| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Anti-Malware findet Trojan.FakeAlert in DeccryptHellper!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.05.2012, 12:37
| #16 |
 |  Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Konnte ursprüngliches Log nicht uploaden, weil das Log mehr als 100000 Zeichen hatte. Habe darum das Log auf 14 Tage begrenzt (das Problem ist erst eine Woche alt). Geschafft! Hier dann endlich der Scan: OTL Logfile: Code:
ATTFilter OTL logfile created on: 5/8/2012 1:18:38 PM - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = D:\Install\Internet\Antivirus 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 4.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 36.88% Memory free 8.00 Gb Paging File | 5.66 Gb Available in Paging File | 70.72% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 315.25 Gb Total Space | 219.25 Gb Free Space | 69.55% Space Free | Partition Type: NTFS Drive D: | 345.33 Gb Total Space | 150.35 Gb Free Space | 43.54% Space Free | Partition Type: NTFS Drive X: | 259.15 Gb Total Space | 212.81 Gb Free Space | 82.12% Space Free | Partition Type: NTFS Drive Y: | 100.00 Mb Total Space | 70.17 Mb Free Space | 70.17% Space Free | Partition Type: NTFS Drive Z: | 11.68 Gb Total Space | 1.42 Gb Free Space | 12.17% Space Free | Partition Type: NTFS Computer Name: GERD-HP | User Name: Gerd | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012/05/08 10:51:01 | 000,595,456 | ---- | M] (OldTimer Tools) -- D:\Install\Internet\Antivirus\OTL.exe PRC - [2012/05/02 13:28:42 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/05/01 09:28:19 | 000,400,344 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/20 12:20:52 | 000,571,320 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe PRC - [2012/03/13 06:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Gerd\AppData\Local\Akamai\netsession_win.exe PRC - [2012/01/12 15:53:01 | 000,046,376 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMediaInfoPDVD12.exe PRC - [2012/01/12 15:52:57 | 000,296,232 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe PRC - [2012/01/12 15:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe PRC - [2012/01/12 15:52:55 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe PRC - [2012/01/12 14:58:47 | 000,371,256 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe PRC - [2011/11/10 11:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2011/08/24 18:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- D:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- D:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- D:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- D:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010/10/01 14:59:38 | 000,884,736 | ---- | M] () -- C:\Program Files (x86)\MFP Server Utilities\MFPAgent.exe PRC - [2010/01/25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/01/25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/01/18 19:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe PRC - [2007/09/14 08:02:10 | 001,080,264 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\totalcmd\TOTALCMD.EXE ========== Modules (No Company Name) ========== MOD - [2012/05/02 13:28:42 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/05/01 09:28:19 | 001,952,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2012/05/01 09:28:19 | 000,162,776 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll MOD - [2012/05/01 09:28:19 | 000,021,976 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll MOD - [2012/01/29 18:29:07 | 000,985,088 | ---- | M] () -- D:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2012/01/12 14:55:29 | 000,075,048 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\subsys\DLNA\DMS\_PyDMSCtrl.pyd MOD - [2011/08/24 04:39:11 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd MOD - [2011/08/24 04:39:11 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ctypes.pyd MOD - [2011/08/24 04:39:11 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd MOD - [2010/10/01 14:59:38 | 000,884,736 | ---- | M] () -- C:\Program Files (x86)\MFP Server Utilities\MFPAgent.exe MOD - [2010/01/18 19:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/01/26 19:01:28 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011/01/26 13:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc) SRV:64bit: - [2010/11/20 15:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN) SRV:64bit: - [2010/09/27 17:42:04 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:64bit: - [2010/06/17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV:64bit: - [2010/03/10 16:29:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 03:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC) SRV - [2012/05/02 13:28:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/29 09:54:55 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/27 19:06:59 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai) SRV - [2012/03/20 13:49:22 | 001,118,648 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2012/03/20 12:20:52 | 000,571,320 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2012/03/20 11:11:50 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/01/12 15:52:57 | 000,296,232 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service) SRV - [2012/01/12 15:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12) SRV - [2012/01/12 15:52:55 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service) SRV - [2011/09/01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- D:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2011/08/03 08:24:47 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/01/28 22:36:46 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/11/20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010/11/20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010/11/20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/20 13:50:48 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg) DRV:64bit: - [2012/03/20 13:50:18 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD) DRV:64bit: - [2012/03/20 13:43:36 | 000,339,608 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi) DRV:64bit: - [2012/03/20 12:21:14 | 000,085,192 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD) DRV:64bit: - [2012/03/16 12:15:42 | 000,426,104 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore) DRV:64bit: - [2012/03/14 19:23:00 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA) DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS) DRV:64bit: - [2012/01/08 11:40:54 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011/03/04 21:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010/09/27 17:42:04 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp) DRV:64bit: - [2010/09/27 17:42:00 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb) DRV:64bit: - [2010/09/27 17:41:58 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl) DRV:64bit: - [2010/03/10 18:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2010/03/10 16:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010/03/10 15:34:06 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/03/04 16:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010/01/28 07:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010/01/19 21:44:32 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) DRV:64bit: - [2009/10/19 23:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009/10/08 02:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/10/08 02:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/09/12 09:05:32 | 000,039,552 | ---- | M] (None) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mfpec.sys -- (ALIWEHCD) DRV:64bit: - [2009/09/12 09:05:32 | 000,013,184 | ---- | M] (None) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfpcomp.sys -- (AliWGP) DRV:64bit: - [2009/09/12 09:05:32 | 000,012,416 | ---- | M] (None) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfpvbus.sys -- (WUSBVBus) DRV:64bit: - [2009/08/26 08:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 22:35:02 | 000,244,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1q60x64.sys -- (e1qexpress) Stuurprogramma Q voor Intel(R) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009/03/13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2009/03/04 09:48:50 | 000,213,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/01/08 11:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV - [2012/01/11 23:57:42 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/02/22 13:39:57] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2011/10/27 08:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {40373B9D-88C1-4F6E-9B57-E9534E4CC3A0} IE:64bit: - HKLM\..\SearchScopes\{40373B9D-88C1-4F6E-9B57-E9534E4CC3A0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN IE - HKLM\..\SearchScopes,DefaultScope = {40373B9D-88C1-4F6E-9B57-E9534E4CC3A0} IE - HKLM\..\SearchScopes\{40373B9D-88C1-4F6E-9B57-E9534E4CC3A0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\SearchScopes,DefaultScope = {3C2010D6-0CF4-40DB-8BC0-DE8A292879E3} IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\SearchScopes\{3C2010D6-0CF4-40DB-8BC0-DE8A292879E3}: "URL" = hxxp://www.google.nl/search?hl=nl&q={searchTerms} IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2012/05/07 10:29:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/02 13:28:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/19 18:33:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/16 21:39:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/01/05 23:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Extensions [2011/01/05 23:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/05/05 18:15:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\a9ua28ft.default\extensions [2012/05/05 18:15:03 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\a9ua28ft.default\extensions\foxmarks@kei.com [2011/09/23 21:48:29 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\a9ua28ft.default\extensions\maps@ovi.com [2012/05/05 13:04:11 | 000,002,354 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\a9ua28ft.default\searchplugins\aol-web-search.xml [2012/05/02 20:12:29 | 000,002,354 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\a9ua28ft.default\searchplugins\locked-aol-web-search.xml.wlrp [2012/04/12 16:22:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/04/12 16:22:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/05/05 13:04:11 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\GERD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A9UA28FT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012/05/02 13:28:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/03/05 00:42:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/02/11 14:09:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/02/11 14:09:58 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml [2012/02/11 14:09:58 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml [2012/02/11 14:09:58 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O3:64bit: - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MFP Manager] C:\Program Files (x86)\MFP Server Utilities\MFPAgent.exe () O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe File not found O4 - HKLM..\Run: [PMBVolumeWatcher] D:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001..\Run: [Akamai NetSession Interface] C:\Users\Gerd\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson London Advent Calendar.lnk = File not found O4 - Startup: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Manager for Skype.lnk = D:\ProgramFiles (x86)\Manager for Skype\ManagerForSkype.exe () O4 - Startup: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = D:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E54B6F9-0701-4446-A286-C1DA3BBC7DB0}: DhcpNameServer = 192.168.123.254 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2} - C:\Windows\SysWow64\WDShell.DLL (PC SOFT) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - Y:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - Z:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/05/07 15:25:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/05/07 10:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security [2012/05/04 22:40:35 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\Malwarebytes [2012/05/04 22:40:27 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/05/04 22:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/04 22:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/05/04 22:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/04 03:09:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/05/02 19:46:10 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\Ujshrilvp [2012/05/02 13:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/05/02 13:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/04/12 16:22:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/04/12 16:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/05/08 12:50:06 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/05/08 12:25:04 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/05/08 11:06:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/08 11:06:17 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/08 11:03:51 | 001,833,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/05/08 11:03:51 | 000,810,998 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2012/05/08 11:03:51 | 000,708,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/05/08 11:03:51 | 000,177,570 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2012/05/08 11:03:51 | 000,139,172 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/05/08 10:56:41 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/05/08 10:56:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/08 