Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Artemis Trojaner Beseitigung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.06.2012, 15:10   #1
JeS
 
Artemis Trojaner Beseitigung - Standard

Artemis Trojaner Beseitigung



Hallo,
ich versuche mich an die Checkliste zu halten, um Eure Geduld nicht unnötig zu strapazieren. Aber ich habe keine Ahnung von Trojanern & Co. und brauche daher Hilfe.

Ich hab Avira Free Antivirus als Virenschutzprogramm installiert, und hatte McAffee (war auf dem PC vorinstalliert, kostenfrei, Festplatte wurde regelmäßig automatisch gescannt). Letzteres gab mir eine Warnmeldung bei einem Scan, ich hätte einen Trojaner: Artemis und irgendeine Zahlenfolge. Und wenn ich mich recht erinnere, wurde folgender Link angegeben: C:\Users\Jessica\AppData\Local\Temp\1352388.dll
Ich hab die Warnmeldung leider nicht gespeichert und McAffee deinstalliert, da ich gelesen hab, zwei Programme können sich behindern.
Also erfolgte ein Update von Avira und ein Scan, der mir zwar 28 Warnungen zu kennwortgeschützten Datein gebracht hat (die nicht ich geschützt hab, soweit ich das sehe), aber keinen Trojaner anzeigte.

Also befolge ich jetzt ganz artig Eure Checkliste und Eure Ratschläge...

OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.06.2012 14:07:56 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Jessica\Desktop
Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,56 Mb Total Physical Memory | 267,91 Mb Available Physical Memory | 29,95% Memory free
2,00 Gb Paging File | 0,90 Gb Available in Paging File | 45,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227,59 Gb Total Space | 106,15 Gb Free Space | 46,64% Space Free | Partition Type: NTFS
 
Computer Name: JESSICA-PC | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jessica\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\MobMapUpdater\MobMapUpdater.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Programme\Common Files\Lenovo\Logger\logmon.exe ()
PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
PRC - C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
PRC - C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Windows\System32\PELMICED.EXE (Primax Electronics Ltd.)
PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Jessica\AppData\Local\Temp\1352388.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\ICQ7.2\MDb.dll ()
MOD - C:\Users\Jessica\AppData\Local\Temp\CmdLineExt03.dll ()
MOD - C:\Programme\MobMapUpdater\MobMapUpdater.exe ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\PSPad editor\PSPadShell.dll ()
MOD - C:\Programme\Common Files\Lenovo\CDRecord.dll ()
MOD - C:\Programme\Common Files\Lenovo\xml4cmessages5_5.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\System32\DLAAPI_W.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (SUService) -- c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TVT Backup Protection Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (tvtnetwk) -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (IPSSVC) -- C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Diskeeper) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ldiskl) -- C:\Users\Jessica\AppData\Local\Temp\ldiskl.sys ()
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (PROCDD) -- C:\Windows\System32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (pelusblf) -- C:\Windows\System32\drivers\PELUSBLF.SYS (Primax Electronics Ltd.)
DRV - (pelmouse) -- C:\Windows\System32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.)
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D8994606-7F13-4A62-90A6-AD34D52079DB}
IE - HKLM\..\SearchScopes\{D8994606-7F13-4A62-90A6-AD34D52079DB}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.kaninchenschutzforum.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{D8994606-7F13-4A62-90A6-AD34D52079DB}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.06 17:44:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.05 16:02:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.18 09:21:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.04.22 21:30:35 | 000,000,000 | ---D | M]
 
[2010.08.27 00:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\mozilla\Extensions
[2010.08.27 00:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.02 21:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\cct9xnkl.default\extensions
[2010.09.18 18:33:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\cct9xnkl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.24 00:17:45 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\cct9xnkl.default\extensions\2020Player_IKEA@2020Technologies.com
[2012.06.08 21:52:18 | 000,000,944 | ---- | M] () -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\cct9xnkl.default\searchplugins\icqplugin.xml
[2012.06.06 17:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.06 17:44:24 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.06.24 09:57:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.24 09:57:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.06.24 09:57:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.24 09:57:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.24 09:57:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.24 09:57:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [MobMapUpdater] C:\Program Files\MobMapUpdater\MobMapUpdater.exe ()
O4 - HKCU..\Run: [office] C:\Users\Jessica\AppData\Local\Temp\1352388.dll ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Programme\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57830F4C-ABCE-4441-8D3A-66A271F11368}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{874A84A7-FB13-4667-8D00-383368682399}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3ED041C-EEB7-4C10-8D21-76E3E83BF2F9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.11 13:46:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
[2012.06.09 23:17:23 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Local\Macromedia
[2012.06.05 16:02:04 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.06.05 16:02:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.06.05 16:02:03 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.06.05 16:02:02 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.12.19 10:31:25 | 001,159,680 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\ur.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.11 14:05:01 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.06.11 13:59:09 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 13:59:09 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 13:51:16 | 000,302,592 | ---- | M] () -- C:\Users\Jessica\Desktop\891g4vti.exe
[2012.06.11 13:46:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
[2012.06.11 13:45:01 | 000,000,000 | ---- | M] () -- C:\Users\Jessica\defogger_reenable
[2012.06.11 13:42:50 | 000,050,477 | ---- | M] () -- C:\Users\Jessica\Desktop\Defogger.exe
[2012.06.11 13:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.11 09:01:38 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2012.06.11 08:59:21 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.06.11 08:59:15 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2012.06.11 08:59:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.11 08:58:52 | 938,663,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.09 22:09:41 | 000,708,082 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.09 22:09:41 | 000,664,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.09 22:09:41 | 000,144,434 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.09 22:09:41 | 000,124,938 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.09 21:54:41 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.09 21:54:41 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.05 16:01:42 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.06.05 16:01:42 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.06.05 16:01:42 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.06.05 16:01:42 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.06.05 16:01:42 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.05.28 10:17:16 | 000,001,356 | ---- | M] () -- C:\Users\Jessica\AppData\Local\d3d9caps.dat
[2012.05.24 15:18:53 | 000,025,715 | ---- | M] () -- C:\Users\Jessica\***.elfo
 
========== Files Created - No Company Name ==========
 
[2012.06.11 13:51:12 | 000,302,592 | ---- | C] () -- C:\Users\Jessica\Desktop\891g4vti.exe
[2012.06.11 13:45:01 | 000,000,000 | ---- | C] () -- C:\Users\Jessica\defogger_reenable
[2012.06.11 13:42:12 | 000,050,477 | ---- | C] () -- C:\Users\Jessica\Desktop\Defogger.exe
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012.01.18 07:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.11.13 15:19:26 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.17 23:05:52 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.12.19 10:31:27 | 000,000,160 | ---- | C] () -- C:\Program Files\Common Files\c.reg
[2010.09.06 15:11:34 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.09.06 15:11:28 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
 
========== LOP Check ==========
 
[2010.02.17 18:12:41 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Buhl Data Service
[2012.05.06 14:16:54 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\elsterformular
[2012.02.23 23:53:57 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\FileZilla
[2012.06.11 09:02:21 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\ICQ
[2010.08.22 14:27:13 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\InterTrust
[2009.08.22 22:06:26 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\InterVideo
[2008.07.14 00:35:14 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Lenovo
[2009.05.03 13:38:24 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\MobMapUpdater
[2009.03.25 00:28:44 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Nvu
[2011.12.07 20:56:14 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\OpenOffice.org
[2010.04.30 20:55:45 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\ScummVM
[2010.07.03 10:46:19 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\T-Online
[2010.08.27 00:58:23 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Thunderbird
[2012.06.11 14:05:01 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.06.10 23:00:57 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
         
--- --- ---

Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.06.2012 14:07:56 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Jessica\Desktop
Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,56 Mb Total Physical Memory | 267,91 Mb Available Physical Memory | 29,95% Memory free
2,00 Gb Paging File | 0,90 Gb Available in Paging File | 45,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227,59 Gb Total Space | 106,15 Gb Free Space | 46,64% Space Free | Partition Type: NTFS
 
