Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Verschlüsselungs-trojaner....wie komm ich weiter

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.05.2012, 15:54   #1
steffi2110
 
Verschlüsselungs-trojaner....wie komm ich weiter - Standard

Verschlüsselungs-trojaner....wie komm ich weiter



Hallo, ich hab heute dummerweise auch so eine mail geöffnet mit einer dubiosen rechnung und mir prompt diesen verschlüsselungs-trojaner geholt. Hab hier jetzt schon einiges nachgelesen, da ich aber leider ein fachidiot bin, brauche ich eure hilfe:
Konnte den laptop im abgesicherten modus starten, habe dann Malwarebytes drüberlaufen lassen, hatte 3 funde und diese gelöscht. Leider keinerlei wirkung. Jetzt hab ich mit diese otple cd gebrannt und damit gebootet, jetzt kommt aber, wenn ich auf das icon klicke " browse for folder" und egal was ich auswähle kommt ein RunScanner error. Was nun? Wie mach ich jetzt weiter???
Vielen lieben dank schonmal für die hilfe

Habs hinbekommen, poste die logs sobald ich sie hab.

Alt 21.05.2012, 13:23   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs-trojaner....wie komm ich weiter - Standard

Verschlüsselungs-trojaner....wie komm ich weiter



Zitat:
Habs hinbekommen, poste die logs sobald ich sie hab.
Poste erstmal alle Logs von Malwarebytes!
__________________

__________________

Alt 21.05.2012, 16:35   #3
steffi2110
 
Verschlüsselungs-trojaner....wie komm ich weiter - Standard

Verschlüsselungs-trojaner....wie komm ich weiter



also, hier mal mein ergebnis bei malware:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.20.03

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Steffi :: STEFFI-PC [Administrator]

20.05.2012 14:15:45
mbam-log-2012-05-20 (14-15-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 402185
Laufzeit: 1 Stunde(n), 12 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Steffi\AppData\Local\Temp\is1590112554\IWantThis_SRC_ROW.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Steffi\Downloads\DownloadManagerSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\DealioToolbar.exe (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
__________________

Alt 21.05.2012, 18:35   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs-trojaner....wie komm ich weiter - Standard

Verschlüsselungs-trojaner....wie komm ich weiter



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Alt 21.05.2012, 23:10   #5
steffi2110
 
Verschlüsselungs-trojaner....wie komm ich weiter - Standard

Verschlüsselungs-trojaner....wie komm ich weiter



Ich habe nur zwei alte loga von 06+07/2011 jeweils ohne irgendwelche infizierten dateien. Trotzdem posten?

ich hab jetzt in der zwischenzeit mal kapersky drüber laufen lassen und jetzt startet mein pc wieder ganz normal. bilder und musikdateien kann ich auch ganz normal öffnen. sehe nicht, dass irgendwas verschlüsselt wäre.
nur mein office-paket verlangt ein, dass ich übers Internet die Software aktivieren soll ?!
irgendwie kann ich net so recht glauben, dass ich das viech von meinem rechner hab. muss ich jetzt noch was tun???

ich bin soooo froh, dass es dieses forum hier gibt und dass ihr uns so toll weiterhelft!!!


Alt 22.05.2012, 12:38   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs-trojaner....wie komm ich weiter - Standard

Verschlüsselungs-trojaner....wie komm ich weiter



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> Verschlüsselungs-trojaner....wie komm ich weiter

Alt 22.05.2012, 18:46   #7
steffi2110
 
Verschlüsselungs-trojaner....wie komm ich weiter - Standard

Verschlüsselungs-trojaner....wie komm ich weiter



ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c261e7d3df71f04fb7084bb74774f091
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-22 05:24:13
# local_time=2012-05-22 07:24:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5121 16777213 100 75 1536457 38189575 0 0
# compatibility_mode=5892 16776574 100 100 56500227 175230841 0 0
# compatibility_mode=8192 67108863 100 0 124 124 0 0
# scanned=214027
# found=5
# cleaned=0
# scan_time=9339
C:\Users\Steffi\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Steffi\AppData\Local\Temp\is1590112554\ezLookerSilent_DDD_FTT_BG_BD_BVD.exe probably a variant of Win32/Adware.HLQFYSH application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Steffi\AppData\Local\Temp\is1590112554\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Steffi\Downloads\aTube_aTube297.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Steffi\Downloads\Setup19_FreeConverter.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I

Alt 22.05.2012, 19:27   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs-trojaner....wie komm ich weiter - Standard

Verschlüsselungs-trojaner....wie komm ich weiter



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Alt 22.05.2012, 19:50   #9
steffi2110
 
Verschlüsselungs-trojaner....wie komm ich weiter - Standard

Verschlüsselungs-trojaner....wie komm ich weiter



1. normaler Modus geht uneingeschränkt
2. hab mal durchgesucht, aber alles gefunden. wie gesagt, office-paket soll ich im internet neu aktivieren, aber paint shop pro kommt ne fehlermeldung "wurde beschädigt oder illegal verwendet". sonst is mir jetzt nix aufgefallen

Alt 22.05.2012, 19:55   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs-trojaner....wie komm ich weiter - Standard

Verschlüsselungs-trojaner....wie komm ich weiter



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Alt 22.05.2012, 21:22   #11
steffi2110
 
Verschlüsselungs-trojaner....wie komm ich weiter - Standard

Verschlüsselungs-trojaner....wie komm ich weiter



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.05.2012 21:16:28 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\Steffi\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,61% Memory free
6,21 Gb Paging File | 4,78 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 243,61 Gb Free Space | 53,42% Space Free | Partition Type: NTFS
 
Computer Name: STEFFI-PC | User Name: Steffi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.22 20:59:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Steffi\Downloads\OTL.exe
PRC - [2012.05.16 18:25:46 | 000,992,648 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.05.16 18:16:50 | 000,785,344 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2012.04.09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.03.21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012.03.20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2012.03.20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2012.03.20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011.10.13 09:31:34 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Steffi\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010.12.15 23:46:06 | 000,151,056 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\Core\mchost.exe
PRC - [2010.10.18 15:37:35 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2010.07.20 17:21:40 | 000,323,280 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.09.18 18:22:24 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009.06.23 17:19:14 | 000,711,200 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009.06.23 17:19:12 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
PRC - [2009.05.20 20:18:32 | 000,075,048 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.05.14 23:03:18 | 000,345,384 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.05.13 19:39:42 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.04.11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.24 02:16:02 | 000,870,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009.01.21 01:41:18 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008.10.24 21:18:26 | 000,237,568 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
PRC - [2008.08.08 17:30:44 | 000,016,712 | R--- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2008.08.08 17:30:40 | 000,532,808 | R--- | M] (Corel, Inc.) -- C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.26 13:00:14 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012.01.03 12:58:11 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012.01.03 12:58:08 | 003,186,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.01.03 12:57:17 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2011.12.27 04:51:23 | 005,251,072 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.07.21 14:33:29 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3314.38784__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009.07.21 14:33:29 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3314.38856__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009.07.21 14:33:29 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3314.38769__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009.07.21 14:33:29 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3314.38785__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009.07.21 14:33:29 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3314.38836__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009.07.21 14:33:29 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3314.38776__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009.07.21 14:33:29 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3314.38817__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009.07.21 14:33:29 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3314.38781__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009.07.21 14:33:29 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3314.38805__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009.07.21 14:33:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3314.38776__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009.07.21 14:33:28 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3314.38808__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009.07.21 14:33:28 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3314.38777__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009.07.21 14:33:28 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3314.38786__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009.07.21 14:33:28 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3314.38803__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009.07.21 14:33:28 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3314.38831__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009.07.21 14:33:28 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3314.38816__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009.07.21 14:33:28 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3314.38823__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009.07.21 14:33:28 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3314.38789__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009.07.21 14:33:28 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3314.38785__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009.07.21 14:33:28 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3314.38856__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2009.07.21 14:33:28 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3314.38857__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009.07.21 14:33:28 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3314.38815__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009.07.21 14:33:28 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3314.38823__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009.07.21 14:33:28 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3314.38807__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009.07.21 14:33:28 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3314.38806__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009.07.21 14:33:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3314.38822__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009.07.21 14:33:28 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3314.38855__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009.07.21 14:33:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3314.38789__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009.07.21 14:33:28 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3314.38815__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009.07.21 14:33:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3314.38816__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009.07.21 14:33:27 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3314.38806__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009.07.21 14:33:27 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3294.18708__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009.07.21 14:33:27 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3294.18772__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3294.18735__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3294.18767__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009.07.21 14:33:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3294.18785__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3314.38807__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009.07.21 14:33:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3294.18699__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009.07.21 14:33:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3294.18701__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009.07.21 14:33:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3294.18832__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009.07.21 14:33:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3294.18784__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3294.18760__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3294.18769__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3294.18753__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009.07.21 14:33:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3294.18737__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3294.18731__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3294.18717__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3294.18757__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3294.18709__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3294.18745__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009.07.21 14:33:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3294.18787__90ba9c70f846762e\DEM.OS.dll
MOD - [2009.07.21 14:33:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009.07.21 14:33:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3294.18755__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009.07.21 14:33:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009.07.21 14:33:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3294.18727__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3294.18758__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3294.18755__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3294.18751__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3294.18787__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3294.18795__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3294.18747__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3294.18794__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009.07.21 14:33:27 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009.07.21 14:33:26 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3314.38773__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009.07.21 14:33:26 | 000,540,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3314.38846__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009.07.21 14:33:26 | 000,503,808 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3314.38881__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2009.07.21 14:33:26 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3314.38780__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009.07.21 14:33:26 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3314.38851__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009.07.21 14:33:26 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3314.38768__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009.07.21 14:33:26 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3314.38767__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009.07.21 14:33:26 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3314.38849__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009.07.21 14:33:26 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3314.38767__90ba9c70f846762e\APM.Server.dll
MOD - [2009.07.21 14:33:26 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3314.38769__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009.07.21 14:33:26 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3294.18766__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009.07.21 14:33:26 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3294.18765__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009.07.21 14:33:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3294.18750__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009.07.21 14:33:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3314.38766__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.07.21 14:33:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3314.38864__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009.07.21 14:33:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3294.18714__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009.07.21 14:33:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3294.18740__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009.07.21 14:33:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009.07.21 14:33:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3294.18725__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009.07.21 14:33:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3294.18742__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009.07.21 14:33:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009.07.21 14:33:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3294.18756__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009.07.21 14:33:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3294.18748__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009.07.21 14:33:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3314.38850__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.07.21 14:33:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3294.18748__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009.07.21 14:33:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009.07.21 14:33:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3294.18720__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009.07.21 14:33:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3294.18745__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009.07.21 14:33:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3294.18744__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009.07.21 14:33:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3294.18774__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009.07.21 14:33:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3294.18746__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009.07.21 14:33:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009.07.21 14:33:26 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009.07.21 14:33:26 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009.07.21 14:33:26 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3314.38766__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009.03.30 06:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009.03.30 06:42:19 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2009.03.30 06:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.30 06:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2009.02.02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009.01.30 10:41:20 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009.01.28 08:33:22 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.08.08 17:30:44 | 000,016,712 | R--- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2003.06.07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.16 18:16:50 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.05.05 11:08:50 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.21 10:05:14 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.04.05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.22 19:29:08 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012.03.20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2012.03.20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012.03.20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010.04.09 18:56:08 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.05.20 20:18:32 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2012.05.20 16:10:22 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012.02.22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012.02.22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012.02.22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012.02.22 13:29:46 | 000,169,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012.02.22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012.02.22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012.02.22 13:29:46 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2012.02.22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012.02.22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010.04.12 22:16:47 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.04.12 22:16:47 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.09.18 18:23:08 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/07/21 14:46:41] [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2009.02.21 04:10:00 | 000,153,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009.01.28 09:51:40 | 004,303,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.12.30 00:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.12.04 18:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008.12.04 18:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008.12.04 18:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008.03.01 01:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005.08.17 08:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005.08.17 08:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005.08.17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
IE - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735
IE - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wetter.com/
IE - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\5.7\dealioToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=100512_2_&babsrc=SP_ss&mntrId=1c36cde40000000000000017c4a0dde7
IE - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de___DE350
IE - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000\..\SearchScopes\{76FEF1EC-630D-4D88-A968-B933E7A884B0}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000\..\SearchScopes\{9EC509D3-F7D3-40CA-921C-5599935E315F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=867034&p={searchTerms}
IE - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000\..\SearchScopes\{ABA152D0-ACB9-40A7-A7A0-D444D539C758}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110819&tt=100512_2_&babsrc=KW_ss&mntrId=1c36cde40000000000000017c4a0dde7&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.5: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.1.5.22: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.02.28 08:19:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.05.22 21:15:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.05 11:08:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.14 13:53:25 | 000,000,000 | ---D | M]
 