10:55:50 | 3220,660,224 | -HS- | M] () -- C:\hiberfil.sys [2012/05/07 10:32:42 | 000,014,776 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys [2012/05/05 22:57:57 | 004,209,334 | ---- | M] () -- C:\Users\Gerd\Desktop\OBI-keukens.pdf [2012/05/05 17:09:24 | 000,000,000 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2012/05/05 16:25:40 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2012/05/05 16:25:30 | 000,008,192 | ---- | M] () -- C:\BOOTSECT.BAK [2012/05/05 16:10:39 | 000,000,334 | ---- | M] () -- C:\Users\Gerd\Desktop\WD SAAS remote admin.url [2012/05/05 13:39:22 | 000,000,730 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012/05/05 13:38:58 | 000,000,623 | ---- | M] () -- C:\Users\Gerd\Desktop\WoW.exe.lnk [2012/05/05 13:04:37 | 000,832,658 | ---- | M] () -- C:\Users\Gerd\Documents\Dachgeschoss.xar [2012/05/05 13:04:37 | 000,795,196 | ---- | M] () -- C:\Users\Gerd\Documents\Afzuigkap_koolstoffilter.emf [2012/05/05 13:04:37 | 000,215,955 | ---- | M] () -- C:\Users\Gerd\Desktop\64691_xm3_de_UM.pdf [2012/05/05 13:04:37 | 000,151,334 | ---- | M] () -- C:\Users\Gerd\Desktop\Noresund-Bed-Side.jpg2511ae93-c869-4db2-a592-20ba7b19f76cLarger.jpg [2012/05/05 13:04:37 | 000,054,249 | ---- | M] () -- C:\Users\Gerd\Documents\Oberwiesenthal_plattegrond.xar [2012/05/05 13:04:37 | 000,002,158 | ---- | M] () -- C:\Users\Gerd\Desktop\WebDev-server Chris.rdp [2012/05/05 13:04:37 | 000,002,028 | ---- | M] () -- C:\Users\Gerd\Documents\Default.rdp [2012/05/05 13:04:37 | 000,000,867 | ---- | M] () -- C:\Users\Gerd\Documents\everest_HP_Gerd.rpf [2012/05/05 13:04:37 | 000,000,332 | ---- | M] () -- C:\Users\Gerd\Desktop\WebDev remote admin.url [2012/05/05 13:04:37 | 000,000,328 | ---- | M] () -- C:\Users\Gerd\Desktop\WebDev remote admin - kopie.url [2012/05/05 12:58:45 | 000,007,605 | ---- | M] () -- C:\Users\Gerd\AppData\Local\Resmon.ResmonCfg [2012/05/05 12:57:19 | 000,000,738 | ---- | M] () -- C:\Users\Gerd\.recently-used.xbel [2012/05/04 20:57:31 | 007,401,821 | ---- | M] () -- C:\Users\Gerd\AppData\Local\census.cache [2012/05/04 20:51:40 | 000,113,378 | ---- | M] () -- C:\Users\Gerd\AppData\Local\ars.cache [2012/05/03 19:24:16 | 000,129,024 | ---- | M] () -- C:\Windows\RegBootClean64.exe [2012/05/02 20:14:19 | 000,832,658 | ---- | M] () -- C:\Users\Gerd\Documents\locked-Dachgeschoss.xar.jdzp [2012/05/02 20:14:19 | 000,054,249 | ---- | M] () -- C:\Users\Gerd\Documents\locked-Oberwiesenthal_plattegrond.xar.oyyj [2012/05/02 20:14:19 | 000,002,028 | ---- | M] () -- C:\Users\Gerd\Documents\locked-Default.rdp.quhz [2012/05/02 20:14:19 | 000,000,867 | ---- | M] () -- C:\Users\Gerd\Documents\locked-everest_HP_Gerd.rpf.rmqi [2012/05/02 20:14:15 | 000,795,196 | ---- | M] () -- C:\Users\Gerd\Documents\locked-Afzuigkap_koolstoffilter.emf.ybos [2012/05/02 20:07:12 | 000,007,605 | ---- | M] () -- C:\Users\Gerd\AppData\Local\locked-Resmon.ResmonCfg.kprg [2012/05/02 20:06:21 | 000,000,738 | ---- | M] () -- C:\Users\Gerd\locked-.recently-used.xbel.xfpd [2012/05/01 22:27:16 | 000,000,335 | ---- | M] () -- C:\Windows\HFREP.INI [2012/04/30 17:29:50 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh321 [2012/04/30 17:29:30 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh320 [2012/04/30 17:28:00 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh323 [2012/04/30 17:26:42 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh322 [2012/04/30 10:21:57 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job [2012/04/26 18:38:10 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh325 [2012/04/26 18:37:48 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh324 [2012/04/14 17:55:36 | 000,000,191 | ---- | M] () -- C:\Windows\topmeeting.INI [2012/04/13 00:58:35 | 002,062,860 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2012/04/08 16:26:40 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\WDStatistic_WebServer_Chris.job [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/05/05 22:57:56 | 004,209,334 | ---- | C] () -- C:\Users\Gerd\Desktop\OBI-keukens.pdf [2012/05/05 17:09:24 | 000,000,312 | ---- | C] () -- C:\Users\Gerd\Desktop\Curse Client.appref-ms [2012/05/05 17:09:24 | 000,000,000 | ---- | C] () -- C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2012/05/05 13:04:37 | 000,832,658 | ---- | C] () -- C:\Users\Gerd\Documents\Dachgeschoss.xar [2012/05/05 13:04:37 | 000,795,196 | ---- | C] () -- C:\Users\Gerd\Documents\Afzuigkap_koolstoffilter.emf [2012/05/05 13:04:37 | 000,215,955 | ---- | C] () -- C:\Users\Gerd\Desktop\64691_xm3_de_UM.pdf [2012/05/05 13:04:37 | 000,151,334 | ---- | C] () -- C:\Users\Gerd\Desktop\Noresund-Bed-Side.jpg2511ae93-c869-4db2-a592-20ba7b19f76cLarger.jpg [2012/05/05 13:04:37 | 000,054,249 | ---- | C] () -- C:\Users\Gerd\Documents\Oberwiesenthal_plattegrond.xar [2012/05/05 13:04:37 | 000,002,158 | ---- | C] () -- C:\Users\Gerd\Desktop\WebDev-server Chris.rdp [2012/05/05 13:04:37 | 000,002,028 | ---- | C] () -- C:\Users\Gerd\Documents\Default.rdp [2012/05/05 13:04:37 | 000,000,867 | ---- | C] () -- C:\Users\Gerd\Documents\everest_HP_Gerd.rpf [2012/05/05 13:04:37 | 000,000,334 | ---- | C] () -- C:\Users\Gerd\Desktop\WD SAAS remote admin.url [2012/05/05 13:04:37 | 000,000,332 | ---- | C] () -- C:\Users\Gerd\Desktop\WebDev remote admin.url [2012/05/05 13:04:37 | 000,000,328 | ---- | C] () -- C:\Users\Gerd\Desktop\WebDev remote admin - kopie.url [2012/05/05 12:57:20 | 000,007,605 | ---- | C] () -- C:\Users\Gerd\AppData\Local\Resmon.ResmonCfg [2012/05/05 12:57:19 | 000,000,738 | ---- | C] () -- C:\Users\Gerd\.recently-used.xbel [2012/05/03 19:24:16 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe [2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh325 [2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh324 [2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh323 [2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh322 [2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh321 [2012/05/02 19:46:28 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh320 [2012/04/29 09:54:56 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/14 17:55:25 | 000,000,191 | ---- | C] () -- C:\Windows\topmeeting.INI [2012/04/04 12:21:50 | 000,417,792 | ---- | C] () -- C:\Windows\SysWow64\MFPBot.dll [2012/04/04 12:21:49 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\InstallMFPPS.dll [2012/04/04 12:21:48 | 000,229,376 | ---- | C] () -- C:\Windows\SysWow64\Install98MFPPS.dll [2012/04/04 12:21:48 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ddschk.dll [2012/04/04 12:21:48 | 000,000,235 | ---- | C] () -- C:\Windows\SysWow64\Config.ini [2012/03/06 23:23:24 | 000,008,192 | ---- | C] () -- C:\Users\Gerd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/13 23:27:27 | 000,212,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/09/27 22:18:14 | 000,000,296 | ---- | C] () -- C:\Windows\topbudget.ini [2011/08/14 12:41:47 | 007,401,821 | ---- | C] () -- C:\Users\Gerd\AppData\Local\census.cache [2011/08/14 12:40:34 | 000,113,378 | ---- | C] () -- C:\Users\Gerd\AppData\Local\ars.cache [2011/08/14 12:26:41 | 000,000,036 | ---- | C] () -- C:\Users\Gerd\AppData\Local\housecall.guid.cache [2011/05/25 12:57:38 | 000,000,335 | ---- | C] () -- C:\Windows\HFREP.INI [2011/05/19 16:49:34 | 000,030,736 | ---- | C] () -- C:\Users\Gerd\AppData\Roaming\mdbu.bin [2011/04/07 16:13:54 | 000,000,059 | ---- | C] () -- C:\Windows\LTDLG13N.INI [2011/03/20 00:04:08 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2011/03/19 16:14:07 | 001,720,480 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/01/28 22:32:45 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011/01/28 21:33:04 | 000,000,392 | ---- | C] () -- C:\Windows\ODBC.INI [2011/01/27 18:10:28 | 000,007,605 | ---- | C] () -- C:\Users\Gerd\AppData\Local\locked-Resmon.ResmonCfg.kprg [2011/01/08 00:21:22 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll1126.old [2011/01/08 00:21:22 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0506.old [2011/01/08 00:21:22 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0222.old [2011/01/08 00:21:22 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll [2011/01/06 01:08:19 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/01/05 13:43:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/01/05 02:19:15 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2010/10/19 16:48:51 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2010/10/19 16:46:52 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010/10/19 16:14:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011/08/25 22:28:29 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Applications WinDev [2011/05/08 22:54:34 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Canon [2012/01/13 23:25:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/03/22 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\com.adobe.newhope.NHProject.prod.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 [2012/05/05 12:58:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\DAEMON Tools Lite [2012/05/05 12:58:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GHISLER [2011/06/27 21:00:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant [2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\inkscape [2011/11/19 22:20:15 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\JLAdventCalendarLondon2011 [2012/05/07 15:39:01 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\KeePass [2012/01/29 15:14:54 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\MAGIX [2011/03/19 23:42:23 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Manager for Skype [2012/05/05 13:04:07 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\MB-Ruler Pro special [2012/05/05 13:04:12 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Notepad++ [2012/01/29 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\OpenOffice.org [2011/08/23 21:15:46 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PC SOFT [2012/01/05 17:44:32 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PCTools [2012/05/05 13:04:20 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\RCP 6 [2011/03/20 00:04:11 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Red Alert 3 [2012/03/06 23:51:50 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Serif [2011/06/09 21:35:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\streamripper [2012/05/05 13:04:35 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TestApp [2011/01/05 23:03:15 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Thunderbird [2012/05/03 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Ujshrilvp [2011/01/06 14:19:49 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\WinBatch [2011/09/14 20:46:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Zoner [2012/05/05 13:04:37 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\_MDLogs [2012/04/30 10:21:57 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job [2012/03/15 11:12:39 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/04/08 16:26:40 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\WDStatistic_WebServer_Chris.job [2011/07/06 15:58:32 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\WDStatistique_WebServer_Chris.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012/05/05 12:58:08 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Adobe [2011/08/25 22:28:29 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Applications WinDev [2011/01/05 01:26:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\ATI [2011/05/08 22:54:34 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Canon [2012/01/13 23:25:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/03/22 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\com.adobe.newhope.NHProject.prod.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 [2012/02/26 13:34:18 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\CyberLink [2012/05/05 12:58:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\DAEMON Tools Lite [2012/05/05 12:58:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GHISLER [2011/06/27 21:00:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant [2011/01/08 01:04:00 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Hewlett-Packard [2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\HP Support Assistant [2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\hpqLog [2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\HpUpdate [2011/01/05 01:22:57 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Identities [2012/05/05 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\inkscape [2012/04/04 12:21:05 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\InstallShield [2011/11/19 22:20:15 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\JLAdventCalendarLondon2011 [2012/05/07 15:39:01 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\KeePass [2011/01/05 01:56:37 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Macromedia [2012/01/29 15:14:54 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\MAGIX [2012/05/04 22:40:35 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Malwarebytes [2011/03/19 23:42:23 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Manager for Skype [2012/05/05 13:04:07 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\MB-Ruler Pro special [2009/07/14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Media Center Programs [2012/02/07 22:44:00 | 000,000,000 | --SD | M] -- C:\Users\Gerd\AppData\Roaming\Microsoft [2011/03/19 18:59:40 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Microsoft Web Folders [2011/01/05 13:43:29 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Mozilla [2012/05/05 13:04:12 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Notepad++ [2012/01/29 18:43:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\OpenOffice.org [2011/08/23 21:15:46 