Computer Name: JESSICA-PC | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AAFB2F5-D408-434C-83D5-E2A6C9206AEF}" = lport=6897 | protocol=6 | dir=in | name=warcraft | 
"{10FA7BB8-4C69-43C5-AA68-5F890A65F0C7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{15C811C1-A9AD-492A-8BEF-863C43AFE70E}" = lport=6892 | protocol=6 | dir=in | name=warcraft | 
"{22762B39-1792-4341-9CF8-4DC1E141D5D9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{246642D0-4D51-4AC1-AB57-55496A2838E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{27282EAB-4EA8-4A21-BF52-0F6DF67BA6E2}" = lport=6888 | protocol=6 | dir=in | name=warcraft | 
"{2C228E56-96DC-4FBA-9A8C-15BE2AE60D7E}" = lport=6894 | protocol=6 | dir=in | name=warcraft | 
"{3E4A2641-1175-47C6-9E16-832F3C5FEDE7}" = lport=6893 | protocol=6 | dir=in | name=warcraft | 
"{437863D8-6B00-4923-A83A-4DC583987F79}" = lport=6886 | protocol=6 | dir=in | name=warcraft | 
"{49356645-1649-4D03-ADDB-8CAE64F1F913}" = lport=6883 | protocol=6 | dir=in | name=warcraft | 
"{4A496971-899A-44A2-B58E-BA55ACE467FA}" = lport=6884 | protocol=6 | dir=in | name=warcraft | 
"{5E17228D-7E86-4797-A73F-AEC8C5545C83}" = lport=6899 | protocol=6 | dir=in | name=warcraft | 
"{660F5554-49FA-4619-BC07-F63F0FAD33CF}" = lport=6881 | protocol=6 | dir=in | name=warcraft | 
"{6D334C3B-0D71-4A5F-BCF1-117E3A717272}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8AFBCBF2-BD62-4F57-9075-AF492954643B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{92D753DF-977E-4378-8687-6AC3BCADDCD6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{94B031A5-EA29-4247-B433-4555C157DD39}" = lport=6890 | protocol=6 | dir=in | name=warcraft | 
"{9932D11E-662F-4A4A-8A77-F7FBB5BF59A1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{A33C714E-AD18-4E85-9981-A1CAF35C4519}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AB842988-FF42-4F00-9218-16BA0EEA62E4}" = lport=6112 | protocol=6 | dir=in | name=warcraft | 
"{AE32C075-DA3E-4F2E-94D5-A1240D4A3AC8}" = lport=6882 | protocol=6 | dir=in | name=warcraft | 
"{AF7933E8-D474-446C-982B-388A5C8B130C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B1C5C629-2347-452E-BD8C-781E56391C1D}" = lport=6891 | protocol=6 | dir=in | name=warcraft | 
"{BA01FEBC-CD6B-49A4-B831-A2A99CD3791D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BB22EEB1-C811-4E9B-946C-E0E53A0790C2}" = lport=6885 | protocol=6 | dir=in | name=warcraft | 
"{BD84D130-1116-4D2F-9F1F-01A92710EC2B}" = lport=6889 | protocol=6 | dir=in | name=warcraft | 
"{D2C70930-1E2C-4F77-ADA2-5A39802276A8}" = lport=6895 | protocol=6 | dir=in | name=warcraft | 
"{EEA0F502-B91E-42CC-90B9-CCD4B746A543}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F1423DA7-062A-4290-9A5C-4CAAD49C29B0}" = lport=6887 | protocol=6 | dir=in | name=warcraft | 
"{F59A84AB-24EB-4518-AC10-D7A144A70F4F}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C6D7A6-0F1F-49E2-93E8-57F54E50E319}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{075CF213-6C01-42B7-A1B0-225FEEDE7D88}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{0EE319CD-0A1E-4F8E-A3F8-BBCC3D46EBF3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{13138912-F394-4822-9F2F-A1E75D5E78D5}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{198469BF-6B0C-4BD2-ABF3-0C970598A13E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{204F7AED-0ACE-401E-BCCA-D38A1373B054}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe | 
"{295A28D6-DF41-49C6-B5D3-0EA703C06487}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{2B6948DD-549B-4D4A-9E51-B66B8A09B1B8}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{3D5A5FF0-6C6E-4454-A2A9-F1DD94ACD500}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{3E629453-8473-4D33-9D75-93534B4F586C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{44172A52-621A-4978-9F73-5D578F279267}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{49564934-380A-4A94-9604-AE6970A0886A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5875837D-A59C-41E6-9439-14728629BA75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{703848E8-905E-4D3E-84C3-FDF8D273E120}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"{729DDD11-15C2-4FDF-B603-93EED0BA58E4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{854FFD66-C394-4DFF-AD3F-23C74D7CBFBF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{8857D513-2047-478F-9273-BD2CE08F912F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"{8D294E9E-5B34-4DE7-B417-BEBF27EED3B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9178168A-A80F-46B9-AA6E-1B9E5F5FC843}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{9FFF7299-6617-4CF8-8DD6-4111B9D533B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A378D293-46EC-46C2-ADE0-D3D33977B8AE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{A61D0354-9328-4E41-A5FC-E8CE835BAD1D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B6C38F84-7D66-4C54-B252-A820369C95C3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe | 
"{C0E2CB13-A0B4-498A-AD8F-C43E1767902E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{C2DD66A3-9721-4F4E-828D-27C8DACB50A9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{C3BD7305-BF33-4EA7-8B95-559645C60D46}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{CC0DF373-D7F3-494A-BF98-F219885EA173}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{CE330FD6-F45E-4D35-AAF3-8D135C3428DA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CF708E4B-D9B1-481C-A55C-8BC4CD0D3850}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D3CA65A2-AC64-4923-8CC7-D4478A2F64CD}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{D7E9BE23-C362-45F6-960D-150493F19322}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe | 
"{DC29BEF7-4AF6-4D8B-AD12-3CCADCA2E343}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe | 
"{DC743195-E2C4-49DC-B60A-F05B3310CFA0}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{DF89C6CB-37D2-49DA-8EE0-7AB15C3D1860}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{EB411E9D-AE42-4373-A40F-43FC4A0DAB43}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{0B34EFED-4B03-40D8-A8B9-20FD3E07C830}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{220D1776-6D98-4EB0-9B0E-2E5DE7170312}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{2DD5C03D-C785-4B59-96DE-BEFC45D07CC8}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{4160B1CA-7358-415C-AF3C-AC95114CC81D}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{456A1574-6DB4-4EBA-84E9-C76E97236599}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{4AEC7DAD-DBD2-405A-99BD-2C032CE965A0}C:\program files\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\repair.exe | 
"TCP Query User{638F524B-1DF0-4891-AF45-4BBAA93EE7D9}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{643F4490-9C67-4400-A193-E4386E3525DE}C:\users\jessica\appdata\local\temp\blizzard launcher temporary - 81801d68\launcher.exe" = protocol=6 | dir=in | app=c:\users\jessica\appdata\local\temp\blizzard launcher temporary - 81801d68\launcher.exe | 
"TCP Query User{98D15096-E473-4482-A186-A929D4AE0102}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{D2FB90AD-4B1D-4B87-9A31-C8E569070EFB}C:\program files\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe | 
"UDP Query User{13D85FE1-A0EB-4504-A8F9-F17649BFB8CD}C:\program files\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\repair.exe | 
"UDP Query User{2ECD4D4D-FD31-454B-9B50-0716CF65D4BA}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{310BAF31-4AC4-4EB6-84BC-93127E8A047A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{82E6B1C7-3B31-4226-9B50-2CB9CAC49BBE}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{D1BE3847-3BE6-41F4-A06D-70FB3807F8A1}C:\users\jessica\appdata\local\temp\blizzard launcher temporary - 81801d68\launcher.exe" = protocol=17 | dir=in | app=c:\users\jessica\appdata\local\temp\blizzard launcher temporary - 81801d68\launcher.exe | 
"UDP Query User{DD60E07A-7DDD-46EC-B28F-0AEDAC87583F}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{E23F7932-99F2-414B-9799-34CF0BDF125C}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{F131CD71-0BF1-4E4F-B2C7-D6B1893328DD}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{F95FFA84-DD72-4974-A38B-A6AE2D394A2D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{FFCF7A4F-AFC0-47E5-ABC7-5ED17237EBC9}C:\program files\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06973580-503D-B2F8-B932-C6FFF6DE7615}" = CCC Help Chinese Traditional
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0ADB6A81-F35D-4040-36CE-C50206F09737}" = CCC Help Japanese
"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar
"{1438FB49-8B53-D209-2B32-B0F33DA65336}" = Catalyst Control Center Localization Thai
"{18B9E358-08D9-0955-2FF3-EA15FF11DF02}" = Catalyst Control Center Localization Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{27A7337A-765F-AA01-7115-06C3023E88E1}" = CCC Help Czech
"{2A73DA05-35C1-AA35-07D5-36C077D3183F}" = Catalyst Control Center Core Implementation
"{2AFE1AE5-1828-E0AE-B067-6B71620AF388}" = Catalyst Control Center Localization German
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3184A571-E021-817E-378D-9EC6EE412E09}" = Catalyst Control Center Graphics Light
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{36249169-E3FC-6737-9FA7-9BA520BE0DB2}" = CCC Help French
"{37652D83-7BDC-4735-8954-3FE0C2F2AD18}" = ccc-Branding
"{40BCF117-291F-BA1E-FC3E-C5C80F061641}" = CCC Help Hungarian
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4654A4C6-B8C4-CC1C-91C3-2D938EFD12E8}" = Catalyst Control Center Localization Polish
"{46A62B59-10D1-46B9-C32A-D5CA90899A8B}" = Catalyst Control Center Graphics Full Existing
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{47229A8F-CB6D-E104-412D-206B0D68E02A}" = Catalyst Control Center Localization Turkish
"{476796E1-CD51-1300-F212-15B10724A91F}" = CCC Help Russian
"{48B0DEBB-4A67-0523-0DBB-E82D88FA333D}" = Catalyst Control Center Localization Spanish
"{49850071-F9BA-1736-29B8-3B663CE7738C}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BAB05AF-F263-D3FC-217B-33B0F1B9D118}" = Catalyst Control Center Localization Hungarian
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{4CFA2AC8-FE0B-C8F8-4C3C-73EC24CD52C8}" = CCC Help German
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51242B4E-E559-29D1-F01C-FAD101303CD3}" = CCC Help Italian
"{53A363EF-AC2C-ED65-7011-8F21641E5FAB}" = Catalyst Control Center Localization Portuguese
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{56AA716F-007D-66D2-EC91-9A4C48947E00}" = CCC Help Swedish
"{577E5938-7280-43C8-6585-CCE7CC0B286C}" = Catalyst Control Center Localization Norwegian
"{5967C9BB-1F4D-AAD2-2EDB-93B57376ECD5}" = Catalyst Control Center Localization Danish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{689C7F35-3627-E074-E17B-A03DC82DF234}" = Catalyst Control Center Localization Japanese
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{6BA6EB17-ABA5-32E6-FD02-618F39E07347}" = Catalyst Control Center Localization Czech
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{747B2C81-B13B-F720-9DDC-C31BF1D492DF}" = Catalyst Control Center Localization Korean
"{76A0AADC-437C-10ED-7210-9B9FC38EACE6}" = CCC Help Korean
"{76AB986D-421F-B618-F738-028626176904}" = CCC Help Danish
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home
"{7B462657-E26A-BB05-1064-A3A94D84583D}" = CCC Help Polish
"{7C032D1E-DD75-6856-2F78-1FF1FE3712DB}" = CCC Help Norwegian
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{818EA00F-8D02-671E-FE70-C2377EE4F24C}" = Catalyst Control Center Localization Dutch
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8FC6E83A-EE8C-88D6-7C7B-74E6BE7C8667}" = CCC Help Thai
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Multimedia Center For Think Offerings
"{949997C4-6532-8E7A-A1A0-AACBC665123E}" = Catalyst Control Center Localization French
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A6700AA-8775-4DAB-6284-771145BAA661}" = Catalyst Control Center Graphics Full New
"{9AFF5F50-1936-8859-AF93-5F66F785EE63}" = CCC Help Dutch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}" = Die Spur der Erwachten
"{A1A84D7F-3C2E-1255-2469-8175F972AB58}" = CCC Help Greek
"{A682297F-4CA6-A1EE-D68B-06A3EB847255}" = ccc-core-static
"{A6C2B54A-5D1C-45DE-0FD1-2C3A200163A4}" = CCC Help Turkish
"{A88852F0-1790-1E1D-9164-95FFCF435E97}" = Catalyst Control Center Localization Chinese Traditional
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AE6D88D5-9064-84EA-C9DD-AC5927C44AA1}" = CCC Help Finnish
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B346EA79-BF20-5BE1-E599-45EEFB0CB3BD}" = Catalyst Control Center Localization Greek
"{B460F0C7-98ED-9B55-6D24-E54E98A89A78}" = Skins
"{B4B5E290-81EF-A724-E52C-DE05DC85B2E6}" = Catalyst Control Center Graphics Previews Vista
"{B4BCBF59-3F39-1F6D-2ED2-72198CC7AC49}" = Catalyst Control Center Localization Russian
"{B84B5373-AAC0-07AD-38A0-C44AAA4BD82F}" = CCC Help Spanish
"{BF0B0BF5-366A-6B6E-5718-A98E2E845322}" = ccc-utility
"{C0D49C3F-237B-94C7-EECD-10D22851C76E}" = CCC Help English
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C9521CC8-D7EC-145F-33B7-B27BFF631715}" = CCC Help Portuguese
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkCentre
"{D7A2D358-B2BB-691E-EAD7-E95CDAE9842F}" = Catalyst Control Center Localization Swedish
"{DB6B6CCF-D509-C223-D06E-1D2118ECD193}" = Catalyst Control Center Localization Finnish
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E048D0DC-7419-7867-FCD2-CF176C73E629}" = Catalyst Control Center Localization Chinese Standard
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"5991C8EB35AA0A2B41B0060067BD0DA30E877FFF" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/22/2007 6.0.1.5499)
"89838CF0B3DF29FE9FFF8893ACB04964C75A6F1E" = Windows Driver Package - ATI Technogies Inc (pci) System  (11/02/2006 1.00.0000.1)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira Free Antivirus
"AwayTask" = Maintenance Manager
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"C16E2639B8851B54030DE09318A01581A8096E29" = Windows Driver Package - Marvell (yukonwlh) Net  (09/18/2007 10.24.1.3)
"D4B97D41574F60753BAE597542C02A55D48392C9" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/22/2007 6.0.1.5499)
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.2.5
"HijackThis" = HijackThis 2.0.2
"Lenovo Registration" = Lenovo Registration
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MouseSuite98" = Mouse Suite
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nvu_is1" = Nvu 1.0
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"PROHYBRIDR" = 2007 Microsoft Office system
"PSPad editor_is1" = PSPad editor
"Windows Live Toolbar" = Windows Live Toolbar
"World of Warcraft" = World of Warcraft
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.05.2012 08:41:31 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description = 
 
Error - 06.05.2012 08:46:48 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description = 
 
Error - 06.05.2012 08:49:32 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description = 
 
Error - 06.05.2012 08:51:19 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description = 
 
Error - 06.05.2012 09:04:30 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description = 
 
Error - 06.05.2012 09:10:05 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description = 
 
Error - 06.05.2012 10:58:18 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description = 
 
Error - 25.05.2012 14:57:34 | Computer Name = Jessica-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 31c  Anfangszeit: 01cd3aa7d6bc41c3  Zeitpunkt der
 Beendigung: 1716
 
Error - 07.06.2012 09:33:23 | Computer Name = Jessica-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung thunderbird.exe, Version 12.0.0.4501, Zeitstempel
 0x4f9c5917, fehlerhaftes Modul dbghelp.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x4549bcc9, Ausnahmecode 0xc0000005, Fehleroffset 0x6bcfb614,  Prozess-ID 0x1250,
 Anwendungsstartzeit 01cd4481c05b6d5b.
 
