| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows-Verschlüsselungs-Trojaner auf Win7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
12.06.2012, 14:31
| #1 |
 |  Windows-Verschlüsselungs-Trojaner auf Win7 Hallo, auch wir haben uns den Trojaner eingefangen. System: Windows 7, 32bit-Version Hier die Daten des Scans: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.12.03 Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Ari :: ARI-MSI [Administrator] Schutz: Deaktiviert 12.06.2012 14:46:40 mbam-log-2012-06-12 (14-46-40).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 366120 Laufzeit: 33 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|1470A94A (Trojan.Agent.SZ) -> Daten: C:\Users\Ari\AppData\Roaming\Xell\6BB6EB991470A94AFBEA.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Ari\AppData\Roaming\Xell\6BB6EB991470A94AFBEA.exe (Trojan.Agent.SZ) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Gruß Dennis Nach dem verschieben der Funde in Quarantäne kann ich zumindest wieder im normalen Windows-Modus arbeiten, ohne dass das Fenster zum bezahlen kommt. OTL.txt Code:
ATTFilter OTL logfile created on: 6/13/2012 2:19:37 PM - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Ari\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.17 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 66.40% Memory free 6.34 Gb Paging File | 5.01 Gb Available in Paging File | 79.10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 273.39 Gb Total Space | 229.00 Gb Free Space | 83.76% Space Free | Partition Type: NTFS Drive D: | 182.27 Gb Total Space | 168.82 Gb Free Space | 92.62% Space Free | Partition Type: NTFS Computer Name: ARI-MSI | User Name: Ari | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/13 14:11:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ari\Desktop\OTL.exe PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/04/24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/04/18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/03/31 04:38:14 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2012/03/31 04:38:12 | 000,954,256 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\KiesHelper.exe PRC - [2012/03/28 22:12:02 | 000,694,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe PRC - [2012/03/28 22:11:58 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/07/04 14:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/12/17 02:00:40 | 002,396,160 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe PRC - [2009/12/09 19:15:21 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009/12/09 19:14:52 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009/10/13 21:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/07/10 01:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe ========== Modules (No Company Name) ========== MOD - [2012/05/12 09:21:21 | 002,295,296 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c366ebd7f33816762268154efc68176d\System.Core.ni.dll MOD - [2012/05/09 19:00:53 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll MOD - [2012/05/09 19:00:52 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c06efd2e3e05e4e3231904d543240c20\System.ServiceProcess.ni.dll MOD - [2012/05/09 19:00:36 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\fe88a64f62eb6afc6dfc945fc335b92b\System.Web.ni.dll MOD - [2012/05/09 19:00:23 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012/05/09 19:00:20 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\558fa6c6131f14af258f94291a5d19d6\System.EnterpriseServices.ni.dll MOD - [2012/05/09 19:00:17 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\61fbbd8bc7d76972115b292b132ff2d1\System.Transactions.ni.dll MOD - [2012/05/09 19:00:14 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll MOD - [2012/05/09 18:59:38 | 014,325,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\64e140108933b8090472da1a76b78c20\PresentationFramework.ni.dll MOD - [2012/05/09 18:59:22 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9e953ea4e76b62ab1c4a1874abae2961\System.Windows.Forms.ni.dll MOD - [2012/05/09 18:59:15 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bbf2cf8dd0409f1ccc989406e2942dac\System.Drawing.ni.dll MOD - [2012/05/09 18:59:11 | 012,218,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b6370d1903505abc171c968e357fe1bf\PresentationCore.ni.dll MOD - [2012/05/09 18:59:01 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012/05/09 18:58:55 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012/05/09 18:58:51 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012/05/09 18:58:49 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012/05/09 18:58:38 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012/03/30 03:23:38 | 000,079,872 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FileService.dll MOD - [2012/03/30 03:21:48 | 014,144,512 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll MOD - [2012/03/30 03:21:18 | 000,486,912 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll MOD - [2012/03/30 03:21:12 | 000,034,304 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll MOD - [2012/03/29 18:44:34 | 000,022,528 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll MOD - [2012/03/28 22:13:12 | 000,037,376 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\ASF_cSharpAPI.dll MOD - [2012/03/28 22:12:04 | 000,839,680 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\System.Data.SQLite.dll MOD - [2012/03/28 22:12:00 | 000,712,704 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\DeviceModules\SHOWDRM_UCC.dll MOD - [2012/03/28 22:11:58 | 000,237,568 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\DeviceModules\drmcm.dll MOD - [2012/03/28 22:11:28 | 000,720,896 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\LDBCShConv.dll MOD - [2010/01/29 23:30:10 | 000,249,856 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010/01/29 23:30:00 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll MOD - [2010/01/29 23:29:59 | 000,167,936 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2010/01/29 23:29:56 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/01/29 23:29:55 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/01/29 23:29:53 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2010/01/29 23:20:28 | 000,372,736 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3630.42316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010/01/29 23:20:28 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3630.42335__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010/01/29 23:20:28 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3630.42330__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 001,708,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3630.42432__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,827,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3630.42360__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3630.42404__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3630.42380__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,356,352 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3630.42371__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3630.42335__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3630.42403__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,102,400 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3630.42413__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3630.42372__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3630.42364__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3630.42385__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3630.42324__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3630.42404__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3630.42371__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3630.42367__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3630.42427__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3630.42403__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3630.42358__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3630.42325__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,019,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3630.42413__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,013,312 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3630.42432__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 001,142,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3630.42428__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3630.42336__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,372,736 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3630.42354__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,323,584 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3630.42366__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3630.42340__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010/01/29 23:20:26 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,151,552 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010/01/29 23:20:26 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3630.42358__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3630.42364__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3630.42340__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3630.42365__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3622.19962__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3622.19963__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3622.19993__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010/01/29 23:20:26 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3622.19964__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3622.19965__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3622.19974__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3622.19966__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3622.19978__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3622.19975__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3622.19967__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3622.19974__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010/01/29 23:20:26 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010/01/29 23:20:25 | 001,220,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3630.42320__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010/01/29 23:20:25 | 000,741,376 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3630.42427__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,565,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3630.42393__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010/01/29 23:20:25 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3630.42329__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010/01/29 23:20:25 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3630.42398__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3630.42397__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3630.42314__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3630.42312__90ba9c70f846762e\APM.Server.dll MOD - [2010/01/29 23:20:25 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3630.42315__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010/01/29 23:20:25 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3622.19977__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3622.19970__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3630.42313__90ba9c70f846762e\AEM.Server.dll MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3630.42409__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3622.19967__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010/01/29 23:20:25 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3622.19972__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3622.19974__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3622.19977__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3622.19964__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3622.19967__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3622.19968__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3622.19967__90ba9c70f846762e\APM.Foundation.dll MOD - [2010/01/29 23:20:25 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3630.42398__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010/01/29 23:20:25 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3630.42313__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2009/08/31 23:56:04 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009/06/10 23:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009/06/10 23:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2006/09/14 09:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR 3.61 Multi\rarext.dll ========== Win32 Services (SafeList) ========== SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/07/04 14:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Start_Pending] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/12/09 19:14:52 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/07/10 01:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- -- (aswTdi) DRV - File not found [File_System | Auto | Stopped] -- aswFsBlk.sys -- (aswFsBlk) DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/03/11 19:25:26 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011/07/04 14:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011/07/04 14:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/07/04 14:32:32 | 000,025,432 | ---- | M] () [Kernel | System | Stopped] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/07/04 14:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011/06/02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011/06/02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011/06/02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/12/09 21:39:45 | 005,147,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2009/12/09 18:22:19 | 000,121,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009/12/09 17:02:47 | 006,229,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd) DRV - [2009/12/05 03:50:02 | 000,082,128 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR) DRV - [2009/10/30 00:55:30 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2009/10/26 06:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2009/10/05 03:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/09/25 04:13:12 | 000,159,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009/09/17 06:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2009/07/14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2009/05/27 00:32:02 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{9606359B-FBEA-4B26-98FB-5C31BB188E00}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKCU\..\SearchScopes\{C2880F9E-025D-45DB-9D95-45DA92779E06}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=57b62a2b-5ac0-4585-8fe3-c66f2f30b9fa&apn_sauid=E8923FAA-3A1C-4E85-83F0-C26B603B87CF IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/17 20:27:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/23 19:31:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/17 20:27:21 | 000,000,000 | ---D | M] [2010/07/02 18:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ari\AppData\Roaming\mozilla\Extensions [2012/06/12 14:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions [2012/05/26 21:06:28 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com [2010/06/08 11:29:10 | 000,000,927 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\efouTAgfxqjyLerasJgvL [2012/05/26 21:06:28 | 000,002,344 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\ounpaeyLUssXDus [2010/08/23 19:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/11/15 19:09:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/11/15 15:00:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/05/22 19:56:44 | 000,003,659 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2011/11/15 14:51:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/15 15:00:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/11/15 15:00:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/11/15 15:00:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/11/15 15:00:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D5FA4A3-4169-43CD-B417-D638ADEBE03F}: DhcpNameServer = 192.168.43.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CB108C4-C3A3-4681-A8BC-B4F03C71BD96}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell - "" = AutoRun O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/13 14:11:16 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ari\Desktop\OTL.exe [2012/06/12 15:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012/06/12 15:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/06/12 15:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012/06/12 15:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/06/12 14:43:51 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Malwarebytes [2012/06/12 14:43:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/03 16:31:12 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Xell [2012/05/26 21:11:52 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Avira [2012/05/26 21:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/05/26 21:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012/05/26 21:04:50 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys [2012/05/26 21:04:50 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys [2012/05/26 21:04:50 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys [2012/05/26 21:04:50 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2012/05/26 21:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/05/26 21:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012/05/21 18:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2012/05/20 13:52:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/05/20 13:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012/05/20 13:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/05/17 20:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG [2012/05/17 20:36:24 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Local\HP [2012/05/17 20:33:26 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\HP [2012/05/17 20:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant [2012/05/17 20:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP [2012/05/17 20:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012/05/17 20:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard [2012/05/17 20:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012/05/17 20:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/13 14:17:54 | 000,000,156 | ---- | M] () -- C:\Users\Ari\defogger_reenable [2012/06/13 14:13:24 | 000,022,672 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/13 14:13:24 | 000,022,672 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/13 14:11:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ari\Desktop\OTL.exe [2012/06/13 14:10:33 | 000,050,477 | ---- | M] () -- C:\Users\Ari\Desktop\Defogger.exe [2012/06/13 14:01:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/06/13 14:01:19 | 2552,381,440 | -HS- | M] () -- C:\hiberfil.sys [2012/06/12 14:06:45 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk [2012/05/26 21:06:36 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/05/25 13:47:34 | 000,014,033 | ---- | M] () -- C:\Users\Ari\Desktop\LUaVplOssqxGQasfX [2012/05/18 16:17:53 | 000,378,168 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/05/17 20:33:13 | 000,181,697 | ---- | M] () -- C:\windows\hpoins28.dat [2012/05/17 20:27:08 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk [2012/05/17 20:26:45 | 000,001,319 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2012/05/17 20:26:28 | 000,002,079 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012/05/14 16:56:27 | 000,694,430 | ---- | M] () -- C:\windows\System32\perfh00C.dat [2012/05/14 16:56:27 | 000,693,454 | ---- | M] () -- C:\windows\System32\perfh00A.dat [2012/05/14 16:56:27 | 000,689,108 | ---- | M] () -- C:\windows\System32\perfh010.dat [2012/05/14 16:56:27 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/05/14 16:56:27 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/05/14 16:56:27 | 000,137,062 | ---- | M] () -- C:\windows\System32\perfc00A.dat [2012/05/14 16:56:27 | 000,130,140 | ---- | M] () -- C:\windows\System32\perfc00C.dat [2012/05/14 16:56:27 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/05/14 16:56:27 | 000,127,144 | ---- | M] () -- C:\windows\System32\perfc010.dat [2012/05/14 16:56:27 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/13 14:17:53 | 000,000,156 | ---- | C] () -- C:\Users\Ari\defogger_reenable [2012/06/13 14:10:32 | 000,050,477 | ---- | C] () -- C:\Users\Ari\Desktop\Defogger.exe [2012/05/26 21:06:36 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/05/17 20:27:54 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk [2012/05/17 20:27:08 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk [2012/05/17 20:26:45 | 000,001,319 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk [2012/05/17 20:26:28 | 000,002,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012/05/17 20:23:52 | 000,181,697 | ---- | C] () -- C:\windows\hpoins28.dat [2012/05/17 20:23:52 | 000,000,442 | ---- | C] () -- C:\windows\hpomdl28.dat [2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll [2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll [2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll [2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll [2012/03/11 19:56:26 | 000,025,432 | ---- | C] () -- C:\windows\System32\drivers\aswRdr.sys ========== LOP Check ========== [2012/06/07 19:52:42 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\DAEMON Tools Lite [2012/05/01 16:57:52 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Samsung [2010/07/18 16:14:35 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Scan2PDF [2012/06/12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Xell [2012/05/21 18:37:25 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Und hier Gmer.txt: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-14 16:24:59
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000
Running: q0ncg1sr.exe; Driver: C:\Users\Ari\AppData\Local\Temp\fxldrpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x94995D8C]
SSDT 94EC864E ZwCreateSection
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x94995E3C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x94995ED4]
SSDT 94EC8658 ZwRequestWaitReplyPort
SSDT 94EC8653 ZwSetContextThread
SSDT 94EC865D ZwSetSecurityObject
SSDT 94EC8662 ZwSystemDebugControl
SSDT 94EC85EF ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 8345D599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83482092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 8348988C 4 Bytes [8C, 5D, 99, 94] {MOV WORD [EBP-0x67], DS; XCHG ESP, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 340 83489990 4 Bytes [4E, 86, EC, 94] {DEC ESI; XCHG AH, CH; XCHG ESP, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 3FC 83489A4C 4 Bytes [3C, 5E, 99, 94] {CMP AL, 0x5e; CDQ ; XCHG ESP, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 54C 83489B9C 4 Bytes [D4, 5E, 99, 94] {AAM 0x5e; CDQ ; XCHG ESP, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 69C 83489CEC 4 Bytes [58, 86, EC, 94] {POP EAX; XCHG AH, CH; XCHG ESP, EAX}
.text ...