[2010.09.01 18:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi\AppData\Roaming\mozilla\Extensions
[2012.05.20 16:07:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\p8ltz4y3.default\extensions
[2010.09.21 12:57:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\p8ltz4y3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.30 22:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.04.30 22:39:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.05.05 11:08:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012.02.21 15:38:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.10.23 16:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.03.18 09:18:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.20 14:10:36 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.03.18 09:18:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.18 09:18:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.18 09:18:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.23 08:09:01 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.03.18 09:18:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.18 09:18:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
Hosts file not found
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\5.7\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120503123525.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\5.7\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - Startup: C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O8 - Extra context menu item: Add to Video Converter... - C:\Program Files\Media Player Utilities 5.16\AVIConverter\grab.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steffi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB (O2C-Player (ELECO Software GmbH))
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{084B4A50-A07C-4BF1-BA71-B1AC0FF67878}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Steffi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Steffi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2bb5f3a8-3689-11df-a6a5-001f16b1a7e6}\Shell - "" = AutoRun
O33 - MountPoints2\{2bb5f3a8-3689-11df-a6a5-001f16b1a7e6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{31b1e1b0-02a0-11df-8a6e-001f16b1a7e6}\Shell - "" = AutoRun
O33 - MountPoints2\{31b1e1b0-02a0-11df-8a6e-001f16b1a7e6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{31b1e1c8-02a0-11df-8a6e-001f16b1a7e6}\Shell - "" = AutoRun
O33 - MountPoints2\{31b1e1c8-02a0-11df-8a6e-001f16b1a7e6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7b2bc304-3646-11df-a1eb-001f16b1a7e6}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2bc304-3646-11df-a1eb-001f16b1a7e6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7b2bc31c-3646-11df-a1eb-001f16b1a7e6}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2bc31c-3646-11df-a1eb-001f16b1a7e6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet: mfefirek - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {93ADC699-F3C9-2439-8432-7381F787CFBE} - Java (Sun)
ActiveX: {9847DD13-2D7E-B1B6-1609-82BAAFBBD910} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D05A3A0B-E9A5-A4ED-C5F6-EB82DCF09687} - 
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\LameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.22 16:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.22 12:18:22 | 000,000,000 | ---D | C] -- C:\Users\Steffi\Desktop\de
[2012.05.22 12:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.05.20 16:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2012.05.20 16:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012.05.20 14:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.20 14:14:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.20 14:14:18 | 000,000,000 | ---D | C] -- C:\Users\Steffi\Desktop\Malwarebytes' Anti-Malware
[2012.05.20 14:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\DownloadManager
[2012.05.20 14:10:31 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Local\Babylon
[2012.05.20 14:10:30 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\Babylon
[2012.05.20 14:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.05.20 09:32:41 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\Mmnnyysskkb
[2012.05.19 07:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.05.19 07:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.05.19 07:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Dealio Toolbar
[2012.05.05 11:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.05 11:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.30 22:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.04.30 22:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.04.30 22:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.04.29 20:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.04.29 20:16:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.04.29 20:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.04.27 09:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.22 21:23:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.22 21:07:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.22 21:07:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.22 20:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.22 20:49:28 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.05.22 17:23:21 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.22 12:34:08 | 000,002,591 | ---- | M] () -- C:\Users\Steffi\Desktop\Microsoft Office Word 2007.lnk
[2012.05.22 12:23:16 | 000,002,689 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.05.22 12:23:16 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office Excel 2007.lnk
[2012.05.22 12:23:16 | 000,002,663 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office Word 2007.lnk
[2012.05.22 12:23:16 | 000,002,643 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office OneNote 2007.lnk
[2012.05.22 12:18:51 | 000,025,866 | ---- | M] () -- C:\Users\Steffi\Desktop\config.xml
[2012.05.22 12:18:22 | 000,799,232 | ---- | M] () -- C:\Users\Steffi\Desktop\Avira-RansomFileUnlocker.exe
[2012.05.22 12:16:50 | 000,001,699 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2012.05.22 12:14:51 | 000,637,794 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.22 12:14:51 | 000,603,746 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.22 12:14:51 | 000,132,986 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.22 12:14:51 | 000,109,026 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.22 12:07:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.22 12:07:37 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.21 18:38:59 | 000,007,512 | ---- | M] () -- C:\Users\Steffi\AppData\Local\d3d9caps.dat
[2012.05.21 18:38:54 | 000,002,339 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.05.20 14:14:19 | 000,000,706 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.20 14:10:43 | 000,000,250 | ---- | M] () -- C:\user.js
[2012.05.11 07:45:01 | 003,704,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.06 08:30:23 | 000,113,017 | ---- | M] () -- C:\Users\Steffi\Desktop\Fliesen-Fliesenleger-Guetersloh-Badezimmer10-Bodenfliesen-Wandfliesen-rutschfest-Villeroy-Boch-Jasba-glasiert-matt--glaenzend.gif
[2012.05.06 08:30:12 | 000,386,340 | ---- | M] () -- C:\Users\Steffi\Desktop\Fliesen-Fliesenleger-Guetersloh-Badezimmer3-Bodenfliesen-Wandfliesen-Mosaikfliesen-rutschfeste-Fliesen-Bord%FCre-Villeroy-Boch-glasiert-matt-glaenzend.gif
[2012.05.06 08:29:56 | 000,159,628 | ---- | M] () -- C:\Users\Steffi\Desktop\Fliesen-Fliesenleger-Guetersloh-Badezimmer5-Bodenfliesen-Wandfliesen-Mosaikfliesen-rutschfeste-Fliesen-Bord%FCre-Villeroy-Boch-glasiert-matt-glaenzend.gif
[2012.05.01 08:16:13 | 000,054,784 | ---- | M] () -- C:\Users\Steffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.29 20:17:47 | 000,001,628 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.22 12:23:16 | 000,002,689 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.05.22 12:23:16 | 000,002,669 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office Excel 2007.lnk
[2012.05.22 12:23:16 | 000,002,663 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office Word 2007.lnk
[2012.05.22 12:23:16 | 000,002,643 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office OneNote 2007.lnk
[2012.05.22 12:18:51 | 000,025,866 | ---- | C] () -- C:\Users\Steffi\Desktop\config.xml
[2012.05.22 11:06:23 | 3215,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2012.05.20 14:14:19 | 000,000,706 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.20 14:11:18 | 000,001,786 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.05.20 14:11:18 | 000,001,730 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.05.20 14:11:18 | 000,001,709 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.05.20 14:10:43 | 000,000,250 | ---- | C] () -- C:\user.js
[2012.05.20 10:43:01 | 000,001,699 | ---- | C] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2012.05.06 08:30:23 | 000,113,017 | ---- | C] () -- C:\Users\Steffi\Desktop\Fliesen-Fliesenleger-Guetersloh-Badezimmer10-Bodenfliesen-Wandfliesen-rutschfest-Villeroy-Boch-Jasba-glasiert-matt--glaenzend.gif
[2012.05.06 08:30:12 | 000,386,340 | ---- | C] () -- C:\Users\Steffi\Desktop\Fliesen-Fliesenleger-Guetersloh-Badezimmer3-Bodenfliesen-Wandfliesen-Mosaikfliesen-rutschfeste-Fliesen-Bord%FCre-Villeroy-Boch-glasiert-matt-glaenzend.gif
[2012.05.06 08:29:56 | 000,159,628 | ---- | C] () -- C:\Users\Steffi\Desktop\Fliesen-Fliesenleger-Guetersloh-Badezimmer5-Bodenfliesen-Wandfliesen-Mosaikfliesen-rutschfeste-Fliesen-Bord%FCre-Villeroy-Boch-glasiert-matt-glaenzend.gif
[2012.04.30 23:59:52 | 000,799,232 | ---- | C] () -- C:\Users\Steffi\Desktop\Avira-RansomFileUnlocker.exe
[2012.04.30 22:39:13 | 000,002,339 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.04.29 20:17:47 | 000,001,628 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.03.27 10:02:03 | 000,203,500 | ---- | C] () -- C:\Windows\hpwins20.dat.temp
[2012.03.27 10:02:03 | 000,002,428 | ---- | C] () -- C:\Windows\hpwmdl20.dat.temp
[2011.11.03 19:06:33 | 000,000,014 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011.10.13 09:30:34 | 003,704,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.30 17:58:27 | 000,000,552 | ---- | C] () -- C:\Users\Steffi\AppData\Local\d3d8caps.dat
[2010.10.19 08:39:41 | 000,000,116 | ---- | C] () -- C:\Users\Steffi\AppData\Roaming\wklnhst.dat
[2010.09.02 16:17:37 | 000,024,206 | ---- | C] () -- C:\Users\Steffi\AppData\Roaming\UserTile.png
[2010.08.17 16:23:24 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.08.17 16:23:13 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.07.29 16:28:12 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== LOP Check ==========
 