Error - 09.06.2012 18:23:59 | Computer Name = Jessica-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 13.0.0.4535, Zeitstempel
 0x4fc8def7, fehlerhaftes Modul xul.dll, Version 13.0.0.4535, Zeitstempel 0x4fc8dda6,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000e4238,  Prozess-ID 0xe84, Anwendungsstartzeit
 01cd468e03a14668.
 
[ System Events ]
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
 
< End of report >
         
--- --- ---
Da mein PC ein 32 bit System hat, wollte ich noch GMER anwenden, aber das funktioniert nicht. Nach dem Start des Scanvorgangs kommt nach wenigen Sekungen eine DOS Oberfläche mit dem Textbeginn "Problem has been detected..." und dann ist der PC auch schon aus und startet neu. Das Programm GMER ist danach nicht mehr aktiv.

Woran kann das liegen?

Krieg ich den Trojaner trotzdem weg?

Ich danke Euch schon jetzt für Eure Hilfe!

Malwarebytes Anti-Malware Logfile:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.12.05

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Jessica :: JESSICA-PC [Administrator]

12.06.2012 16:08:59
mbam-log-2012-06-12 (18-26-40).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 343463
Laufzeit: 1 Stunde(n), 39 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|office (Trojan.Agent) -> Daten: "C:\Windows\system32\rundll32.exe" C:\Users\Jessica\AppData\Local\Temp\1352388.dll,S -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Jessica\AppData\Local\Temp\arp.bat (Spyware.OnLineGames) -> Keine Aktion durchgeführt.
C:\Program Files\Common Files\c.reg (Malware.Trace) -> Keine Aktion durchgeführt.
C:\Program Files\Common Files\ur.dll (Malware.Trace) -> Keine Aktion durchgeführt.

(Ende)


Gmer kann ich im abgesicherten Modus durchführen, das hat aber zuletzt nicht mit dem speichern geklappt (leere Textdatei), ich versuche es erneut und füge es dann ebenfalls ein.

Alt 13.06.2012, 13:19   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Artemis Trojaner Beseitigung - Standard

Artemis Trojaner Beseitigung



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________

Alt 13.06.2012, 20:57   #3
JeS
 
Artemis Trojaner Beseitigung - Standard

Artemis Trojaner Beseitigung



Nein, ich habe das Programm erst runtergeladen und genutzt, nachdem ich hier im Board gestöbert habe. Es gibt also nur dieses eine Log.
Ich habe die infizierten Dateien anschließend entfernt.

Gmer gibt übrigens immer als Ergebnis aus, dass nix gefunden wurde und die Datei ist leer.
__________________

Alt 13.06.2012, 21:38   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Artemis Trojaner Beseitigung - Standard

Artemis Trojaner Beseitigung



Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
         
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
         
Poste nun den Inhalt der log.txt.

Alt 14.06.2012, 14:36   #5
JeS
 
Artemis Trojaner Beseitigung - Standard

Artemis Trojaner Beseitigung



ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0c097881bfa6c34baf5ee65bccfb41d1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-13 10:18:48
# local_time=2012-06-14 12:18:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=512 16777215 100 0 113616707 113616707 0 0
# compatibility_mode=1792 16777191 100 0 16290405 16290405 0 0
# compatibility_mode=5892 16776574 100 100 133123 177154049 0 0
# compatibility_mode=8192 67108863 100 0 476 476 0 0
# scanned=150102
# found=0
# cleaned=0
# scan_time=4599


Alt 14.06.2012, 15:30   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Artemis Trojaner Beseitigung - Standard

Artemis Trojaner Beseitigung



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
--> Artemis Trojaner Beseitigung

Alt 14.06.2012, 15:34   #7
JeS
 
Artemis Trojaner Beseitigung - Standard

Artemis Trojaner Beseitigung



Ja, es geht alles und nein, ich vermisse nichts, keine leeren Ordner vorhanden.

Alt 14.06.2012, 15:37   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Artemis Trojaner Beseitigung - Standard

Artemis Trojaner Beseitigung



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Alt 14.06.2012, 19:28   #9
JeS
 
Artemis Trojaner Beseitigung - Standard

Artemis Trojaner Beseitigung



Code:
ATTFilter
OTL logfile created on: 14.06.2012 16:44:13 - Run 3
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Jessica\Desktop
Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,56 Mb Total Physical Memory | 340,75 Mb Available Physical Memory | 38,09% Memory free
2,00 Gb Paging File | 1,04 Gb Available in Paging File | 52,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227,59 Gb Total Space | 110,26 Gb Free Space | 48,45% Space Free | Partition Type: NTFS
 
Computer Name: JESSICA-PC | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jessica\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Programme\Common Files\Lenovo\Logger\logmon.exe ()
PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
PRC - C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
PRC - C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Windows\System32\PELMICED.EXE (Primax Electronics Ltd.)
PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Jessica\AppData\Local\Temp\CmdLineExt03.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\PSPad editor\PSPadShell.dll ()
MOD - C:\Programme\Common Files\Lenovo\CDRecord.dll ()
MOD - C:\Programme\Common Files\Lenovo\xml4cmessages5_5.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\System32\DLAAPI_W.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (SUService) -- c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TVT Backup Protection Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (tvtnetwk) -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (IPSSVC) -- C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Diskeeper) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ldiskl) -- C:\Users\Jessica\AppData\Local\Temp\ldiskl.sys ()
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (PROCDD) -- C:\Windows\System32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (pelusblf) -- C:\Windows\System32\drivers\PELUSBLF.SYS (Primax Electronics Ltd.)
DRV - (pelmouse) -- C:\Windows\System32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.)
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D8994606-7F13-4A62-90A6-AD34D52079DB}
IE - HKLM\..\SearchScopes\{D8994606-7F13-4A62-90A6-AD34D52079DB}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=LENIE
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.kaninchenschutzforum.de/
IE - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005\..\SearchScopes\{D8994606-7F13-4A62-90A6-AD34D52079DB}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=LENIE
IE - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.06 17:44:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.05 16:02:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.18 09:21:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.04.22 21:30:35 | 000,000,000 | ---D | M]
 
[2010.08.27 00:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\mozilla\Extensions
[2010.08.27 00:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.02 21:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\cct9xnkl.default\extensions
[2010.09.18 18:33:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\cct9xnkl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.24 00:17:45 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\cct9xnkl.default\extensions\2020Player_IKEA@2020Technologies.com
[2012.06.08 21:52:18 | 000,000,944 | ---- | M] () -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\cct9xnkl.default\searchplugins\icqplugin.xml
[2012.06.06 17:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.06 17:44:24 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.06.24 09:57:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.24 09:57:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.06.24 09:57:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.24 09:57:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.24 09:57:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.24 09:57:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Programme\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57830F4C-ABCE-4441-8D3A-66A271F11368}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{874A84A7-FB13-4667-8D00-383368682399}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3ED041C-EEB7-4C10-8D21-76E3E83BF2F9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk - C:\Programme\WISO\Sparbuch 2010\meinsparbuchheute.exe - ()
MsConfig - StartUpFolder: C:^Users^Jessica^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: MobMapUpdater - hkey= - key= - C:\Program Files\MobMapUpdater\MobMapUpdater.exe ()
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.13 22:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.13 22:53:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Jessica\Desktop\esetsmartinstaller_enu.exe
[2012.06.12 21:07:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.06.12 16:05:59 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\Malwarebytes
[2012.06.12 16:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.12 16:05:49 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.12 16:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.12 16:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.12 15:51:45 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\TuneUp Software
[2012.06.12 15:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012.06.12 15:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.06.12 15:45:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.06.12 15:45:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.06.11 13:46:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
[2012.06.09 23:17:23 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Local\Macromedia
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.14 16:34:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.14 16:20:28 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 16:20:28 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 16:05:02 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.06.14 15:21:40 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2012.06.14 15:20:43 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.06.14 15:20:39 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2012.06.14 15:20:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.14 15:19:58 | 938,663,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.13 22:57:57 | 000,022,804 | ---- | M] () -- C:\Users\Jessica\Desktop\ESET Scanner.odt
[2012.06.13 22:53:30 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Jessica\Desktop\esetsmartinstaller_enu.exe
[2012.06.12 19:22:36 | 132,028,909 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.06.12 16:05:50 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.12 16:01:13 | 000,000,618 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.06.11 13:51:16 | 000,302,592 | ---- | M] () -- C:\Users\Jessica\Desktop\891g4vti.exe
[2012.06.11 13:46:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
[2012.06.11 13:45:01 | 000,000,000 | ---- | M] () -- C:\Users\Jessica\defogger_reenable
[2012.06.11 13:42:50 | 000,050,477 | ---- | M] () -- C:\Users\Jessica\Desktop\Defogger.exe
[2012.06.09 22:09:41 | 000,708,082 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.09 22:09:41 | 000,664,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.09 22:09:41 | 000,144,434 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.09 22:09:41 | 000,124,938 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.28 10:17:16 | 000,001,356 | ---- | M] () -- C:\Users\Jessica\AppData\Local\d3d9caps.dat
[2012.05.24 15:18:53 | 000,025,715 | ---- | M] () -- C:\Users\Jessica\***.elfo
 
========== Files Created - No Company Name ==========
 
[2012.06.13 22:57:50 | 000,022,804 | ---- | C] () -- C:\Users\Jessica\Desktop\ESET Scanner.odt
[2012.06.12 20:38:09 | 938,663,936 | -HS- | C] () -- C:\hiberfil.sys
[2012.06.12 16:05:50 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.11 13:51:12 | 000,302,592 | ---- | C] () -- C:\Users\Jessica\Desktop\891g4vti.exe
[2012.06.11 13:45:01 | 000,000,000 | ---- | C] () -- C:\Users\Jessica\defogger_reenable
[2012.06.11 13:42:12 | 000,050,477 | ---- | C] () -- C:\Users\Jessica\Desktop\Defogger.exe
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012.01.18 07:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.11.13 15:19:26 | 000,000,618 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.17 23:05:52 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.09.06 15:11:34 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.09.06 15:11:28 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
 
========== LOP Check ==========
 
[2010.02.17 18:12:41 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Buhl Data Service
[2012.05.06 14:16:54 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\elsterformular
[2012.02.23 23:53:57 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\FileZilla
[2012.06.14 16:42:29 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\ICQ
[2010.08.22 14:27:13 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\InterTrust
[2009.08.22 22:06:26 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\InterVideo
[2008.07.14 00:35:14 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Lenovo
[2009.05.03 13:38:24 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\MobMapUpdater
[2009.03.25 00:28:44 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Nvu
[2011.12.07 20:56:14 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\OpenOffice.org
[2010.04.30 20:55:45 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\ScummVM
[2010.07.03 10:46:19 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\T-Online
[2010.08.27 00:58:23 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Thunderbird
[2012.06.12 15:51:45 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\TuneUp Software
[2012.06.14 16:05:02 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.06.14 14:50:28 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.08.03 20:09:09 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Adobe
[2009.06.01 11:20:50 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Apple Computer
[2008.10.03 15:55:17 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\ATI
[2011.12.08 10:02:56 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Avira
[2010.02.17 18:12:41 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Buhl Data Service
[2012.05.06 14:16:54 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\elsterformular
[2012.02.23 23:53:57 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\FileZilla
[2012.06.14 16:42:29 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\ICQ
[2006.11.02 15:04:02 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Identities
[2010.08.22 14:27:13 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\InterTrust
[2009.08.22 22:06:26 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\InterVideo
[2008.07.14 00:35:14 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Lenovo
[2008.07.14 00:56:04 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Macromedia
[2012.06.12 16:06:00 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Malwarebytes
[2012.06.09 23:17:23 | 000,000,000 | --SD | M] -- C:\Users\Jessica\AppData\Roaming\Microsoft
[2009.05.03 13:38:24 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\MobMapUpdater
[2008.07.16 09:28:09 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Mozilla
[2009.03.25 00:28:44 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Nvu
[2011.12.07 20:56:14 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\OpenOffice.org
[2009.10.04 14:29:59 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\PSpad
[2010.04.30 20:55:45 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\ScummVM
[2012.05.25 21:25:56 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Skype
[2010.11.26 22:06:22 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\skypePM
[2010.07.03 10:46:19 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\T-Online
[2008.10.02 23:03:21 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\teamspeak2
[2010.08.27 00:58:23 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Thunderbird
[2012.06.12 15:51:45 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\TuneUp Software
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.07.14 01:30:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008.07.14 01:30:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.07.14 01:30:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.07.14 01:30:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.10 14:02:10 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2008.04.10 14:02:10 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.04.10 14:02:10 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.12.18 14:47:39 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.12.18 14:47:39 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
<           >

< End of report >
         

Geändert von JeS (14.06.2012 um 19:34 Uhr)

Alt 15.06.2012, 12:16   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Artemis Trojaner Beseitigung - Standard

Artemis Trojaner Beseitigung



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!