.text C:\windows\system32\DRIVERS\atipmdag.sys section is writeable [0x95440000, 0x2CBE50, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002003FC
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00200804
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002001F8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00200600
.text C:\windows\system32\csrss.exe[480] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\wininit.exe[548] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000303FC
.text C:\windows\system32\wininit.exe[548] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000301F8
.text C:\windows\system32\wininit.exe[548] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\wininit.exe[548] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00050A08
.text C:\windows\system32\wininit.exe[548] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000503FC
.text C:\windows\system32\wininit.exe[548] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00050804
.text C:\windows\system32\wininit.exe[548] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000501F8
.text C:\windows\system32\wininit.exe[548] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00050600
.text C:\windows\system32\csrss.exe[560] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\services.exe[600] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\services.exe[600] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\services.exe[600] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\services.exe[600] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00130A08
.text C:\windows\system32\services.exe[600] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001303FC
.text C:\windows\system32\services.exe[600] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00130804
.text C:\windows\system32\services.exe[600] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001301F8
.text C:\windows\system32\services.exe[600] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00130600
.text C:\windows\system32\svchost.exe[612] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[612] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[612] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[612] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00420A08
.text C:\windows\system32\svchost.exe[612] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 004203FC
.text C:\windows\system32\svchost.exe[612] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00420804
.text C:\windows\system32\svchost.exe[612] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 004201F8
.text C:\windows\system32\svchost.exe[612] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00420600
.text C:\windows\system32\lsass.exe[628] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\lsass.exe[628] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\lsass.exe[628] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\lsm.exe[636] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\lsm.exe[636] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\lsm.exe[636] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\winlogon.exe[696] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000303FC
.text C:\windows\system32\winlogon.exe[696] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000301F8
.text C:\windows\system32\winlogon.exe[696] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\winlogon.exe[696] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000C0A08
.text C:\windows\system32\winlogon.exe[696] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000C03FC
.text C:\windows\system32\winlogon.exe[696] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000C0804
.text C:\windows\system32\winlogon.exe[696] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000C01F8
.text C:\windows\system32\winlogon.exe[696] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000C0600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002003FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00200804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002001F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00200600
.text C:\windows\system32\svchost.exe[788] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[788] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[788] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[788] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001C0A08
.text C:\windows\system32\svchost.exe[788] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001C03FC
.text C:\windows\system32\svchost.exe[788] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001C0804
.text C:\windows\system32\svchost.exe[788] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001C01F8
.text C:\windows\system32\svchost.exe[788] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001C0600
.text C:\windows\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[852] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[900] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000A03FC
.text C:\windows\system32\svchost.exe[900] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000A01F8
.text C:\windows\system32\svchost.exe[900] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[900] user32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00330A08
.text C:\windows\system32\svchost.exe[900] user32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 003303FC
.text C:\windows\system32\svchost.exe[900] user32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00330804
.text C:\windows\system32\svchost.exe[900] user32.dll!SetWinEventHook 7740507E 5 Bytes JMP 003301F8
.text C:\windows\system32\svchost.exe[900] user32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00330600
.text C:\windows\system32\atiesrxx.exe[948] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\windows\system32\atiesrxx.exe[948] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\windows\system32\atiesrxx.exe[948] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\atiesrxx.exe[948] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08
.text C:\windows\system32\atiesrxx.exe[948] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC
.text C:\windows\system32\atiesrxx.exe[948] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804
.text C:\windows\system32\atiesrxx.exe[948] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8
.text C:\windows\system32\atiesrxx.exe[948] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600
.text C:\windows\System32\svchost.exe[1024] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[1024] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[1024] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\System32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000A03FC
.text C:\windows\System32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000A01F8
.text C:\windows\System32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\System32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00510A08
.text C:\windows\System32\svchost.exe[1036] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 005103FC
.text C:\windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00510804
.text C:\windows\System32\svchost.exe[1036] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 005101F8
.text C:\windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00510600
.text C:\windows\System32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[1072] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[1072] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\System32\svchost.exe[1072] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 003B0A08
.text C:\windows\System32\svchost.exe[1072] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 003B03FC
.text C:\windows\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 003B0804
.text C:\windows\System32\svchost.exe[1072] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 003B01F8
.text C:\windows\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 003B0600
.text C:\windows\system32\svchost.exe[1104] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1104] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1104] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[1104] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00A30A08
.text C:\windows\system32\svchost.exe[1104] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 00A303FC
.text C:\windows\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00A30804
.text C:\windows\system32\svchost.exe[1104] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 00A301F8
.text C:\windows\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00A30600
.text C:\Program Files\System Control Manager\MSIService.exe[1168] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\System Control Manager\MSIService.exe[1168] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\System Control Manager\MSIService.exe[1168] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00200A08
.text C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002003FC
.text C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00200804
.text C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002001F8
.text C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00200600
.text C:\windows\system32\svchost.exe[1224] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1224] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1224] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[1224] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00550A08
.text C:\windows\system32\svchost.exe[1224] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 005503FC
.text C:\windows\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00550804
.text C:\windows\system32\svchost.exe[1224] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 005501F8
.text C:\windows\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00550600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600
.text C:\windows\system32\atieclxx.exe[1308] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\windows\system32\atieclxx.exe[1308] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\windows\system32\atieclxx.exe[1308] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\atieclxx.exe[1308] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 002F0A08
.text C:\windows\system32\atieclxx.exe[1308] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002F03FC
.text C:\windows\system32\atieclxx.exe[1308] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 002F0804
.text C:\windows\system32\atieclxx.exe[1308] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002F01F8
.text C:\windows\system32\atieclxx.exe[1308] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 002F0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00210A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002103FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00210804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002101F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00210600
.text C:\windows\system32\svchost.exe[1408] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1408] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1408] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\System32\spoolsv.exe[1484] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\System32\spoolsv.exe[1484] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\System32\spoolsv.exe[1484] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\System32\spoolsv.exe[1484] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00140A08
.text C:\windows\System32\spoolsv.exe[1484] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001403FC
.text C:\windows\System32\spoolsv.exe[1484] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00140804
.text C:\windows\System32\spoolsv.exe[1484] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001401F8
.text C:\windows\System32\spoolsv.exe[1484] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00140600
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00090A08
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000903FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00090804
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000901F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00090600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1544] kernel32.dll!SetUnhandledExceptionFilter 76CD30E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1544] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600
.text C:\windows\system32\taskhost.exe[1596] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000503FC
.text C:\windows\system32\taskhost.exe[1596] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000501F8
.text C:\windows\system32\taskhost.exe[1596] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\taskhost.exe[1596] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000E0A08
.text C:\windows\system32\taskhost.exe[1596] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000E03FC
.text C:\windows\system32\taskhost.exe[1596] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000E0804
.text C:\windows\system32\taskhost.exe[1596] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000E01F8
.text C:\windows\system32\taskhost.exe[1596] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000E0600
.text C:\windows\System32\svchost.exe[1816] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[1816] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[1816] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[1900] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1900] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1900] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[1900] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00240A08
.text C:\windows\system32\svchost.exe[1900] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002403FC
.text C:\windows\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00240804
.text C:\windows\system32\svchost.exe[1900] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002401F8
.text C:\windows\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00240600
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000F03FC
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000F0804
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000F01F8
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000F0600
.text C:\windows\system32\Dwm.exe[2028] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\Dwm.exe[2028] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\Dwm.exe[2028] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\Dwm.exe[2028] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000F0A08
.text C:\windows\system32\Dwm.exe[2028] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000F03FC
.text C:\windows\system32\Dwm.exe[2028] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000F0804
.text C:\windows\system32\Dwm.exe[2028] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000F01F8
.text C:\windows\system32\Dwm.exe[2028] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000F0600
.text C:\windows\Explorer.EXE[2036] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\Explorer.EXE[2036] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\Explorer.EXE[2036] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\Explorer.EXE[2036] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00150A08
.text C:\windows\Explorer.EXE[2036] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001503FC
.text C:\windows\Explorer.EXE[2036] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00150804
.text C:\windows\Explorer.EXE[2036] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001501F8
.text C:\windows\Explorer.EXE[2036] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00150600
.text C:\Program Files\Samsung\Kies\KiesHelper.exe[2080] KERNEL32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2252] ntdll.dll!DbgUiRemoteBreakin 7755D5CB 1 Byte [C3]
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2252] KERNEL32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000503FC
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000501F8
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00080A08
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000803FC
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00080804
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000801F8
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00080600
.text C:\windows\system32\conhost.exe[2472] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000303FC
.text C:\windows\system32\conhost.exe[2472] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000301F8
.text C:\windows\system32\conhost.exe[2472] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\conhost.exe[2472] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00100A08
.text C:\windows\system32\conhost.exe[2472] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001003FC
.text C:\windows\system32\conhost.exe[2472] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00100804
.text C:\windows\system32\conhost.exe[2472] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001001F8
.text C:\windows\system32\conhost.exe[2472] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00100600
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000F03FC
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000F0804
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000F01F8
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000F0600
.text C:\windows\system32\svchost.exe[2824] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[2824] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[2824] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[2824] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00190A08
.text C:\windows\system32\svchost.exe[2824] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001903FC
.text C:\windows\system32\svchost.exe[2824] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00190804
.text C:\windows\system32\svchost.exe[2824] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001901F8
.text C:\windows\system32\svchost.exe[2824] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00190600
.text C:\Windows\System32\hkcmd.exe[2936] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Windows\System32\hkcmd.exe[2936] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Windows\System32\hkcmd.exe[2936] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[2936] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00210A08
.text C:\Windows\System32\hkcmd.exe[2936] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002103FC
.text C:\Windows\System32\hkcmd.exe[2936] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00210804
.text C:\Windows\System32\hkcmd.exe[2936] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002101F8
.text C:\Windows\System32\hkcmd.exe[2936] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00210600
.text C:\Windows\System32\igfxpers.exe[2964] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxpers.exe[2964] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxpers.exe[2964] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[2964] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00200A08
.text C:\Windows\System32\igfxpers.exe[2964] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002003FC
.text C:\Windows\System32\igfxpers.exe[2964] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00200804
.text C:\Windows\System32\igfxpers.exe[2964] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002001F8
.text C:\Windows\System32\igfxpers.exe[2964] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00200600
.text C:\windows\system32\igfxsrvc.exe[2972] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\windows\system32\igfxsrvc.exe[2972] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\windows\system32\igfxsrvc.exe[2972] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 002F0A08
.text C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002F03FC
.text C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 002F0804
.text C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002F01F8
.text C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 002F0600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3056] KERNEL32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\AUDIODG.EXE[3120] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002003FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00200804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002001F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00200600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00300A08
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 003003FC
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00300804
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 003001F8
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00300600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00540A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 005403FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00540804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 005401F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00540600
.text C:\windows\system32\wbem\unsecapp.exe[3476] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\wbem\unsecapp.exe[3476] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\wbem\unsecapp.exe[3476] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000F0A08
.text C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000F03FC
.text C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000F0804
.text C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000F01F8
.text C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000F0600
.text C:\Windows\WindowsMobile\wmdc.exe[3520] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\Windows\WindowsMobile\wmdc.exe[3520] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\Windows\WindowsMobile\wmdc.exe[3520] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00140A08
.text C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001403FC
.text C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00140804
.text C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001401F8
.text C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00140600
.text C:\windows\system32\wbem\wmiprvse.exe[3532] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\wbem\wmiprvse.exe[3532] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\wbem\wmiprvse.exe[3532] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00140A08
.text C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001403FC
.text C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00140804
.text C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001401F8
.text C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00140600
.text C:\windows\system32\SearchIndexer.exe[3572] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000D03FC
.text C:\windows\system32\SearchIndexer.exe[3572] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000D01F8
.text C:\windows\system32\SearchIndexer.exe[3572] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00170A08
.text C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001703FC
.text C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00170804
.text C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001701F8
.text C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00170600
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3700] KERNEL32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\svchost.exe[3712] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[3712] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[3712] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 002F0A08
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002F03FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 002F0804
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002F01F8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 002F0600
.text C:\Program Files\Ask.com\Updater\Updater.exe[3824] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000703FC
.text C:\Program Files\Ask.com\Updater\Updater.exe[3824] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000701F8
.text C:\Program Files\Ask.com\Updater\Updater.exe[3824] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001003FC
.text C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00100804
.text C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001001F8
.text C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00100600
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 000F03FC
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 000F0804
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 000F01F8
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 000F0600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00110A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001103FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00110804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001101F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00110600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00210600
.text C:\windows\system32\wuauclt.exe[4188] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000703FC
.text C:\windows\system32\wuauclt.exe[4188] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000701F8
.text C:\windows\system32\wuauclt.exe[4188] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\wuauclt.exe[4188] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00110A08
.text C:\windows\system32\wuauclt.exe[4188] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001103FC
.text C:\windows\system32\wuauclt.exe[4188] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00110804
.text C:\windows\system32\wuauclt.exe[4188] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001101F8
.text C:\windows\system32\wuauclt.exe[4188] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00110600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00180A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00180804
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00180600
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] kernel32.dll!SetUnhandledExceptionFilter 76CD30E2 5 Bytes JMP 00468140 C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe (DeviceManager.exe/Mobileleader Co., Ltd.)