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PC SOFT [2011/01/08 00:12:33 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PC Tools [2012/01/05 17:44:32 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\PCTools [2012/05/05 13:04:20 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\RCP 6 [2011/03/20 00:04:11 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Red Alert 3 [2012/03/06 23:51:50 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Serif [2012/05/08 12:44:31 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Skype [2012/01/31 23:20:19 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Sony Corporation [2011/06/09 21:35:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\streamripper [2012/05/05 13:04:35 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TestApp [2011/01/05 23:03:15 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Thunderbird [2012/05/03 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Ujshrilvp [2012/05/05 13:04:36 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Winamp [2011/01/06 14:19:49 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\WinBatch [2011/09/14 20:46:48 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Zoner [2012/05/05 13:04:37 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\_MDLogs < %APPDATA%\*.exe /s > [2012/05/05 12:58:20 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\0E912997-236E-47E2-95F5-A48D23849954\AutoRunCE.exe [2012/05/05 12:58:21 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\0E912997-236E-47E2-95F5-A48D23849954\0\module.exe [2012/05/05 12:58:21 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\0E912997-236E-47E2-95F5-A48D23849954\1\module.exe [2012/05/05 12:58:29 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\14401177-16D2-4E73-B83C-41971CFCE4D4\AutoRunCE.exe [2012/05/05 12:58:29 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\14401177-16D2-4E73-B83C-41971CFCE4D4\1\module.exe [2012/05/05 12:58:45 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\2003BB59-1C52-4F0A-BA35-A2B95067BE31\AutoRunCE.exe [2012/05/05 12:58:46 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\2003BB59-1C52-4F0A-BA35-A2B95067BE31\0\module.exe [2012/05/05 12:58:53 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\2003BB59-1C52-4F0A-BA35-A2B95067BE31\1\module.exe [2012/05/05 12:59:09 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\331D4C06-4E59-487C-BB56-41058B8622B6\AutoRunCE.exe [2012/05/05 12:59:11 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\331D4C06-4E59-487C-BB56-41058B8622B6\1\module.exe [2012/05/05 12:59:16 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\378D0E99-C488-41AF-AE17-DD09DC6F0E94\AutoRunCE.exe [2012/05/05 12:59:16 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\378D0E99-C488-41AF-AE17-DD09DC6F0E94\0\module.exe [2012/05/05 12:59:17 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\378D0E99-C488-41AF-AE17-DD09DC6F0E94\1\module.exe [2012/05/05 12:59:46 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\47DF284F-9584-4592-AA9D-04F8AF344305\AutoRunCE.exe [2012/05/05 12:59:46 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\47DF284F-9584-4592-AA9D-04F8AF344305\0\module.exe [2012/05/05 12:59:47 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\47DF284F-9584-4592-AA9D-04F8AF344305\1\module.exe [2012/05/05 12:59:47 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\49FEC15D-61D1-4674-AC7D-A2A1F3AE1E65\AutoRunCE.exe [2012/05/05 12:59:47 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\49FEC15D-61D1-4674-AC7D-A2A1F3AE1E65\0\module.exe [2012/05/05 12:59:49 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\49FEC15D-61D1-4674-AC7D-A2A1F3AE1E65\1\module.exe [2012/05/05 12:59:55 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\4FD0BE5A-BFA7-43EB-B54D-437602A85E82\AutoRunCE.exe [2012/05/05 12:59:55 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\4FD0BE5A-BFA7-43EB-B54D-437602A85E82\0\module.exe [2012/05/05 12:59:56 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\4FD0BE5A-BFA7-43EB-B54D-437602A85E82\1\module.exe [2012/05/05 13:00:01 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\58896A8A-81B1-42A0-AE34-2011D084E08C\AutoRunCE.exe [2012/05/05 13:00:02 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\58896A8A-81B1-42A0-AE34-2011D084E08C\1\module.exe [2012/05/05 13:00:25 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\709330FD-59B0-4916-B4C5-8DE7DDE4DFB1\AutoRunCE.exe [2012/05/05 13:00:26 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\709330FD-59B0-4916-B4C5-8DE7DDE4DFB1\0\module.exe [2012/05/05 13:00:26 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\709330FD-59B0-4916-B4C5-8DE7DDE4DFB1\1\module.exe [2012/05/05 13:00:28 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72913EB9-EEF8-4CA2-98A7-81E5D92A3AAA\AutoRunCE.exe [2012/05/05 13:00:28 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72913EB9-EEF8-4CA2-98A7-81E5D92A3AAA\0\module.exe [2012/05/05 13:00:29 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72913EB9-EEF8-4CA2-98A7-81E5D92A3AAA\1\module.exe [2012/05/05 13:00:29 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72E3FFB6-30CD-401E-ABD1-17666B48AA06\AutoRunCE.exe [2012/05/05 13:00:30 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\72E3FFB6-30CD-401E-ABD1-17666B48AA06\1\module.exe [2012/05/05 13:00:42 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\86CCC2EC-9AED-4ACC-AB8B-4C920DA18322\AutoRunCE.exe [2012/05/05 13:00:43 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\86CCC2EC-9AED-4ACC-AB8B-4C920DA18322\0\module.exe [2012/05/05 13:00:43 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\86CCC2EC-9AED-4ACC-AB8B-4C920DA18322\1\module.exe [2012/05/05 13:00:43 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\876F365A-1E2C-46BA-99AB-B798D77FE0A3\AutoRunCE.exe [2012/05/05 13:00:44 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\876F365A-1E2C-46BA-99AB-B798D77FE0A3\1\module.exe [2012/05/05 13:01:21 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\97B98C68-CBCE-433D-9B6B-5B74C3B4CF92\AutoRunCE.exe [2012/05/05 13:01:21 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\97B98C68-CBCE-433D-9B6B-5B74C3B4CF92\0\module.exe [2012/05/05 13:01:24 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\97B98C68-CBCE-433D-9B6B-5B74C3B4CF92\1\module.exe [2012/05/05 13:01:24 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9835DC98-D031-4AFF-9C1E-2FD56B467E9C\AutoRunCE.exe [2012/05/05 13:01:25 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9835DC98-D031-4AFF-9C1E-2FD56B467E9C\1\module.exe [2012/05/05 13:01:26 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9912DBF6-CA70-41A2-AE0E-1DD3EBE25B73\AutoRunCE.exe [2012/05/05 13:01:26 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9912DBF6-CA70-41A2-AE0E-1DD3EBE25B73\1\module.exe [2012/05/05 13:01:29 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\99552AAE-107D-45C3-8303-6FCF2A575A00\AutoRunCE.exe [2012/05/05 13:01:30 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\99552AAE-107D-45C3-8303-6FCF2A575A00\1\module.exe [2012/05/05 13:01:35 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9DC15144-F0D8-474B-B6B1-C9BBA2F0FFF9\AutoRunCE.exe [2012/05/05 13:01:35 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\9DC15144-F0D8-474B-B6B1-C9BBA2F0FFF9\1\module.exe [2012/05/05 13:02:00 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\AFEEC91E-5160-4B03-BBE2-199CE05689F6\AutoRunCE.exe [2012/05/05 13:02:00 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\AFEEC91E-5160-4B03-BBE2-199CE05689F6\0\module.exe [2012/05/05 13:02:01 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\AFEEC91E-5160-4B03-BBE2-199CE05689F6\1\module.exe [2012/05/05 13:02:34 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\C16FD898-E0BC-468C-AAB3-419F580788F2\AutoRunCE.exe [2012/05/05 13:02:35 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\C16FD898-E0BC-468C-AAB3-419F580788F2\1\module.exe [2012/05/05 13:02:44 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\C32B8022-D512-4087-9CB8-EACB5751598C\AutoRunCE.exe [2012/05/05 13:02:48 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\C32B8022-D512-4087-9CB8-EACB5751598C\1\module.exe [2012/05/05 13:02:52 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CC4D79E3-301F-4142-A5D1-C7B18E5667D4\AutoRunCE.exe [2012/05/05 13:02:52 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CC4D79E3-301F-4142-A5D1-C7B18E5667D4\0\module.exe [2012/05/05 13:02:53 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CC4D79E3-301F-4142-A5D1-C7B18E5667D4\1\module.exe [2012/05/05 13:02:53 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CCC3E6A7-55E6-4383-B44F-C3D562B8A64C\AutoRunCE.exe [2012/05/05 13:02:53 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\CCC3E6A7-55E6-4383-B44F-C3D562B8A64C\1\module.exe [2012/05/05 13:03:07 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\D93DB5ED-300A-47B8-B3BE-D3B6394128B6\AutoRunCE.exe [2012/05/05 13:03:08 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\D93DB5ED-300A-47B8-B3BE-D3B6394128B6\1\module.exe [2012/05/05 13:03:09 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\DCF63542-BB44-433F-971B-52FFBC501A13\AutoRunCE.exe [2012/05/05 13:03:09 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\DCF63542-BB44-433F-971B-52FFBC501A13\1\module.exe [2012/05/05 13:03:10 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\DCFF7B1D-742C-42B9-BF82-8251F722A070\AutoRunCE.exe [2012/05/05 13:03:11 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\DCFF7B1D-742C-42B9-BF82-8251F722A070\1\module.exe [2012/05/05 13:03:21 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E0EC9F7F-74F9-4DAF-BDAA-76F6F3669856\AutoRunCE.exe [2012/05/05 13:03:21 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E0EC9F7F-74F9-4DAF-BDAA-76F6F3669856\0\module.exe [2012/05/05 13:03:22 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E0EC9F7F-74F9-4DAF-BDAA-76F6F3669856\1\module.exe [2012/05/05 13:03:23 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E2FFF65A-C686-4994-BE8A-AA5C4B122391\AutoRunCE.exe [2012/05/05 13:03:24 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E2FFF65A-C686-4994-BE8A-AA5C4B122391\1\module.exe [2012/05/05 13:03:25 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E341699C-641C-4C95-B926-EC6B70872360\AutoRunCE.exe [2012/05/05 13:03:25 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E341699C-641C-4C95-B926-EC6B70872360\1\module.exe [2012/05/05 13:03:26 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E3F63653-7C45-4D1C-ACB9-AA56DE482C89\AutoRunCE.exe [2012/05/05 13:03:26 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E3F63653-7C45-4D1C-ACB9-AA56DE482C89\0\module.exe [2012/05/05 13:03:27 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E3F63653-7C45-4D1C-ACB9-AA56DE482C89\1\module.exe [2012/05/05 13:03:27 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E55DF6D4-8095-4EBA-A61B-2771BB99366E\AutoRunCE.exe [2012/05/05 13:03:27 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E55DF6D4-8095-4EBA-A61B-2771BB99366E\0\module.exe [2012/05/05 13:03:29 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E55DF6D4-8095-4EBA-A61B-2771BB99366E\1\module.exe [2012/05/05 13:03:29 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E6650664-052B-4970-8424-B681B49292CA\AutoRunCE.exe [2012/05/05 13:03:29 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E6650664-052B-4970-8424-B681B49292CA\0\module.exe [2012/05/05 13:03:30 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\E6650664-052B-4970-8424-B681B49292CA\1\module.exe [2012/05/05 13:03:36 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EB904842-620C-4422-8B40-6EFC26DAA6A1\AutoRunCE.exe [2012/05/05 13:03:36 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EB904842-620C-4422-8B40-6EFC26DAA6A1\0\module.exe [2012/05/05 13:03:37 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EB904842-620C-4422-8B40-6EFC26DAA6A1\1\module.exe [2012/05/05 13:03:37 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EBF0E2DD-C4FA-437E-B07C-5480CA2E7AD6\AutoRunCE.exe [2012/05/05 13:03:37 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EBF0E2DD-C4FA-437E-B07C-5480CA2E7AD6\0\module.exe [2012/05/05 13:03:38 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\EBF0E2DD-C4FA-437E-B07C-5480CA2E7AD6\1\module.exe [2012/05/05 13:03:51 | 000,046,080 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\F7DA528A-685F-4DF5-9B05-745EE5D7315E\AutoRunCE.exe [2012/05/05 13:03:52 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\F7DA528A-685F-4DF5-9B05-745EE5D7315E\0\module.exe [2012/05/05 13:03:52 | 000,089,088 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\F7DA528A-685F-4DF5-9B05-745EE5D7315E\1\module.exe [2012/05/05 13:03:57 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\FCD0DB2E-0BCC-49AC-B440-C7254DC65DE2\AutoRunCE.exe [2012/05/05 13:03:57 | 000,057,856 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\GoPal Assistant\Library\FCD0DB2E-0BCC-49AC-B440-C7254DC65DE2\1\module.exe [2011/12/31 19:07:25 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Gerd\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008/06/06 23:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\wininit.exe [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe < MD5 for: WINLOGON.EXE > [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84 < End of report > Ganz schön lange Liste geworden! Falls Du Fragen hast, lass es bitte wissen. MfG, Gerd |
|
08.05.2012, 16:03
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3:64bit: - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - Y:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/08/11 22:16:26 | 000,000,096 | RHS- | M] () - Z:\autorun.inf -- [ NTFS ]
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
:Files
C:\Users\Gerd\AppData\Roaming\Ujshrilvp
C:\Windows\SysWow64\winsh32?