[2009.07.21 14:47:17 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2009.07.21 14:47:17 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2010.01.16 15:17:13 | 000,000,000 | -HSD | M] -- C:\Users\Steffi\AppData\Roaming\.#
[2009.07.21 14:47:17 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Acer GameZone Console
[2009.10.22 09:21:12 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Amazon
[2010.05.15 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Ankh - Heart of Osiris
[2012.05.20 14:10:30 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Babylon
[2010.05.02 10:22:52 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Canon
[2012.03.08 19:16:50 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\DVDVideoSoft
[2012.02.14 15:28:08 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.08 21:08:11 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\EAST Technologies
[2010.07.06 12:26:27 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Engelmann Media
[2010.05.04 10:23:41 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\eSobi
[2011.12.13 17:49:24 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Fox Dgital Copy
[2010.07.06 12:16:59 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\FreeAudioPack
[2010.07.29 16:07:32 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\gtk-2.0
[2010.08.17 16:24:15 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\MAGIX
[2010.05.20 07:54:40 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Meridian93
[2010.04.09 18:56:22 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Merscom
[2012.05.22 13:54:22 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Mmnnyysskkb
[2011.11.10 18:47:41 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\My Games
[2010.04.08 12:00:54 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\OpenCandy
[2010.09.02 16:17:37 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\PeerNetworking
[2010.04.15 13:01:10 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\PlayFirst
[2009.10.23 20:28:34 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\PowerCinema
[2011.08.14 18:38:31 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\ProtectDISC
[2010.05.04 10:28:16 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Samsung
[2009.10.23 22:06:32 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\SoftDMA
[2010.10.19 10:30:03 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Sony
[2010.05.02 15:00:24 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.01.29 23:25:29 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\temp
[2011.11.19 15:19:14 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Ubisoft
[2012.02.14 18:23:00 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\XMedia Recode
[2012.05.22 11:09:35 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.01.16 15:17:13 | 000,000,000 | -HSD | M] -- C:\Users\Steffi\AppData\Roaming\.#
[2009.07.21 14:47:17 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Acer GameZone Console
[2010.05.02 14:57:22 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Adobe
[2010.05.02 15:00:24 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Adobe Mini Bridge CS5
[2009.10.22 09:21:12 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Amazon
[2010.05.15 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Ankh - Heart of Osiris
[2012.03.08 10:11:58 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Apple Computer
[2009.10.21 13:49:29 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\ATI
[2012.05.20 14:10:30 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Babylon
[2010.05.02 10:22:52 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Canon
[2010.07.29 16:28:14 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Corel
[2009.10.23 20:22:26 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\CyberLink
[2012.03.08 19:16:50 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\DVDVideoSoft
[2012.02.14 15:28:08 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.08 21:08:11 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\EAST Technologies
[2010.07.06 12:26:27 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Engelmann Media
[2010.05.04 10:23:41 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\eSobi
[2011.12.13 17:49:24 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Fox Dgital Copy
[2010.07.06 12:16:59 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\FreeAudioPack
[2009.10.21 18:28:38 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Google
[2010.07.29 16:07:32 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\gtk-2.0
[2012.03.27 10:18:14 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\HP
[2011.10.04 09:38:22 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\HpUpdate
[2009.10.21 13:47:30 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Identities
[2009.11.03 20:33:17 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\InstallShield
[2009.10.21 13:48:26 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Macromedia
[2010.08.17 16:24:15 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\MAGIX
[2011.05.23 18:51:05 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Media Center Programs
[2010.05.20 07:54:40 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Meridian93
[2010.04.09 18:56:22 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Merscom
[2012.04.15 15:05:51 | 000,000,000 | --SD | M] -- C:\Users\Steffi\AppData\Roaming\Microsoft
[2012.05.22 13:54:22 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Mmnnyysskkb
[2010.09.01 18:19:27 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Mozilla
[2011.11.10 18:47:41 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\My Games
[2010.04.08 12:00:54 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\OpenCandy
[2010.09.02 16:17:37 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\PeerNetworking
[2010.04.15 13:01:10 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\PlayFirst
[2009.10.23 20:28:34 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\PowerCinema
[2011.08.14 18:38:31 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\ProtectDISC
[2010.03.05 00:23:16 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Roxio
[2010.05.04 10:28:16 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Samsung
[2011.01.29 23:24:56 | 000,000,000 | RH-D | M] -- C:\Users\Steffi\AppData\Roaming\SecuROM
[2012.05.22 21:06:46 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Skype
[2012.03.03 20:28:23 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\skypePM
[2009.10.23 22:06:32 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\SoftDMA
[2010.10.19 10:30:03 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Sony
[2010.05.02 15:00:24 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.01.29 23:25:29 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\temp
[2011.11.19 15:19:14 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Ubisoft
[2010.03.30 14:46:11 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\vlc
[2011.11.03 17:18:37 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\WinRAR
[2012.02.14 18:23:00 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\XMedia Recode
[2010.05.02 10:48:03 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\ZoomBrowser EX
 
< %APPDATA%\*.exe /s >
[2010.08.17 17:54:44 | 000,016,262 | R--- | M] () -- C:\Users\Steffi\AppData\Roaming\Microsoft\Installer\{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}\_A11DE93640ED8233BE4B40.exe
[2010.08.17 17:54:44 | 000,001,518 | R--- | M] () -- C:\Users\Steffi\AppData\Roaming\Microsoft\Installer\{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}\_CB318CB88EFE4AC4CF44A8.exe
[2010.08.17 17:54:44 | 000,001,078 | R--- | M] () -- C:\Users\Steffi\AppData\Roaming\Microsoft\Installer\{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}\_E35C0B4D1E1333D4C8F257.exe
[2010.08.17 17:54:44 | 000,010,134 | R--- | M] () -- C:\Users\Steffi\AppData\Roaming\Microsoft\Installer\{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}\_EB6DAA30CDDF2A736B648A.exe
[2010.02.19 16:18:17 | 000,010,134 | R--- | M] () -- C:\Users\Steffi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.08.02 22:46:45 | 000,000,048 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
[2010.08.01 17:42:02 | 000,000,019 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
[2 C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Recent\*.tmp files -> C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Recent\*.tmp -> ]
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.02.12 03:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\Driver64\IaStor.sys
[2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\Driver\IaStor.sys
[2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
[2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_c491546e\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Users\Steffi\Desktop\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2012.05.20 16:10:22 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.01.28 08:34:54 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1982A23
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:225CD7D5

< End of report >
         
--- --- ---
[code\]

hoffe, das hilft weiter ;-)
danke für deine super erklärungen, das blick sogar ICH !

Alt 23.05.2012, 08:57   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs-trojaner....wie komm ich weiter - Standard

Verschlüsselungs-trojaner....wie komm ich weiter



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
SRV - [2012.05.16 18:16:50 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=100512_2_&babsrc=SP_ss&mntrId=1c36cde40000000000000017c4a0dde7
IE - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=110819&tt=100512_2_&babsrc=KW_ss&mntrId=1c36cde40000000000000017c4a0dde7&q="
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\5.7\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\5.7\dealioToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-2491371480-1582872288-3399617029-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - Startup: C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2bb5f3a8-3689-11df-a6a5-001f16b1a7e6}\Shell - "" = AutoRun
O33 - MountPoints2\{2bb5f3a8-3689-11df-a6a5-001f16b1a7e6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{31b1e1b0-02a0-11df-8a6e-001f16b1a7e6}\Shell - "" = AutoRun
O33 - MountPoints2\{31b1e1b0-02a0-11df-8a6e-001f16b1a7e6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{31b1e1c8-02a0-11df-8a6e-001f16b1a7e6}\Shell - "" = AutoRun
O33 - MountPoints2\{31b1e1c8-02a0-11df-8a6e-001f16b1a7e6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7b2bc304-3646-11df-a1eb-001f16b1a7e6}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2bc304-3646-11df-a1eb-001f16b1a7e6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7b2bc31c-3646-11df-a1eb-001f16b1a7e6}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2bc31c-3646-11df-a1eb-001f16b1a7e6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
[2012.05.20 14:10:31 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Local\Babylon
[2012.05.20 14:10:30 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\Babylon
[2012.05.20 14:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.05.20 09:32:41 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\Mmnnyysskkb
[2012.05.20 14:10:43 | 000,000,250 | ---- | M] () -- C:\user.js
[2010.01.16 15:17:13 | 000,000,000 | -HSD | M] -- C:\Users\Steffi\AppData\Roaming\.#
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1982A23
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:225CD7D5
:Files
C:\Program Files\Common Files\Spigot
C:\Program Files\Application Updater
C:\Program Files\Dealio Toolbar
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Alt 24.05.2012, 08:24   #13
steffi2110
 