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001F03FC
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 001F0804
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002003FC
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00200804
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002001F8
.text C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00200600
.text C:\windows\system32\taskeng.exe[4536] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\windows\system32\taskeng.exe[4536] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\windows\system32\taskeng.exe[4536] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\windows\system32\taskeng.exe[4536] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00130A08
.text C:\windows\system32\taskeng.exe[4536] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 001303FC
.text C:\windows\system32\taskeng.exe[4536] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00130804
.text C:\windows\system32\taskeng.exe[4536] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 001301F8
.text C:\windows\system32\taskeng.exe[4536] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00130600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00AB0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 00AB03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00AB0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 00AB01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00AB0600
.text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00210A08
.text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 002103FC
.text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00210804
.text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 002101F8
.text C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00210600
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] ntdll.dll!LdrUnloadDll 7751BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] ntdll.dll!LdrLoadDll 7751F425 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] kernel32.dll!GetBinaryTypeW + 70 76CE78FC 1 Byte [62]
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!UnhookWindowsHookEx 773FCC7B 5 Bytes JMP 00340A08
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!UnhookWinEvent 773FD924 5 Bytes JMP 003403FC
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!SetWindowsHookExW 7740210A 5 Bytes JMP 00340804
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!SetWinEventHook 7740507E 5 Bytes JMP 003401F8
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!SetWindowsHookExA 77426DFA 5 Bytes JMP 00340600
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:1660] BCE32F2E
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002421d25b11
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002421d25b11 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
|
|
15.06.2012, 17:53
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows-Verschlüsselungs-Trojaner auf Win7 Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
__________________Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
|
15.06.2012, 20:12
| #3 |
| | Windows-Verschlüsselungs-Trojaner auf Win7 Hallo.
__________________Nein, vorher kein Scan. Habe das Programm erst neu installiert. |
|
15.06.2012, 20:40
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschlüsselungs-Trojaner auf Win7 Führ bitte auch ESET aus, danach sehen wir weiter. Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
 + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Code:
ATTFilter "%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.06.2012, 18:58
| #5 |
| | Windows-Verschlüsselungs-Trojaner auf Win7 log.txt Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0192eff3705fc04493db60c5e141e7e4
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-18 11:55:03
# local_time=2012-06-18 01:55:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 1958262 1958262 0 0
# compatibility_mode=5893 16776574 100 94 2070724 91648542 0 0
# compatibility_mode=8192 67108863 100 0 223 223 0 0
# scanned=35937
# found=0
# cleaned=0
# scan_time=3152
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0192eff3705fc04493db60c5e141e7e4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-19 05:50:02
# local_time=2012-06-19 07:50:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 2061506 2061506 0 0
# compatibility_mode=5893 16776574 100 94 2173968 91751786 0 0
# compatibility_mode=8192 67108863 100 0 103467 103467 0 0
# scanned=191021
# found=1
# cleaned=0
# scan_time=7628
C:\Users\Ari\Downloads\sqvepgXUGdxrusyfLgX a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
|
|
19.06.2012, 23:18
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschlüsselungs-Trojaner auf Win7 Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Windows-Verschlüsselungs-Trojaner auf Win7 |
|
20.06.2012, 11:35
| #7 |
| | Windows-Verschlüsselungs-Trojaner auf Win7 Hier jetzt die OTL.txt Code:
ATTFilter OTL logfile created on: 6/20/2012 12:22:01 PM - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = D:\ Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.17 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 55.29% Memory free 6.34 Gb Paging File | 4.74 Gb Available in Paging File | 74.86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 273.39 Gb Total Space | 225.85 Gb Free Space | 82.61% Space Free | Partition Type: NTFS Drive D: | 182.27 Gb Total Space | 164.13 Gb Free Space | 90.05% Space Free | Partition Type: NTFS Computer Name: ARI-MSI | User Name: Ari | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/13 14:11:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2012/05/17 16:59:22 | 001,927,736 | ---- | M] (Micro-Star International) -- C:\Program Files\msi\Live Update 5\LU5.exe PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/04/24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/04/18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/31 04:38:26 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012/03/31 04:38:14 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2012/03/31 04:38:12 | 000,954,256 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\KiesHelper.exe PRC - [2012/03/28 22:12:02 | 000,694,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe PRC - [2012/03/28 22:11:58 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe PRC - [2011/07/04 14:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/12/17 02:00:40 | 002,396,160 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe PRC - [2009/12/09 19:15:21 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009/12/09 19:14:52 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009/10/13 21:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/07/10 01:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe ========== Modules (No Company Name) ========== MOD - [2012/06/19 20:57:30 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll MOD - [2012/06/19 20:57:24 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\299d0b38053fd7cbd84bac2178c3703b\PresentationFramework.Aero.ni.dll MOD - [2012/06/19 20:57:19 | 014,339,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bfaf8f86e69928fb2f67987c0203f603\PresentationFramework.ni.dll MOD - [2012/06/19 20:57:05 | 012,234,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ad23de8284d4594aa658dfb5e667d97\PresentationCore.ni.dll MOD - [2012/06/19 20:56:55 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll MOD - [2012/06/19 20:56:16 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\20008c75bb41e2febf84d4d4aea5b4e8\System.ServiceProcess.ni.dll MOD - [2012/06/19 20:56:12 | 012,432,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll MOD - [2012/06/19 20:55:56 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll MOD - [2012/06/19 20:55:54 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\887ef2648686aad19feff405eddbffd2\System.EnterpriseServices.ni.dll MOD - [2012/06/19 20:55:54 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad18f93fc713db2c4b29b25116c13bd8\System.Transactions.ni.dll MOD - [2012/06/19 20:55:53 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\1e85062785e286cd9eae9c26d2c61f73\System.Data.ni.dll MOD - [2012/06/19 20:55:49 | 011,819,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll MOD - [2012/06/19 20:55:42 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll MOD - [2012/06/19 20:55:30 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll MOD - [2012/06/19 20:55:26 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll MOD - [2012/06/19 20:55:25 | 007,963,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll MOD - [2012/06/19 20:54:39 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll MOD - [2012/06/14 16:39:35 | 013,198,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll MOD - [2012/06/14 16:36:44 | 018,019,840 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012/06/14 16:36:31 | 011,522,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012/06/14 16:36:21 | 003,881,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012/06/14 16:36:16 | 001,666,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll MOD - [2012/06/02 18:21:35 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012/06/02 18:20:04 | 000,762,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll MOD - [2012/05/20 13:39:51 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012/05/09 17:10:09 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012/05/09 17:07:13 | 007,069,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012/05/09 17:07:10 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012/05/09 17:07:03 | 009,092,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012/05/09 17:06:57 | 014,414,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012/05/01 16:58:02 | 000,115,137 | ---- | M] () -- C:\Users\Ari\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll MOD - [2012/03/31 04:38:26 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012/03/30 03:23:38 | 000,079,872 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FileService.dll MOD - [2012/03/30 03:21:48 | 014,144,512 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll MOD - [2012/03/30 03:21:18 | 000,486,912 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll MOD - [2012/03/30 03:21:12 | 000,034,304 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll MOD - [2012/03/29 18:44:34 | 000,022,528 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll MOD - [2012/03/28 22:13:12 | 000,037,376 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\ASF_cSharpAPI.dll MOD - [2012/03/28 22:12:04 | 000,839,680 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\System.Data.SQLite.dll MOD - [2012/03/28 22:12:00 | 000,712,704 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\DeviceModules\SHOWDRM_UCC.dll MOD - [2012/03/28 22:11:58 | 000,237,568 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\DeviceModules\drmcm.dll MOD - [2012/03/28 22:11:28 | 000,720,896 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\LDBCShConv.dll MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/01/29 23:30:10 | 000,249,856 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010/01/29 23:30:00 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll MOD - [2010/01/29 23:29:59 | 000,167,936 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2010/01/29 23:29:56 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/01/29 23:29:55 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/01/29 23:29:53 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2010/01/29 23:20:28 | 000,372,736 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3630.42316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010/01/29 23:20:28 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3630.42335__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010/01/29 23:20:28 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3630.42330__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 001,708,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3630.42432__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,827,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3630.42360__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3630.42404__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3630.42380__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,356,352 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3630.42371__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3630.42335__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3630.42403__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,102,400 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3630.42413__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3630.42372__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010/01/29 23:20:27 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3630.42364__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3630.42385__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3630.42324__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3630.42404__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3630.42371__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3630.42367__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3630.42427__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:27 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3630.42403__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3630.42358__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3630.42325__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,019,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3630.42413__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll MOD - [2010/01/29 23:20:27 | 000,013,312 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3630.42432__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 001,142,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3630.42428__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3630.42336__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,372,736 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3630.42354__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,323,584 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3630.42366__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3630.42340__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010/01/29 23:20:26 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/01/29 23:20:26 | 000,151,552 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010/01/29 23:20:26 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3630.42358__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3630.42364__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3630.42340__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3630.42365__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010/01/29 23:20:26 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3622.19962__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3622.19963__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3622.19993__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010/01/29 23:20:26 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3622.19964__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3622.19965__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3622.19974__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3622.19966__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3622.19978__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3622.19975__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3622.19967__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3622.19974__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010/01/29 23:20:26 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010/01/29 23:20:25 | 001,220,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3630.42320__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010/01/29 23:20:25 | 000,741,376 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3630.42427__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,565,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3630.42393__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010/01/29 23:20:25 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3630.42329__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010/01/29 23:20:25 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3630.42398__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3630.42397__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3630.42314__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3630.42312__90ba9c70f846762e\APM.Server.dll MOD - [2010/01/29 23:20:25 