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
08.05.2012, 20:22
| #18 |
| | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Hallo Arne,
__________________Geschafft! Hier ist das Log vom OTL-fix: Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
C:\Program Files (x86)\Winamp Toolbar\winamptb.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
File C:\Program Files (x86)\Winamp Toolbar\winamptb.dll not found.
64bit-Registry value HKEY_USERS\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_USERS\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3828148886-1279642390-3160304420-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
File C:\Program Files (x86)\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autorun.inf moved successfully.
D:\autorun.inf moved successfully.
Y:\autorun.inf moved successfully.
Z:\autorun.inf moved successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Temp:430C6D84 deleted successfully.
========== FILES ==========
C:\Users\Gerd\AppData\Roaming\Ujshrilvp folder moved successfully.
C:\Windows\SysWow64\winsh320 moved successfully.
C:\Windows\SysWow64\winsh321 moved successfully.
C:\Windows\SysWow64\winsh322 moved successfully.
C:\Windows\SysWow64\winsh323 moved successfully.
C:\Windows\SysWow64\winsh324 moved successfully.
C:\Windows\SysWow64\winsh325 moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gerd
->Temp folder emptied: 201854029 bytes
->Temporary Internet Files folder emptied: 19254804 bytes
->Java cache emptied: 11565884 bytes
->FireFox cache emptied: 270608160 bytes
->Flash cache emptied: 147910 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 231185843 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67753 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 701.00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Gerd
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.42.3 log created on 05082012_210415
Files\Folders moved on Reboot...
C:\Users\Gerd\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Gerd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N58ZN033\addons-v4[1].htm moved successfully.
C:\Users\Gerd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJQCL4IB\addons-tracker-v4[1].htm moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Vielen, vielen Dank für deine Hilfe! MfG, Gerd |
|
11.05.2012, 09:04
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.05.2012, 10:02
| #20 |
| | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Hallo Arne, Hier das Ergebnis: Code:
ATTFilter 10:50:56.0060 6048 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
10:50:56.0234 6048 ============================================================
10:50:56.0234 6048 Current date / time: 2012/05/11 10:50:56.0234
10:50:56.0234 6048 SystemInfo:
10:50:56.0234 6048
10:50:56.0234 6048 OS Version: 6.1.7601 ServicePack: 1.0
10:50:56.0234 6048 Product type: Workstation
10:50:56.0235 6048 ComputerName: GERD-HP
10:50:56.0235 6048 UserName: Gerd
10:50:56.0235 6048 Windows directory: C:\Windows
10:50:56.0235 6048 System windows directory: C:\Windows
10:50:56.0236 6048 Running under WOW64
10:50:56.0236 6048 Processor architecture: Intel x64
10:50:56.0236 6048 Number of processors: 4
10:50:56.0236 6048 Page size: 0x1000
10:50:56.0236 6048 Boot type: Normal boot
10:50:56.0236 6048 ============================================================
10:50:57.0610 6048 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:50:57.0626 6048 ============================================================
10:50:57.0626 6048 \Device\Harddisk0\DR0:
10:50:57.0626 6048 MBR partitions:
10:50:57.0626 6048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:50:57.0626 6048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x27680800
10:50:57.0644 6048 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x276B3000, BlocksNum 0x2064B000
10:50:57.0644 6048 ============================================================
10:50:57.0671 6048 C: <-> \Device\Harddisk0\DR0\Partition1
10:50:57.0704 6048 Y: <-> \Device\Harddisk0\DR0\Partition0
10:50:57.0746 6048 X: <-> \Device\Harddisk0\DR0\Partition2
10:50:57.0747 6048 ============================================================
10:50:57.0747 6048 Initialize success
10:50:57.0747 6048 ============================================================
10:52:42.0997 3708 ============================================================
10:52:42.0997 3708 Scan started
10:52:42.0997 3708 Mode: Manual; SigCheck; TDLFS;
10:52:42.0997 3708 ============================================================
10:52:44.0576 3708 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:52:44.0688 3708 1394ohci - ok
10:52:44.0710 3708 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:52:44.0728 3708 ACPI - ok
10:52:44.0747 3708 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:52:44.0799 3708 AcpiPmi - ok
10:52:44.0826 3708 AdobeActiveFileMonitor10.0 - ok
10:52:44.0918 3708 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:52:44.0951 3708 AdobeARMservice - ok
10:52:45.0062 3708 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:52:45.0084 3708 AdobeFlashPlayerUpdateSvc - ok
10:52:45.0123 3708 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:52:45.0145 3708 adp94xx - ok
10:52:45.0163 3708 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:52:45.0182 3708 adpahci - ok
10:52:45.0193 3708 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:52:45.0209 3708 adpu320 - ok
10:52:45.0233 3708 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:52:45.0324 3708 AeLookupSvc - ok
10:52:45.0369 3708 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:52:45.0424 3708 AFD - ok
10:52:45.0450 3708 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:52:45.0464 3708 agp440 - ok
10:52:45.0716 3708 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
10:52:45.0717 3708 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
10:52:45.0722 3708 Akamai ( HiddenFile.Multi.Generic ) - warning
10:52:45.0723 3708 Akamai - detected HiddenFile.Multi.Generic (1)
10:52:45.0846 3708 aksdf (89cd44c10d9b4d87725ff07f18a5702f) C:\Windows\system32\drivers\aksdf.sys
10:52:45.0884 3708 aksdf ( UnsignedFile.Multi.Generic ) - warning
10:52:45.0884 3708 aksdf - detected UnsignedFile.Multi.Generic (1)
10:52:45.0897 3708 aksfridge (ba0b6fd78ae88d39b9d3d984f295a137) C:\Windows\system32\DRIVERS\aksfridge.sys
10:52:45.0937 3708 aksfridge ( UnsignedFile.Multi.Generic ) - warning
10:52:45.0937 3708 aksfridge - detected UnsignedFile.Multi.Generic (1)
10:52:45.0952 3708 akshasp (a56f1b0f967aef8a82d7771e6d166def) C:\Windows\system32\DRIVERS\akshasp.sys
10:52:45.0989 3708 akshasp - ok
10:52:46.0009 3708 akshhl (67dff8c8f95cb21c9c3380dd4c0387f2) C:\Windows\system32\DRIVERS\akshhl.sys
10:52:46.0065 3708 akshhl - ok
10:52:46.0083 3708 aksusb (a9a09bc526e614ce9f29bb23c2a76ced) C:\Windows\system32\DRIVERS\aksusb.sys
10:52:46.0135 3708 aksusb - ok
10:52:46.0159 3708 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:52:46.0234 3708 ALG - ok
10:52:46.0272 3708 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:52:46.0292 3708 aliide - ok
10:52:46.0326 3708 ALIWEHCD (6c77aaee7ea10f35533d610022f4cce2) C:\Windows\system32\Drivers\mfpec.sys
10:52:46.0383 3708 ALIWEHCD - ok
10:52:46.0394 3708 AliWGP (db1aca48b42304350667d1c26de2b29d) C:\Windows\system32\DRIVERS\mfpcomp.sys
10:52:46.0419 3708 AliWGP - ok
10:52:46.0453 3708 AMD External Events Utility (0de7bf2a2e64a841f9abf9558870d9c4) C:\Windows\system32\atiesrxx.exe
10:52:46.0516 3708 AMD External Events Utility - ok
10:52:46.0590 3708 AMD FUEL Service - ok
10:52:46.0619 3708 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
10:52:46.0660 3708 AMD Reservation Manager - ok
10:52:46.0682 3708 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:52:46.0719 3708 amdide - ok
10:52:46.0731 3708 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
10:52:46.0809 3708 amdiox64 - ok
10:52:46.0833 3708 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:52:46.0880 3708 AmdK8 - ok
10:52:47.0154 3708 amdkmdag (f284da3156166b45d02acc3c228ade1e) C:\Windows\system32\DRIVERS\atipmdag.sys
10:52:47.0300 3708 amdkmdag - ok
10:52:47.0408 3708 amdkmdap (91e1daf0193bd2ab90b1b35c987237fe) C:\Windows\system32\DRIVERS\atikmpag.sys
10:52:47.0443 3708 amdkmdap - ok
10:52:47.0464 3708 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:52:47.0495 3708 AmdPPM - ok
10:52:47.0509 3708 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
10:52:47.0527 3708 amdsata - ok
10:52:47.0547 3708 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:52:47.0573 3708 amdsbs - ok
10:52:47.0595 3708 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
10:52:47.0607 3708 amdxata - ok
10:52:47.0668 3708 Apache2.2 (53ea061ecc67223a430f153c3682ad54) C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
10:52:47.0700 3708 Apache2.2 ( UnsignedFile.Multi.Generic ) - warning
10:52:47.0700 3708 Apache2.2 - detected UnsignedFile.Multi.Generic (1)
10:52:47.0763 3708 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
10:52:47.0833 3708 AppHostSvc - ok
10:52:47.0876 3708 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:52:48.0010 3708 AppID - ok
10:52:48.0030 3708 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:52:48.0076 3708 AppIDSvc - ok
10:52:48.0099 3708 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:52:48.0137 3708 Appinfo - ok
10:52:48.0146 3708 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:52:48.0161 3708 arc - ok
10:52:48.0170 3708 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:52:48.0185 3708 arcsas - ok
10:52:48.0227 3708 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:52:48.0271 3708 AsyncMac - ok
10:52:48.0311 3708 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:52:48.0324 3708 atapi - ok
10:52:48.0363 3708 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
10:52:48.0399 3708 AtiHDAudioService - ok
10:52:48.0428 3708 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
10:52:48.0456 3708 AtiHdmiService - ok
10:52:48.0494 3708 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
10:52:48.0528 3708 AtiPcie - ok
10:52:48.0594 3708 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:52:48.0655 3708 AudioEndpointBuilder - ok
10:52:48.0661 3708 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:52:48.0697 3708 AudioSrv - ok
10:52:48.0739 3708 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:52:48.0836 3708 AxInstSV - ok
10:52:48.0900 3708 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:52:48.0959 3708 b06bdrv - ok
10:52:48.0996 3708 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:52:49.0023 3708 b57nd60a - ok
10:52:49.0047 3708 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:52:49.0081 3708 BDESVC - ok
10:52:49.0084 3708 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:52:49.0131 3708 Beep - ok
10:52:49.0190 3708 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:52:49.0243 3708 BFE - ok
10:52:49.0298 3708 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:52:49.0361 3708 BITS - ok
10:52:49.0394 3708 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:52:49.0419 3708 blbdrive - ok
10:52:49.0446 3708 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:52:49.0474 3708 bowser - ok
10:52:49.0486 3708 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:52:49.0562 3708 BrFiltLo - ok
10:52:49.0587 3708 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:52:49.0608 3708 BrFiltUp - ok
10:52:49.0634 3708 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:52:49.0687 3708 Browser - ok
10:52:49.0806 3708 Browser Defender Update Service (9d5fd177db76a7f5d6b8678870820d3c) C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
10:52:49.0847 3708 Browser Defender Update Service - ok
10:52:49.0894 3708 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:52:49.0936 3708 Brserid - ok
10:52:49.0944 3708 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:52:50.0011 3708 BrSerWdm - ok
10:52:50.0028 3708 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:52:50.0061 3708 BrUsbMdm - ok
10:52:50.0066 3708 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:52:50.0108 3708 BrUsbSer - ok
10:52:50.0115 3708 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:52:50.0137 3708 BTHMODEM - ok
10:52:50.0166 3708 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:52:50.0199 3708 bthserv - ok
10:52:50.0208 3708 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:52:50.0271 3708 cdfs - ok
10:52:50.0303 3708 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:52:50.0320 3708 cdrom - ok
10:52:50.0351 3708 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:52:50.0389 3708 CertPropSvc - ok
10:52:50.0394 3708 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:52:50.0414 3708 circlass - ok
10:52:50.0448 3708 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:52:50.0466 3708 CLFS - ok
10:52:50.0580 3708 CLHNServiceForPowerDVD12 (4c6406cf07d4ebb70c5774d55c6688fb) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
10:52:50.0615 3708 CLHNServiceForPowerDVD12 - ok
10:52:50.0676 3708 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:52:50.0709 3708 clr_optimization_v2.0.50727_32 - ok
10:52:50.0754 3708 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:52:50.0774 3708 clr_optimization_v2.0.50727_64 - ok
10:52:50.0833 3708 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:52:50.0864 3708 clr_optimization_v4.0.30319_32 - ok
10:52:50.0877 3708 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:52:50.0893 3708 clr_optimization_v4.0.30319_64 - ok
10:52:50.0916 3708 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:52:50.0930 3708 CmBatt - ok