Verschlüsselungs-trojaner....wie komm ich weiter - Standard

Verschlüsselungs-trojaner....wie komm ich weiter



Code:
ATTFilter
All processes killed
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-2491371480-1582872288-3399617029-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2491371480-1582872288-3399617029-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: dealio@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: "hxxp://search.babylon.com/?affID=110819&tt=100512_2_&babsrc=KW_ss&mntrId=1c36cde40000000000000017c4a0dde7&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
C:\Program Files\Dealio Toolbar\IE\5.7\dealioToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
File C:\Program Files\Dealio Toolbar\IE\5.7\dealioToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2491371480-1582872288-3399617029-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2491371480-1582872288-3399617029-1000\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2bb5f3a8-3689-11df-a6a5-001f16b1a7e6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bb5f3a8-3689-11df-a6a5-001f16b1a7e6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2bb5f3a8-3689-11df-a6a5-001f16b1a7e6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bb5f3a8-3689-11df-a6a5-001f16b1a7e6}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31b1e1b0-02a0-11df-8a6e-001f16b1a7e6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31b1e1b0-02a0-11df-8a6e-001f16b1a7e6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31b1e1b0-02a0-11df-8a6e-001f16b1a7e6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31b1e1b0-02a0-11df-8a6e-001f16b1a7e6}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31b1e1c8-02a0-11df-8a6e-001f16b1a7e6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31b1e1c8-02a0-11df-8a6e-001f16b1a7e6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31b1e1c8-02a0-11df-8a6e-001f16b1a7e6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31b1e1c8-02a0-11df-8a6e-001f16b1a7e6}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b2bc304-3646-11df-a1eb-001f16b1a7e6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b2bc304-3646-11df-a1eb-001f16b1a7e6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b2bc304-3646-11df-a1eb-001f16b1a7e6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b2bc304-3646-11df-a1eb-001f16b1a7e6}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b2bc31c-3646-11df-a1eb-001f16b1a7e6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b2bc31c-3646-11df-a1eb-001f16b1a7e6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b2bc31c-3646-11df-a1eb-001f16b1a7e6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b2bc31c-3646-11df-a1eb-001f16b1a7e6}\ not found.
File E:\AutoRun.exe not found.
C:\Users\Steffi\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Steffi\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Steffi\AppData\Local\Babylon folder moved successfully.
C:\Users\Steffi\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\Steffi\AppData\Roaming\Mmnnyysskkb folder moved successfully.
C:\user.js moved successfully.
C:\Users\Steffi\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\Temp:B203B914 deleted successfully.
ADS C:\ProgramData\Temp:131C0EE9 deleted successfully.
ADS C:\ProgramData\Temp:E1982A23 deleted successfully.
ADS C:\ProgramData\Temp:225CD7D5 deleted successfully.
========== FILES ==========
C:\Program Files\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Program Files\Application Updater folder moved successfully.
C:\Program Files\Dealio Toolbar\Res\Lang folder moved successfully.
C:\Program Files\Dealio Toolbar\Res folder moved successfully.
C:\Program Files\Dealio Toolbar\IE\5.7 folder moved successfully.
C:\Program Files\Dealio Toolbar\IE folder moved successfully.
C:\Program Files\Dealio Toolbar\FF\chrome folder moved successfully.
C:\Program Files\Dealio Toolbar\FF folder moved successfully.
C:\Program Files\Dealio Toolbar folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41695 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Steffi
->Temp folder emptied: 1071560602 bytes
->Temporary Internet Files folder emptied: 9978074 bytes
->Java cache emptied: 8197395 bytes
->FireFox cache emptied: 49937069 bytes
->Google Chrome cache emptied: 6138516 bytes
->Flash cache emptied: 1139 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1618992 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115008295 bytes
RecycleBin emptied: 1187429948 bytes
 
Total Files Cleaned = 2.336,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Steffi
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.1 log created on 05242012_091414

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 24.05.2012, 21:22   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs-trojaner....wie komm ich weiter - Standard

Verschlüsselungs-trojaner....wie komm ich weiter



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!


Alt 25.05.2012, 17:24   #15
steffi2110
 
Verschlüsselungs-trojaner....wie komm ich weiter - Standard

Verschlüsselungs-trojaner....wie komm ich weiter



Hallo Arne,

hier das neue Log:

Code:
ATTFilter
18:15:13.0066 3888	TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
18:15:13.0692 3888	============================================================
18:15:13.0692 3888	Current date / time: 2012/05/25 18:15:13.0692
18:15:13.0692 3888	SystemInfo:
18:15:13.0692 3888	
18:15:13.0693 3888	OS Version: 6.0.6002 ServicePack: 2.0
18:15:13.0693 3888	Product type: Workstation
18:15:13.0693 3888	ComputerName: STEFFI-PC
18:15:13.0693 3888	UserName: Steffi
18:15:13.0693 3888	Windows directory: C:\Windows
18:15:13.0693 3888	System windows directory: C:\Windows
18:15:13.0693 3888	Processor architecture: Intel x86
18:15:13.0693 3888	Number of processors: 2
18:15:13.0693 3888	Page size: 0x1000
18:15:13.0693 3888	Boot type: Normal boot
18:15:13.0693 3888	============================================================
18:15:14.0131 3888	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:15:14.0133 3888	============================================================
18:15:14.0133 3888	\Device\Harddisk0\DR0:
18:15:14.0133 3888	MBR partitions:
18:15:14.0133 3888	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x38FFD000
18:15:14.0133 3888	============================================================
18:15:14.0240 3888	C: <-> \Device\Harddisk0\DR0\Partition0
18:15:14.0241 3888	============================================================
18:15:14.0241 3888	Initialize success
18:15:14.0241 3888	============================================================
18:16:41.0814 4564	============================================================
18:16:41.0814 4564	Scan started
18:16:41.0814 4564	Mode: Manual; SigCheck; TDLFS; 
18:16:41.0814 4564	============================================================
18:16:42.0758 4564	acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
18:16:43.0008 4564	acedrv11 - ok
18:16:43.0064 4564	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:16:43.0100 4564	ACPI - ok
18:16:43.0179 4564	AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:16:43.0201 4564	AdobeFlashPlayerUpdateSvc - ok
18:16:43.0467 4564	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:16:43.0541 4564	adp94xx - ok
18:16:43.0604 4564	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:16:43.0630 4564	adpahci - ok
18:16:43.0757 4564	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:16:43.0784 4564	adpu160m - ok
18:16:43.0817 4564	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:16:43.0840 4564	adpu320 - ok
18:16:43.0886 4564	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:16:43.0974 4564	AeLookupSvc - ok
18:16:44.0018 4564	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:16:44.0083 4564	AFD - ok
18:16:44.0136 4564	AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\Windows\system32\agrsmsvc.exe
18:16:44.0200 4564	AgereModemAudio - ok
18:16:44.0476 4564	AgereSoftModem  (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
18:16:44.0671 4564	AgereSoftModem - ok
18:16:44.0741 4564	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:16:44.0767 4564	agp440 - ok
18:16:44.0874 4564	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:16:44.0903 4564	aic78xx - ok
18:16:44.0954 4564	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
18:16:45.0083 4564	ALG - ok
18:16:45.0129 4564	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:16:45.0146 4564	aliide - ok
18:16:45.0177 4564	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:16:45.0194 4564	amdagp - ok
18:16:45.0214 4564	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:16:45.0229 4564	amdide - ok
18:16:45.0253 4564	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:16:45.0303 4564	AmdK7 - ok
18:16:45.0320 4564	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:16:45.0370 4564	AmdK8 - ok
18:16:45.0415 4564	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
18:16:45.0470 4564	Appinfo - ok
18:16:45.0701 4564	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:16:45.0724 4564	Apple Mobile Device - ok
18:16:45.0759 4564	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:16:45.0786 4564	arc - ok
18:16:45.0845 4564	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:16:45.0866 4564	arcsas - ok
18:16:45.0898 4564	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:16:45.0948 4564	AsyncMac - ok
18:16:45.0992 4564	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:16:46.0012 4564	atapi - ok
18:16:46.0092 4564	athr            (acdb46b1a467752a2f280c68c8461556) C:\Windows\system32\DRIVERS\athr.sys
18:16:46.0256 4564	athr - ok
18:16:46.0486 4564	Ati External Event Utility (4cfbfec540f136cf952e8b6fdb80e52e) C:\Windows\system32\Ati2evxx.exe
18:16:46.0617 4564	Ati External Event Utility - ok
18:16:46.0904 4564	atikmdag        (6f2cc6403012375385d556bf39382b74) C:\Windows\system32\DRIVERS\atikmdag.sys
18:16:47.0169 4564	atikmdag - ok
18:16:47.0338 4564	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
18:16:47.0363 4564	atksgt - ok
18:16:47.0400 4564	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:16:47.0433 4564	AudioEndpointBuilder - ok
18:16:47.0439 4564	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:16:47.0477 4564	Audiosrv - ok
18:16:47.0548 4564	b57nd60x        (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:16:47.0610 4564	b57nd60x - ok
18:16:47.0641 4564	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:16:47.0696 4564	Beep - ok
18:16:47.0762 4564	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
18:16:47.0844 4564	BFE - ok
18:16:47.0972 4564	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
18:16:48.0085 4564	BITS - ok
18:16:48.0128 4564	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:16:48.0197 4564	blbdrive - ok
18:16:48.0309 4564	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:16:48.0333 4564	Bonjour Service - ok
18:16:48.0390 4564	Boonty Games    (473a642afe7b31c82857b9fdb302ad1c) C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
18:16:48.0417 4564	Boonty Games ( UnsignedFile.Multi.Generic ) - warning
18:16:48.0417 4564	Boonty Games - detected UnsignedFile.Multi.Generic (1)
18:16:48.0455 4564	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:16:48.0560 4564	bowser - ok
18:16:48.0615 4564	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:16:48.0647 4564	BrFiltLo - ok
18:16:48.0661 4564	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:16:48.0687 4564	BrFiltUp - ok
18:16:48.0728 4564	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
18:16:48.0798 4564	Browser - ok
18:16:48.0828 4564	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:16:49.0000 4564	Brserid - ok
18:16:49.0036 4564	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:16:49.0116 4564	BrSerWdm - ok
18:16:49.0137 4564	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:16:49.0193 4564	BrUsbMdm - ok
18:16:49.0204 4564	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:16:49.0254 4564	BrUsbSer - ok
18:16:49.0280 4564	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:16:49.0328 4564	BTHMODEM - ok
18:16:49.0353 4564	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:16:49.0401 4564	cdfs - ok
18:16:49.0502 4564	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:16:49.0594 4564	cdrom - ok
18:16:49.0644 4564	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:16:49.0688 4564	CertPropSvc - ok
18:16:49.0758 4564	cfwids          (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\Windows\system32\drivers\cfwids.sys
18:16:49.0777 4564	cfwids - ok
18:16:49.0840 4564	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:16:49.0889 4564	circlass - ok
18:16:49.0957 4564	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:16:49.0994 4564	CLFS - ok
18:16:50.0087 4564	CLHNService     (252f4b4edc7bb632e531834f59abb84e) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
18:16:50.0108 4564	CLHNService - ok
18:16:50.0311 4564	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:16:50.0336 4564	clr_optimization_v2.0.50727_32 - ok
18:16:50.0391 4564	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:16:50.0445 4564	CmBatt - ok
18:16:50.0523 4564	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:16:50.0541 4564	cmdide - ok
18:16:50.0573 4564	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:16:50.0590 4564	Compbatt - ok
18:16:50.0599 4564	COMSysApp - ok
18:16:50.0614 4564	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:16:50.0631 4564	crcdisk - ok
18:16:50.0666 4564	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:16:50.0708 4564	Crusoe - ok
18:16:50.0876 4564	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
18:16:50.0906 4564	CryptSvc - ok
18:16:50.0982 4564	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:16:51.0038 4564	DcomLaunch - ok
18:16:51.0086 4564	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:16:51.0153 4564	DfsC - ok
18:16:51.0292 4564	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
18:16:51.0385 4564	DFSR - ok
18:16:51.0574 4564	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
18:16:51.0620 4564	Dhcp - ok
18:16:51.0690 4564	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:16:51.0728 4564	disk - ok
18:16:51.0865 4564	DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
18:16:51.0881 4564	DKbFltr - ok
18:16:51.0906 4564	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
18:16:51.0951 4564	Dnscache - ok
18:16:51.0991 4564	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
18:16:52.0040 4564	dot3svc - ok
18:16:52.0079 4564	Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
18:16:52.0149 4564	Dot4 - ok
18:16:52.0178 4564	Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:16:52.0235 4564	Dot4Print - ok
18:16:52.0270 4564	dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
18:16:52.0334 4564	dot4usb - ok
18:16:52.0380 4564	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
18:16:52.0444 4564	DPS - ok
18:16:52.0539 4564	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:16:52.0596 4564	drmkaud - ok
18:16:52.0688 4564	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:16:52.0766 4564	DXGKrnl - ok
18:16:52.0810 4564	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:16:52.0869 4564	E1G60 - ok
18:16:52.0912 4564	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
18:16:52.0944 4564	EapHost - ok
18:16:53.0006 4564	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:16:53.0025 4564	Ecache - ok
18:16:53.0073 4564	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
18:16:53.0107 4564	ehRecvr - ok
18:16:53.0124 4564	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
18:16:53.0171 4564	ehSched - ok
18:16:53.0179 4564	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
18:16:53.0210 4564	ehstart - ok
18:16:53.0271 4564	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:16:53.0299 4564	elxstor - ok
18:16:53.0373 4564	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
18:16:53.0445 4564	EMDMgmt - ok
18:16:53.0645 4564	ePowerSvc       (2072cbe938dd355c4a52e9a4dcf5439f) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
18:16:53.0688 4564	ePowerSvc - ok
18:16:53.0769 4564	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:16:53.0822 4564	ErrDev - ok
18:16:53.0883 4564	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
18:16:53.0918 4564	EventSystem - ok
18:16:54.0032 4564	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:16:54.0090 4564	exfat - ok
18:16:54.0129 4564	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:16:54.0161 4564	fastfat - ok
18:16:54.0185 4564	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:16:54.0250 4564	fdc - ok
18:16:54.0272 4564	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
18:16:54.0309 4564	fdPHost - ok
18:16:54.0324 4564	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:16:54.0398 4564	FDResPub - ok
18:16:54.0432 4564	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:16:54.0454 4564	FileInfo - ok
18:16:54.0529 4564	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:16:54.0581 4564	Filetrace - ok
18:16:55.0364 4564	FirebirdServerMAGIXInstance (167d24a045499ebef438f231976158df) C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
18:16:55.0497 4564	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
18:16:55.0497 4564	FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
18:16:55.0959 4564	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:16:56.0081 4564	flpydisk - ok
18:16:56.0119 4564	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:16:56.0150 4564	FltMgr - ok
18:16:56.0280 4564	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
18:16:56.0340 4564	FontCache - ok
18:16:56.0459 4564	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:16:56.0486 4564	FontCache3.0.0.0 - ok
18:16:56.0553 4564	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
18:16:56.0638 4564	Fs_Rec - ok
18:16:56.0736 4564	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:16:56.0769 4564	gagp30kx - ok
18:16:56.0854 4564	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:16:56.0874 4564	GEARAspiWDM - ok
18:16:57.0499 4564	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
18:16:57.0643 4564	gpsvc - ok
18:16:57.0847 4564	gupdate1ca52806035fad9 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
18:16:57.0870 4564	gupdate1ca52806035fad9 - ok
18:16:57.0887 4564	gupdatem        (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
18:16:57.0910 4564	gupdatem - ok
18:16:57.0969 4564	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:16:58.0073 4564	HdAudAddService - ok
18:16:58.0494 4564	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:16:58.0543 4564	HDAudBus - ok
18:16:58.0564 4564	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:16:58.0627 4564	HidBth - ok
18:16:58.0737 4564	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:16:58.0797 4564	HidIr - ok
18:16:58.0836 4564	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
18:16:58.0878 4564	hidserv - ok
18:16:58.0905 4564	HidUsb          (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
18:16:58.0952 4564	HidUsb - ok
18:16:58.0981 4564	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
18:16:59.0047 4564	hkmsvc - ok
18:16:59.0076 4564	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:16:59.0103 4564	HpCISSs - ok
18:16:59.0221 4564	hpqcxs08        (b14328cfeeb6b736be44c2c9db3b162c) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:16:59.0242 4564	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
18:16:59.0242 4564	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
18:16:59.0278 4564	hpqddsvc        (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:16:59.0288 4564	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
18:16:59.0288 4564	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
18:16:59.0358 4564	HPSLPSVC        (56fc98f1014ea8dc51b92839c32759ec) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
18:16:59.0393 4564	HPSLPSVC - ok
18:16:59.0454 4564	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:16:59.0537 4564	HTTP - ok
18:16:59.0570 4564	hwdatacard - ok
18:16:59.0619 4564	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:16:59.0638 4564	i2omp - ok
18:16:59.0672 4564	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:16:59.0719 4564	i8042prt - ok
18:16:59.0766 4564	iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
18:16:59.0795 4564	iaStor - ok
18:16:59.0825 4564	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:16:59.0857 4564	iaStorV - ok
18:16:59.0954 4564	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:17:00.0005 4564	idsvc - ok
18:17:00.0032 4564	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:17:00.0056 4564	iirsp - ok
18:17:00.0097 4564	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
18:17:00.0151 4564	IKEEXT - ok
18:17:00.0300 4564	IntcAzAudAddService (ffb0b713a54dd05193dbcd0b790b37ee) C:\Windows\system32\drivers\RTKVHDA.sys
18:17:00.0381 4564	IntcAzAudAddService - ok
18:17:00.0550 4564	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:17:00.0569 4564	intelide - ok
18:17:00.0597 4564	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:17:00.0662 4564	intelppm - ok
18:17:00.0701 4564	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
18:17:00.0765 4564	IPBusEnum - ok
18:17:00.0789 4564	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:17:00.0869 4564	IpFilterDriver - ok
18:17:00.0904 4564	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
18:17:00.0957 4564	iphlpsvc - ok
18:17:00.0974 4564	IpInIp - ok
18:17:01.0015 4564	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:17:01.0047 4564	IPMIDRV - ok
18:17:01.0071 4564	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:17:01.0104 4564	IPNAT - ok
18:17:01.0345 4564	iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
18:17:01.0372 4564	iPod Service - ok
18:17:01.0388 4564	irda            (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
18:17:01.0434 4564	irda - ok
18:17:01.0467 4564	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:17:01.0502 4564	IRENUM - ok
18:17:01.0554 4564	Irmon           (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