Alt 16.06.2012, 09:46   #11
JeS
 
Artemis Trojaner Beseitigung - Standard

Artemis Trojaner Beseitigung



Code:
ATTFilter
09:22:59.0771 5928	TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
09:23:00.0295 5928	============================================================
09:23:00.0295 5928	Current date / time: 2012/06/16 09:23:00.0295
09:23:00.0295 5928	SystemInfo:
09:23:00.0295 5928	
09:23:00.0295 5928	OS Version: 6.0.6000 ServicePack: 0.0
09:23:00.0295 5928	Product type: Workstation
09:23:00.0295 5928	ComputerName: JESSICA-PC
09:23:00.0295 5928	UserName: Jessica
09:23:00.0295 5928	Windows directory: C:\Windows
09:23:00.0295 5928	System windows directory: C:\Windows
09:23:00.0295 5928	Processor architecture: Intel x86
09:23:00.0295 5928	Number of processors: 2
09:23:00.0295 5928	Page size: 0x1000
09:23:00.0295 5928	Boot type: Normal boot
09:23:00.0295 5928	============================================================
09:23:02.0359 5928	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x14DFFB, SectorsPerTrack: 0x3, TracksPerCylinder: 0x77, Type 'K0', Flags 0x00000050
09:23:02.0396 5928	============================================================
09:23:02.0396 5928	\Device\Harddisk0\DR0:
09:23:02.0397 5928	MBR partitions:
09:23:02.0397 5928	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xA98000, BlocksNum 0x1C72D000
09:23:02.0397 5928	============================================================
09:23:02.0448 5928	C: <-> \Device\Harddisk0\DR0\Partition0
09:23:02.0499 5928	============================================================
09:23:02.0499 5928	Initialize success
09:23:02.0499 5928	============================================================
09:24:47.0616 4772	============================================================
09:24:47.0616 4772	Scan started
09:24:47.0616 4772	Mode: Manual; SigCheck; TDLFS; 
09:24:47.0616 4772	============================================================
09:24:49.0659 4772	ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
09:24:49.0768 4772	ACPI - ok
09:24:49.0846 4772	AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:24:49.0893 4772	AdobeFlashPlayerUpdateSvc - ok
09:24:49.0940 4772	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
09:24:49.0987 4772	adp94xx - ok
09:24:50.0065 4772	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
09:24:50.0080 4772	adpahci - ok
09:24:50.0127 4772	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
09:24:50.0143 4772	adpu160m - ok
09:24:50.0190 4772	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
09:24:50.0236 4772	adpu320 - ok
09:24:50.0283 4772	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
09:24:50.0330 4772	AeLookupSvc - ok
09:24:50.0361 4772	AFD             (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
09:24:50.0548 4772	AFD - ok
09:24:50.0611 4772	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
09:24:50.0611 4772	agp440 - ok
09:24:50.0626 4772	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:24:50.0642 4772	aic78xx - ok
09:24:50.0658 4772	ALG             (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe
09:24:50.0704 4772	ALG - ok
09:24:50.0720 4772	aliide          (c20f9bce0956a7e3deaa6848ee1f1682) C:\Windows\system32\drivers\aliide.sys
09:24:50.0751 4772	aliide - ok
09:24:50.0876 4772	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
09:24:50.0876 4772	amdagp - ok
09:24:50.0892 4772	amdide          (bee39c63d6259f795d110fe89fd9f056) C:\Windows\system32\drivers\amdide.sys
09:24:50.0907 4772	amdide - ok
09:24:50.0954 4772	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:24:51.0016 4772	AmdK7 - ok
09:24:51.0032 4772	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
09:24:51.0110 4772	AmdK8 - ok
09:24:51.0344 4772	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
09:24:51.0375 4772	AntiVirSchedulerService - ok
09:24:51.0484 4772	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
09:24:51.0484 4772	AntiVirService - ok
09:24:51.0547 4772	Appinfo         (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll
09:24:51.0609 4772	Appinfo - ok
09:24:51.0640 4772	AppMgmt         (051e86735b71e8402aebc1d662f26ba2) C:\Windows\System32\appmgmts.dll
09:24:51.0672 4772	AppMgmt - ok
09:24:51.0703 4772	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:24:51.0718 4772	arc - ok
09:24:51.0734 4772	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:24:51.0750 4772	arcsas - ok
09:24:51.0796 4772	AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
09:24:51.0859 4772	AsyncMac - ok
09:24:51.0890 4772	atapi           (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
09:24:51.0890 4772	atapi - ok
09:24:51.0952 4772	Ati External Event Utility (a63b95991d0036d8d5a188bb4a31cf18) C:\Windows\system32\Ati2evxx.exe
09:24:52.0015 4772	Ati External Event Utility - ok
09:24:52.0233 4772	atikmdag        (daca081e9dc82d4a05b0d21e8aa93df8) C:\Windows\system32\DRIVERS\atikmdag.sys
09:24:52.0358 4772	atikmdag - ok
09:24:52.0935 4772	AtiPcie         (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
09:24:52.0966 4772	AtiPcie - ok
09:24:53.0029 4772	atksgt          (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
09:24:53.0044 4772	atksgt ( UnsignedFile.Multi.Generic ) - warning
09:24:53.0044 4772	atksgt - detected UnsignedFile.Multi.Generic (1)
09:24:53.0107 4772	AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
09:24:53.0200 4772	AudioEndpointBuilder - ok
09:24:53.0216 4772	Audiosrv        (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
09:24:53.0263 4772	Audiosrv - ok
09:24:53.0310 4772	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
09:24:53.0341 4772	avgntflt - ok
09:24:53.0372 4772	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
09:24:53.0419 4772	avipbb - ok
09:24:53.0466 4772	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
09:24:53.0481 4772	avkmgr - ok
09:24:53.0512 4772	b57nd60x        (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:24:53.0606 4772	b57nd60x - ok
09:24:53.0684 4772	Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
09:24:53.0731 4772	Beep - ok
09:24:53.0778 4772	BFE             (98ebdffb824a7c265337d68dd480e45c) C:\Windows\System32\bfe.dll
09:24:53.0824 4772	BFE - ok
09:24:53.0918 4772	BITS            (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\System32\qmgr.dll
09:24:54.0012 4772	BITS - ok
09:24:54.0012 4772	blbdrive - ok
09:24:54.0090 4772	bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
09:24:54.0121 4772	bowser - ok
09:24:54.0168 4772	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:24:54.0214 4772	BrFiltLo - ok
09:24:54.0230 4772	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:24:54.0261 4772	BrFiltUp - ok
09:24:54.0308 4772	Browser         (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll
09:24:54.0339 4772	Browser - ok
09:24:54.0386 4772	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:24:54.0433 4772	Brserid - ok
09:24:54.0448 4772	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:24:54.0511 4772	BrSerWdm - ok
09:24:54.0542 4772	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:24:54.0573 4772	BrUsbMdm - ok
09:24:54.0589 4772	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:24:54.0651 4772	BrUsbSer - ok
09:24:54.0667 4772	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:24:54.0714 4772	BTHMODEM - ok
09:24:54.0729 4772	cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
09:24:54.0776 4772	cdfs - ok
09:24:54.0792 4772	cdrom           (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
09:24:54.0854 4772	cdrom - ok
09:24:54.0885 4772	CertPropSvc     (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
09:24:54.0948 4772	CertPropSvc - ok
09:24:54.0979 4772	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:24:55.0057 4772	circlass - ok
09:24:55.0260 4772	CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
09:24:55.0275 4772	CLFS - ok
09:24:55.0431 4772	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:24:55.0447 4772	clr_optimization_v2.0.50727_32 - ok
09:24:55.0462 4772	cmdide          (4fdf23b1124b36c2cfd0f675f950ae1b) C:\Windows\system32\drivers\cmdide.sys
09:24:55.0462 4772	cmdide - ok
09:24:55.0509 4772	Compbatt        (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
09:24:55.0509 4772	Compbatt - ok
09:24:55.0540 4772	COMSysApp - ok
09:24:55.0572 4772	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:24:55.0572 4772	crcdisk - ok
09:24:55.0587 4772	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:24:55.0665 4772	Crusoe - ok
09:24:55.0696 4772	CryptSvc        (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll
09:24:55.0774 4772	CryptSvc - ok
09:24:55.0993 4772	CSC             (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys
09:24:56.0040 4772	CSC - ok
09:24:56.0086 4772	CscService      (68131a9a8e3f0ab5136bf386f02a3fc7) C:\Windows\System32\cscsvc.dll
09:24:56.0164 4772	CscService - ok
09:24:56.0242 4772	DcomLaunch      (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
09:24:56.0305 4772	DcomLaunch - ok
09:24:56.0383 4772	DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
09:24:56.0430 4772	DfsC - ok
09:24:57.0241 4772	DFSR            (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe
09:24:57.0381 4772	DFSR - ok
09:24:58.0021 4772	Dhcp            (dc45739bc22d528d2b3e50d3f6761750) C:\Windows\System32\dhcpcsvc.dll
09:24:58.0068 4772	Dhcp - ok
09:24:58.0146 4772	disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
09:24:58.0161 4772	disk - ok
09:24:58.0754 4772	Diskeeper       (5f4944cfb8e60f2b02b7cd7419b3c314) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
09:24:58.0816 4772	Diskeeper ( UnsignedFile.Multi.Generic ) - warning
09:24:58.0816 4772	Diskeeper - detected UnsignedFile.Multi.Generic (1)
09:24:58.0879 4772	DLABMFSM        (475024f44e0b0ff2e89b0b7450c51e9a) C:\Windows\system32\DLA\DLABMFSM.SYS
09:24:58.0879 4772	DLABMFSM - ok
09:24:58.0910 4772	DLABOIOM        (d418a2c037f0367af8ceb955f8162219) C:\Windows\system32\DLA\DLABOIOM.SYS
09:24:58.0926 4772	DLABOIOM - ok
09:24:58.0957 4772	DLACDBHM        (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
09:24:58.0972 4772	DLACDBHM - ok
09:24:58.0988 4772	DLADResM        (6229b5564501da2759ae82c73e721518) C:\Windows\system32\DLA\DLADResM.SYS
09:24:59.0004 4772	DLADResM - ok
09:24:59.0050 4772	DLAIFS_M        (97e1cc730f1f931c5232013432584334) C:\Windows\system32\DLA\DLAIFS_M.SYS
09:24:59.0066 4772	DLAIFS_M - ok
09:24:59.0082 4772	DLAOPIOM        (d98be003d85c0251a3db5851a29c6ba8) C:\Windows\system32\DLA\DLAOPIOM.SYS
09:24:59.0082 4772	DLAOPIOM - ok
09:24:59.0082 4772	DLAPoolM        (3821ad5aa0ac0f05625923cfcc0c0fbb) C:\Windows\system32\DLA\DLAPoolM.SYS
09:24:59.0097 4772	DLAPoolM - ok
09:24:59.0113 4772	DLARTL_M        (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
09:24:59.0113 4772	DLARTL_M - ok
09:24:59.0144 4772	DLAUDFAM        (0fdd55d09da1657fc28ebc015f5f45d6) C:\Windows\system32\DLA\DLAUDFAM.SYS
09:24:59.0160 4772	DLAUDFAM - ok
09:24:59.0175 4772	DLAUDF_M        (147bc35eba264118988f5c5580860336) C:\Windows\system32\DLA\DLAUDF_M.SYS
09:24:59.0175 4772	DLAUDF_M - ok
09:24:59.0206 4772	Dnscache        (eecba1dd142bf8693c476be8f32fe253) C:\Windows\System32\dnsrslvr.dll
09:24:59.0253 4772	Dnscache - ok
09:24:59.0316 4772	dot3svc         (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll
09:24:59.0378 4772	dot3svc - ok
09:24:59.0425 4772	DPS             (032c90ad677bf7b7a8013d6087c7a921) C:\Windows\system32\dps.dll
09:24:59.0456 4772	DPS - ok
09:24:59.0487 4772	drmkaud         (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
09:24:59.0534 4772	drmkaud - ok
09:24:59.0550 4772	DRVMCDB         (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
09:24:59.0565 4772	DRVMCDB - ok
09:24:59.0596 4772	DRVNDDM         (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
09:24:59.0596 4772	DRVNDDM - ok
09:24:59.0674 4772	DXGKrnl         (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
09:24:59.0768 4772	DXGKrnl - ok
09:24:59.0799 4772	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:24:59.0862 4772	E1G60 - ok
09:24:59.0877 4772	EapHost         (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll
09:24:59.0924 4772	EapHost - ok
09:25:00.0002 4772	Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
09:25:00.0018 4772	Ecache - ok
09:25:00.0064 4772	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:25:00.0080 4772	elxstor - ok
09:25:00.0142 4772	EMDMgmt         (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll
09:25:00.0205 4772	EMDMgmt - ok
09:25:00.0283 4772	EventSystem     (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll
09:25:00.0361 4772	EventSystem - ok
09:25:00.0408 4772	fastfat         (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
09:25:00.0470 4772	fastfat - ok
09:25:00.0532 4772	Fax             (93f75490b02033df8edf4d7089c7e1d8) C:\Windows\system32\fxssvc.exe
09:25:00.0595 4772	Fax - ok
09:25:00.0642 4772	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
09:25:00.0704 4772	fdc - ok
09:25:00.0720 4772	fdPHost         (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll
09:25:00.0813 4772	fdPHost - ok
09:25:00.0829 4772	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
09:25:00.0860 4772	FDResPub - ok