10:52:50.0951 3708 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:52:50.0965 3708 cmdide - ok
10:52:51.0002 3708 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:52:51.0027 3708 CNG - ok
10:52:51.0055 3708 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:52:51.0076 3708 Compbatt - ok
10:52:51.0102 3708 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:52:51.0159 3708 CompositeBus - ok
10:52:51.0166 3708 COMSysApp - ok
10:52:51.0184 3708 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:52:51.0205 3708 crcdisk - ok
10:52:51.0249 3708 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:52:51.0308 3708 CryptSvc - ok
10:52:51.0405 3708 CyberLink PowerDVD 12 Media Server Monitor Service (ea22bca708b37b82adebc822a171b92e) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
10:52:51.0440 3708 CyberLink PowerDVD 12 Media Server Monitor Service - ok
10:52:51.0475 3708 CyberLink PowerDVD 12 Media Server Service (3168d2f171a64590e7a11355cae60a1e) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
10:52:51.0499 3708 CyberLink PowerDVD 12 Media Server Service - ok
10:52:51.0531 3708 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:52:51.0575 3708 DcomLaunch - ok
10:52:51.0607 3708 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:52:51.0652 3708 defragsvc - ok
10:52:51.0694 3708 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:52:51.0774 3708 DfsC - ok
10:52:51.0798 3708 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:52:51.0842 3708 Dhcp - ok
10:52:51.0868 3708 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:52:51.0949 3708 discache - ok
10:52:51.0964 3708 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:52:51.0981 3708 Disk - ok
10:52:52.0018 3708 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:52:52.0049 3708 Dnscache - ok
10:52:52.0078 3708 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:52:52.0120 3708 dot3svc - ok
10:52:52.0136 3708 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:52:52.0177 3708 DPS - ok
10:52:52.0189 3708 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:52:52.0211 3708 drmkaud - ok
10:52:52.0244 3708 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:52:52.0260 3708 dtsoftbus01 - ok
10:52:52.0309 3708 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:52:52.0339 3708 DXGKrnl - ok
10:52:52.0379 3708 e1qexpress (235c3283ddbfad74fb451e268cbf0a5d) C:\Windows\system32\DRIVERS\e1q60x64.sys
10:52:52.0404 3708 e1qexpress - ok
10:52:52.0430 3708 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:52:52.0476 3708 EapHost - ok
10:52:52.0801 3708 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:52:52.0921 3708 ebdrv - ok
10:52:53.0021 3708 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:52:53.0063 3708 EFS - ok
10:52:53.0117 3708 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:52:53.0166 3708 ehRecvr - ok
10:52:53.0202 3708 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:52:53.0244 3708 ehSched - ok
10:52:53.0321 3708 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:52:53.0356 3708 elxstor - ok
10:52:53.0373 3708 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:52:53.0401 3708 ErrDev - ok
10:52:53.0450 3708 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:52:53.0504 3708 EventSystem - ok
10:52:53.0539 3708 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:52:53.0574 3708 exfat - ok
10:52:53.0588 3708 ezSharedSvc - ok
10:52:53.0604 3708 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:52:53.0650 3708 fastfat - ok
10:52:53.0704 3708 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:52:53.0734 3708 Fax - ok
10:52:53.0748 3708 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:52:53.0763 3708 fdc - ok
10:52:53.0774 3708 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:52:53.0820 3708 fdPHost - ok
10:52:53.0837 3708 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:52:53.0876 3708 FDResPub - ok
10:52:53.0888 3708 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:52:53.0902 3708 FileInfo - ok
10:52:53.0916 3708 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:52:53.0960 3708 Filetrace - ok
10:52:54.0059 3708 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:52:54.0090 3708 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:52:54.0091 3708 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:52:54.0097 3708 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:52:54.0112 3708 flpydisk - ok
10:52:54.0133 3708 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:52:54.0150 3708 FltMgr - ok
10:52:54.0212 3708 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:52:54.0269 3708 FontCache - ok
10:52:54.0334 3708 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:52:54.0345 3708 FontCache3.0.0.0 - ok
10:52:54.0370 3708 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:52:54.0385 3708 FsDepends - ok
10:52:54.0401 3708 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:52:54.0414 3708 Fs_Rec - ok
10:52:54.0492 3708 ftpsvc (79179c6f8a3784cc3a20cde998d5bd2c) C:\Windows\system32\inetsrv\ftpsvc.dll
10:52:54.0546 3708 ftpsvc - ok
10:52:54.0576 3708 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:52:54.0606 3708 fvevol - ok
10:52:54.0622 3708 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:52:54.0636 3708 gagp30kx - ok
10:52:54.0685 3708 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:52:54.0736 3708 gpsvc - ok
10:52:54.0804 3708 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:52:54.0842 3708 gupdate - ok
10:52:54.0858 3708 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:52:54.0876 3708 gupdatem - ok
10:52:54.0926 3708 hardlock (78fad9117e4527f2ca82259da10f40bd) C:\Windows\system32\drivers\hardlock.sys
10:52:54.0965 3708 hardlock - ok
10:52:54.0969 3708 hasplms - ok
10:52:54.0982 3708 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:52:55.0033 3708 hcw85cir - ok
10:52:55.0084 3708 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:52:55.0125 3708 HdAudAddService - ok
10:52:55.0154 3708 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:52:55.0192 3708 HDAudBus - ok
10:52:55.0198 3708 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:52:55.0236 3708 HidBatt - ok
10:52:55.0245 3708 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:52:55.0264 3708 HidBth - ok
10:52:55.0270 3708 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:52:55.0288 3708 HidIr - ok
10:52:55.0318 3708 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:52:55.0399 3708 hidserv - ok
10:52:55.0419 3708 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:52:55.0438 3708 HidUsb - ok
10:52:55.0469 3708 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:52:55.0527 3708 hkmsvc - ok
10:52:55.0554 3708 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:52:55.0595 3708 HomeGroupListener - ok
10:52:55.0641 3708 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:52:55.0689 3708 HomeGroupProvider - ok
10:52:55.0709 3708 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:52:55.0731 3708 HpSAMD - ok
10:52:55.0785 3708 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:52:55.0840 3708 HTTP - ok
10:52:55.0867 3708 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:52:55.0880 3708 hwpolicy - ok
10:52:55.0894 3708 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:52:55.0911 3708 i8042prt - ok
10:52:55.0932 3708 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:52:55.0952 3708 iaStorV - ok
10:52:56.0059 3708 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:52:56.0090 3708 idsvc - ok
10:52:56.0124 3708 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:52:56.0137 3708 iirsp - ok
10:52:56.0183 3708 IISADMIN (ab55b8a9b13130f638546881ce4425f8) C:\Windows\system32\inetsrv\inetinfo.exe
10:52:56.0244 3708 IISADMIN - ok
10:52:56.0329 3708 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:52:56.0386 3708 IKEEXT - ok
10:52:56.0531 3708 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
10:52:56.0604 3708 IntcAzAudAddService - ok
10:52:56.0697 3708 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:52:56.0724 3708 intelide - ok
10:52:56.0747 3708 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:52:56.0779 3708 intelppm - ok
10:52:56.0805 3708 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:52:56.0879 3708 IPBusEnum - ok
10:52:56.0898 3708 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:52:56.0944 3708 IpFilterDriver - ok
10:52:56.0979 3708 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:52:57.0025 3708 iphlpsvc - ok
10:52:57.0049 3708 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:52:57.0065 3708 IPMIDRV - ok
10:52:57.0075 3708 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:52:57.0121 3708 IPNAT - ok
10:52:57.0137 3708 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:52:57.0209 3708 IRENUM - ok
10:52:57.0228 3708 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:52:57.0245 3708 isapnp - ok
10:52:57.0272 3708 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:52:57.0294 3708 iScsiPrt - ok
10:52:57.0322 3708 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:52:57.0339 3708 kbdclass - ok
10:52:57.0346 3708 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:52:57.0378 3708 kbdhid - ok
10:52:57.0408 3708 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:52:57.0425 3708 KeyIso - ok
10:52:57.0457 3708 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
10:52:57.0471 3708 KMWDFILTER - ok
10:52:57.0488 3708 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:52:57.0506 3708 KSecDD - ok
10:52:57.0533 3708 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:52:57.0548 3708 KSecPkg - ok
10:52:57.0562 3708 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:52:57.0607 3708 ksthunk - ok
10:52:57.0714 3708 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:52:57.0807 3708 KtmRm - ok
10:52:57.0836 3708 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:52:57.0884 3708 LanmanServer - ok
10:52:57.0913 3708 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:52:57.0946 3708 LanmanWorkstation - ok
10:52:58.0022 3708 LightScribeService (3503f257b3203f824b1567238ebe17e2) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:52:58.0044 3708 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:52:58.0045 3708 LightScribeService - detected UnsignedFile.Multi.Generic (1)
10:52:58.0080 3708 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:52:58.0146 3708 lltdio - ok
10:52:58.0180 3708 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:52:58.0222 3708 lltdsvc - ok
10:52:58.0237 3708 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:52:58.0270 3708 lmhosts - ok
10:52:58.0297 3708 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:52:58.0312 3708 LSI_FC - ok
10:52:58.0323 3708 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:52:58.0338 3708 LSI_SAS - ok
10:52:58.0345 3708 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:52:58.0360 3708 LSI_SAS2 - ok
10:52:58.0370 3708 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:52:58.0386 3708 LSI_SCSI - ok
10:52:58.0412 3708 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:52:58.0453 3708 luafv - ok
10:52:58.0496 3708 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
10:52:58.0510 3708 MBAMProtector - ok
10:52:58.0597 3708 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:52:58.0620 3708 MBAMService - ok
10:52:58.0643 3708 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:52:58.0666 3708 Mcx2Svc - ok
10:52:58.0765 3708 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
10:52:58.0810 3708 MDM - ok
10:52:58.0816 3708 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:52:58.0838 3708 megasas - ok
10:52:58.0863 3708 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:52:58.0892 3708 MegaSR - ok
10:52:58.0921 3708 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:52:58.0969 3708 MMCSS - ok
10:52:58.0974 3708 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:52:59.0012 3708 Modem - ok
10:52:59.0033 3708 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:52:59.0061 3708 monitor - ok
10:52:59.0089 3708 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:52:59.0134 3708 mouclass - ok
10:52:59.0154 3708 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:52:59.0186 3708 mouhid - ok
10:52:59.0217 3708 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:52:59.0240 3708 mountmgr - ok
10:52:59.0278 3708 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:52:59.0302 3708 MozillaMaintenance - ok
10:52:59.0334 3708 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:52:59.0358 3708 mpio - ok
10:52:59.0384 3708 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:52:59.0436 3708 mpsdrv - ok
10:52:59.0494 3708 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:52:59.0537 3708 MpsSvc - ok
10:52:59.0563 3708 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:52:59.0597 3708 MRxDAV - ok
10:52:59.0630 3708 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:52:59.0664 3708 mrxsmb - ok
10:52:59.0701 3708 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:52:59.0719 3708 mrxsmb10 - ok
10:52:59.0735 3708 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:52:59.0761 3708 mrxsmb20 - ok
10:52:59.0774 3708 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:52:59.0787 3708 msahci - ok
10:52:59.0813 3708 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:52:59.0829 3708 msdsm - ok
10:52:59.0853 3708 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:52:59.0870 3708 MSDTC - ok
10:52:59.0894 3708 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:52:59.0926 3708 Msfs - ok