18:17:01.0631 4564	Irmon - ok
18:17:01.0651 4564	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:17:01.0671 4564	isapnp - ok
18:17:01.0712 4564	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:17:01.0736 4564	iScsiPrt - ok
18:17:01.0766 4564	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:17:01.0785 4564	iteatapi - ok
18:17:01.0822 4564	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:17:01.0841 4564	iteraid - ok
18:17:01.0890 4564	k57nd60x        (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
18:17:01.0934 4564	k57nd60x - ok
18:17:01.0956 4564	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:17:01.0977 4564	kbdclass - ok
18:17:02.0011 4564	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:17:02.0055 4564	kbdhid - ok
18:17:02.0078 4564	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:17:02.0143 4564	KeyIso - ok
18:17:02.0191 4564	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
18:17:02.0226 4564	KSecDD - ok
18:17:02.0286 4564	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
18:17:02.0352 4564	KtmRm - ok
18:17:02.0400 4564	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
18:17:02.0429 4564	LanmanServer - ok
18:17:02.0521 4564	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
18:17:02.0571 4564	LanmanWorkstation - ok
18:17:02.0606 4564	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
18:17:02.0623 4564	lirsgt - ok
18:17:02.0648 4564	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:17:02.0686 4564	lltdio - ok
18:17:02.0718 4564	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
18:17:02.0761 4564	lltdsvc - ok
18:17:02.0776 4564	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:17:02.0834 4564	lmhosts - ok
18:17:02.0869 4564	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:17:02.0890 4564	LSI_FC - ok
18:17:02.0921 4564	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:17:02.0942 4564	LSI_SAS - ok
18:17:02.0985 4564	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:17:03.0006 4564	LSI_SCSI - ok
18:17:03.0024 4564	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:17:03.0068 4564	luafv - ok
18:17:03.0184 4564	McAfee SiteAdvisor Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:17:03.0206 4564	McAfee SiteAdvisor Service - ok
18:17:03.0274 4564	McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
18:17:03.0294 4564	McComponentHostService - ok
18:17:03.0336 4564	McMPFSvc        (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:17:03.0352 4564	McMPFSvc - ok
18:17:03.0358 4564	mcmscsvc        (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:17:03.0374 4564	mcmscsvc - ok
18:17:03.0379 4564	McNaiAnn        (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:17:03.0395 4564	McNaiAnn - ok
18:17:03.0415 4564	McNASvc         (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:17:03.0431 4564	McNASvc - ok
18:17:03.0528 4564	McODS           (42117cbc4849a5cf11129912dabbdeca) C:\Program Files\McAfee\VirusScan\mcods.exe
18:17:03.0548 4564	McODS - ok
18:17:03.0553 4564	McProxy         (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:17:03.0569 4564	McProxy - ok
18:17:03.0647 4564	McShield        (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
18:17:03.0663 4564	McShield - ok
18:17:03.0692 4564	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
18:17:03.0721 4564	Mcx2Svc - ok
18:17:03.0759 4564	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:17:03.0779 4564	megasas - ok
18:17:03.0839 4564	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:17:03.0902 4564	MegaSR - ok
18:17:03.0970 4564	mfeapfk         (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\Windows\system32\drivers\mfeapfk.sys
18:17:03.0989 4564	mfeapfk - ok
18:17:04.0023 4564	mfeavfk         (c1dc5f42d3367f33b6451be78b38bd46) C:\Windows\system32\drivers\mfeavfk.sys
18:17:04.0043 4564	mfeavfk - ok
18:17:04.0069 4564	mfeavfk01 - ok
18:17:04.0100 4564	mfebopk         (0435c43f4c2be01b84868ad2a906397b) C:\Windows\system32\drivers\mfebopk.sys
18:17:04.0117 4564	mfebopk - ok
18:17:04.0176 4564	mfefire         (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
18:17:04.0198 4564	mfefire - ok
18:17:04.0228 4564	mfefirek        (4ea6ff90015424517843e931448e00f1) C:\Windows\system32\drivers\mfefirek.sys
18:17:04.0260 4564	mfefirek - ok
18:17:04.0306 4564	mfehidk         (d1e998748ba24a731106611d535c6bbf) C:\Windows\system32\drivers\mfehidk.sys
18:17:04.0355 4564	mfehidk - ok
18:17:04.0422 4564	mfenlfk         (ac04a618aef3de0fce91c766f9e069da) C:\Windows\system32\DRIVERS\mfenlfk.sys
18:17:04.0439 4564	mfenlfk - ok
18:17:04.0503 4564	mferkdet        (f454a13377f0a006d20a8c14a753c432) C:\Windows\system32\drivers\mferkdet.sys
18:17:04.0521 4564	mferkdet - ok
18:17:04.0647 4564	mfevtp          (b10c4efd40810c08f4b44df2efcb54f7) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
18:17:04.0666 4564	mfevtp - ok
18:17:04.0695 4564	mfewfpk         (f284337aedb7483df8a5fa840647e2b0) C:\Windows\system32\drivers\mfewfpk.sys
18:17:04.0722 4564	mfewfpk - ok
18:17:04.0748 4564	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:17:04.0800 4564	MMCSS - ok
18:17:04.0830 4564	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:17:04.0880 4564	Modem - ok
18:17:04.0898 4564	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:17:04.0936 4564	monitor - ok
18:17:04.0955 4564	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:17:04.0972 4564	mouclass - ok
18:17:04.0994 4564	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:17:05.0041 4564	mouhid - ok
18:17:05.0064 4564	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:17:05.0081 4564	MountMgr - ok
18:17:05.0133 4564	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:17:05.0151 4564	MozillaMaintenance - ok
18:17:05.0195 4564	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:17:05.0213 4564	mpio - ok
18:17:05.0243 4564	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:17:05.0267 4564	mpsdrv - ok
18:17:05.0317 4564	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
18:17:05.0367 4564	MpsSvc - ok
18:17:05.0395 4564	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:17:05.0414 4564	Mraid35x - ok
18:17:05.0438 4564	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:17:05.0530 4564	MRxDAV - ok
18:17:05.0563 4564	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:17:05.0609 4564	mrxsmb - ok
18:17:05.0655 4564	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:17:05.0685 4564	mrxsmb10 - ok
18:17:05.0693 4564	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:17:05.0716 4564	mrxsmb20 - ok
18:17:05.0734 4564	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
18:17:05.0754 4564	msahci - ok
18:17:05.0769 4564	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:17:05.0791 4564	msdsm - ok
18:17:05.0825 4564	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
18:17:05.0887 4564	MSDTC - ok
18:17:05.0910 4564	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:17:05.0956 4564	Msfs - ok
18:17:05.0968 4564	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:17:05.0989 4564	msisadrv - ok
18:17:06.0025 4564	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
18:17:06.0090 4564	MSiSCSI - ok
18:17:06.0095 4564	msiserver - ok
18:17:06.0139 4564	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:17:06.0197 4564	MSKSSRV - ok
18:17:06.0217 4564	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:17:06.0264 4564	MSPCLOCK - ok
18:17:06.0284 4564	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:17:06.0331 4564	MSPQM - ok
18:17:06.0366 4564	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:17:06.0394 4564	MsRPC - ok
18:17:06.0417 4564	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:17:06.0436 4564	mssmbios - ok
18:17:06.0475 4564	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:17:06.0505 4564	MSTEE - ok
18:17:06.0544 4564	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:17:06.0561 4564	Mup - ok
18:17:06.0595 4564	mwlPSDFilter    (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
18:17:06.0609 4564	mwlPSDFilter - ok
18:17:06.0636 4564	mwlPSDNServ     (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
18:17:06.0650 4564	mwlPSDNServ - ok
18:17:06.0667 4564	mwlPSDVDisk     (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
18:17:06.0681 4564	mwlPSDVDisk - ok
18:17:06.0756 4564	MWLService      (fd257cd94057d02108b954156d7b2770) C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
18:17:06.0773 4564	MWLService - ok
18:17:06.0813 4564	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
18:17:06.0859 4564	napagent - ok
18:17:06.0914 4564	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:17:06.0938 4564	NativeWifiP - ok
18:17:07.0007 4564	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:17:07.0041 4564	NDIS - ok
18:17:07.0110 4564	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:17:07.0158 4564	NdisTapi - ok
18:17:07.0163 4564	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:17:07.0202 4564	Ndisuio - ok
18:17:07.0230 4564	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:17:07.0265 4564	NdisWan - ok
18:17:07.0288 4564	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:17:07.0314 4564	NDProxy - ok
18:17:07.0348 4564	Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
18:17:07.0368 4564	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:17:07.0368 4564	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:17:07.0387 4564	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:17:07.0434 4564	NetBIOS - ok
18:17:07.0469 4564	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:17:07.0575 4564	netbt - ok
18:17:07.0690 4564	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:17:07.0712 4564	Netlogon - ok
18:17:07.0774 4564	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
18:17:07.0828 4564	Netman - ok
18:17:07.0853 4564	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
18:17:07.0903 4564	netprofm - ok
18:17:07.0962 4564	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:17:07.0981 4564	NetTcpPortSharing - ok
18:17:08.0022 4564	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:17:08.0040 4564	nfrd960 - ok
18:17:08.0073 4564	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
18:17:08.0112 4564	NlaSvc - ok
18:17:08.0144 4564	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:17:08.0198 4564	Npfs - ok
18:17:08.0246 4564	NSCIRDA         (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
18:17:08.0282 4564	NSCIRDA - ok
18:17:08.0310 4564	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
18:17:08.0347 4564	nsi - ok
18:17:08.0363 4564	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:17:08.0401 4564	nsiproxy - ok
18:17:08.0543 4564	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:17:08.0587 4564	Ntfs - ok
18:17:08.0721 4564	NTI IScheduleSvc (944e3911888b9fffd843b91c8abbd3f6) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
18:17:08.0735 4564	NTI IScheduleSvc - ok
18:17:08.0768 4564	NTIBackupSvc    (973dcb15731339fca176e534055cf115) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
18:17:08.0781 4564	NTIBackupSvc - ok
18:17:08.0804 4564	NTIDrvr         (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys
18:17:08.0816 4564	NTIDrvr - ok
18:17:08.0834 4564	NTISchedulerSvc (58751f9248d50bce1053976c9e2f0859) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
18:17:08.0848 4564	NTISchedulerSvc - ok
18:17:08.0867 4564	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:17:08.0922 4564	ntrigdigi - ok
18:17:08.0942 4564	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:17:08.0990 4564	Null - ok
18:17:09.0022 4564	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:17:09.0040 4564	nvraid - ok
18:17:09.0061 4564	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:17:09.0078 4564	nvstor - ok
18:17:09.0085 4564	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:17:09.0103 4564	nv_agp - ok
18:17:09.0107 4564	NwlnkFlt - ok
18:17:09.0114 4564	NwlnkFwd - ok
18:17:09.0244 4564	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:17:09.0268 4564	odserv - ok
18:17:09.0310 4564	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
18:17:09.0341 4564	ohci1394 - ok
18:17:09.0370 4564	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:17:09.0388 4564	ose - ok
18:17:09.0444 4564	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:17:09.0586 4564	p2pimsvc - ok
18:17:09.0594 4564	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:17:09.0624 4564	p2psvc - ok
18:17:09.0682 4564	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:17:09.0732 4564	Parport - ok
18:17:09.0781 4564	partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
18:17:09.0799 4564	partmgr - ok
18:17:09.0809 4564	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:17:09.0869 4564	Parvdm - ok
18:17:09.0897 4564	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
18:17:09.0951 4564	PcaSvc - ok
18:17:09.0996 4564	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:17:10.0019 4564	pci - ok
18:17:10.0055 4564	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
18:17:10.0075 4564	pciide - ok
18:17:10.0109 4564	pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
18:17:10.0132 4564	pcmcia - ok
18:17:10.0203 4564	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:17:10.0281 4564	PEAUTH - ok
18:17:10.0395 4564	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
18:17:10.0509 4564	pla - ok
18:17:10.0678 4564	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
18:17:10.0724 4564	PlugPlay - ok
18:17:10.0770 4564	Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
18:17:10.0779 4564	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:17:10.0779 4564	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:17:10.0834 4564	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:17:10.0867 4564	PNRPAutoReg - ok
18:17:10.0876 4564	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:17:10.0923 4564	PNRPsvc - ok
18:17:10.0980 4564	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
18:17:11.0110 4564	PolicyAgent - ok
18:17:11.0184 4564	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:17:11.0264 4564	PptpMiniport - ok
18:17:11.0290 4564	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:17:11.0337 4564	Processor - ok
18:17:11.0385 4564	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
18:17:11.0418 4564	ProfSvc - ok
18:17:11.0473 4564	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:17:11.0496 4564	ProtectedStorage - ok
18:17:11.0561 4564	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:17:11.0604 4564	PSched - ok
18:17:11.0705 4564	PSI_SVC_2       (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
18:17:11.0722 4564	PSI_SVC_2 - ok
18:17:11.0738 4564	PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
18:17:11.0757 4564	PxHelp20 - ok
18:17:11.0843 4564	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:17:11.0893 4564	ql2300 - ok
18:17:11.0924 4564	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:17:11.0944 4564	ql40xx - ok
18:17:11.0987 4564	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
18:17:12.0039 4564	QWAVE - ok
18:17:12.0067 4564	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:17:12.0099 4564	QWAVEdrv - ok
18:17:12.0112 4564	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:17:12.0148 4564	RasAcd - ok
18:17:12.0173 4564	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
18:17:12.0237 4564	RasAuto - ok
18:17:12.0278 4564	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:17:12.0315 4564	Rasl2tp - ok
18:17:12.0361 4564	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
18:17:12.0394 4564	RasMan - ok
18:17:12.0435 4564	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:17:12.0466 4564	RasPppoe - ok
18:17:12.0521 4564	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:17:12.0544 4564	RasSstp - ok
18:17:12.0596 4564	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:17:12.0666 4564	rdbss - ok
18:17:12.0709 4564	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:17:12.0766 4564	RDPCDD - ok
18:17:12.0789 4564	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:17:12.0841 4564	rdpdr - ok
18:17:12.0847 4564	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:17:12.0917 4564	RDPENCDD - ok
18:17:12.0973 4564	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
18:17:13.0040 4564	RDPWD - ok
18:17:13.0094 4564	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
18:17:13.0143 4564	RemoteAccess - ok
18:17:13.0177 4564	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
18:17:13.0210 4564	RemoteRegistry - ok
18:17:13.0222 4564	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:17:13.0258 4564	RpcLocator - ok
18:17:13.0305 4564	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:17:13.0375 4564	RpcSs - ok
18:17:13.0426 4564	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:17:13.0474 4564	rspndr - ok
18:17:13.0573 4564	RTHDMIAzAudService (4a8393f03cb2f40e08126d83916c5633) C:\Windows\system32\drivers\RtHDMIV.sys