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3630.42315__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010/01/29 23:20:25 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3622.19977__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3622.19970__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3630.42313__90ba9c70f846762e\AEM.Server.dll MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3630.42409__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3622.19967__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010/01/29 23:20:25 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3622.19972__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3622.19974__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3622.19977__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3622.19964__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3622.19967__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3622.19968__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3622.19967__90ba9c70f846762e\APM.Foundation.dll MOD - [2010/01/29 23:20:25 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3630.42398__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010/01/29 23:20:25 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010/01/29 23:20:25 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3630.42313__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2009/08/31 23:56:04 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009/06/10 23:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Win32 Services (SafeList) ========== SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/07/04 14:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Start_Pending] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/12/09 19:14:52 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/07/10 01:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- -- (aswTdi) DRV - File not found [File_System | Auto | Stopped] -- aswFsBlk.sys -- (aswFsBlk) DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/04/16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/03/11 19:25:26 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011/07/04 14:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011/07/04 14:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/07/04 14:32:32 | 000,025,432 | ---- | M] () [Kernel | System | Stopped] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/07/04 14:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011/06/27 01:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2011/06/02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011/06/02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011/06/02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2010/10/20 14:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files\msi\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4) DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/05/10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507) DRV - [2009/12/09 21:39:45 | 005,147,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2009/12/09 18:22:19 | 000,121,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009/12/09 17:02:47 | 006,229,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd) DRV - [2009/12/05 03:50:02 | 000,082,128 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR) DRV - [2009/10/30 00:55:30 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2009/10/26 06:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2009/09/25 04:13:12 | 000,159,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009/09/17 06:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009/07/14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2009/05/27 00:32:02 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{9606359B-FBEA-4B26-98FB-5C31BB188E00}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\SearchScopes\{C2880F9E-025D-45DB-9D95-45DA92779E06}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=57b62a2b-5ac0-4585-8fe3-c66f2f30b9fa&apn_sauid=E8923FAA-3A1C-4E85-83F0-C26B603B87CF IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/17 20:27:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/23 19:31:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/17 20:27:21 | 000,000,000 | ---D | M] [2010/07/02 18:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ari\AppData\Roaming\mozilla\Extensions [2012/06/12 14:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions [2012/05/26 21:06:28 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com [2010/06/08 11:29:10 | 000,000,927 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\efouTAgfxqjyLerasJgvL [2012/05/26 21:06:28 | 000,002,344 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\ounpaeyLUssXDus [2010/08/23 19:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/11/15 19:09:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/11/15 15:00:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/05/22 19:56:44 | 000,003,659 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2011/11/15 14:51:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/15 15:00:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/11/15 15:00:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/11/15 15:00:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/11/15 15:00:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\BootStartLiveupdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D5FA4A3-4169-43CD-B417-D638ADEBE03F}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell - "" = AutoRun O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/06/19 20:09:05 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview [2012/06/19 20:08:04 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders [2012/06/18 12:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/06/12 15:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012/06/12 15:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/06/12 15:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012/06/12 15:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/06/12 14:43:51 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Malwarebytes [2012/06/12 14:43:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/03 16:31:12 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Xell [2012/05/26 21:11:52 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Avira [2012/05/26 21:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/05/26 21:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012/05/26 21:04:50 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys [2012/05/26 21:04:50 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys [2012/05/26 21:04:50 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys [2012/05/26 21:04:50 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2012/05/26 21:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/05/26 21:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012/05/21 18:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/20 10:53:13 | 000,022,672 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/20 10:53:13 | 000,022,672 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/20 10:52:37 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/06/20 10:52:37 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/06/20 10:52:37 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/06/20 10:52:37 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/06/20 10:41:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/06/20 10:41:04 | 2552,381,440 | -HS- | M] () -- C:\hiberfil.sys [2012/06/19 20:47:04 | 000,378,168 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/06/14 14:48:59 | 511,223,463 | ---- | M] () -- C:\windows\MEMORY.DMP [2012/06/13 14:17:54 | 000,000,156 | ---- | M] () -- C:\Users\Ari\defogger_reenable [2012/06/12 14:06:45 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk [2012/05/26 21:06:36 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/05/25 13:47:34 | 000,014,033 | ---- | M] () -- C:\Users\Ari\Desktop\LUaVplOssqxGQasfX [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/13 14:17:53 | 000,000,156 | ---- | C] () -- C:\Users\Ari\defogger_reenable [2012/05/26 21:06:36 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/05/17 20:23:52 | 000,181,697 | ---- | C] () -- C:\windows\hpoins28.dat [2012/05/17 20:23:52 | 000,000,442 | ---- | C] () -- C:\windows\hpomdl28.dat [2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll [2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll [2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll [2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll [2012/03/11 19:56:26 | 000,025,432 | ---- | C] () -- C:\windows\System32\drivers\aswRdr.sys [2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll ========== LOP Check ========== [2012/06/07 19:52:42 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\DAEMON Tools Lite [2012/05/01 16:57:52 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Samsung [2010/07/18 16:14:35 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Scan2PDF [2012/06/12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Xell [2012/05/21 18:37:25 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/07/03 14:32:02 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Adobe [2010/08/14 18:53:08 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\ArcSoft [2010/07/02 15:23:41 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\ATI [2012/05/26 21:11:52 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Avira [2012/06/07 19:52:42 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\DAEMON Tools Lite [2012/05/17 20:38:47 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\HP [2010/07/02 15:23:23 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Identities [2010/07/02 18:30:56 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Macromedia [2012/06/12 14:43:51 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Malwarebytes [2010/01/29 23:22:42 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Media Center Programs [2012/06/19 22:30:33 | 000,000,000 | --SD | M] -- C:\Users\Ari\AppData\Roaming\Microsoft [2010/07/02 18:33:39 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Mozilla [2012/05/01 16:57:52 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Samsung [2010/07/18 16:14:35 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Scan2PDF [2012/06/12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Xell < %APPDATA%\*.exe /s > [2012/05/09 14:43:21 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Ari\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x86.exe [2012/03/31 04:38:30 | 000,371,088 | ---- | M] (ml) -- C:\Users\Ari\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe [2012/05/04 07:37:12 | 000,371,088 | ---- | M] (ml) -- C:\Users\Ari\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009/10/13 21:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009/10/13 21:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\drivers\iaStor.sys [2009/10/13 21:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_3f3653f13a033ed4\iaStor.sys [2009/10/13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/12/09 19:15:49 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\windows\system32\ATIDEMGX.dll < End of report > |
|
20.06.2012, 12:12
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschlüsselungs-Trojaner auf Win7 Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\SearchScopes\{C2880F9E-025D-45DB-9D95-45DA92779E06}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=57b62a2b-5ac0-4585-8fe3-c66f2f30b9fa&apn_sauid=E8923FAA-3A1C-4E85-83F0-C26B603B87CF
IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
FF - user.js - File not found
[2012/05/26 21:06:28 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com
[2010/06/08 11:29:10 | 000,000,927 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\efouTAgfxqjyLerasJgvL
[2012/05/26 21:06:28 | 000,002,344 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\ounpaeyLUssXDus
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell - "" = AutoRun
O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell\AutoRun\command - "" = G:\autorun.exe
[2012/06/03 16:31:12 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Xell
:Files
C:\Program Files\Ask.com
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.06.2012, 13:05
| #9 |
| | Windows-Verschlüsselungs-Trojaner auf Win7 Hier der Inhalt des Logs nachdem Win neu gestartet hat. Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_USERS\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
HKEY_USERS\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C2880F9E-025D-45DB-9D95-45DA92779E06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2880F9E-025D-45DB-9D95-45DA92779E06}\ not found.
HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
Folder move failed. C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\defaults scheduled to be moved on reboot.
C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
Folder move failed. C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com scheduled to be moved on reboot.
C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\efouTAgfxqjyLerasJgvL moved successfully.
C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\ounpaeyLUssXDus moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{808a24fc-6b9d-11e1-8290-4061861e300d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{808a24fc-6b9d-11e1-8290-4061861e300d}\ not found.
File G:\autorun.exe not found.
C:\Users\Ari\AppData\Roaming\Xell folder moved successfully.
========== FILES ==========
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Ari
->Temp folder emptied: 1541470152 bytes
->Temporary Internet Files folder emptied: 208109481 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 418502234 bytes
->Flash cache emptied: 119643 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 6 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 168218055 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 18103226 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2,245.00 mb
[EMPTYFLASH]
User: All Users
User: Ari
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.48.0 log created on 06202012_134310
Files\Folders moved on Reboot...
C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com folder moved successfully.
Registry entries deleted on Reboot...
|
|
20.06.2012, 14:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschlüsselungs-Trojaner auf Win7 Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.06.2012, 14:46
| #11 |
| | Windows-Verschlüsselungs-Trojaner auf Win7Code:
ATTFilter 15:42:14.0357 6132 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
15:42:16.0369 6132 ============================================================
15:42:16.0369 6132 Current date / time: 2012/06/20 15:42:16.0369
15:42:16.0369 6132 SystemInfo:
15:42:16.0369 6132
15:42:16.0369 6132 OS Version: 6.1.7601 ServicePack: 1.0
15:42:16.0369 6132 Product type: Workstation
15:42:16.0369 6132 ComputerName: ARI-MSI
15:42:16.0369 6132 UserName: Ari
15:42:16.0369 6132 Windows directory: C:\windows
15:42:16.0369 6132 System windows directory: C:\windows
15:42:16.0369 6132 Processor architecture: Intel x86
15:42:16.0369 6132 Number of processors: 4
15:42:16.0369 6132 Page size: 0x1000
15:42:16.0369 6132 Boot type: Normal boot
15:42:16.0369 6132 ============================================================
15:42:16.0853 6132 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:42:16.0868 6132 ============================================================
15:42:16.0868 6132 \Device\Harddisk0\DR0:
15:42:16.0868 6132 MBR partitions:
15:42:16.0868 6132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1432800, BlocksNum 0x222C844C
15:42:16.0868 6132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x236FAC4C, BlocksNum 0x16C8ABE4
15:42:16.0868 6132 ============================================================
15:42:16.0899 6132 C: <-> \Device\Harddisk0\DR0\Partition0
15:42:16.0931 6132 D: <-> \Device\Harddisk0\DR0\Partition1
15:42:16.0931 6132 ============================================================
15:42:16.0931 6132 Initialize success
15:42:16.0931 6132 ============================================================
15:42:34.0730 1004 ============================================================
15:42:34.0730 1004 Scan started
15:42:34.0730 1004 Mode: Manual; SigCheck; TDLFS;
15:42:34.0730 1004 ============================================================
15:42:35.0105 1004 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
15:42:35.0214 1004 1394ohci - ok
15:42:35.0339 1004 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:42:35.0370 1004 ACDaemon - ok