10:52:59.0938 3708 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:52:59.0983 3708 mshidkmdf - ok
10:52:59.0998 3708 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:53:00.0011 3708 msisadrv - ok
10:53:00.0038 3708 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:53:00.0074 3708 MSiSCSI - ok
10:53:00.0077 3708 msiserver - ok
10:53:00.0092 3708 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:53:00.0136 3708 MSKSSRV - ok
10:53:00.0140 3708 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:53:00.0185 3708 MSPCLOCK - ok
10:53:00.0189 3708 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:53:00.0231 3708 MSPQM - ok
10:53:00.0266 3708 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:53:00.0285 3708 MsRPC - ok
10:53:00.0297 3708 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:53:00.0310 3708 mssmbios - ok
10:53:00.0314 3708 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:53:00.0360 3708 MSTEE - ok
10:53:00.0364 3708 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:53:00.0387 3708 MTConfig - ok
10:53:00.0421 3708 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:53:00.0435 3708 Mup - ok
10:53:00.0463 3708 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:53:00.0507 3708 napagent - ok
10:53:00.0541 3708 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:53:00.0570 3708 NativeWifiP - ok
10:53:00.0614 3708 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:53:00.0643 3708 NDIS - ok
10:53:00.0660 3708 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:53:00.0705 3708 NdisCap - ok
10:53:00.0728 3708 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:53:00.0760 3708 NdisTapi - ok
10:53:00.0795 3708 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:53:00.0828 3708 Ndisuio - ok
10:53:00.0851 3708 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:53:00.0898 3708 NdisWan - ok
10:53:00.0920 3708 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:53:00.0965 3708 NDProxy - ok
10:53:00.0977 3708 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:53:01.0016 3708 NetBIOS - ok
10:53:01.0041 3708 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:53:01.0086 3708 NetBT - ok
10:53:01.0104 3708 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:53:01.0118 3708 Netlogon - ok
10:53:01.0154 3708 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:53:01.0200 3708 Netman - ok
10:53:01.0245 3708 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:53:01.0304 3708 netprofm - ok
10:53:01.0376 3708 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:53:01.0413 3708 NetTcpPortSharing - ok
10:53:01.0446 3708 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:53:01.0467 3708 nfrd960 - ok
10:53:01.0504 3708 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:53:01.0548 3708 NlaSvc - ok
10:53:01.0561 3708 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:53:01.0606 3708 Npfs - ok
10:53:01.0621 3708 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:53:01.0670 3708 nsi - ok
10:53:01.0687 3708 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:53:01.0726 3708 nsiproxy - ok
10:53:01.0814 3708 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:53:01.0867 3708 Ntfs - ok
10:53:02.0015 3708 ntk_PowerDVD12 (eaac965642ef5f818aed508cadf83e4b) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
10:53:02.0051 3708 ntk_PowerDVD12 - ok
10:53:02.0149 3708 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:53:02.0216 3708 Null - ok
10:53:02.0241 3708 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:53:02.0256 3708 nvraid - ok
10:53:02.0265 3708 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:53:02.0281 3708 nvstor - ok
10:53:02.0311 3708 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:53:02.0326 3708 nv_agp - ok
10:53:02.0335 3708 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:53:02.0358 3708 ohci1394 - ok
10:53:02.0435 3708 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:53:02.0469 3708 ose - ok
10:53:02.0703 3708 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:53:02.0870 3708 osppsvc - ok
10:53:02.0964 3708 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:53:03.0005 3708 p2pimsvc - ok
10:53:03.0049 3708 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:53:03.0070 3708 p2psvc - ok
10:53:03.0105 3708 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:53:03.0121 3708 Parport - ok
10:53:03.0144 3708 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:53:03.0158 3708 partmgr - ok
10:53:03.0177 3708 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:53:03.0212 3708 PcaSvc - ok
10:53:03.0338 3708 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
10:53:03.0635 3708 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
10:53:03.0684 3708 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:53:03.0728 3708 pci - ok
10:53:03.0739 3708 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:53:03.0756 3708 pciide - ok
10:53:03.0774 3708 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:53:03.0793 3708 pcmcia - ok
10:53:03.0841 3708 PCTBD (99a3a277a99c437283324067970e1d37) C:\Windows\system32\Drivers\PCTBD64.sys
10:53:03.0874 3708 PCTBD - ok
10:53:03.0934 3708 PCTCore (dbb55b4da79a6f59b63e233907ba6bae) C:\Windows\system32\drivers\PCTCore64.sys
10:53:03.0963 3708 PCTCore - ok
10:53:04.0034 3708 pctDS (ba1f42a42f405f62ceff6b69a2797f7c) C:\Windows\system32\drivers\pctDS64.sys
10:53:04.0073 3708 pctDS - ok
10:53:04.0134 3708 pctEFA (146cc91c93ced13e7fe40e8d8615be39) C:\Windows\system32\drivers\pctEFA64.sys
10:53:04.0175 3708 pctEFA - ok
10:53:04.0197 3708 pctgntdi (5b4b9d0e748aa06a8887fe79351c91f3) C:\Windows\System32\drivers\pctgntdi64.sys
10:53:04.0215 3708 pctgntdi - ok
10:53:04.0228 3708 pctplsg (db1f94051396af34fe521bfeececdb53) C:\Windows\System32\drivers\pctplsg64.sys
10:53:04.0242 3708 pctplsg - ok
10:53:04.0293 3708 PCTSD (afa19eff0197c474379ed904e25a995d) C:\Windows\system32\Drivers\PCTSD64.sys
10:53:04.0309 3708 PCTSD - ok
10:53:04.0322 3708 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:53:04.0335 3708 pcw - ok
10:53:04.0367 3708 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:53:04.0416 3708 PEAUTH - ok
10:53:04.0480 3708 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:53:04.0504 3708 PerfHost - ok
10:53:04.0637 3708 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:53:04.0709 3708 pla - ok
10:53:04.0761 3708 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:53:04.0786 3708 PlugPlay - ok
10:53:04.0793 3708 PMBDeviceInfoProvider - ok
10:53:04.0819 3708 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:53:04.0847 3708 PNRPAutoReg - ok
10:53:04.0871 3708 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:53:04.0887 3708 PNRPsvc - ok
10:53:04.0916 3708 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:53:04.0954 3708 PolicyAgent - ok
10:53:04.0970 3708 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:53:05.0011 3708 Power - ok
10:53:05.0054 3708 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:53:05.0133 3708 PptpMiniport - ok
10:53:05.0158 3708 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:53:05.0182 3708 Processor - ok
10:53:05.0202 3708 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:53:05.0243 3708 ProfSvc - ok
10:53:05.0259 3708 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:53:05.0273 3708 ProtectedStorage - ok
10:53:05.0307 3708 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:53:05.0340 3708 Psched - ok
10:53:05.0354 3708 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:53:05.0366 3708 PxHlpa64 - ok
10:53:05.0442 3708 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:53:05.0495 3708 ql2300 - ok
10:53:05.0563 3708 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:53:05.0579 3708 ql40xx - ok
10:53:05.0608 3708 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:53:05.0630 3708 QWAVE - ok
10:53:05.0645 3708 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:53:05.0663 3708 QWAVEdrv - ok
10:53:05.0723 3708 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
10:53:05.0767 3708 RapiMgr - ok
10:53:05.0771 3708 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:53:05.0808 3708 RasAcd - ok
10:53:05.0824 3708 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:53:05.0858 3708 RasAgileVpn - ok
10:53:05.0869 3708 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:53:05.0904 3708 RasAuto - ok
10:53:05.0916 3708 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:53:05.0959 3708 Rasl2tp - ok
10:53:05.0988 3708 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:53:06.0025 3708 RasMan - ok
10:53:06.0040 3708 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:53:06.0087 3708 RasPppoe - ok
10:53:06.0102 3708 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:53:06.0136 3708 RasSstp - ok
10:53:06.0161 3708 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:53:06.0196 3708 rdbss - ok
10:53:06.0200 3708 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:53:06.0218 3708 rdpbus - ok
10:53:06.0227 3708 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:53:06.0260 3708 RDPCDD - ok
10:53:06.0272 3708 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:53:06.0316 3708 RDPENCDD - ok
10:53:06.0327 3708 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:53:06.0359 3708 RDPREFMP - ok
10:53:06.0380 3708 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
10:53:06.0418 3708 RDPWD - ok
10:53:06.0453 3708 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:53:06.0469 3708 rdyboost - ok
10:53:06.0501 3708 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:53:06.0535 3708 RemoteAccess - ok
10:53:06.0581 3708 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:53:06.0627 3708 RemoteRegistry - ok
10:53:06.0642 3708 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:53:06.0687 3708 RpcEptMapper - ok
10:53:06.0712 3708 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:53:06.0755 3708 RpcLocator - ok
10:53:06.0787 3708 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:53:06.0822 3708 RpcSs - ok
10:53:06.0838 3708 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:53:06.0882 3708 rspndr - ok
10:53:06.0926 3708 RSUSBSTOR (ace55328a7f65b7dbd1870b1642b4018) C:\Windows\system32\Drivers\RtsUStor.sys
10:53:06.0951 3708 RSUSBSTOR - ok
10:53:06.0997 3708 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:53:07.0015 3708 RTL8167 - ok
10:53:07.0029 3708 Rts516xIR - ok
10:53:07.0049 3708 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:53:07.0062 3708 SamSs - ok
10:53:07.0085 3708 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:53:07.0100 3708 sbp2port - ok
10:53:07.0123 3708 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:53:07.0172 3708 SCardSvr - ok
10:53:07.0198 3708 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:53:07.0265 3708 scfilter - ok
10:53:07.0319 3708 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:53:07.0387 3708 Schedule - ok
10:53:07.0409 3708 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:53:07.0441 3708 SCPolicySvc - ok
10:53:07.0539 3708 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
10:53:07.0578 3708 sdAuxService - ok
10:53:07.0637 3708 sdCoreService (697e0a2a300ee8719cafae55b4771053) C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
10:53:07.0674 3708 sdCoreService - ok
10:53:07.0762 3708 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:53:07.0806 3708 SDRSVC - ok
10:53:07.0848 3708 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:53:07.0902 3708 secdrv - ok
10:53:07.0926 3708 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:53:07.0968 3708 seclogon - ok
10:53:07.0992 3708 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:53:08.0038 3708 SENS - ok
10:53:08.0058 3708 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:53:08.0096 3708 SensrSvc - ok
10:53:08.0115 3708 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:53:08.0129 3708 Serenum - ok
10:53:08.0136 3708 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:53:08.0152 3708 Serial - ok
10:53:08.0178 3708 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:53:08.0194 3708 sermouse - ok
10:53:08.0223 3708 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:53:08.0263 3708 SessionEnv - ok
10:53:08.0275 3708 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:53:08.0306 3708 sffdisk - ok
10:53:08.0310 3708 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:53:08.0335 3708 sffp_mmc - ok
10:53:08.0339 3708 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:53:08.0358 3708 sffp_sd - ok
10:53:08.0362 3708 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:53:08.0383 3708 sfloppy - ok
10:53:08.0421 3708 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:53:08.0459 3708 SharedAccess - ok
10:53:08.0482 3708 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:53:08.0518 3708 ShellHWDetection - ok
10:53:08.0524 3708 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:53:08.0538 3708 SiSRaid2 - ok
10:53:08.0547 3708 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:53:08.0562 3708 SiSRaid4 - ok
10:53:08.0632 3708 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
10:53:08.0647 3708 SkypeUpdate - ok
10:53:08.0666 3708 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:53:08.0713 3708 Smb - ok
10:53:08.0743 3708 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:53:08.0759 3708 SNMPTRAP - ok
10:53:08.0771 3708 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:53:08.0784 3708 spldr - ok
10:53:08.0826 3708 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:53:08.0864 3708 Spooler - ok
10:53:09.0031 3708 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:53:09.0179 3708 sppsvc - ok