18:17:13.0591 4564	RTHDMIAzAudService - ok
18:17:13.0643 4564	RTSTOR          (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS
18:17:13.0730 4564	RTSTOR - ok
18:17:13.0837 4564	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:17:13.0854 4564	SamSs - ok
18:17:13.0986 4564	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:17:14.0014 4564	sbp2port - ok
18:17:14.0052 4564	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
18:17:14.0084 4564	SCardSvr - ok
18:17:14.0169 4564	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
18:17:14.0273 4564	Schedule - ok
18:17:14.0323 4564	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:17:14.0361 4564	SCPolicySvc - ok
18:17:14.0413 4564	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
18:17:14.0463 4564	sdbus - ok
18:17:14.0526 4564	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
18:17:14.0569 4564	SDRSVC - ok
18:17:14.0584 4564	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:17:14.0668 4564	secdrv - ok
18:17:14.0691 4564	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
18:17:14.0730 4564	seclogon - ok
18:17:14.0738 4564	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
18:17:14.0783 4564	SENS - ok
18:17:14.0814 4564	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:17:14.0882 4564	Serenum - ok
18:17:14.0932 4564	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:17:15.0009 4564	Serial - ok
18:17:15.0024 4564	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:17:15.0053 4564	sermouse - ok
18:17:15.0094 4564	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
18:17:15.0125 4564	SessionEnv - ok
18:17:15.0150 4564	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:17:15.0174 4564	sffdisk - ok
18:17:15.0196 4564	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:17:15.0236 4564	sffp_mmc - ok
18:17:15.0267 4564	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:17:15.0296 4564	sffp_sd - ok
18:17:15.0326 4564	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:17:15.0398 4564	sfloppy - ok
18:17:15.0432 4564	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
18:17:15.0480 4564	SharedAccess - ok
18:17:15.0557 4564	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
18:17:15.0596 4564	ShellHWDetection - ok
18:17:15.0625 4564	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:17:15.0645 4564	sisagp - ok
18:17:15.0685 4564	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:17:15.0705 4564	SiSRaid2 - ok
18:17:15.0733 4564	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:17:15.0758 4564	SiSRaid4 - ok
18:17:15.0986 4564	Skype C2C Service (192d93ee7ae6a3c599c96cd8d736e914) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:17:16.0076 4564	Skype C2C Service - ok
18:17:16.0146 4564	SkypeUpdate     (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files\Skype\Updater\Updater.exe
18:17:16.0161 4564	SkypeUpdate - ok
18:17:16.0389 4564	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
18:17:16.0876 4564	slsvc - ok
18:17:17.0017 4564	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
18:17:17.0086 4564	SLUINotify - ok
18:17:17.0129 4564	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:17:17.0182 4564	Smb - ok
18:17:17.0218 4564	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:17:17.0256 4564	SNMPTRAP - ok
18:17:17.0339 4564	Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
18:17:17.0361 4564	Sony Ericsson PCCompanion - ok
18:17:17.0399 4564	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:17:17.0425 4564	spldr - ok
18:17:17.0463 4564	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
18:17:17.0560 4564	Spooler - ok
18:17:17.0644 4564	sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
18:17:17.0644 4564	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
18:17:17.0646 4564	sptd ( LockedFile.Multi.Generic ) - warning
18:17:17.0646 4564	sptd - detected LockedFile.Multi.Generic (1)
18:17:17.0683 4564	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:17:17.0720 4564	srv - ok
18:17:17.0744 4564	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:17:17.0783 4564	srv2 - ok
18:17:17.0804 4564	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:17:17.0839 4564	srvnet - ok
18:17:17.0886 4564	sscdbus         (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
18:17:17.0929 4564	sscdbus - ok
18:17:17.0971 4564	sscdmdfl        (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
18:17:18.0021 4564	sscdmdfl - ok
18:17:18.0058 4564	sscdmdm         (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
18:17:18.0083 4564	sscdmdm - ok
18:17:18.0121 4564	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
18:17:18.0187 4564	SSDPSRV - ok
18:17:18.0220 4564	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
18:17:18.0252 4564	SstpSvc - ok
18:17:18.0283 4564	StarOpen        (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
18:17:18.0292 4564	StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:17:18.0292 4564	StarOpen - detected UnsignedFile.Multi.Generic (1)
18:17:18.0350 4564	StillCam        (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
18:17:18.0404 4564	StillCam - ok
18:17:18.0471 4564	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
18:17:18.0545 4564	stisvc - ok
18:17:18.0583 4564	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:17:18.0609 4564	swenum - ok
18:17:18.0649 4564	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
18:17:18.0704 4564	swprv - ok
18:17:18.0731 4564	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:17:18.0750 4564	Symc8xx - ok
18:17:18.0795 4564	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:17:18.0814 4564	Sym_hi - ok
18:17:18.0828 4564	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:17:18.0846 4564	Sym_u3 - ok
18:17:18.0897 4564	SynTP           (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
18:17:18.0918 4564	SynTP - ok
18:17:18.0968 4564	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
18:17:19.0011 4564	SysMain - ok
18:17:19.0044 4564	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:17:19.0079 4564	TabletInputService - ok
18:17:19.0113 4564	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
18:17:19.0148 4564	TapiSrv - ok
18:17:19.0162 4564	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
18:17:19.0215 4564	TBS - ok
18:17:19.0305 4564	Tcpip           (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
18:17:19.0350 4564	Tcpip - ok
18:17:19.0364 4564	Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
18:17:19.0405 4564	Tcpip6 - ok
18:17:19.0452 4564	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:17:19.0489 4564	tcpipreg - ok
18:17:19.0566 4564	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:17:19.0602 4564	TDPIPE - ok
18:17:19.0626 4564	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:17:19.0661 4564	TDTCP - ok
18:17:19.0703 4564	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:17:19.0733 4564	tdx - ok
18:17:19.0763 4564	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:17:19.0785 4564	TermDD - ok
18:17:19.0831 4564	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
18:17:19.0899 4564	TermService - ok
18:17:19.0969 4564	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
18:17:19.0994 4564	Themes - ok
18:17:20.0026 4564	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:17:20.0065 4564	THREADORDER - ok
18:17:20.0101 4564	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
18:17:20.0152 4564	TrkWks - ok
18:17:20.0207 4564	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
18:17:20.0260 4564	TrustedInstaller - ok
18:17:20.0298 4564	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:17:20.0356 4564	tssecsrv - ok
18:17:20.0380 4564	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:17:20.0416 4564	tunmp - ok
18:17:20.0449 4564	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:17:20.0471 4564	tunnel - ok
18:17:20.0521 4564	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:17:20.0542 4564	uagp35 - ok
18:17:20.0578 4564	UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
18:17:20.0594 4564	UBHelper - ok
18:17:20.0629 4564	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:17:20.0663 4564	udfs - ok
18:17:20.0690 4564	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
18:17:20.0736 4564	UI0Detect - ok
18:17:20.0770 4564	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:17:20.0794 4564	uliagpkx - ok
18:17:20.0825 4564	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:17:20.0857 4564	uliahci - ok
18:17:20.0888 4564	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:17:20.0908 4564	UlSata - ok
18:17:20.0936 4564	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:17:20.0957 4564	ulsata2 - ok
18:17:20.0981 4564	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:17:21.0026 4564	umbus - ok
18:17:21.0064 4564	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
18:17:21.0104 4564	upnphost - ok
18:17:21.0217 4564	UPnPService     (7ce0fe34fd8fb7f52d1e503b0c1e4fa9) C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
18:17:21.0249 4564	UPnPService ( UnsignedFile.Multi.Generic ) - warning
18:17:21.0249 4564	UPnPService - detected UnsignedFile.Multi.Generic (1)
18:17:21.0320 4564	USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
18:17:21.0390 4564	USBAAPL - ok
18:17:21.0428 4564	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:17:21.0481 4564	usbccgp - ok
18:17:21.0540 4564	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:17:21.0619 4564	usbcir - ok
18:17:21.0654 4564	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:17:21.0709 4564	usbehci - ok
18:17:21.0738 4564	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:17:21.0805 4564	usbhub - ok
18:17:21.0820 4564	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:17:21.0898 4564	usbohci - ok
18:17:21.0923 4564	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:17:21.0971 4564	usbprint - ok
18:17:22.0004 4564	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:17:22.0034 4564	usbscan - ok
18:17:22.0065 4564	usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
18:17:22.0095 4564	usbser - ok
18:17:22.0117 4564	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:17:22.0160 4564	USBSTOR - ok
18:17:22.0186 4564	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:17:22.0215 4564	usbuhci - ok
18:17:22.0232 4564	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:17:22.0279 4564	usbvideo - ok
18:17:22.0310 4564	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
18:17:22.0342 4564	UxSms - ok
18:17:22.0386 4564	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
18:17:22.0439 4564	vds - ok
18:17:22.0483 4564	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:17:22.0554 4564	vga - ok
18:17:22.0588 4564	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:17:22.0641 4564	VgaSave - ok
18:17:22.0674 4564	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:17:22.0701 4564	viaagp - ok
18:17:22.0729 4564	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:17:22.0778 4564	ViaC7 - ok
18:17:22.0805 4564	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:17:22.0824 4564	viaide - ok
18:17:22.0848 4564	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:17:22.0868 4564	volmgr - ok
18:17:22.0919 4564	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:17:22.0946 4564	volmgrx - ok
18:17:22.0989 4564	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:17:23.0015 4564	volsnap - ok
18:17:23.0060 4564	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:17:23.0083 4564	vsmraid - ok
18:17:23.0156 4564	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
18:17:23.0212 4564	VSS - ok
18:17:23.0261 4564	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
18:17:23.0298 4564	W32Time - ok
18:17:23.0350 4564	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:17:23.0410 4564	WacomPen - ok
18:17:23.0423 4564	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:17:23.0469 4564	Wanarp - ok
18:17:23.0473 4564	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:17:23.0504 4564	Wanarpv6 - ok
18:17:23.0558 4564	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
18:17:23.0591 4564	wcncsvc - ok
18:17:23.0622 4564	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:17:23.0654 4564	WcsPlugInService - ok
18:17:23.0677 4564	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:17:23.0697 4564	Wd - ok
18:17:23.0728 4564	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:17:23.0761 4564	Wdf01000 - ok
18:17:23.0792 4564	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:17:23.0842 4564	WdiServiceHost - ok
18:17:23.0847 4564	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:17:23.0885 4564	WdiSystemHost - ok
18:17:23.0921 4564	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
18:17:23.0956 4564	WebClient - ok
18:17:24.0018 4564	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
18:17:24.0067 4564	Wecsvc - ok
18:17:24.0114 4564	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
18:17:24.0169 4564	wercplsupport - ok
18:17:24.0206 4564	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
18:17:24.0240 4564	WerSvc - ok
18:17:24.0306 4564	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
18:17:24.0332 4564	WinDefend - ok
18:17:24.0339 4564	WinHttpAutoProxySvc - ok
18:17:24.0389 4564	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
18:17:24.0421 4564	Winmgmt - ok
18:17:24.0597 4564	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
18:17:24.0648 4564	WinRM - ok
18:17:24.0695 4564	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
18:17:24.0759 4564	Wlansvc - ok
18:17:24.0929 4564	wlidsvc         (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:17:24.0974 4564	wlidsvc - ok
18:17:25.0075 4564	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:17:25.0124 4564	WmiAcpi - ok
18:17:25.0196 4564	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
18:17:25.0227 4564	wmiApSrv - ok
18:17:25.0312 4564	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:17:25.0359 4564	WMPNetworkSvc - ok
18:17:25.0383 4564	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
18:17:25.0420 4564	WPCSvc - ok
18:17:25.0468 4564	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
18:17:25.0555 4564	WPDBusEnum - ok
18:17:25.0624 4564	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:17:25.0646 4564	WpdUsb - ok
18:17:25.0692 4564	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:17:25.0745 4564	ws2ifsl - ok
18:17:25.0776 4564	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
18:17:25.0824 4564	wscsvc - ok
18:17:25.0859 4564	WSDPrintDevice  (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:17:25.0898 4564	WSDPrintDevice - ok
18:17:25.0905 4564	WSearch - ok
18:17:26.0025 4564	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
18:17:26.0111 4564	wuauserv - ok
18:17:26.0238 4564	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:17:26.0276 4564	WUDFRd - ok
18:17:26.0297 4564	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
18:17:26.0355 4564	wudfsvc - ok
18:17:26.0470 4564	{49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
18:17:26.0487 4564	{49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
18:17:26.0569 4564	MBR (0x1B8)     (beedf9b7f43a72a91456f7131afc11b2) \Device\Harddisk0\DR0
18:17:27.0880 4564	\Device\Harddisk0\DR0 - ok
18:17:27.0914 4564	Boot (0x1200)   (12b51444430729f852332461673bb0cc) \Device\Harddisk0\DR0\Partition0
18:17:27.0916 4564	\Device\Harddisk0\DR0\Partition0 - ok
18:17:27.0916 4564	============================================================
18:17:27.0916 4564	Scan finished
18:17:27.0916 4564	============================================================
18:17:27.0930 5328	Detected object count: 9
18:17:27.0930 5328	Actual detected object count: 9
18:17:56.0632 5328	Boonty Games ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:56.0633 5328	Boonty Games ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:56.0635 5328	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:56.0636 5328	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:56.0638 5328	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:56.0638 5328	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:56.0641 5328	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:56.0641 5328	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:56.0644 5328	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:56.0644 5328	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:56.0647 5328	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:56.0647 5328	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:56.0649 5328	sptd ( LockedFile.Multi.Generic ) - skipped by user
18:17:56.0650 5328	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
18:17:56.0652 5328	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:56.0652 5328	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:17:56.0655 5328	UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:56.0655 5328	UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