15:42:35.0432 1004 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
15:42:35.0464 1004 ACPI - ok
15:42:35.0495 1004 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
15:42:35.0526 1004 AcpiPmi - ok
15:42:35.0573 1004 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
15:42:35.0604 1004 adp94xx - ok
15:42:35.0635 1004 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
15:42:35.0651 1004 adpahci - ok
15:42:35.0666 1004 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
15:42:35.0682 1004 adpu320 - ok
15:42:35.0713 1004 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
15:42:35.0713 1004 AeLookupSvc - ok
15:42:35.0791 1004 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
15:42:35.0807 1004 AFD - ok
15:42:35.0854 1004 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
15:42:35.0854 1004 agp440 - ok
15:42:35.0900 1004 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
15:42:35.0916 1004 aic78xx - ok
15:42:35.0947 1004 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
15:42:35.0963 1004 ALG - ok
15:42:35.0994 1004 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
15:42:36.0025 1004 aliide - ok
15:42:36.0056 1004 AMD External Events Utility (4fca011a5afb252cab7b30ef12a99ce8) C:\windows\system32\atiesrxx.exe
15:42:36.0072 1004 AMD External Events Utility - ok
15:42:36.0103 1004 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
15:42:36.0119 1004 amdagp - ok
15:42:36.0134 1004 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
15:42:36.0150 1004 amdide - ok
15:42:36.0166 1004 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
15:42:36.0181 1004 AmdK8 - ok
15:42:36.0556 1004 amdkmdag (b0ad0b3ed60d9c60b85731a9e08e27b9) C:\windows\system32\DRIVERS\atipmdag.sys
15:42:36.0618 1004 amdkmdag - ok
15:42:36.0790 1004 amdkmdap (9c07c155b0e1b0df48fae92f0e6c0761) C:\windows\system32\DRIVERS\atikmpag.sys
15:42:36.0821 1004 amdkmdap - ok
15:42:36.0852 1004 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
15:42:36.0868 1004 AmdPPM - ok
15:42:36.0883 1004 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
15:42:36.0899 1004 amdsata - ok
15:42:36.0930 1004 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
15:42:36.0946 1004 amdsbs - ok
15:42:36.0961 1004 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
15:42:36.0977 1004 amdxata - ok
15:42:37.0055 1004 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:42:37.0070 1004 AntiVirSchedulerService - ok
15:42:37.0102 1004 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:42:37.0102 1004 AntiVirService - ok
15:42:37.0164 1004 AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
15:42:37.0195 1004 AntiVirWebService - ok
15:42:37.0258 1004 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
15:42:37.0304 1004 AppID - ok
15:42:37.0336 1004 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
15:42:37.0382 1004 AppIDSvc - ok
15:42:37.0398 1004 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
15:42:37.0429 1004 Appinfo - ok
15:42:37.0460 1004 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
15:42:37.0476 1004 arc - ok
15:42:37.0476 1004 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
15:42:37.0492 1004 arcsas - ok
15:42:37.0523 1004 ArcSoftKsUFilter (dfd07f0a36bd4f7e7ad2bc5548213694) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
15:42:37.0538 1004 ArcSoftKsUFilter - ok
15:42:37.0538 1004 aswFsBlk - ok
15:42:37.0601 1004 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\windows\system32\drivers\aswMonFlt.sys
15:42:37.0616 1004 aswMonFlt - ok
15:42:37.0648 1004 aswRdr (2fdcfa71d5462effc178fd2e70b301cb) C:\windows\system32\drivers\aswRdr.sys
15:42:37.0648 1004 Suspicious file (Forged): C:\windows\system32\drivers\aswRdr.sys. Real md5: 2fdcfa71d5462effc178fd2e70b301cb, Fake md5: aa96492df3a150bf0741f7d5201e7dd0
15:42:37.0648 1004 aswRdr ( ForgedFile.Multi.Generic ) - warning
15:42:37.0648 1004 aswRdr - detected ForgedFile.Multi.Generic (1)
15:42:37.0694 1004 aswSnx (17230708a2028cd995656df455f2e303) C:\windows\system32\drivers\aswSnx.sys
15:42:37.0726 1004 aswSnx - ok
15:42:37.0757 1004 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\windows\system32\drivers\aswSP.sys
15:42:37.0772 1004 aswSP - ok
15:42:37.0788 1004 aswTdi - ok
15:42:37.0819 1004 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
15:42:37.0850 1004 AsyncMac - ok
15:42:37.0882 1004 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
15:42:37.0897 1004 atapi - ok
15:42:38.0084 1004 athr (31cb2740bfdbac1e48e2b7ead38f0d27) C:\windows\system32\DRIVERS\athr.sys
15:42:38.0131 1004 athr - ok
15:42:38.0303 1004 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
15:42:38.0350 1004 AudioEndpointBuilder - ok
15:42:38.0350 1004 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
15:42:38.0381 1004 Audiosrv - ok
15:42:38.0459 1004 avast! Antivirus (d16c826f375a44802bf317982e81a7e2) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:42:38.0474 1004 avast! Antivirus - ok
15:42:38.0552 1004 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\windows\system32\DRIVERS\avgntflt.sys
15:42:38.0584 1004 avgntflt - ok
15:42:38.0599 1004 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\windows\system32\DRIVERS\avipbb.sys
15:42:38.0615 1004 avipbb - ok
15:42:38.0615 1004 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\windows\system32\DRIVERS\avkmgr.sys
15:42:38.0630 1004 avkmgr - ok
15:42:38.0677 1004 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
15:42:38.0708 1004 AxInstSV - ok
15:42:38.0755 1004 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
15:42:38.0771 1004 b06bdrv - ok
15:42:38.0818 1004 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
15:42:38.0833 1004 b57nd60x - ok
15:42:38.0880 1004 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
15:42:38.0896 1004 BDESVC - ok
15:42:38.0927 1004 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
15:42:38.0958 1004 Beep - ok
15:42:39.0020 1004 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
15:42:39.0067 1004 BFE - ok
15:42:39.0145 1004 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
15:42:39.0192 1004 BITS - ok
15:42:39.0223 1004 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
15:42:39.0239 1004 blbdrive - ok
15:42:39.0254 1004 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
15:42:39.0270 1004 bowser - ok
15:42:39.0286 1004 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
15:42:39.0301 1004 BrFiltLo - ok
15:42:39.0317 1004 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
15:42:39.0332 1004 BrFiltUp - ok
15:42:39.0348 1004 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
15:42:39.0379 1004 Browser - ok
15:42:39.0395 1004 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
15:42:39.0410 1004 Brserid - ok
15:42:39.0426 1004 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
15:42:39.0442 1004 BrSerWdm - ok
15:42:39.0457 1004 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
15:42:39.0473 1004 BrUsbMdm - ok
15:42:39.0488 1004 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
15:42:39.0504 1004 BrUsbSer - ok
15:42:39.0535 1004 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
15:42:39.0566 1004 BthEnum - ok
15:42:39.0582 1004 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
15:42:39.0598 1004 BTHMODEM - ok
15:42:39.0629 1004 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
15:42:39.0660 1004 BthPan - ok
15:42:39.0722 1004 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
15:42:39.0816 1004 BTHPORT - ok
15:42:39.0847 1004 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
15:42:39.0910 1004 bthserv - ok
15:42:39.0956 1004 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
15:42:39.0988 1004 BTHUSB - ok
15:42:40.0034 1004 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
15:42:40.0097 1004 cdfs - ok
15:42:40.0144 1004 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
15:42:40.0190 1004 cdrom - ok
15:42:40.0222 1004 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
15:42:40.0284 1004 CertPropSvc - ok
15:42:40.0315 1004 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
15:42:40.0346 1004 circlass - ok
15:42:40.0409 1004 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
15:42:40.0440 1004 CLFS - ok
15:42:40.0502 1004 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:42:40.0534 1004 clr_optimization_v2.0.50727_32 - ok
15:42:40.0627 1004 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:42:40.0643 1004 clr_optimization_v4.0.30319_32 - ok
15:42:40.0674 1004 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
15:42:40.0721 1004 CmBatt - ok
15:42:40.0752 1004 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
15:42:40.0768 1004 cmdide - ok
15:42:40.0814 1004 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
15:42:40.0877 1004 CNG - ok
15:42:40.0908 1004 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
15:42:40.0924 1004 Compbatt - ok
15:42:40.0955 1004 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
15:42:40.0986 1004 CompositeBus - ok
15:42:41.0002 1004 COMSysApp - ok
15:42:41.0033 1004 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
15:42:41.0048 1004 crcdisk - ok
15:42:41.0080 1004 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
15:42:41.0158 1004 CryptSvc - ok
15:42:41.0220 1004 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
15:42:41.0298 1004 DcomLaunch - ok
15:42:41.0345 1004 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
15:42:41.0407 1004 defragsvc - ok
15:42:41.0454 1004 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
15:42:41.0532 1004 DfsC - ok
15:42:41.0610 1004 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
15:42:41.0688 1004 Dhcp - ok
15:42:41.0719 1004 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
15:42:41.0766 1004 discache - ok
15:42:41.0813 1004 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
15:42:41.0844 1004 Disk - ok
15:42:41.0891 1004 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
15:42:41.0953 1004 Dnscache - ok
15:42:41.0984 1004 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
15:42:42.0047 1004 dot3svc - ok
15:42:42.0109 1004 Dot4 (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys
15:42:42.0172 1004 Dot4 - ok
15:42:42.0218 1004 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\windows\system32\drivers\Dot4Prt.sys
15:42:42.0265 1004 Dot4Print - ok
15:42:42.0312 1004 dot4usb (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys
15:42:42.0359 1004 dot4usb - ok
15:42:42.0390 1004 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
15:42:42.0468 1004 DPS - ok
15:42:42.0499 1004 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
15:42:42.0530 1004 drmkaud - ok
15:42:42.0593 1004 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\windows\system32\DRIVERS\dtsoftbus01.sys
15:42:42.0608 1004 dtsoftbus01 - ok
15:42:42.0686 1004 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
15:42:42.0749 1004 DXGKrnl - ok
15:42:42.0796 1004 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
15:42:42.0858 1004 EapHost - ok
15:42:43.0123 1004 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
15:42:43.0264 1004 ebdrv - ok
15:42:43.0388 1004 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
15:42:43.0451 1004 EFS - ok
15:42:43.0544 1004 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
15:42:43.0669 1004 ehRecvr - ok
15:42:43.0700 1004 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
15:42:43.0778 1004 ehSched - ok
15:42:43.0872 1004 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
15:42:43.0934 1004 elxstor - ok
15:42:43.0966 1004 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
15:42:44.0012 1004 ErrDev - ok
15:42:44.0090 1004 EUCR (73fafd5a8e5e01302c71b4997ee28bde) C:\windows\system32\DRIVERS\EUCR6SK.SYS
15:42:44.0106 1004 EUCR - ok
15:42:44.0153 1004 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
15:42:44.0246 1004 EventSystem - ok
15:42:44.0293 1004 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
15:42:44.0356 1004 exfat - ok
15:42:44.0371 1004 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
15:42:44.0418 1004 fastfat - ok
15:42:44.0496 1004 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
15:42:44.0558 1004 Fax - ok
15:42:44.0605 1004 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
15:42:44.0636 1004 fdc - ok
15:42:44.0683 1004 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
15:42:44.0746 1004 fdPHost - ok
15:42:44.0761 1004 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
15:42:44.0808 1004 FDResPub - ok
15:42:44.0824 1004 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
15:42:44.0839 1004 FileInfo - ok
15:42:44.0839 1004 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
15:42:44.0886 1004 Filetrace - ok
15:42:44.0933 1004 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
15:42:44.0964 1004 flpydisk - ok
15:42:45.0026 1004 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
15:42:45.0042 1004 FltMgr - ok
15:42:45.0120 1004 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
15:42:45.0214 1004 FontCache - ok
15:42:45.0323 1004 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:42:45.0338 1004 FontCache3.0.0.0 - ok
15:42:45.0354 1004 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
15:42:45.0385 1004 FsDepends - ok
15:42:45.0401 1004 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
15:42:45.0416 1004 Fs_Rec - ok
15:42:45.0463 1004 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
15:42:45.0494 1004 fvevol - ok
15:42:45.0510 1004 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
15:42:45.0526 1004 gagp30kx - ok
15:42:45.0588 1004 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
15:42:45.0666 1004 gpsvc - ok
15:42:45.0666 1004 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
15:42:45.0713 1004 hcw85cir - ok
15:42:45.0775 1004 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
15:42:45.0838 1004 HdAudAddService - ok
15:42:45.0884 1004 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
15:42:45.0931 1004 HDAudBus - ok
15:42:45.0978 1004 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
15:42:46.0025 1004 HECI - ok
15:42:46.0025 1004 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
15:42:46.0072 1004 HidBatt - ok
15:42:46.0087 1004 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
15:42:46.0118 1004 HidBth - ok
15:42:46.0150 1004 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
15:42:46.0196 1004 HidIr - ok
15:42:46.0228 1004 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
15:42:46.0306 1004 hidserv - ok
15:42:46.0337 1004 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
15:42:46.0384 1004 HidUsb - ok
15:42:46.0415 1004 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
15:42:46.0462 1004 hkmsvc - ok
15:42:46.0493 1004 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
15:42:46.0571 1004 HomeGroupListener - ok
15:42:46.0618 1004 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
15:42:46.0664 1004 HomeGroupProvider - ok
15:42:46.0820 1004 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:42:46.0852 1004 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
15:42:46.0852 1004 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
15:42:46.0898 1004 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:42:46.0930 1004 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
15:42:46.0930 1004 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
15:42:46.0992 1004 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
15:42:47.0008 1004 HpSAMD - ok
15:42:47.0086 1004 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
15:42:47.0132 1004 HTTP - ok
15:42:47.0164 1004 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
15:42:47.0179 1004 hwpolicy - ok
15:42:47.0210 1004 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
15:42:47.0257 1004 i8042prt - ok
15:42:47.0351 1004 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:42:47.0382 1004 IAANTMON - ok
15:42:47.0413 1004 iaStor (0baa4115dfffd6a6d809a89d65e1281a) C:\windows\system32\DRIVERS\iaStor.sys
15:42:47.0444 1004 iaStor - ok
15:42:47.0507 1004 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
15:42:47.0538 1004 iaStorV - ok
15:42:47.0647 1004 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:42:47.0756 1004 idsvc - ok
15:42:47.0881 1004 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
15:42:47.0912 1004 iirsp - ok
15:42:48.0006 1004 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
15:42:48.0068 1004 IKEEXT - ok
15:42:48.0146 1004 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\windows\system32\DRIVERS\Impcd.sys
15:42:48.0193 1004 Impcd - ok
15:42:48.0474 1004 IntcAzAudAddService (97fa95e4f486f37d60ad3744d86f3d7e) C:\windows\system32\drivers\RTKVHDA.sys
15:42:48.0614 1004 IntcAzAudAddService - ok
15:42:48.0786 1004 IntcDAud (29061f25abb6e60a5b49fbeed7a5698a) C:\windows\system32\DRIVERS\IntcDAud.sys