09:25:00.0891 4772	FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
09:25:00.0907 4772	FileInfo - ok
09:25:00.0922 4772	Filetrace       (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
09:25:00.0954 4772	Filetrace - ok
09:25:00.0969 4772	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
09:25:01.0032 4772	flpydisk - ok
09:25:01.0063 4772	FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
09:25:01.0078 4772	FltMgr - ok
09:25:01.0266 4772	FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:25:01.0266 4772	FontCache3.0.0.0 - ok
09:25:01.0297 4772	Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
09:25:01.0312 4772	Fs_Rec - ok
09:25:01.0344 4772	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:25:01.0344 4772	gagp30kx - ok
09:25:01.0406 4772	gpsvc           (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll
09:25:01.0484 4772	gpsvc - ok
09:25:01.0531 4772	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:25:01.0624 4772	HdAudAddService - ok
09:25:01.0656 4772	HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:25:01.0687 4772	HDAudBus - ok
09:25:01.0734 4772	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:25:01.0765 4772	HidBth - ok
09:25:01.0812 4772	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:25:01.0858 4772	HidIr - ok
09:25:01.0874 4772	hidserv         (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
09:25:01.0952 4772	hidserv - ok
09:25:01.0983 4772	HidUsb          (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
09:25:01.0999 4772	HidUsb - ok
09:25:02.0030 4772	hkmsvc          (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll
09:25:02.0077 4772	hkmsvc - ok
09:25:02.0139 4772	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:25:02.0139 4772	HpCISSs - ok
09:25:02.0233 4772	HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
09:25:02.0295 4772	HTTP - ok
09:25:02.0326 4772	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:25:02.0342 4772	i2omp - ok
09:25:02.0420 4772	i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
09:25:02.0482 4772	i8042prt - ok
09:25:03.0138 4772	ialm            (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:25:03.0278 4772	ialm - ok
09:25:04.0635 4772	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:25:04.0666 4772	iaStorV - ok
09:25:04.0885 4772	IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:25:04.0900 4772	IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:25:04.0900 4772	IDriverT - detected UnsignedFile.Multi.Generic (1)
09:25:05.0462 4772	idsvc           (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:25:05.0571 4772	idsvc - ok
09:25:05.0602 4772	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:25:05.0602 4772	iirsp - ok
09:25:05.0680 4772	IKEEXT          (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll
09:25:05.0774 4772	IKEEXT - ok
09:25:06.0788 4772	IntcAzAudAddService (60ad91fda0d2c285435aa76860dcaf35) C:\Windows\system32\drivers\RTKVHDA.sys
09:25:06.0897 4772	IntcAzAudAddService - ok
09:25:07.0318 4772	intelide        (c87b3428607ef44068df98a8d1904785) C:\Windows\system32\drivers\intelide.sys
09:25:07.0334 4772	intelide - ok
09:25:07.0350 4772	intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
09:25:07.0412 4772	intelppm - ok
09:25:07.0490 4772	IPBusEnum       (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll
09:25:07.0537 4772	IPBusEnum - ok
09:25:07.0568 4772	IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:25:07.0646 4772	IpFilterDriver - ok
09:25:07.0740 4772	iphlpsvc        (ecc9ad72cfc4ab41cf6a9bcc11f9fef6) C:\Windows\System32\iphlpsvc.dll
09:25:07.0786 4772	iphlpsvc - ok
09:25:07.0786 4772	IpInIp - ok
09:25:07.0802 4772	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:25:07.0849 4772	IPMIDRV - ok
09:25:07.0864 4772	IPNAT           (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
09:25:07.0927 4772	IPNAT - ok
09:25:07.0974 4772	IPSSVC          (00d8e9daebe72a5df3986fd418a995eb) C:\Windows\system32\IPSSVC.EXE
09:25:07.0989 4772	IPSSVC - ok
09:25:08.0005 4772	IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
09:25:08.0052 4772	IRENUM - ok
09:25:08.0067 4772	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
09:25:08.0067 4772	isapnp - ok
09:25:08.0098 4772	iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
09:25:08.0161 4772	iScsiPrt - ok
09:25:08.0192 4772	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:25:08.0192 4772	iteatapi - ok
09:25:08.0254 4772	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:25:08.0254 4772	iteraid - ok
09:25:08.0348 4772	IviRegMgr       (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:25:08.0364 4772	IviRegMgr - ok
09:25:08.0379 4772	kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
09:25:08.0395 4772	kbdclass - ok
09:25:08.0426 4772	kbdhid          (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
09:25:08.0442 4772	kbdhid - ok
09:25:08.0473 4772	KeyIso          (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
09:25:08.0488 4772	KeyIso - ok
09:25:08.0504 4772	KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
09:25:08.0566 4772	KSecDD - ok
09:25:08.0613 4772	KtmRm           (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll
09:25:08.0660 4772	KtmRm - ok
09:25:08.0707 4772	LanmanServer    (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\system32\srvsvc.dll
09:25:08.0800 4772	LanmanServer - ok
09:25:08.0863 4772	LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll
09:25:08.0941 4772	LanmanWorkstation - ok
09:25:09.0658 4772	ldiskl          (aece2d44a6c0e6cf7ad6b699818defef) C:\Users\Jessica\AppData\Local\Temp\ldiskl.sys
09:25:09.0690 4772	ldiskl ( UnsignedFile.Multi.Generic ) - warning
09:25:09.0690 4772	ldiskl - detected UnsignedFile.Multi.Generic (1)
09:25:09.0736 4772	lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
09:25:09.0736 4772	lirsgt ( UnsignedFile.Multi.Generic ) - warning
09:25:09.0736 4772	lirsgt - detected UnsignedFile.Multi.Generic (1)
09:25:09.0768 4772	lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
09:25:09.0830 4772	lltdio - ok
09:25:09.0861 4772	lltdsvc         (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll
09:25:09.0939 4772	lltdsvc - ok
09:25:09.0955 4772	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
09:25:10.0017 4772	lmhosts - ok
09:25:10.0064 4772	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:25:10.0064 4772	LSI_FC - ok
09:25:10.0111 4772	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:25:10.0111 4772	LSI_SAS - ok
09:25:10.0142 4772	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:25:10.0158 4772	LSI_SCSI - ok
09:25:10.0173 4772	luafv           (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
09:25:10.0220 4772	luafv - ok
09:25:12.0092 4772	LVUVC           (5bc80451109a8dd7f2ddd35bce2929a3) C:\Windows\system32\DRIVERS\lvuvc.sys
09:25:12.0326 4772	LVUVC - ok
09:25:12.0529 4772	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:25:12.0529 4772	megasas - ok
09:25:12.0560 4772	MMCSS           (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
09:25:12.0622 4772	MMCSS - ok
09:25:12.0669 4772	Modem           (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
09:25:12.0716 4772	Modem - ok
09:25:12.0747 4772	monitor         (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
09:25:12.0778 4772	monitor - ok
09:25:12.0825 4772	mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
09:25:12.0825 4772	mouclass - ok
09:25:12.0856 4772	mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
09:25:12.0872 4772	mouhid - ok
09:25:12.0919 4772	MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
09:25:12.0919 4772	MountMgr - ok
09:25:13.0012 4772	MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:25:13.0012 4772	MozillaMaintenance - ok
09:25:13.0044 4772	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:25:13.0044 4772	mpio - ok
09:25:13.0075 4772	mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
09:25:13.0090 4772	mpsdrv - ok
09:25:13.0122 4772	MpsSvc          (563ed845885c6a7c09a7715d8bd0585c) C:\Windows\system32\mpssvc.dll
09:25:13.0168 4772	MpsSvc - ok
09:25:13.0184 4772	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:25:13.0200 4772	Mraid35x - ok
09:25:13.0231 4772	MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
09:25:13.0278 4772	MRxDAV - ok
09:25:13.0340 4772	mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:25:13.0356 4772	mrxsmb - ok
09:25:13.0371 4772	mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:25:13.0418 4772	mrxsmb10 - ok
09:25:13.0465 4772	mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:25:13.0480 4772	mrxsmb20 - ok
09:25:13.0512 4772	msahci          (a7df0c3adb40919f91b2917fbe07a370) C:\Windows\system32\drivers\msahci.sys
09:25:13.0512 4772	msahci - ok
09:25:13.0527 4772	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:25:13.0543 4772	msdsm - ok
09:25:13.0558 4772	MSDTC           (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe
09:25:13.0590 4772	MSDTC - ok
09:25:13.0605 4772	Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
09:25:13.0668 4772	Msfs - ok
09:25:13.0683 4772	msisadrv        (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
09:25:13.0699 4772	msisadrv - ok
09:25:13.0714 4772	MSiSCSI         (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll
09:25:13.0761 4772	MSiSCSI - ok
09:25:13.0777 4772	msiserver - ok
09:25:13.0792 4772	MSKSSRV         (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
09:25:13.0839 4772	MSKSSRV - ok
09:25:13.0870 4772	MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
09:25:13.0917 4772	MSPCLOCK - ok
09:25:13.0933 4772	MSPQM           (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
09:25:13.0995 4772	MSPQM - ok
09:25:14.0011 4772	MsRPC           (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
09:25:14.0042 4772	MsRPC - ok
09:25:14.0058 4772	mssmbios        (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
09:25:14.0073 4772	mssmbios - ok
09:25:14.0151 4772	MSSQL$MSSMLBIZ - ok
09:25:14.0214 4772	MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
09:25:14.0214 4772	MSSQLServerADHelper - ok
09:25:14.0245 4772	MSTEE           (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
09:25:14.0307 4772	MSTEE - ok
09:25:14.0323 4772	Mup             (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
09:25:14.0338 4772	Mup - ok
09:25:14.0370 4772	napagent        (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll
09:25:14.0479 4772	napagent - ok
09:25:14.0541 4772	NativeWifiP     (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
09:25:14.0557 4772	NativeWifiP - ok
09:25:14.0619 4772	NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
09:25:14.0682 4772	NDIS - ok
09:25:14.0713 4772	NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
09:25:14.0775 4772	NdisTapi - ok
09:25:14.0806 4772	Ndisuio         (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
09:25:14.0853 4772	Ndisuio - ok
09:25:14.0869 4772	NdisWan         (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
09:25:14.0916 4772	NdisWan - ok
09:25:14.0962 4772	NDProxy         (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
09:25:14.0994 4772	NDProxy - ok
09:25:15.0009 4772	NetBIOS         (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
09:25:15.0056 4772	NetBIOS - ok
09:25:15.0072 4772	netbt           (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
09:25:15.0118 4772	netbt - ok
09:25:15.0150 4772	Netlogon        (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
09:25:15.0165 4772	Netlogon - ok
09:25:15.0212 4772	Netman          (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll
09:25:15.0290 4772	Netman - ok
09:25:15.0321 4772	netprofm        (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll
09:25:15.0384 4772	netprofm - ok
09:25:15.0508 4772	NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:25:15.0508 4772	NetTcpPortSharing - ok
09:25:15.0555 4772	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:25:15.0571 4772	nfrd960 - ok
09:25:15.0618 4772	NlaSvc          (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll
09:25:15.0680 4772	NlaSvc - ok
09:25:15.0696 4772	Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
09:25:15.0742 4772	Npfs - ok
09:25:15.0789 4772	nsi             (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll
09:25:15.0883 4772	nsi - ok
09:25:15.0898 4772	nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
09:25:15.0961 4772	nsiproxy - ok
09:25:16.0039 4772	Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
09:25:16.0101 4772	Ntfs - ok
09:25:16.0132 4772	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:25:16.0179 4772	ntrigdigi - ok
09:25:16.0179 4772	Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
09:25:16.0226 4772	Null - ok
09:25:16.0273 4772	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
09:25:16.0288 4772	nvraid - ok
09:25:16.0304 4772	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
09:25:16.0304 4772	nvstor - ok
09:25:16.0351 4772	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:25:16.0351 4772	nv_agp - ok
09:25:16.0366 4772	NwlnkFlt - ok
09:25:16.0366 4772	NwlnkFwd - ok
09:25:16.0476 4772	odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:25:16.0522 4772	odserv - ok
09:25:16.0569 4772	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