ich hab übrigens KEINEN plan, was ich hier so mach....folge nur deinen anweisungen

aber du erklärst das alles super....hätte vor ein paar tagen nicht gedacht, dass ich sowas hinkrieg.

Antwort

Themen zu Verschlüsselungs-trojaner....wie komm ich weiter
abgesicherte, abgesicherten, abgesicherten modus, adware.gameplaylabs, arten, folder, icon, klicke, laptop, liebe, lieben, mail, malwarebytes, modus, pup.dealio.tb, rechnung, scan, scanner, schonmal, starte, starten



Ähnliche Themen: Verschlüsselungs-trojaner....wie komm ich weiter


  1. Mit Chrome den neuen Win8.1 64Bit PC verseucht und komm allein nicht weiter..
    Plagegeister aller Art und deren Bekämpfung - 23.06.2015 (26)
  2. winload toolbar - Ich weiß, dass das ein altes Problem ist. Aber ich komm nicht weiter
    Log-Analyse und Auswertung - 27.09.2012 (10)
  3. Trojaner komm nicht weiter
    Log-Analyse und Auswertung - 13.06.2012 (1)
  4. Windows Verschlüsselungs Trojaner- Komme nicht weiter!
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (5)
  5. System hängt, Hijackthis.log komm nicht weiter
    Log-Analyse und Auswertung - 15.10.2009 (11)
  6. Help! Komm nich weiter -> HiJackThis File angehängt
    Log-Analyse und Auswertung - 09.05.2009 (2)
  7. ich komm nicht weiter neben meiner uhr steht VIRUS ALERT
    Mülltonne - 07.07.2008 (0)
  8. komm mit meinem Absturz Problem nicht weiter
    Netzwerk und Hardware - 30.03.2008 (5)
  9. Hijacklog zum auswerten! Ich komm nicht weiter bei diesem VIRUS
    Log-Analyse und Auswertung - 05.04.2007 (3)
  10. nochmals falsche verlinkung und ich komm nicht weiter
    Plagegeister aller Art und deren Bekämpfung - 10.08.2006 (2)
  11. SpyFalcon enfernen - Himmel ich komm nicht weiter.
    Log-Analyse und Auswertung - 04.03.2006 (1)
  12. Komm nicht weiter , need Help
    Mülltonne - 16.07.2005 (0)
  13. Ich komm nicht mehr weiter
    Mülltonne - 05.06.2005 (1)
  14. Bitte um Hilfe - komm nicht mehr weiter !!!
    Log-Analyse und Auswertung - 19.05.2005 (2)
  15. hilfe. komm net so recht weiter.....
    Log-Analyse und Auswertung - 26.04.2005 (3)
  16. Komm nicht weiter (Logfile Analyse bitte)
    Log-Analyse und Auswertung - 14.03.2005 (7)
  17. Wie komm ich da weiter
    Plagegeister aller Art und deren Bekämpfung - 24.12.2003 (1)

Zum Thema Verschlüsselungs-trojaner....wie komm ich weiter - Hallo, ich hab heute dummerweise auch so eine mail geöffnet mit einer dubiosen rechnung und mir prompt diesen verschlüsselungs-trojaner geholt. Hab hier jetzt schon einiges nachgelesen, da ich aber leider - Verschlüsselungs-trojaner....wie komm ich weiter...
Archiv
Du betrachtest: Verschlüsselungs-trojaner....wie komm ich weiter auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.