15:42:48.0864 1004 IntcDAud - ok
15:42:48.0895 1004 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
15:42:48.0911 1004 intelide - ok
15:42:49.0394 1004 intelkmd (faf70667be6d1e1ffbacc8d4fc15d645) C:\windows\system32\DRIVERS\igdpmd32.sys
15:42:49.0597 1004 intelkmd - ok
15:42:49.0769 1004 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
15:42:49.0816 1004 intelppm - ok
15:42:49.0847 1004 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
15:42:49.0909 1004 IPBusEnum - ok
15:42:49.0909 1004 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:42:49.0940 1004 IpFilterDriver - ok
15:42:50.0018 1004 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
15:42:50.0096 1004 iphlpsvc - ok
15:42:50.0128 1004 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
15:42:50.0159 1004 IPMIDRV - ok
15:42:50.0206 1004 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
15:42:50.0237 1004 IPNAT - ok
15:42:50.0268 1004 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
15:42:50.0330 1004 IRENUM - ok
15:42:50.0346 1004 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
15:42:50.0362 1004 isapnp - ok
15:42:50.0408 1004 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
15:42:50.0440 1004 iScsiPrt - ok
15:42:50.0471 1004 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
15:42:50.0486 1004 kbdclass - ok
15:42:50.0502 1004 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
15:42:50.0518 1004 kbdhid - ok
15:42:50.0549 1004 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:42:50.0564 1004 KeyIso - ok
15:42:50.0580 1004 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
15:42:50.0596 1004 KSecDD - ok
15:42:50.0627 1004 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
15:42:50.0658 1004 KSecPkg - ok
15:42:50.0705 1004 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
15:42:50.0783 1004 KtmRm - ok
15:42:50.0861 1004 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
15:42:50.0923 1004 LanmanServer - ok
15:42:50.0954 1004 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
15:42:51.0017 1004 LanmanWorkstation - ok
15:42:51.0064 1004 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
15:42:51.0126 1004 lltdio - ok
15:42:51.0173 1004 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
15:42:51.0251 1004 lltdsvc - ok
15:42:51.0266 1004 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
15:42:51.0313 1004 lmhosts - ok
15:42:51.0438 1004 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:42:51.0469 1004 LMS - ok
15:42:51.0500 1004 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
15:42:51.0516 1004 LSI_FC - ok
15:42:51.0532 1004 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
15:42:51.0547 1004 LSI_SAS - ok
15:42:51.0563 1004 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
15:42:51.0563 1004 LSI_SAS2 - ok
15:42:51.0578 1004 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
15:42:51.0594 1004 LSI_SCSI - ok
15:42:51.0610 1004 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
15:42:51.0656 1004 luafv - ok
15:42:51.0688 1004 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
15:42:51.0688 1004 MBAMProtector - ok
15:42:51.0781 1004 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:42:51.0828 1004 MBAMService - ok
15:42:51.0859 1004 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
15:42:51.0890 1004 Mcx2Svc - ok
15:42:51.0906 1004 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
15:42:51.0922 1004 megasas - ok
15:42:51.0953 1004 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
15:42:51.0984 1004 MegaSR - ok
15:42:52.0046 1004 Micro Star SCM (71c6748ee8de938532057ef10b4b7e44) C:\Program Files\System Control Manager\MSIService.exe
15:42:52.0078 1004 Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
15:42:52.0078 1004 Micro Star SCM - detected UnsignedFile.Multi.Generic (1)
15:42:52.0124 1004 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
15:42:52.0187 1004 MMCSS - ok
15:42:52.0218 1004 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
15:42:52.0265 1004 Modem - ok
15:42:52.0265 1004 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
15:42:52.0280 1004 monitor - ok
15:42:52.0327 1004 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
15:42:52.0343 1004 mouclass - ok
15:42:52.0374 1004 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
15:42:52.0405 1004 mouhid - ok
15:42:52.0452 1004 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
15:42:52.0468 1004 mountmgr - ok
15:42:52.0499 1004 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
15:42:52.0514 1004 mpio - ok
15:42:52.0546 1004 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
15:42:52.0608 1004 mpsdrv - ok
15:42:52.0670 1004 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
15:42:52.0748 1004 MpsSvc - ok
15:42:52.0795 1004 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
15:42:52.0858 1004 MRxDAV - ok
15:42:52.0889 1004 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
15:42:52.0920 1004 mrxsmb - ok
15:42:52.0951 1004 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:42:52.0998 1004 mrxsmb10 - ok
15:42:53.0029 1004 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:42:53.0076 1004 mrxsmb20 - ok
15:42:53.0092 1004 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
15:42:53.0123 1004 msahci - ok
15:42:53.0138 1004 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
15:42:53.0154 1004 msdsm - ok
15:42:53.0185 1004 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
15:42:53.0263 1004 MSDTC - ok
15:42:53.0310 1004 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
15:42:53.0388 1004 Msfs - ok
15:42:53.0404 1004 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
15:42:53.0450 1004 mshidkmdf - ok
15:42:53.0482 1004 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
15:42:53.0497 1004 msisadrv - ok
15:42:53.0528 1004 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
15:42:53.0575 1004 MSiSCSI - ok
15:42:53.0575 1004 msiserver - ok
15:42:53.0684 1004 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\Program Files\MSI\Live Update 5\msibios32_100507.sys
15:42:53.0716 1004 MSI_MSIBIOS_010507 - ok
15:42:53.0731 1004 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
15:42:53.0794 1004 MSKSSRV - ok
15:42:53.0809 1004 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
15:42:53.0856 1004 MSPCLOCK - ok
15:42:53.0872 1004 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
15:42:53.0950 1004 MSPQM - ok
15:42:53.0996 1004 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
15:42:54.0012 1004 MsRPC - ok
15:42:54.0043 1004 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
15:42:54.0059 1004 mssmbios - ok
15:42:54.0074 1004 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
15:42:54.0106 1004 MSTEE - ok
15:42:54.0137 1004 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
15:42:54.0152 1004 MTConfig - ok
15:42:54.0184 1004 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
15:42:54.0199 1004 Mup - ok
15:42:54.0230 1004 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
15:42:54.0308 1004 napagent - ok
15:42:54.0386 1004 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
15:42:54.0433 1004 NativeWifiP - ok
15:42:54.0511 1004 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
15:42:54.0542 1004 NDIS - ok
15:42:54.0574 1004 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
15:42:54.0636 1004 NdisCap - ok
15:42:54.0667 1004 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
15:42:54.0698 1004 NdisTapi - ok
15:42:54.0714 1004 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
15:42:54.0745 1004 Ndisuio - ok
15:42:54.0776 1004 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
15:42:54.0839 1004 NdisWan - ok
15:42:54.0870 1004 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
15:42:54.0932 1004 NDProxy - ok
15:42:54.0979 1004 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\windows\system32\HPZinw12.dll
15:42:55.0010 1004 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:42:55.0010 1004 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:42:55.0042 1004 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
15:42:55.0104 1004 NetBIOS - ok
15:42:55.0151 1004 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
15:42:55.0229 1004 NetBT - ok
15:42:55.0260 1004 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:42:55.0276 1004 Netlogon - ok
15:42:55.0322 1004 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
15:42:55.0385 1004 Netman - ok
15:42:55.0416 1004 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
15:42:55.0478 1004 netprofm - ok
15:42:55.0556 1004 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:42:55.0603 1004 NetTcpPortSharing - ok
15:42:55.0650 1004 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
15:42:55.0666 1004 nfrd960 - ok
15:42:55.0728 1004 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
15:42:55.0775 1004 NlaSvc - ok
15:42:55.0790 1004 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
15:42:55.0822 1004 Npfs - ok
15:42:55.0853 1004 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
15:42:55.0900 1004 nsi - ok
15:42:55.0931 1004 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
15:42:55.0978 1004 nsiproxy - ok
15:42:56.0102 1004 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
15:42:56.0180 1004 Ntfs - ok
15:42:56.0274 1004 NTIOLib_1_0_4 (cd2166c9511d336a058cde91778aaa69) C:\Program Files\msi\Live Update 5\NTIOLib.sys
15:42:56.0290 1004 NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - warning
15:42:56.0290 1004 NTIOLib_1_0_4 - detected UnsignedFile.Multi.Generic (1)
15:42:56.0414 1004 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
15:42:56.0477 1004 Null - ok
15:42:56.0524 1004 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
15:42:56.0570 1004 nvraid - ok
15:42:56.0586 1004 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
15:42:56.0602 1004 nvstor - ok
15:42:56.0633 1004 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
15:42:56.0664 1004 nv_agp - ok
15:42:56.0695 1004 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
15:42:56.0742 1004 ohci1394 - ok
15:42:56.0836 1004 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:42:56.0851 1004 ose - ok
15:42:57.0226 1004 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:42:57.0397 1004 osppsvc - ok
15:42:57.0413 1004 Scan interrupted by user!
15:42:57.0413 1004 Scan interrupted by user!
15:42:57.0413 1004 Scan interrupted by user!
15:42:57.0413 1004 ============================================================
15:42:57.0413 1004 Scan finished
15:42:57.0413 1004 ============================================================
15:42:57.0413 5292 Detected object count: 6
15:42:57.0413 5292 Actual detected object count: 6
15:42:59.0940 5292 aswRdr ( ForgedFile.Multi.Generic ) - skipped by user
15:42:59.0940 5292 aswRdr ( ForgedFile.Multi.Generic ) - User select action: Skip
15:42:59.0940 5292 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:59.0940 5292 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:59.0940 5292 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:59.0940 5292 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:59.0956 5292 Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:59.0956 5292 Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:59.0956 5292 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:59.0956 5292 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:42:59.0956 5292 NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:59.0956 5292 NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:43:21.0109 0188 ============================================================
15:43:21.0109 0188 Scan started
15:43:21.0109 0188 Mode: Manual; SigCheck; TDLFS;
15:43:21.0109 0188 ============================================================
15:43:21.0390 0188 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
15:43:21.0421 0188 1394ohci - ok
15:43:21.0499 0188 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:43:21.0515 0188 ACDaemon - ok
15:43:21.0562 0188 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
15:43:21.0593 0188 ACPI - ok
15:43:21.0624 0188 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
15:43:21.0640 0188 AcpiPmi - ok
15:43:21.0686 0188 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
15:43:21.0702 0188 adp94xx - ok
15:43:21.0733 0188 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
15:43:21.0749 0188 adpahci - ok
15:43:21.0764 0188 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
15:43:21.0764 0188 adpu320 - ok
15:43:21.0811 0188 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
15:43:21.0827 0188 AeLookupSvc - ok
15:43:21.0874 0188 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
15:43:21.0889 0188 AFD - ok
15:43:21.0920 0188 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
15:43:21.0936 0188 agp440 - ok
15:43:21.0952 0188 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
15:43:21.0967 0188 aic78xx - ok
15:43:21.0998 0188 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
15:43:22.0014 0188 ALG - ok
15:43:22.0045 0188 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
15:43:22.0045 0188 aliide - ok
15:43:22.0076 0188 AMD External Events Utility (4fca011a5afb252cab7b30ef12a99ce8) C:\windows\system32\atiesrxx.exe
15:43:22.0092 0188 AMD External Events Utility - ok
15:43:22.0108 0188 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
15:43:22.0123 0188 amdagp - ok
15:43:22.0123 0188 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
15:43:22.0139 0188 amdide - ok
15:43:22.0154 0188 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
15:43:22.0170 0188 AmdK8 - ok
15:43:22.0529 0188 amdkmdag (b0ad0b3ed60d9c60b85731a9e08e27b9) C:\windows\system32\DRIVERS\atipmdag.sys
15:43:22.0607 0188 amdkmdag - ok
15:43:22.0716 0188 amdkmdap (9c07c155b0e1b0df48fae92f0e6c0761) C:\windows\system32\DRIVERS\atikmpag.sys
15:43:22.0747 0188 amdkmdap - ok
15:43:22.0763 0188 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
15:43:22.0778 0188 AmdPPM - ok
15:43:22.0810 0188 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
15:43:22.0810 0188 amdsata - ok
15:43:22.0841 0188 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
15:43:22.0856 0188 amdsbs - ok
15:43:22.0872 0188 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
15:43:22.0888 0188 amdxata - ok
15:43:22.0934 0188 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:43:22.0966 0188 AntiVirSchedulerService - ok
15:43:22.0981 0188 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:43:22.0997 0188 AntiVirService - ok
15:43:23.0028 0188 AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
15:43:23.0059 0188 AntiVirWebService - ok
15:43:23.0075 0188 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
15:43:23.0122 0188 AppID - ok
15:43:23.0153 0188 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
15:43:23.0184 0188 AppIDSvc - ok
15:43:23.0200 0188 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
15:43:23.0231 0188 Appinfo - ok
15:43:23.0246 0188 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
15:43:23.0262 0188 arc - ok
15:43:23.0278 0188 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
15:43:23.0278 0188 arcsas - ok
15:43:23.0309 0188 ArcSoftKsUFilter (dfd07f0a36bd4f7e7ad2bc5548213694) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
15:43:23.0309 0188 ArcSoftKsUFilter - ok
15:43:23.0309 0188 aswFsBlk - ok
15:43:23.0340 0188 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\windows\system32\drivers\aswMonFlt.sys
15:43:23.0356 0188 aswMonFlt - ok
15:43:23.0371 0188 aswRdr (2fdcfa71d5462effc178fd2e70b301cb) C:\windows\system32\drivers\aswRdr.sys
15:43:23.0371 0188 Suspicious file (Forged): C:\windows\system32\drivers\aswRdr.sys. Real md5: 2fdcfa71d5462effc178fd2e70b301cb, Fake md5: aa96492df3a150bf0741f7d5201e7dd0
15:43:23.0371 0188 aswRdr ( ForgedFile.Multi.Generic ) - warning
15:43:23.0371 0188 aswRdr - detected ForgedFile.Multi.Generic (1)
15:43:23.0402 0188 aswSnx (17230708a2028cd995656df455f2e303) C:\windows\system32\drivers\aswSnx.sys
15:43:23.0434 0188 aswSnx - ok
15:43:23.0480 0188 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\windows\system32\drivers\aswSP.sys
15:43:23.0496 0188 aswSP - ok
15:43:23.0496 0188 aswTdi - ok
15:43:23.0512 0188 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
15:43:23.0543 0188 AsyncMac - ok
15:43:23.0574 0188 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
15:43:23.0574 0188 atapi - ok
15:43:23.0761 0188 athr (31cb2740bfdbac1e48e2b7ead38f0d27) C:\windows\system32\DRIVERS\athr.sys
15:43:23.0808 0188 athr - ok
15:43:23.0933 0188 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
15:43:23.0995 0188 AudioEndpointBuilder - ok
15:43:23.0995 0188 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