09:25:16.0616 4772	ohci1394 - ok
09:25:16.0663 4772	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:25:16.0725 4772	ose - ok
09:25:16.0803 4772	p2pimsvc        (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
09:25:16.0881 4772	p2pimsvc - ok
09:25:16.0897 4772	p2psvc          (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
09:25:16.0912 4772	p2psvc - ok
09:25:16.0959 4772	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
09:25:17.0006 4772	Parport - ok
09:25:17.0022 4772	partmgr         (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
09:25:17.0037 4772	partmgr - ok
09:25:17.0053 4772	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
09:25:17.0100 4772	Parvdm - ok
09:25:17.0115 4772	PcaSvc          (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll
09:25:17.0131 4772	PcaSvc - ok
09:25:17.0146 4772	pci             (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
09:25:17.0178 4772	pci - ok
09:25:17.0193 4772	pciide          (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
09:25:17.0209 4772	pciide - ok
09:25:17.0256 4772	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:25:17.0271 4772	pcmcia - ok
09:25:17.0334 4772	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:25:17.0427 4772	PEAUTH - ok
09:25:17.0490 4772	pelmouse        (dcb53e6ba9df64260f821613e2b37d1d) C:\Windows\system32\DRIVERS\pelmouse.sys
09:25:17.0505 4772	pelmouse - ok
09:25:17.0521 4772	pelusblf        (2dccdeaa4f79df03824d93ce9ecc84b7) C:\Windows\system32\DRIVERS\pelusblf.sys
09:25:17.0521 4772	pelusblf - ok
09:25:17.0661 4772	pla             (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll
09:25:17.0786 4772	pla - ok
09:25:17.0926 4772	PlugPlay        (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll
09:25:18.0004 4772	PlugPlay - ok
09:25:18.0067 4772	PNRPAutoReg     (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
09:25:18.0082 4772	PNRPAutoReg - ok
09:25:18.0098 4772	PNRPsvc         (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
09:25:18.0129 4772	PNRPsvc - ok
09:25:18.0176 4772	PolicyAgent     (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll
09:25:18.0238 4772	PolicyAgent - ok
09:25:18.0301 4772	PptpMiniport    (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
09:25:18.0348 4772	PptpMiniport - ok
09:25:18.0379 4772	PROCDD          (1d80309fed4babf8ea9e7b84a394348b) C:\Windows\system32\DRIVERS\PROCDD.SYS
09:25:18.0394 4772	PROCDD - ok
09:25:18.0441 4772	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:25:18.0488 4772	Processor - ok
09:25:18.0504 4772	ProfSvc         (213112e152e68f0e4705e36f052a2880) C:\Windows\system32\profsvc.dll
09:25:18.0566 4772	ProfSvc - ok
09:25:18.0597 4772	ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
09:25:18.0613 4772	ProtectedStorage - ok
09:25:18.0628 4772	psadd           (aac08defb15aaab00b30341c716efa35) C:\Windows\system32\DRIVERS\psadd.sys
09:25:18.0660 4772	psadd - ok
09:25:18.0706 4772	PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
09:25:18.0738 4772	PSched - ok
09:25:18.0769 4772	PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
09:25:18.0769 4772	PxHelp20 - ok
09:25:18.0862 4772	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:25:18.0925 4772	ql2300 - ok
09:25:18.0972 4772	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:25:18.0972 4772	ql40xx - ok
09:25:19.0050 4772	QWAVE           (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll
09:25:19.0081 4772	QWAVE - ok
09:25:19.0112 4772	QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
09:25:19.0112 4772	QWAVEdrv - ok
09:25:19.0159 4772	RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
09:25:19.0206 4772	RasAcd - ok
09:25:19.0237 4772	RasAuto         (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll
09:25:19.0284 4772	RasAuto - ok
09:25:19.0315 4772	Rasl2tp         (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:25:19.0330 4772	Rasl2tp - ok
09:25:19.0362 4772	RasMan          (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll
09:25:19.0471 4772	RasMan - ok
09:25:19.0502 4772	RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
09:25:19.0580 4772	RasPppoe - ok
09:25:19.0611 4772	rdbss           (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
09:25:19.0658 4772	rdbss - ok
09:25:19.0689 4772	RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:25:19.0736 4772	RDPCDD - ok
09:25:19.0767 4772	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\DRIVERS\rdpdr.sys
09:25:19.0830 4772	rdpdr - ok
09:25:19.0845 4772	RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
09:25:19.0892 4772	RDPENCDD - ok
09:25:19.0923 4772	RDPWD           (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
09:25:19.0986 4772	RDPWD - ok
09:25:20.0017 4772	RemoteAccess    (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll
09:25:20.0064 4772	RemoteAccess - ok
09:25:20.0095 4772	RemoteRegistry  (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll
09:25:20.0142 4772	RemoteRegistry - ok
09:25:20.0220 4772	Roxio UPnP Renderer 9 (20118450ed6782bef435b37803b3e43d) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
09:25:20.0235 4772	Roxio UPnP Renderer 9 ( UnsignedFile.Multi.Generic ) - warning
09:25:20.0235 4772	Roxio UPnP Renderer 9 - detected UnsignedFile.Multi.Generic (1)
09:25:20.0266 4772	Roxio Upnp Server 9 (f6b15f87ca084944fd9471f2bd0fe3b4) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
09:25:20.0282 4772	Roxio Upnp Server 9 ( UnsignedFile.Multi.Generic ) - warning
09:25:20.0282 4772	Roxio Upnp Server 9 - detected UnsignedFile.Multi.Generic (1)
09:25:20.0391 4772	RoxMediaDB9     (eefea86e93c6740885c7e019d9050387) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
09:25:20.0485 4772	RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
09:25:20.0485 4772	RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
09:25:20.0610 4772	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
09:25:20.0625 4772	RpcLocator - ok
09:25:20.0703 4772	RpcSs           (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
09:25:20.0734 4772	RpcSs - ok
09:25:20.0766 4772	rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
09:25:20.0812 4772	rspndr - ok
09:25:20.0890 4772	RT73            (cb20f16afdba63707fb971e0922edec1) C:\Windows\system32\DRIVERS\Dr71WU.sys
09:25:20.0922 4772	RT73 - ok
09:25:20.0968 4772	SamSs           (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
09:25:20.0984 4772	SamSs - ok
09:25:21.0000 4772	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:25:21.0000 4772	sbp2port - ok
09:25:21.0031 4772	SCardSvr        (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll
09:25:21.0093 4772	SCardSvr - ok
09:25:21.0171 4772	Schedule        (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll
09:25:21.0202 4772	Schedule - ok
09:25:21.0234 4772	SCPolicySvc     (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
09:25:21.0280 4772	SCPolicySvc - ok
09:25:21.0312 4772	SDRSVC          (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll
09:25:21.0343 4772	SDRSVC - ok
09:25:21.0374 4772	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:25:21.0421 4772	secdrv - ok
09:25:21.0436 4772	seclogon        (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll
09:25:21.0483 4772	seclogon - ok
09:25:21.0514 4772	SENS            (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\System32\sens.dll
09:25:21.0561 4772	SENS - ok
09:25:21.0577 4772	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
09:25:21.0624 4772	Serenum - ok
09:25:21.0639 4772	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
09:25:21.0686 4772	Serial - ok
09:25:21.0733 4772	sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
09:25:21.0748 4772	sermouse - ok
09:25:21.0764 4772	SessionEnv      (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll
09:25:21.0811 4772	SessionEnv - ok
09:25:21.0826 4772	sffdisk         (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
09:25:21.0858 4772	sffdisk - ok
09:25:21.0873 4772	sffp_mmc        (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
09:25:21.0889 4772	sffp_mmc - ok
09:25:21.0904 4772	sffp_sd         (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
09:25:21.0920 4772	sffp_sd - ok
09:25:21.0936 4772	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
09:25:21.0982 4772	sfloppy - ok
09:25:22.0014 4772	SharedAccess    (9a82bf4c90b00a63150a606a1e2fd82b) C:\Windows\System32\ipnathlp.dll
09:25:22.0045 4772	SharedAccess - ok
09:25:22.0076 4772	ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll
09:25:22.0092 4772	ShellHWDetection - ok
09:25:22.0107 4772	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:25:22.0123 4772	sisagp - ok
09:25:22.0154 4772	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:25:22.0154 4772	SiSRaid2 - ok
09:25:22.0185 4772	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:25:22.0185 4772	SiSRaid4 - ok
09:25:22.0279 4772	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
09:25:22.0326 4772	SkypeUpdate - ok
09:25:22.0482 4772	slsvc           (a1dcd30534835cb67733ad00175125a6) C:\Windows\system32\SLsvc.exe
09:25:22.0653 4772	slsvc - ok
09:25:22.0794 4772	SLUINotify      (56da296e7b376a727e7bdc5ac7fbee02) C:\Windows\system32\SLUINotify.dll
09:25:22.0809 4772	SLUINotify - ok
09:25:22.0856 4772	Smb             (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
09:25:22.0918 4772	Smb - ok
09:25:22.0934 4772	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
09:25:22.0950 4772	SNMPTRAP - ok
09:25:22.0950 4772	spldr           (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
09:25:22.0965 4772	spldr - ok
09:25:23.0028 4772	Spooler         (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe
09:25:23.0090 4772	Spooler - ok
09:25:23.0168 4772	SQLBrowser      (5673e79bbb62a4c35b10d821ff1b4aca) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:25:23.0230 4772	SQLBrowser - ok
09:25:23.0246 4772	SQLWriter       (9263c8898732e2b890f7e954e7729ab7) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:25:23.0246 4772	SQLWriter - ok
09:25:23.0293 4772	srv             (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
09:25:23.0371 4772	srv - ok
09:25:23.0418 4772	srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
09:25:23.0496 4772	srv2 - ok
09:25:23.0527 4772	srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
09:25:23.0558 4772	srvnet - ok
09:25:23.0574 4772	SSDPSRV         (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll
09:25:23.0620 4772	SSDPSRV - ok
09:25:23.0683 4772	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
09:25:23.0683 4772	ssmdrv - ok
09:25:23.0730 4772	stisvc          (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll
09:25:23.0792 4772	stisvc - ok
09:25:23.0854 4772	stllssvr        (4173a9cd59f15a64f54b3242c3232731) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
09:25:23.0854 4772	stllssvr ( UnsignedFile.Multi.Generic ) - warning
09:25:23.0854 4772	stllssvr - detected UnsignedFile.Multi.Generic (1)
09:25:23.0979 4772	SUService       (b71a41cad9de92219c3891e88f822ac3) c:\program files\lenovo\system update\suservice.exe
09:25:23.0979 4772	SUService ( UnsignedFile.Multi.Generic ) - warning
09:25:23.0979 4772	SUService - detected UnsignedFile.Multi.Generic (1)
09:25:23.0995 4772	swenum          (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
09:25:24.0010 4772	swenum - ok
09:25:24.0073 4772	swprv           (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll
09:25:24.0182 4772	swprv - ok
09:25:24.0213 4772	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:25:24.0229 4772	Symc8xx - ok
09:25:24.0244 4772	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:25:24.0244 4772	Sym_hi - ok
09:25:24.0291 4772	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:25:24.0291 4772	Sym_u3 - ok
09:25:24.0354 4772	SysMain         (8f2b5fede18bd3c4c926cbf88e6f1264) C:\Windows\system32\sysmain.dll
09:25:24.0416 4772	SysMain - ok
09:25:24.0432 4772	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
09:25:24.0463 4772	TabletInputService - ok
09:25:24.0494 4772	TapiSrv         (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll
09:25:24.0541 4772	TapiSrv - ok
09:25:24.0556 4772	TBS             (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll
09:25:24.0619 4772	TBS - ok
09:25:24.0681 4772	Tcpip           (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
09:25:24.0775 4772	Tcpip - ok
09:25:24.0790 4772	Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
09:25:24.0822 4772	Tcpip6 - ok
09:25:24.0853 4772	tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
09:25:24.0900 4772	tcpipreg - ok
09:25:24.0915 4772	TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
09:25:24.0962 4772	TDPIPE - ok
09:25:24.0978 4772	TDTCP           (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
09:25:25.0024 4772	TDTCP - ok
09:25:25.0040 4772	tdx             (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
09:25:25.0087 4772	tdx - ok
09:25:25.0102 4772	TermDD          (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
09:25:25.0118 4772	TermDD - ok
09:25:25.0196 4772	TermService     (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll
09:25:25.0258 4772	TermService - ok
09:25:25.0305 4772	Themes          (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll
09:25:25.0321 4772	Themes - ok
09:25:25.0430 4772	ThinkVantage Registry Monitor Service (64cfbe1a6a66a5062c26d0b178a42c91) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
09:25:25.0492 4772	ThinkVantage Registry Monitor Service - ok
09:25:25.0508 4772	THREADORDER     (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
09:25:25.0555 4772	THREADORDER - ok
09:25:25.0617 4772	TPM             (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
09:25:25.0633 4772	TPM - ok
09:25:25.0680 4772	TrkWks          (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll
09:25:25.0726 4772	TrkWks - ok
09:25:25.0758 4772	TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe
09:25:25.0789 4772	TrustedInstaller - ok
09:25:25.0914 4772	TSSCoreService  (865760e60f51d2a33e51ae9ba1806ff8) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
09:25:25.0945 4772	TSSCoreService - ok
09:25:25.0992 4772	tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:25:26.0038 4772	tssecsrv - ok
09:25:26.0101 4772	tunmp           (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
09:25:26.0101 4772	tunmp - ok
09:25:26.0132 4772	tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
09:25:26.0163 4772	tunnel - ok
09:25:26.0226 4772	TVT Backup Protection Service (40489f1cd98ac221c97b4e1d269c3331) C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
09:25:26.0257 4772	TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning
09:25:26.0257 4772	TVT Backup Protection Service - detected UnsignedFile.Multi.Generic (1)
09:25:26.0304 4772	TVT Backup Service (06519c96036f937b829d4e3eaf8f7596) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
09:25:26.0350 4772	TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
09:25:26.0350 4772	TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
09:25:26.0506 4772	TVT Scheduler   (e9ea448f1174be4052416b62263ea4ee) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
09:25:26.0616 4772	TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
09:25:26.0616 4772	TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
09:25:26.0787 4772	tvtfilter       (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
09:25:26.0803 4772	tvtfilter ( UnsignedFile.Multi.Generic ) - warning
09:25:26.0803 4772	tvtfilter - detected UnsignedFile.Multi.Generic (1)
09:25:26.0818 4772	TVTI2C          (8ab24d4b7da715c2c80455137910e792) C:\Windows\system32\DRIVERS\Tvti2c.sys
09:25:26.0850 4772	TVTI2C - ok
09:25:26.0943 4772	tvtnetwk        (2e72c66682e9274c97ae3f5a57c2fa33) C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
09:25:26.0959 4772	tvtnetwk ( UnsignedFile.Multi.Generic ) - warning
09:25:26.0959 4772	tvtnetwk - detected UnsignedFile.Multi.Generic (1)
09:25:26.0974 4772	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:25:26.0990 4772	uagp35 - ok
09:25:27.0037 4772	udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
09:25:27.0099 4772	udfs - ok
09:25:27.0130 4772	UI0Detect       (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe
09:25:27.0146 4772	UI0Detect - ok
09:25:27.0162 4772	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:25:27.0162 4772	uliagpkx - ok
09:25:27.0193 4772	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:25:27.0255 4772	uliahci - ok
09:25:27.0271 4772	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:25:27.0333 4772	UlSata - ok
09:25:27.0380 4772	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:25:27.0442 4772	ulsata2 - ok
09:25:27.0458 4772	umbus           (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
09:25:27.0489 4772	umbus - ok
09:25:27.0520 4772	UmRdpService    (cfbb746c889b9223d2ac268cf283a93e) C:\Windows\System32\umrdp.dll
09:25:27.0598 4772	UmRdpService - ok
09:25:27.0692 4772	UMVPFSrv        (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
09:25:27.0754 4772	UMVPFSrv - ok
09:25:27.0770 4772	upnphost        (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll
09:25:27.0864 4772	upnphost - ok
09:25:27.0895 4772	usbaudio        (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
09:25:27.0957 4772	usbaudio - ok
09:25:28.0004 4772	usbccgp         (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
09:25:28.0020 4772	usbccgp - ok
09:25:28.0051 4772	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:25:28.0082 4772	usbcir - ok
09:25:28.0144 4772	usbehci         (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
09:25:28.0160 4772	usbehci - ok
09:25:28.0191 4772	usbhub          (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
09:25:28.0222 4772	usbhub - ok
09:25:28.0238 4772	usbohci         (51dc36722172d45f2f935ce5cc18a812) C:\Windows\system32\DRIVERS\usbohci.sys
09:25:28.0254 4772	usbohci - ok
09:25:28.0269 4772	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
09:25:28.0316 4772	usbprint - ok
09:25:28.0363 4772	usbscan         (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
09:25:28.0425 4772	usbscan - ok
09:25:28.0441 4772	USBSTOR         (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:25:28.0472 4772	USBSTOR - ok
09:25:28.0488 4772	usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
09:25:28.0534 4772	usbuhci - ok
09:25:28.0566 4772	usbvideo        (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
09:25:28.0659 4772	usbvideo - ok
09:25:28.0706 4772	UxSms           (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll
09:25:28.0768 4772	UxSms - ok
09:25:28.0815 4772	vds             (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe
09:25:28.0862 4772	vds - ok
09:25:28.0893 4772	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
09:25:28.0924 4772	vga - ok
09:25:28.0956 4772	VgaSave         (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
09:25:29.0034 4772	VgaSave - ok
09:25:29.0049 4772	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:25:29.0065 4772	viaagp - ok
09:25:29.0080 4772	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:25:29.0112 4772	ViaC7 - ok
09:25:29.0143 4772	viaide          (99f3e24f50b4e9282ca5edc684d012ed) C:\Windows\system32\drivers\viaide.sys
09:25:29.0158 4772	viaide - ok
09:25:29.0236 4772	volmgr          (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
09:25:29.0236 4772	volmgr - ok
09:25:29.0268 4772	volmgrx         (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
09:25:29.0330 4772	volmgrx - ok
09:25:29.0346 4772	volsnap         (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
09:25:29.0346 4772	volsnap - ok
09:25:29.0377 4772	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:25:29.0377 4772	vsmraid - ok
09:25:29.0439 4772	VSS             (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe
09:25:29.0564 4772	VSS - ok
09:25:29.0626 4772	W32Time         (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll
09:25:29.0673 4772	W32Time - ok
09:25:29.0704 4772	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:25:29.0751 4772	WacomPen - ok
09:25:29.0798 4772	Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
09:25:29.0814 4772	Wanarp - ok
09:25:29.0829 4772	Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
09:25:29.0845 4772	Wanarpv6 - ok
09:25:29.0892 4772	wbengine        (6d2f099d4ce88777e46cb1808c87b132) C:\Windows\system32\wbengine.exe
09:25:29.0954 4772	wbengine - ok
09:25:29.0985 4772	wcncsvc         (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll
09:25:30.0016 4772	wcncsvc - ok
09:25:30.0079 4772	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
09:25:30.0110 4772	WcsPlugInService - ok
09:25:30.0126 4772	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
09:25:30.0141 4772	Wd - ok
09:25:30.0188 4772	Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
09:25:30.0219 4772	Wdf01000 - ok
09:25:30.0235 4772	WdiServiceHost  (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
09:25:30.0297 4772	WdiServiceHost - ok
09:25:30.0297 4772	WdiSystemHost   (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
09:25:30.0313 4772	WdiSystemHost - ok
09:25:30.0375 4772	WebClient       (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll
09:25:30.0422 4772	WebClient - ok
09:25:30.0438 4772	Wecsvc          (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll
09:25:30.0531 4772	Wecsvc - ok
09:25:30.0547 4772	wercplsupport   (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll
09:25:30.0594 4772	wercplsupport - ok
09:25:30.0609 4772	WerSvc          (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll
09:25:30.0687 4772	WerSvc - ok
09:25:30.0718 4772	WimFltr         (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
09:25:30.0734 4772	WimFltr - ok
09:25:30.0796 4772	WinDefend       (0d5ad0e71ff5ddac5dd2f443b499abd0) C:\Program Files\Windows Defender\mpsvc.dll
09:25:30.0859 4772	WinDefend - ok
09:25:30.0859 4772	WinHttpAutoProxySvc - ok
09:25:30.0921 4772	Winmgmt         (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll
09:25:30.0999 4772	Winmgmt - ok
09:25:31.0046 4772	WinRM           (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll
09:25:31.0124 4772	WinRM - ok
09:25:31.0186 4772	Wlansvc         (7640acea41348bfef34b76e245501261) C:\Windows\System32\wlansvc.dll
09:25:31.0249 4772	Wlansvc - ok
09:25:31.0296 4772	WmiAcpi         (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
09:25:31.0327 4772	WmiAcpi - ok
09:25:31.0374 4772	wmiApSrv        (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe
09:25:31.0405 4772	wmiApSrv - ok
09:25:31.0483 4772	WMPNetworkSvc   (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:25:31.0561 4772	WMPNetworkSvc - ok
09:25:31.0623 4772	WPDBusEnum      (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll
09:25:31.0654 4772	WPDBusEnum - ok
09:25:31.0654 4772	ws2ifsl         (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
09:25:31.0701 4772	ws2ifsl - ok
09:25:31.0732 4772	wscsvc          (f97cbb919af6d0a6643d1a59c15014d1) C:\Windows\System32\wscsvc.dll
09:25:31.0764 4772	wscsvc - ok
09:25:31.0764 4772	WSearch - ok
09:25:31.0904 4772	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
09:25:32.0013 4772	wuauserv - ok
09:25:32.0185 4772	WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:25:32.0247 4772	WUDFRd - ok
09:25:32.0278 4772	wudfsvc         (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll
09:25:32.0310 4772	wudfsvc - ok
09:25:32.0372 4772	yukonwlh        (f081ed0b8bd09d7f50ac9a30bbbb06bc) C:\Windows\system32\DRIVERS\yk60x86.sys
09:25:32.0419 4772	yukonwlh - ok
09:25:32.0450 4772	MBR (0x1B8)     (3b667250a48f984e17c5268a6e8a64ab) \Device\Harddisk0\DR0
09:25:32.0762 4772	\Device\Harddisk0\DR0 - ok
09:25:32.0762 4772	Boot (0x1200)   (523e69f6f9c97f2b50b27d94e2c65aa4) \Device\Harddisk0\DR0\Partition0
09:25:32.0762 4772	\Device\Harddisk0\DR0\Partition0 - ok
09:25:32.0762 4772	============================================================
09:25:32.0762 4772	Scan finished
09:25:32.0762 4772	============================================================
09:25:32.0793 4784	Detected object count: 15
09:25:32.0793 4784	Actual detected object count: 15
10:04:50.0079 4784	atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0079 4784	atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:04:50.0095 4784	Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0095 4784	Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:04:50.0095 4784	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0095 4784	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:04:50.0095 4784	ldiskl ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0095 4784	ldiskl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:04:50.0095 4784	lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0095 4784	lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:04:50.0110 4784	Roxio UPnP Renderer 9 ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0110 4784	Roxio UPnP Renderer 9 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:04:50.0110 4784	Roxio Upnp Server 9 ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0110 4784	Roxio Upnp Server 9 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:04:50.0110 4784	RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0110 4784	RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:04:50.0110 4784	stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0110 4784	stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:04:50.0110 4784	SUService ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0110 4784	SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:04:50.0126 4784	TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0126 4784	TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:04:50.0126 4784	TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0126 4784	TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:04:50.0126 4784	TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0126 4784	TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:04:50.0126 4784	tvtfilter ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0126 4784	tvtfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:04:50.0141 4784	tvtnetwk ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0141 4784	tvtnetwk ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 17.06.2012, 20:37   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Artemis Trojaner Beseitigung - Standard