10:53:09.0264 3708 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:53:09.0362 3708 sppuinotify - ok
10:53:09.0419 3708 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:53:09.0486 3708 srv - ok
10:53:09.0519 3708 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:53:09.0547 3708 srv2 - ok
10:53:09.0562 3708 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:53:09.0579 3708 srvnet - ok
10:53:09.0605 3708 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:53:09.0640 3708 SSDPSRV - ok
10:53:09.0657 3708 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:53:09.0692 3708 SstpSvc - ok
10:53:09.0761 3708 Steam Client Service - ok
10:53:09.0793 3708 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:53:09.0814 3708 stexstor - ok
10:53:09.0877 3708 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:53:09.0927 3708 stisvc - ok
10:53:09.0970 3708 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:53:10.0009 3708 swenum - ok
10:53:10.0051 3708 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:53:10.0102 3708 swprv - ok
10:53:10.0195 3708 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:53:10.0261 3708 SysMain - ok
10:53:10.0335 3708 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:53:10.0356 3708 TabletInputService - ok
10:53:10.0375 3708 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:53:10.0419 3708 TapiSrv - ok
10:53:10.0435 3708 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:53:10.0469 3708 TBS - ok
10:53:10.0588 3708 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:53:10.0650 3708 Tcpip - ok
10:53:10.0785 3708 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:53:10.0819 3708 TCPIP6 - ok
10:53:10.0908 3708 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:53:10.0980 3708 tcpipreg - ok
10:53:11.0001 3708 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:53:11.0026 3708 TDPIPE - ok
10:53:11.0065 3708 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:53:11.0093 3708 TDTCP - ok
10:53:11.0127 3708 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:53:11.0173 3708 tdx - ok
10:53:11.0191 3708 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:53:11.0206 3708 TermDD - ok
10:53:11.0247 3708 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:53:11.0287 3708 TermService - ok
10:53:11.0307 3708 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:53:11.0336 3708 Themes - ok
10:53:11.0359 3708 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:53:11.0391 3708 THREADORDER - ok
10:53:11.0406 3708 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:53:11.0440 3708 TrkWks - ok
10:53:11.0480 3708 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:53:11.0526 3708 TrustedInstaller - ok
10:53:11.0547 3708 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:53:11.0579 3708 tssecsrv - ok
10:53:11.0616 3708 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:53:11.0670 3708 TsUsbFlt - ok
10:53:11.0724 3708 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:53:11.0772 3708 tunnel - ok
10:53:11.0791 3708 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:53:11.0805 3708 uagp35 - ok
10:53:11.0832 3708 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:53:11.0867 3708 udfs - ok
10:53:11.0890 3708 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:53:11.0906 3708 UI0Detect - ok
10:53:11.0942 3708 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:53:11.0978 3708 uliagpkx - ok
10:53:11.0991 3708 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:53:12.0027 3708 umbus - ok
10:53:12.0033 3708 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:53:12.0078 3708 UmPass - ok
10:53:12.0116 3708 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:53:12.0167 3708 upnphost - ok
10:53:12.0185 3708 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:53:12.0203 3708 usbaudio - ok
10:53:12.0227 3708 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:53:12.0252 3708 usbccgp - ok
10:53:12.0282 3708 USBCCID - ok
10:53:12.0306 3708 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:53:12.0325 3708 usbcir - ok
10:53:12.0339 3708 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:53:12.0364 3708 usbehci - ok
10:53:12.0392 3708 usbfilter (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys
10:53:12.0422 3708 usbfilter - ok
10:53:12.0454 3708 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:53:12.0492 3708 usbhub - ok
10:53:12.0505 3708 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
10:53:12.0541 3708 usbohci - ok
10:53:12.0566 3708 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:53:12.0590 3708 usbprint - ok
10:53:12.0618 3708 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:53:12.0664 3708 usbscan - ok
10:53:12.0683 3708 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:53:12.0739 3708 USBSTOR - ok
10:53:12.0776 3708 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:53:12.0803 3708 usbuhci - ok
10:53:12.0818 3708 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:53:12.0851 3708 UxSms - ok
10:53:12.0868 3708 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:53:12.0881 3708 VaultSvc - ok
10:53:12.0914 3708 VBoxDrv (81952471021f6a6f56dda6ed6b5dd638) C:\Windows\system32\DRIVERS\VBoxDrv.sys
10:53:12.0931 3708 VBoxDrv - ok
10:53:13.0084 3708 VBoxNetAdp (c9f86aeb504355541ec9820e3155e253) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
10:53:13.0100 3708 VBoxNetAdp - ok
10:53:13.0124 3708 VBoxNetFlt (64715ce639d05d753bcd86f5abf4d82a) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
10:53:13.0140 3708 VBoxNetFlt - ok
10:53:13.0169 3708 VBoxUSBMon (edeb78b6a969107a66a5af145ac0a43f) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
10:53:13.0184 3708 VBoxUSBMon - ok
10:53:13.0200 3708 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:53:13.0214 3708 vdrvroot - ok
10:53:13.0255 3708 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:53:13.0294 3708 vds - ok
10:53:13.0320 3708 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:53:13.0359 3708 vga - ok
10:53:13.0377 3708 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:53:13.0424 3708 VgaSave - ok
10:53:13.0443 3708 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:53:13.0460 3708 vhdmp - ok
10:53:13.0472 3708 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:53:13.0486 3708 viaide - ok
10:53:13.0499 3708 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:53:13.0513 3708 volmgr - ok
10:53:13.0557 3708 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:53:13.0576 3708 volmgrx - ok
10:53:13.0609 3708 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:53:13.0626 3708 volsnap - ok
10:53:13.0644 3708 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:53:13.0660 3708 vsmraid - ok
10:53:13.0744 3708 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:53:13.0826 3708 VSS - ok
10:53:13.0925 3708 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:53:13.0972 3708 vwifibus - ok
10:53:14.0007 3708 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:53:14.0044 3708 W32Time - ok
10:53:14.0109 3708 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
10:53:14.0166 3708 W3SVC - ok
10:53:14.0172 3708 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:53:14.0200 3708 WacomPen - ok
10:53:14.0222 3708 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:53:14.0267 3708 WANARP - ok
10:53:14.0270 3708 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:53:14.0301 3708 Wanarpv6 - ok
10:53:14.0315 3708 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
10:53:14.0333 3708 WAS - ok
10:53:14.0414 3708 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:53:14.0456 3708 WatAdminSvc - ok
10:53:14.0536 3708 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:53:14.0594 3708 wbengine - ok
10:53:14.0672 3708 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:53:14.0694 3708 WbioSrvc - ok
10:53:14.0749 3708 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
10:53:14.0770 3708 WcesComm - ok
10:53:14.0802 3708 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:53:14.0833 3708 wcncsvc - ok
10:53:14.0851 3708 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:53:14.0883 3708 WcsPlugInService - ok
10:53:14.0918 3708 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:53:14.0952 3708 Wd - ok
10:53:15.0002 3708 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:53:15.0026 3708 Wdf01000 - ok
10:53:15.0039 3708 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:53:15.0094 3708 WdiServiceHost - ok
10:53:15.0097 3708 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:53:15.0116 3708 WdiSystemHost - ok
10:53:15.0133 3708 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:53:15.0164 3708 WebClient - ok
10:53:15.0183 3708 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:53:15.0228 3708 Wecsvc - ok
10:53:15.0237 3708 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:53:15.0271 3708 wercplsupport - ok
10:53:15.0289 3708 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:53:15.0324 3708 WerSvc - ok
10:53:15.0340 3708 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:53:15.0373 3708 WfpLwf - ok
10:53:15.0381 3708 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:53:15.0395 3708 WIMMount - ok
10:53:15.0444 3708 WinDefend - ok
10:53:15.0459 3708 WinHttpAutoProxySvc - ok
10:53:15.0516 3708 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:53:15.0581 3708 Winmgmt - ok
10:53:15.0687 3708 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:53:15.0760 3708 WinRM - ok
10:53:15.0866 3708 WINUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.SYS
10:53:15.0893 3708 WINUSB - ok
10:53:15.0978 3708 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:53:16.0020 3708 Wlansvc - ok
10:53:16.0050 3708 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:53:16.0086 3708 WmiAcpi - ok
10:53:16.0115 3708 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:53:16.0151 3708 wmiApSrv - ok
10:53:16.0190 3708 WMPNetworkSvc - ok
10:53:16.0241 3708 WMSVC (b5bd872122a2ce82d196abf2d5d8d80a) C:\Windows\system32\inetsrv\wmsvc.exe
10:53:16.0301 3708 WMSVC - ok
10:53:16.0324 3708 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:53:16.0351 3708 WPCSvc - ok
10:53:16.0378 3708 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:53:16.0421 3708 WPDBusEnum - ok
10:53:16.0432 3708 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:53:16.0487 3708 ws2ifsl - ok
10:53:16.0506 3708 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:53:16.0534 3708 wscsvc - ok
10:53:16.0537 3708 WSearch - ok
10:53:16.0663 3708 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:53:16.0756 3708 wuauserv - ok
10:53:16.0874 3708 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:53:16.0944 3708 WudfPf - ok
10:53:16.0963 3708 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:53:16.0997 3708 WUDFRd - ok
10:53:17.0016 3708 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:53:17.0049 3708 wudfsvc - ok
10:53:17.0075 3708 WUSBVBus (28de9164f5d74cfd2466778ba1d93f30) C:\Windows\system32\DRIVERS\mfpvbus.sys
10:53:17.0099 3708 WUSBVBus - ok
10:53:17.0119 3708 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:53:17.0141 3708 WwanSvc - ok
10:53:17.0264 3708 {329F96B6-DF1E-4328-BFDA-39EA953C1312} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
10:53:17.0286 3708 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
10:53:17.0320 3708 MBR (0x1B8) (972d200618aaa26eb1ecfa8e9645c503) \Device\Harddisk0\DR0
10:53:17.0595 3708 \Device\Harddisk0\DR0 - ok
10:53:17.0603 3708 Boot (0x1200) (7f8f39dd896c7ca09ca092d56cb5e537) \Device\Harddisk0\DR0\Partition0
10:53:17.0606 3708 \Device\Harddisk0\DR0\Partition0 - ok
10:53:17.0646 3708 Boot (0x1200) (ebd710701b3ac661dead5102a1f801da) \Device\Harddisk0\DR0\Partition1
10:53:17.0650 3708 \Device\Harddisk0\DR0\Partition1 - ok
10:53:17.0673 3708 Boot (0x1200) (b5f709ba380e44516ddfc353785c53ea) \Device\Harddisk0\DR0\Partition2
10:53:17.0676 3708 \Device\Harddisk0\DR0\Partition2 - ok
10:53:17.0677 3708 ============================================================
10:53:17.0677 3708 Scan finished
10:53:17.0677 3708 ============================================================
10:53:17.0704 4704 Detected object count: 6
10:53:17.0705 4704 Actual detected object count: 6
10:53:53.0416 4704 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
10:53:53.0416 4704 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
10:53:53.0418 4704 aksdf ( UnsignedFile.Multi.Generic ) - skipped by user
10:53:53.0418 4704 aksdf ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:53:53.0421 4704 aksfridge ( UnsignedFile.Multi.Generic ) - skipped by user
10:53:53.0421 4704 aksfridge ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:53:53.0423 4704 Apache2.2 ( UnsignedFile.Multi.Generic ) - skipped by user
10:53:53.0423 4704 Apache2.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:53:53.0425 4704 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:53:53.0425 4704 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:53:53.0427 4704 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
10:53:53.0428 4704 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
11.05.2012, 10:30
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! |
|
11.05.2012, 15:13
| #22 |
| | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Hallo Arne, Hier der Log von ComboFix: Combofix Logfile: Code:
ATTFilter ComboFix 12-05-11.02 - Gerd 11-05-2012 13:11:06.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2531 [GMT 2:00]
Gestart vanuit: d:\install\Internet\Antivirus\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\Config.ini
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-04-11 to 2012-05-11 ))))))))))))))))))))))))))))))
.