15:43:24.0026 0188 Audiosrv - ok
15:43:24.0104 0188 avast! Antivirus (d16c826f375a44802bf317982e81a7e2) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:43:24.0120 0188 avast! Antivirus - ok
15:43:24.0167 0188 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\windows\system32\DRIVERS\avgntflt.sys
15:43:24.0198 0188 avgntflt - ok
15:43:24.0214 0188 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\windows\system32\DRIVERS\avipbb.sys
15:43:24.0245 0188 avipbb - ok
15:43:24.0260 0188 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\windows\system32\DRIVERS\avkmgr.sys
15:43:24.0276 0188 avkmgr - ok
15:43:24.0307 0188 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
15:43:24.0323 0188 AxInstSV - ok
15:43:24.0385 0188 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
15:43:24.0416 0188 b06bdrv - ok
15:43:24.0448 0188 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
15:43:24.0463 0188 b57nd60x - ok
15:43:24.0479 0188 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
15:43:24.0510 0188 BDESVC - ok
15:43:24.0510 0188 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
15:43:24.0541 0188 Beep - ok
15:43:24.0588 0188 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
15:43:24.0635 0188 BFE - ok
15:43:24.0697 0188 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
15:43:24.0744 0188 BITS - ok
15:43:24.0760 0188 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
15:43:24.0760 0188 blbdrive - ok
15:43:24.0791 0188 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
15:43:24.0806 0188 bowser - ok
15:43:24.0806 0188 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
15:43:24.0822 0188 BrFiltLo - ok
15:43:24.0838 0188 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
15:43:24.0853 0188 BrFiltUp - ok
15:43:24.0869 0188 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
15:43:24.0900 0188 Browser - ok
15:43:24.0916 0188 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
15:43:24.0931 0188 Brserid - ok
15:43:24.0947 0188 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
15:43:24.0962 0188 BrSerWdm - ok
15:43:24.0962 0188 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
15:43:24.0978 0188 BrUsbMdm - ok
15:43:24.0994 0188 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
15:43:25.0009 0188 BrUsbSer - ok
15:43:25.0025 0188 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
15:43:25.0040 0188 BthEnum - ok
15:43:25.0040 0188 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
15:43:25.0056 0188 BTHMODEM - ok
15:43:25.0072 0188 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
15:43:25.0087 0188 BthPan - ok
15:43:25.0134 0188 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
15:43:25.0150 0188 BTHPORT - ok
15:43:25.0181 0188 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
15:43:25.0212 0188 bthserv - ok
15:43:25.0228 0188 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
15:43:25.0243 0188 BTHUSB - ok
15:43:25.0259 0188 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
15:43:25.0290 0188 cdfs - ok
15:43:25.0321 0188 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
15:43:25.0337 0188 cdrom - ok
15:43:25.0352 0188 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
15:43:25.0368 0188 CertPropSvc - ok
15:43:25.0384 0188 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
15:43:25.0399 0188 circlass - ok
15:43:25.0477 0188 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
15:43:25.0493 0188 CLFS - ok
15:43:25.0555 0188 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:43:25.0571 0188 clr_optimization_v2.0.50727_32 - ok
15:43:25.0649 0188 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:43:25.0664 0188 clr_optimization_v4.0.30319_32 - ok
15:43:25.0680 0188 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
15:43:25.0711 0188 CmBatt - ok
15:43:25.0727 0188 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
15:43:25.0742 0188 cmdide - ok
15:43:25.0789 0188 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
15:43:25.0836 0188 CNG - ok
15:43:25.0836 0188 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
15:43:25.0836 0188 Compbatt - ok
15:43:25.0852 0188 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
15:43:25.0867 0188 CompositeBus - ok
15:43:25.0867 0188 COMSysApp - ok
15:43:25.0898 0188 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
15:43:25.0914 0188 crcdisk - ok
15:43:25.0930 0188 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
15:43:25.0945 0188 CryptSvc - ok
15:43:25.0992 0188 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
15:43:26.0023 0188 DcomLaunch - ok
15:43:26.0070 0188 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
15:43:26.0117 0188 defragsvc - ok
15:43:26.0132 0188 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
15:43:26.0164 0188 DfsC - ok
15:43:26.0195 0188 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
15:43:26.0226 0188 Dhcp - ok
15:43:26.0257 0188 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
15:43:26.0288 0188 discache - ok
15:43:26.0320 0188 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
15:43:26.0320 0188 Disk - ok
15:43:26.0351 0188 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
15:43:26.0366 0188 Dnscache - ok
15:43:26.0398 0188 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
15:43:26.0429 0188 dot3svc - ok
15:43:26.0460 0188 Dot4 (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys
15:43:26.0476 0188 Dot4 - ok
15:43:26.0491 0188 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\windows\system32\drivers\Dot4Prt.sys
15:43:26.0507 0188 Dot4Print - ok
15:43:26.0538 0188 dot4usb (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys
15:43:26.0554 0188 dot4usb - ok
15:43:26.0585 0188 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
15:43:26.0616 0188 DPS - ok
15:43:26.0616 0188 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
15:43:26.0632 0188 drmkaud - ok
15:43:26.0678 0188 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\windows\system32\DRIVERS\dtsoftbus01.sys
15:43:26.0710 0188 dtsoftbus01 - ok
15:43:26.0788 0188 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
15:43:26.0803 0188 DXGKrnl - ok
15:43:26.0834 0188 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
15:43:26.0866 0188 EapHost - ok
15:43:27.0100 0188 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
15:43:27.0146 0188 ebdrv - ok
15:43:27.0256 0188 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
15:43:27.0287 0188 EFS - ok
15:43:27.0365 0188 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
15:43:27.0396 0188 ehRecvr - ok
15:43:27.0427 0188 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
15:43:27.0458 0188 ehSched - ok
15:43:27.0536 0188 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
15:43:27.0583 0188 elxstor - ok
15:43:27.0614 0188 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
15:43:27.0630 0188 ErrDev - ok
15:43:27.0630 0188 EUCR (73fafd5a8e5e01302c71b4997ee28bde) C:\windows\system32\DRIVERS\EUCR6SK.SYS
15:43:27.0646 0188 EUCR - ok
15:43:27.0692 0188 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
15:43:27.0724 0188 EventSystem - ok
15:43:27.0739 0188 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
15:43:27.0770 0188 exfat - ok
15:43:27.0770 0188 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
15:43:27.0802 0188 fastfat - ok
15:43:27.0880 0188 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
15:43:27.0911 0188 Fax - ok
15:43:27.0942 0188 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
15:43:27.0942 0188 fdc - ok
15:43:27.0958 0188 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
15:43:27.0989 0188 fdPHost - ok
15:43:28.0020 0188 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
15:43:28.0051 0188 FDResPub - ok
15:43:28.0051 0188 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
15:43:28.0067 0188 FileInfo - ok
15:43:28.0067 0188 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
15:43:28.0098 0188 Filetrace - ok
15:43:28.0098 0188 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
15:43:28.0114 0188 flpydisk - ok
15:43:28.0129 0188 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
15:43:28.0145 0188 FltMgr - ok
15:43:28.0254 0188 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
15:43:28.0285 0188 FontCache - ok
15:43:28.0363 0188 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:43:28.0379 0188 FontCache3.0.0.0 - ok
15:43:28.0394 0188 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
15:43:28.0410 0188 FsDepends - ok
15:43:28.0426 0188 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
15:43:28.0441 0188 Fs_Rec - ok
15:43:28.0472 0188 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
15:43:28.0504 0188 fvevol - ok
15:43:28.0504 0188 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
15:43:28.0519 0188 gagp30kx - ok
15:43:28.0566 0188 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
15:43:28.0613 0188 gpsvc - ok
15:43:28.0613 0188 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
15:43:28.0628 0188 hcw85cir - ok
15:43:28.0675 0188 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
15:43:28.0691 0188 HdAudAddService - ok
15:43:28.0706 0188 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
15:43:28.0722 0188 HDAudBus - ok
15:43:28.0738 0188 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
15:43:28.0753 0188 HECI - ok
15:43:28.0753 0188 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
15:43:28.0769 0188 HidBatt - ok
15:43:28.0784 0188 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
15:43:28.0800 0188 HidBth - ok
15:43:28.0800 0188 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
15:43:28.0816 0188 HidIr - ok
15:43:28.0847 0188 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
15:43:28.0878 0188 hidserv - ok
15:43:28.0894 0188 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
15:43:28.0909 0188 HidUsb - ok
15:43:28.0940 0188 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
15:43:28.0972 0188 hkmsvc - ok
15:43:28.0987 0188 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
15:43:29.0003 0188 HomeGroupListener - ok
15:43:29.0034 0188 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
15:43:29.0050 0188 HomeGroupProvider - ok
15:43:29.0190 0188 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:43:29.0190 0188 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
15:43:29.0190 0188 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
15:43:29.0221 0188 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:43:29.0221 0188 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
15:43:29.0221 0188 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
15:43:29.0252 0188 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
15:43:29.0268 0188 HpSAMD - ok
15:43:29.0330 0188 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
15:43:29.0362 0188 HTTP - ok
15:43:29.0377 0188 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
15:43:29.0393 0188 hwpolicy - ok
15:43:29.0408 0188 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
15:43:29.0424 0188 i8042prt - ok
15:43:29.0502 0188 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:43:29.0533 0188 IAANTMON - ok
15:43:29.0564 0188 iaStor (0baa4115dfffd6a6d809a89d65e1281a) C:\windows\system32\DRIVERS\iaStor.sys
15:43:29.0596 0188 iaStor - ok
15:43:29.0642 0188 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
15:43:29.0658 0188 iaStorV - ok
15:43:29.0767 0188 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:43:29.0798 0188 idsvc - ok
15:43:29.0908 0188 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
15:43:29.0939 0188 iirsp - ok
15:43:30.0001 0188 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
15:43:30.0064 0188 IKEEXT - ok
15:43:30.0079 0188 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\windows\system32\DRIVERS\Impcd.sys
15:43:30.0079 0188 Impcd - ok
15:43:30.0313 0188 IntcAzAudAddService (97fa95e4f486f37d60ad3744d86f3d7e) C:\windows\system32\drivers\RTKVHDA.sys
15:43:30.0376 0188 IntcAzAudAddService - ok
15:43:30.0516 0188 IntcDAud (29061f25abb6e60a5b49fbeed7a5698a) C:\windows\system32\DRIVERS\IntcDAud.sys
15:43:30.0532 0188 IntcDAud - ok
15:43:30.0563 0188 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
15:43:30.0578 0188 intelide - ok
15:43:31.0015 0188 intelkmd (faf70667be6d1e1ffbacc8d4fc15d645) C:\windows\system32\DRIVERS\igdpmd32.sys
15:43:31.0093 0188 intelkmd - ok
15:43:31.0249 0188 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
15:43:31.0280 0188 intelppm - ok
15:43:31.0312 0188 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
15:43:31.0358 0188 IPBusEnum - ok
15:43:31.0358 0188 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:43:31.0390 0188 IpFilterDriver - ok
15:43:31.0436 0188 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
15:43:31.0468 0188 iphlpsvc - ok
15:43:31.0499 0188 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
15:43:31.0499 0188 IPMIDRV - ok
15:43:31.0530 0188 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
15:43:31.0577 0188 IPNAT - ok
15:43:31.0592 0188 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
15:43:31.0608 0188 IRENUM - ok
15:43:31.0624 0188 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
15:43:31.0639 0188 isapnp - ok
15:43:31.0670 0188 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
15:43:31.0702 0188 iScsiPrt - ok
15:43:31.0717 0188 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
15:43:31.0717 0188 kbdclass - ok
15:43:31.0733 0188 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
15:43:31.0748 0188 kbdhid - ok
15:43:31.0764 0188 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:43:31.0780 0188 KeyIso - ok
15:43:31.0811 0188 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
15:43:31.0826 0188 KSecDD - ok
15:43:31.0842 0188 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
15:43:31.0858 0188 KSecPkg - ok
15:43:31.0904 0188 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
15:43:31.0951 0188 KtmRm - ok
15:43:31.0982 0188 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
15:43:32.0014 0188 LanmanServer - ok
15:43:32.0045 0188 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
15:43:32.0060 0188 LanmanWorkstation - ok
15:43:32.0092 0188 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
15:43:32.0123 0188 lltdio - ok
15:43:32.0154 0188 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
15:43:32.0185 0188 lltdsvc - ok
15:43:32.0201 0188 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
15:43:32.0216 0188 lmhosts - ok
15:43:32.0310 0188 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:43:32.0341 0188 LMS - ok
15:43:32.0357 0188 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
15:43:32.0372 0188 LSI_FC - ok
15:43:32.0388 0188 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
15:43:32.0404 0188 LSI_SAS - ok
15:43:32.0419 0188 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
15:43:32.0435 0188 LSI_SAS2 - ok
15:43:32.0435 0188 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
15:43:32.0450 0188 LSI_SCSI - ok
15:43:32.0466 0188 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
15:43:32.0497 0188 luafv - ok
15:43:32.0513 0188 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
15:43:32.0528 0188 MBAMProtector - ok
15:43:32.0622 0188 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:43:32.0653 0188 MBAMService - ok
15:43:32.0669 0188 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
15:43:32.0684 0188 Mcx2Svc - ok
15:43:32.0716 0188 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
15:43:32.0716 0188 megasas - ok
15:43:32.0747 0188 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
15:43:32.0762 0188 MegaSR - ok
15:43:32.0809 0188 Micro Star SCM (71c6748ee8de938532057ef10b4b7e44) C:\Program Files\System Control Manager\MSIService.exe
15:43:32.0825 0188 Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
15:43:32.0825 0188 Micro Star SCM - detected UnsignedFile.Multi.Generic (1)
15:43:32.0840 0188 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
15:43:32.0887 0188 MMCSS - ok
15:43:32.0903 0188 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
15:43:32.0934 0188 Modem - ok
15:43:32.0934 0188 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
15:43:32.0950 0188 monitor - ok
15:43:32.0981 0188 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
15:43:32.0996 0188 mouclass - ok
15:43:32.0996 0188 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
15:43:33.0012 0188 mouhid - ok
15:43:33.0043 0188 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
15:43:33.0059 0188 mountmgr - ok
15:43:33.0074 0188 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
15:43:33.0090 0188 mpio - ok
15:43:33.0106 0188 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
15:43:33.0137 0188 mpsdrv - ok
