12 . 2011-03-27 20:40	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-24 6265376]
"Skytel"="Skytel.exe" [2008-07-24 1833504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-07-24 773144]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-1 809488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07	932288	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 12:08	2289664	----a-w-	c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-08 20:20]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 12:39]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 12:39]
.
2012-04-10 c:\windows\Tasks\User_Feed_Synchronization-{81FDF4A8-0BC8-4ACF-8667-2170A5223DBA}.job
- c:\windows\system32\msfeedssync.exe [2012-03-08 08:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Installation\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Installation\AppData\Roaming\Mozilla\Firefox\Profiles\ui376qhf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.ftp - 205.251.132.51
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 187.72.145.53
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 91.121.16.86
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 187.72.145.53
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
AddRemove-SimCity 3000 - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-10 16:59
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1902757388-2662892745-2604532924-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ef,d5,a8,99,2d,16,a8,0f,c4,e8,45,bc,57,4a,14,4f,23,95,7c,cc,25,8f,e4,
   46,86,e1,01,d7,5a,53,9e,8a,76,90,19,44,7d,07,3c,72,2c,ba,5b,5e,80,84,f0,44,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-1902757388-2662892745-2604532924-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:6d,bc,c4,d0,db,62,ae,07,44,32,72,c3,16,4a,9a,f9,a1,ac,9d,52,89,
   6a,06,48,77,20,d0,1d,09,07,e1,9b,9a,f5,10,3c,84,7b,df,ee,27,16,0a,05,7b,c5,\
"rkeysecu"=hex:e3,26,a7,72,98,46,cf,ab,21,4c,13,18,67,14,31,97
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-04-10  17:00:58
ComboFix-quarantined-files.txt  2012-04-10 15:00
.
Vor Suchlauf: 15 Verzeichnis(se), 548.632.956.928 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 548.556.521.472 Bytes frei
.
- - End Of File - - C32275E02E5BCC0273272F298B41E032

09.04.2012, 19:29	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Mit Smart Fortress 2012 infiziert Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ __________________

09.04.2012, 22:11	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Mit Smart Fortress 2012 infiziert Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ --> Mit Smart Fortress 2012 infiziert

Mit Smart Fortress 2012 infiziert

Log-Analyse und Auswertung: Mit Smart Fortress 2012 infiziert