Artemis Trojaner Beseitigung



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Alt 18.06.2012, 17:12   #13
JeS
 
Artemis Trojaner Beseitigung - Standard

Artemis Trojaner Beseitigung



Code:
ATTFilter
ComboFix 12-06-16.02 - Jessica 18.06.2012  17:35:12.1.2 - x86
Microsoft® Windows Vista™ Business   6.0.6000.0.1252.49.1031.18.895.436 [GMT 2:00]
ausgeführt von:: c:\users\Jessica\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\a
c:\windows\IsUn0407.exe
c:\windows\system32\ur.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-18 bis 2012-06-18  ))))))))))))))))))))))))))))))
.
.
2012-06-18 15:46 . 2012-06-18 15:51	--------	d-----w-	c:\users\Jessica\AppData\Local\temp
2012-06-18 15:46 . 2012-06-18 15:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-13 20:54 . 2012-06-13 20:54	--------	d-----w-	c:\program files\ESET
2012-06-12 14:05 . 2012-06-12 14:06	--------	d-----w-	c:\users\Jessica\AppData\Roaming\Malwarebytes
2012-06-12 14:05 . 2012-06-12 14:05	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-12 14:05 . 2012-06-12 14:05	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-12 14:05 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-12 13:51 . 2012-06-12 13:51	--------	d-----w-	c:\users\Jessica\AppData\Roaming\TuneUp Software
2012-06-12 13:51 . 2012-06-12 13:52	--------	d-----w-	c:\program files\TuneUp Utilities 2012
2012-06-12 13:46 . 2012-06-12 13:51	--------	d-----w-	c:\programdata\TuneUp Software
2012-06-12 13:45 . 2012-06-12 13:45	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-12 13:45 . 2012-06-12 13:45	--------	d--h--w-	c:\programdata\Common Files
2012-06-12 07:36 . 2012-05-08 16:40	6737808	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{969639E6-C8BA-4AE7-83AC-2860BC587555}\mpengine.dll
2012-06-09 21:17 . 2012-06-09 21:17	--------	d-----w-	c:\users\Jessica\AppData\Local\Macromedia
2012-06-06 15:44 . 2012-06-06 15:44	421200	----a-w-	c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-06 15:44 . 2012-06-06 15:44	770384	----a-w-	c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-05 14:02 . 2012-06-05 14:01	476960	----a-w-	c:\windows\system32\npdeployJava1.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 19:54 . 2012-04-03 19:53	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-09 19:54 . 2011-09-02 13:14	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 14:01 . 2010-11-04 12:59	472864	----a-w-	c:\windows\system32\deployJava1.dll
2012-05-08 19:38 . 2011-12-08 07:56	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-08 19:38 . 2009-07-03 13:36	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-06-16 15:31 . 2011-05-13 15:16	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-10 1232896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-22 4702208]
"Mouse Suite 98 Daemon"="ICO.EXE" [2007-02-11 77824]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2007-09-25 28672]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-15 217176]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Sparbuch heute.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jessica^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07	843712	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobMapUpdater]
2010-01-18 13:36	1771136	------w-	c:\program files\MobMapUpdater\MobMapUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-04-10 12:05	1006264	------w-	c:\program files\Windows Defender\MSASCui.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 257224]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 19:54]
.
2012-06-18 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.kaninchenschutzforum.de/
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\cct9xnkl.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-18 17:51
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3848)
c:\windows\System32\pelscrll.dll
c:\windows\System32\PELCOMM.dll
c:\windows\System32\PELHOOKS.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\ico.exe
c:\windows\System32\Pelmiced.exe
c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\consent.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-18  18:01:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-18 16:01
.
Vor Suchlauf: 15 Verzeichnis(se), 114.835.361.792 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 116.812.836.864 Bytes frei
.
- - End Of File - - 3A094478A68CD3FA25A3C570368D3A2B
         

Alt 18.06.2012, 21:03   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Artemis Trojaner Beseitigung - Standard

Artemis Trojaner Beseitigung



Code:
ATTFilter
Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
         
Wieso hat dein Vista eigentlich noch kein einziges Updates gesehen? Hast du die automatischen Updates deaktiviert?
Dieses System ist so "aktuell" wie ein Vista, dass gerade rausgekommen ist, also so Anfang 2007!

Alt 18.06.2012, 21:23   #15
JeS
 
Artemis Trojaner Beseitigung - Standard

Artemis Trojaner Beseitigung



Ich weiß es ehrlich gesagt nicht, denke, das hatte ich lange deaktiviert.

Ich hab zwischendrin schon mal Meldungen bekommen, dass es irgendwelche Updates gäbe und die installiert. Aber erst vor kurzem gab es die Meldung, dass ich das Servicepack 1 installieren soll und da wurde ich stutzig. Hab beim googlen festgestellt, dass es mittlerweile schon 3 gibt und nun wohl gar keine mehr für Vista, wenn ich das richtig verstanden habe.

Hab jetzt erstmal den Trojaner in Angriff genommen, weil ich nicht weiß, ob ein Update bei Infizierung gut ist.

Soll ich das Service Pack jetzt installieren oder erst noch abwarten?

Antwort

Themen zu Artemis Trojaner Beseitigung
32 bit, antivirus, avira, beseitigung, bho, checkliste, curse, dateisystem, downloader, error, festplatte, firefox, flash player, format, ftp, heuristiks/extra, heuristiks/shuriken, hijack, hijackthis, install.exe, lenovo, logfile, microsoft office 2003, microsoft office word, object, office 2007, plug-in, realtek, registry, rundll, searchscopes, security, server, software, sparbuch, spyware.onlinegames, trojaner, vista, wiso



Ähnliche Themen: Artemis Trojaner Beseitigung


  1. Windows 7: Trojaner artemis!E* wird bei fast jedem Scan auf meinem PC gefunden
    Log-Analyse und Auswertung - 20.04.2015 (20)
  2. Trojaner Artemis!29760C4C151F eingefangen
    Plagegeister aller Art und deren Bekämpfung - 25.08.2014 (15)
  3. Trojaner Artemis in C:\Windows\System32\microsoft.com
    Log-Analyse und Auswertung - 08.08.2014 (41)
  4. McAfee meldet Trojaner Artemis!88866BFA9466, entfernt ihn aber nicht
    Log-Analyse und Auswertung - 13.04.2014 (43)
  5. Email von Michael Friedrich<sonnengitta@web.de> enthält Anhang Rechnung-April.exe mit Trojaner Artemis!
    Plagegeister aller Art und deren Bekämpfung - 06.04.2014 (5)
  6. Email von Michael Friedrich<sonnengitta@web.de> enthält Anhang Rechnung-April.exe mit Trojaner Artemis!
    Plagegeister aller Art und deren Bekämpfung - 04.04.2014 (1)
  7. Artemis-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (3)
  8. Mcafee findt mehrere Artemis Trojaner was tun???
    Plagegeister aller Art und deren Bekämpfung - 07.06.2013 (15)
  9. Trojaner Artemis!817BCA3E74AF
    Log-Analyse und Auswertung - 30.03.2013 (10)
  10. Trojaner: Artemis!697E81D4CFBD
    Log-Analyse und Auswertung - 05.02.2013 (1)
  11. Beseitigung GVU-Trojaner 2.07
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (4)
  12. Trojaner beseitigung
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (1)
  13. artemis 6.xxxxxxxxx dringend trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.04.2012 (7)
  14. Mcafee findet Artemis!4B3812C4890C ( Trojaner ) in einer E-mail Anlage
    Plagegeister aller Art und deren Bekämpfung - 29.10.2011 (6)
  15. McAfee meldet Trojaner-Befall Artemis!317AB1B0B53C
    Log-Analyse und Auswertung - 26.10.2010 (8)
  16. trojaner beseitigung
    Log-Analyse und Auswertung - 08.09.2010 (19)
  17. Trojaner namens Generic/Artemis
    Log-Analyse und Auswertung - 26.02.2009 (17)

Zum Thema Artemis Trojaner Beseitigung - Hallo, ich versuche mich an die Checkliste zu halten, um Eure Geduld nicht unnötig zu strapazieren. Aber ich habe keine Ahnung von Trojanern & Co. und brauche daher Hilfe. Ich - Artemis Trojaner Beseitigung...
Archiv
Du betrachtest: Artemis Trojaner Beseitigung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.