.
2012-05-11 11:23 . 2012-05-11 11:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-07 13:25 . 2012-05-07 13:25 -------- d-----w- c:\program files (x86)\ESET
2012-05-04 20:40 . 2012-05-04 20:40 -------- d-----w- c:\users\Gerd\AppData\Roaming\Malwarebytes
2012-05-04 20:40 . 2012-05-04 20:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-04 20:40 . 2012-05-04 20:40 -------- d-----w- c:\programdata\Malwarebytes
2012-05-04 20:40 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-03 17:24 . 2012-05-03 17:24 129024 ----a-w- c:\windows\RegBootClean64.exe
2012-05-02 11:28 . 2012-05-02 11:28 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-02 11:28 . 2012-05-02 11:28 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-02 11:28 . 2012-05-02 11:28 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-29 07:54 . 2012-04-29 07:54 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-12 22:55 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 22:55 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 22:55 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 22:55 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 22:55 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 22:55 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 22:55 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-12 14:22 . 2012-04-12 14:22 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 08:32 . 2011-11-21 07:56 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-04-29 07:54 . 2011-05-25 07:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 11:50 . 2011-01-07 22:12 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-03-20 11:50 . 2011-11-21 07:56 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-03-20 11:43 . 2011-01-07 22:12 145432 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-03-20 11:43 . 2011-01-07 22:12 339608 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-03-20 10:21 . 2011-11-21 07:56 85192 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-03-20 10:21 . 2011-01-07 22:21 149432 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-20 10:21 . 2011-01-07 22:21 2271160 ----a-w- c:\windows\PCTBDCore.dll
2012-03-20 10:21 . 2011-01-07 22:21 1681336 ----a-w- c:\windows\PCTBDRes.dll
2012-03-20 10:20 . 2011-01-07 22:21 767928 ----a-w- c:\windows\BDTSupport.dll
2012-03-20 09:39 . 2011-01-07 22:21 3488 ----a-w- c:\windows\UDB.zip
2012-03-20 09:39 . 2011-01-07 22:21 131 ----a-w- c:\windows\IDB.zip
2012-03-16 10:15 . 2011-01-07 22:12 426104 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-03-14 17:23 . 2012-03-14 17:23 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-03-14 17:22 . 2012-03-14 17:22 166192 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-03-14 17:22 . 2012-03-14 22:21 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-03-14 17:22 . 2012-03-14 22:21 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-03-14 17:22 . 2012-03-14 17:22 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-03-04 22:42 . 2011-03-21 11:57 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-28 09:43 . 2011-01-07 22:12 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-02-28 09:43 . 2011-01-07 22:12 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-02-17 06:38 . 2012-03-14 07:35 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 07:35 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 07:35 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 07:35 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 10:09 . 2012-02-14 10:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Gerd\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-04-10 1733120]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"PMBVolumeWatcher"="d:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-01-12 371256]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MFP Manager"="c:\program files (x86)\MFP Server Utilities\MFPAgent.exe" [2010-10-01 884736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-5-5 0]
Jacquie Lawson London Advent Calendar.lnk - c:\program files (x86)\Jacquie Lawson London Advent Calendar\Jacquie Lawson London Advent Calendar.exe [N/A]
Manager for Skype.lnk - d:\programfiles (x86)\Manager for Skype\ManagerForSkype.exe [2008-4-15 688128]
OpenOffice.org 3.3.lnk - d:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-10-18 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2}"= "WDSHELL.DLL" [2010-11-30 208896]
.
R2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 253088]
R3 AliWGP;Composite Device;c:\windows\system32\DRIVERS\mfpcomp.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2010-01-19 23536]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
R3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2012-03-20 402336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMSVC;Web Management-service;c:\windows\system32\inetsrv\wmsvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/02/22 13:39];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-01-11 21:57 146928]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;d:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\Drivers\mfpec.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-10-17 20549]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2012-03-20 571320]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-01-12 87336]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-01-12 75048]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-01-12 296232]
S2 ftpsvc;Microsoft FTP-service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;d:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 e1qexpress;Stuurprogramma Q voor Intel(R) PRO/1000 PCI Express-netwerkverbinding;c:\windows\system32\DRIVERS\e1q60x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 WUSBVBus;MFP Server Detector;c:\windows\system32\DRIVERS\mfpvbus.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
Akamai REG_MULTI_SZ Akamai
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 07:54]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 17:54]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 17:54]
.
2012-04-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
.
2012-04-08 c:\windows\Tasks\WDStatistic_WebServer_Chris.job
- d:\webdev 16\Programs\WDStatistic.exe [2011-01-20 10:04]
.
2011-07-06 c:\windows\Tasks\WDStatistique_WebServer_Chris.job
- d:\webdev 16\Programs\WDStatistic.exe [2011-01-20 10:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/webhp?hl=nl
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: &Verzenden naar OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.123.254
FF - ProfilePath - c:\users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\a9ua28ft.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
Wow6432Node-HKLM-Run-PCTools FGuard - c:\program files (x86)\PC Tools Security\BDT\FGuard.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Streamripper - c:\program files (x86)\Streamripper\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-05-11 13:47:23
ComboFix-quarantined-files.txt 2012-05-11 11:47
.
Pre-Run: 236.484.005.888 bytes beschikbaar
Post-Run: 235.977.572.352 bytes beschikbaar
.
- - End Of File - - A5A1F9B9EB1B4FF61699F5E3F869989C
Noch irgend welche Besonderheiten? MfG, Gerd |
|
11.05.2012, 19:29
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.05.2012, 22:24
| #24 |
| | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Hallo Arne, Was ich auch mache, aber halberwege des Scans bekomme ich die folgende Fehlermeldung: Avast!Antirootkit arbeitet nicht mehr. Es passiert immer an der gleichen Stelle beim scannen: scanning: c:\windows\assambly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.... Was soll ich machen? Kann ich den Directory einfach löschen? Ich brauche VisualStuudio in jedem Fall nicht. MfG, Gerd |
|
11.05.2012, 23:01
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Deswegen wurde extra das gepostet  Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.05.2012, 23:18
| #26 |
| | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Hallo Arne, Hab's endlich geschafft, so wie beschrieben: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-12 00:13:36
-----------------------------
00:13:36.968 OS Version: Windows x64 6.1.7601 Service Pack 1
00:13:36.968 Number of processors: 4 586 0x503
00:13:36.968 ComputerName: GERD-HP UserName: Gerd
00:13:41.539 Initialize success
00:13:46.983 AVAST engine defs: 12051100
00:14:06.452 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
00:14:06.467 Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 11
00:14:06.483 Disk 0 MBR read successfully
00:14:06.499 Disk 0 MBR scan
00:14:06.499 Disk 0 unknown MBR code
00:14:06.514 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:14:06.530 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 322817 MB offset 206848
00:14:06.545 Disk 0 Partition - 00 0F Extended LBA 365584 MB offset 1204805632
00:14:06.577 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 265366 MB offset 661336064
00:14:06.623 Disk 0 Partition - 00 05 Extended 353620 MB offset 1204807679
00:14:06.623 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 353620 MB offset 1204807680
00:14:06.639 Disk 0 Partition - 00 05 Extended 11962 MB offset 1929025535
00:14:06.670 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 11961 MB offset 1929025536
00:14:07.232 Disk 0 scanning C:\Windows\system32\drivers
00:14:18.308 Service scanning
00:14:36.694 Modules scanning
00:14:36.704 Disk 0 trace - called modules:
00:14:36.744 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys amdxata.sys storport.sys hal.dll amdsata.sys
00:14:36.744 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049f7790]
00:14:36.754 3 CLASSPNP.SYS[fffff88001ba043f] -> nt!IofCallDriver -> [0xfffffa80048e5bc0]
00:14:36.764 5 PCTCore64.sys[fffff880010ee6f4] -> nt!IofCallDriver -> [0xfffffa80048d0b80]
00:14:36.774 7 amdxata.sys[fffff880010b57a8] -> nt!IofCallDriver -> \Device\00000066[0xfffffa80048c99c0]
00:14:36.774 Scan finished successfully
00:14:56.872 Disk 0 MBR has been saved successfully to "D:\Install\Internet\Antivirus\MBR.dat"
00:14:57.200 The log file has been saved successfully to "D:\Install\Internet\Antivirus\aswMBR.txt"
MfG, Gerd |
|
11.05.2012, 23:53
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.05.2012, 08:55
| #28 |
| | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Hallo Arne, Auf dem PC habe ich "Oracle VM VirtualBox" installiert. Kann dadurch der Bootsector verändert sein? M.a.W. MBR-Fix ausführen oder nicht? MfG, Gerd |
|
12.05.2012, 20:20
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Durch eine VirtualBox? Nein
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.05.2012, 21:42
| #30 |
| | Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! Hallo Arne, Gerade fällt mir ein, wieso der MBR verändert ist. Bevor ich die VirtualBox installiert habe (um WindowsXP benutzen zu können), hatte ich erst versucht mit Paragon Partion Manager ein Dual-boot System zu bauen. Weil das aber nicht richtig funktionieren wollte habe ich das aufgegeben und den MBR durch Paragon wieder zurücksetzen lassen. Das scheint aber nicht 100% der alte MBR zu sein. Ich gehe aber davon aus, das Paragon den MBR nicht infiziert hat! Deshalb erwäge ich jetzt um den MBR so zu lassen wie er ist, weil ich nicht gerne das Risiko eingehe, das (jetzt ordentlich) laufende System zu verlieren. Was denken Sie? MfG, Gerd |
|
| Themen zu Anti-Malware findet Trojan.FakeAlert in DeccryptHellper! |
| anti-malware, befallen, beitrag, dateien, dateien verschlüsselt, decrypthelper, erstellen, folge, folgende, forum, helper, installiert, interesse, mail, malwarebytes, meldung, nicht mehr, programm, ransomlock, rojaner gefunden, scan, scannen, setzen, thema, trojan.fakealert, trojaner, trojaner gefunden, viren, viren?, wichtige |
Linear-Darstellung