15:43:33.0215 0188 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
15:43:33.0262 0188 MpsSvc - ok
15:43:33.0293 0188 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
15:43:33.0308 0188 MRxDAV - ok
15:43:33.0355 0188 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
15:43:33.0371 0188 mrxsmb - ok
15:43:33.0402 0188 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:43:33.0418 0188 mrxsmb10 - ok
15:43:33.0449 0188 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:43:33.0464 0188 mrxsmb20 - ok
15:43:33.0496 0188 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
15:43:33.0511 0188 msahci - ok
15:43:33.0542 0188 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
15:43:33.0558 0188 msdsm - ok
15:43:33.0589 0188 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
15:43:33.0605 0188 MSDTC - ok
15:43:33.0620 0188 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
15:43:33.0652 0188 Msfs - ok
15:43:33.0667 0188 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
15:43:33.0683 0188 mshidkmdf - ok
15:43:33.0714 0188 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
15:43:33.0730 0188 msisadrv - ok
15:43:33.0761 0188 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
15:43:33.0792 0188 MSiSCSI - ok
15:43:33.0792 0188 msiserver - ok
15:43:33.0870 0188 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\Program Files\MSI\Live Update 5\msibios32_100507.sys
15:43:33.0886 0188 MSI_MSIBIOS_010507 - ok
15:43:33.0901 0188 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
15:43:33.0948 0188 MSKSSRV - ok
15:43:33.0964 0188 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
15:43:33.0995 0188 MSPCLOCK - ok
15:43:34.0010 0188 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
15:43:34.0026 0188 MSPQM - ok
15:43:34.0057 0188 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
15:43:34.0073 0188 MsRPC - ok
15:43:34.0104 0188 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
15:43:34.0104 0188 mssmbios - ok
15:43:34.0135 0188 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
15:43:34.0166 0188 MSTEE - ok
15:43:34.0166 0188 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
15:43:34.0182 0188 MTConfig - ok
15:43:34.0198 0188 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
15:43:34.0213 0188 Mup - ok
15:43:34.0244 0188 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
15:43:34.0276 0188 napagent - ok
15:43:34.0307 0188 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
15:43:34.0338 0188 NativeWifiP - ok
15:43:34.0400 0188 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
15:43:34.0416 0188 NDIS - ok
15:43:34.0447 0188 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
15:43:34.0478 0188 NdisCap - ok
15:43:34.0478 0188 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
15:43:34.0510 0188 NdisTapi - ok
15:43:34.0525 0188 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
15:43:34.0556 0188 Ndisuio - ok
15:43:34.0588 0188 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
15:43:34.0603 0188 NdisWan - ok
15:43:34.0634 0188 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
15:43:34.0666 0188 NDProxy - ok
15:43:34.0697 0188 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\windows\system32\HPZinw12.dll
15:43:34.0697 0188 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:43:34.0697 0188 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:43:34.0712 0188 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
15:43:34.0744 0188 NetBIOS - ok
15:43:34.0790 0188 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
15:43:34.0822 0188 NetBT - ok
15:43:34.0837 0188 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:43:34.0853 0188 Netlogon - ok
15:43:34.0900 0188 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
15:43:34.0931 0188 Netman - ok
15:43:34.0962 0188 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
15:43:34.0993 0188 netprofm - ok
15:43:35.0056 0188 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:43:35.0087 0188 NetTcpPortSharing - ok
15:43:35.0102 0188 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
15:43:35.0134 0188 nfrd960 - ok
15:43:35.0165 0188 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
15:43:35.0196 0188 NlaSvc - ok
15:43:35.0212 0188 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
15:43:35.0227 0188 Npfs - ok
15:43:35.0258 0188 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
15:43:35.0290 0188 nsi - ok
15:43:35.0305 0188 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
15:43:35.0321 0188 nsiproxy - ok
15:43:35.0414 0188 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
15:43:35.0461 0188 Ntfs - ok
15:43:35.0524 0188 NTIOLib_1_0_4 (cd2166c9511d336a058cde91778aaa69) C:\Program Files\msi\Live Update 5\NTIOLib.sys
15:43:35.0524 0188 NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - warning
15:43:35.0524 0188 NTIOLib_1_0_4 - detected UnsignedFile.Multi.Generic (1)
15:43:35.0664 0188 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
15:43:35.0695 0188 Null - ok
15:43:35.0726 0188 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
15:43:35.0742 0188 nvraid - ok
15:43:35.0773 0188 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
15:43:35.0789 0188 nvstor - ok
15:43:35.0804 0188 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
15:43:35.0804 0188 nv_agp - ok
15:43:35.0836 0188 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
15:43:35.0851 0188 ohci1394 - ok
15:43:35.0914 0188 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:43:35.0929 0188 ose - ok
15:43:36.0288 0188 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:43:36.0366 0188 osppsvc - ok
15:43:36.0522 0188 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
15:43:36.0600 0188 p2pimsvc - ok
15:43:36.0631 0188 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
15:43:36.0662 0188 p2psvc - ok
15:43:36.0740 0188 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
15:43:36.0787 0188 Parport - ok
15:43:36.0818 0188 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
15:43:36.0834 0188 partmgr - ok
15:43:36.0850 0188 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
15:43:36.0881 0188 Parvdm - ok
15:43:36.0928 0188 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
15:43:36.0959 0188 PcaSvc - ok
15:43:37.0006 0188 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
15:43:37.0037 0188 pci - ok
15:43:37.0052 0188 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
15:43:37.0052 0188 pciide - ok
15:43:37.0099 0188 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
15:43:37.0115 0188 pcmcia - ok
15:43:37.0115 0188 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
15:43:37.0130 0188 pcw - ok
15:43:37.0177 0188 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
15:43:37.0271 0188 PEAUTH - ok
15:43:37.0411 0188 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
15:43:37.0474 0188 pla - ok
15:43:37.0614 0188 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
15:43:37.0661 0188 PlugPlay - ok
15:43:37.0723 0188 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\windows\system32\HPZipm12.dll
15:43:37.0754 0188 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:43:37.0754 0188 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:43:37.0786 0188 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
15:43:37.0801 0188 PNRPAutoReg - ok
15:43:37.0832 0188 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
15:43:37.0864 0188 PNRPsvc - ok
15:43:37.0910 0188 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
15:43:37.0973 0188 PolicyAgent - ok
15:43:38.0004 0188 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
15:43:38.0082 0188 Power - ok
15:43:38.0160 0188 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
15:43:38.0207 0188 PptpMiniport - ok
15:43:38.0222 0188 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
15:43:38.0269 0188 Processor - ok
15:43:38.0300 0188 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll
15:43:38.0378 0188 ProfSvc - ok
15:43:38.0410 0188 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:43:38.0425 0188 ProtectedStorage - ok
15:43:38.0456 0188 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
15:43:38.0503 0188 Psched - ok
15:43:38.0612 0188 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
15:43:38.0722 0188 ql2300 - ok
15:43:38.0846 0188 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
15:43:38.0878 0188 ql40xx - ok
15:43:38.0909 0188 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
15:43:38.0940 0188 QWAVE - ok
15:43:38.0940 0188 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
15:43:38.0971 0188 QWAVEdrv - ok
15:43:39.0049 0188 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\windows\WindowsMobile\rapimgr.dll
15:43:39.0080 0188 RapiMgr - ok
15:43:39.0096 0188 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
15:43:39.0143 0188 RasAcd - ok
15:43:39.0190 0188 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
15:43:39.0252 0188 RasAgileVpn - ok
15:43:39.0283 0188 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
15:43:39.0346 0188 RasAuto - ok
15:43:39.0377 0188 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
15:43:39.0439 0188 Rasl2tp - ok
15:43:39.0486 0188 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
15:43:39.0533 0188 RasMan - ok
15:43:39.0548 0188 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
15:43:39.0595 0188 RasPppoe - ok
15:43:39.0626 0188 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
15:43:39.0704 0188 RasSstp - ok
15:43:39.0736 0188 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
15:43:39.0798 0188 rdbss - ok
15:43:39.0845 0188 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
15:43:39.0860 0188 rdpbus - ok
15:43:39.0892 0188 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
15:43:39.0938 0188 RDPCDD - ok
15:43:39.0970 0188 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
15:43:40.0016 0188 RDPENCDD - ok
15:43:40.0032 0188 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
15:43:40.0094 0188 RDPREFMP - ok
15:43:40.0141 0188 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
15:43:40.0204 0188 RDPWD - ok
15:43:40.0266 0188 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
15:43:40.0282 0188 rdyboost - ok
15:43:40.0313 0188 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
15:43:40.0344 0188 RemoteAccess - ok
15:43:40.0391 0188 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
15:43:40.0453 0188 RemoteRegistry - ok
15:43:40.0500 0188 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
15:43:40.0516 0188 RFCOMM - ok
15:43:40.0547 0188 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
15:43:40.0594 0188 RpcEptMapper - ok
15:43:40.0625 0188 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
15:43:40.0672 0188 RpcLocator - ok
15:43:40.0718 0188 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
15:43:40.0765 0188 RpcSs - ok
15:43:40.0796 0188 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
15:43:40.0874 0188 rspndr - ok
15:43:40.0906 0188 RTHDMIAzAudService (d82223ba9dc7ed479b61be2b521fb6e6) C:\windows\system32\drivers\RtHDMIV.sys
15:43:40.0937 0188 RTHDMIAzAudService - ok
15:43:40.0999 0188 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\windows\system32\DRIVERS\Rt86win7.sys
15:43:41.0030 0188 RTL8167 - ok
15:43:41.0046 0188 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:43:41.0062 0188 SamSs - ok
15:43:41.0093 0188 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
15:43:41.0124 0188 sbp2port - ok
15:43:41.0171 0188 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
15:43:41.0202 0188 SCardSvr - ok
15:43:41.0233 0188 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
15:43:41.0296 0188 scfilter - ok
15:43:41.0389 0188 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
15:43:41.0452 0188 Schedule - ok
15:43:41.0530 0188 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
15:43:41.0576 0188 SCPolicySvc - ok
15:43:41.0608 0188 sdbus (0328be1c7f1cba23848179f8762e391c) C:\windows\system32\drivers\sdbus.sys
15:43:41.0639 0188 sdbus - ok
15:43:41.0686 0188 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
15:43:41.0748 0188 SDRSVC - ok
15:43:41.0842 0188 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:43:41.0857 0188 SeaPort - ok
15:43:41.0904 0188 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
15:43:41.0951 0188 secdrv - ok
15:43:41.0966 0188 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
15:43:42.0013 0188 seclogon - ok
15:43:42.0044 0188 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
15:43:42.0091 0188 SENS - ok
15:43:42.0122 0188 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
15:43:42.0169 0188 SensrSvc - ok
15:43:42.0185 0188 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
15:43:42.0232 0188 Serenum - ok
15:43:42.0247 0188 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
15:43:42.0294 0188 Serial - ok
15:43:42.0325 0188 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
15:43:42.0356 0188 sermouse - ok
15:43:42.0403 0188 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
15:43:42.0450 0188 SessionEnv - ok
15:43:42.0466 0188 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
15:43:42.0497 0188 sffdisk - ok
15:43:42.0512 0188 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
15:43:42.0544 0188 sffp_mmc - ok
15:43:42.0559 0188 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
15:43:42.0590 0188 sffp_sd - ok
15:43:42.0637 0188 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
15:43:42.0668 0188 sfloppy - ok
15:43:42.0731 0188 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
15:43:42.0762 0188 SharedAccess - ok
15:43:42.0809 0188 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
15:43:42.0871 0188 ShellHWDetection - ok
15:43:42.0918 0188 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
15:43:42.0934 0188 sisagp - ok
15:43:42.0965 0188 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
15:43:42.0980 0188 SiSRaid2 - ok
15:43:42.0980 0188 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
15:43:42.0996 0188 SiSRaid4 - ok
15:43:43.0012 0188 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
15:43:43.0058 0188 Smb - ok
15:43:43.0152 0188 smserial (19301c27f3425dc39f6c599f527e507d) C:\windows\system32\DRIVERS\smserial.sys
15:43:43.0246 0188 smserial - ok
15:43:43.0292 0188 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
15:43:43.0308 0188 SNMPTRAP - ok
15:43:43.0308 0188 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
15:43:43.0324 0188 spldr - ok
15:43:43.0370 0188 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
15:43:43.0433 0188 Spooler - ok
15:43:43.0682 0188 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
15:43:43.0760 0188 sppsvc - ok
15:43:43.0901 0188 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
15:43:43.0963 0188 sppuinotify - ok
15:43:44.0026 0188 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
15:43:44.0088 0188 srv - ok
15:43:44.0135 0188 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
15:43:44.0166 0188 srv2 - ok
15:43:44.0197 0188 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
15:43:44.0244 0188 srvnet - ok
15:43:44.0291 0188 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\windows\system32\DRIVERS\ssadbus.sys
15:43:44.0369 0188 ssadbus - ok
15:43:44.0384 0188 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\windows\system32\DRIVERS\ssadmdfl.sys
15:43:44.0462 0188 ssadmdfl - ok
15:43:44.0494 0188 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\windows\system32\DRIVERS\ssadmdm.sys
15:43:44.0556 0188 ssadmdm - ok
15:43:44.0603 0188 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
15:43:44.0665 0188 SSDPSRV - ok
15:43:44.0696 0188 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
15:43:44.0712 0188 ssmdrv - ok
15:43:44.0728 0188 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
15:43:44.0774 0188 SstpSvc - ok
15:43:44.0806 0188 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
15:43:44.0821 0188 stexstor - ok
15:43:44.0884 0188 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
15:43:44.0946 0188 StiSvc - ok
15:43:44.0962 0188 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
15:43:44.0977 0188 swenum - ok
15:43:45.0024 0188 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
15:43:45.0086 0188 swprv - ok
15:43:45.0196 0188 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
15:43:45.0242 0188 SysMain - ok
15:43:45.0274 0188 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
15:43:45.0305 0188 TabletInputService - ok
15:43:45.0336 0188 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
15:43:45.0383 0188 TapiSrv - ok
15:43:45.0398 0188 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
15:43:45.0445 0188 TBS - ok
15:43:45.0601 0188 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
15:43:45.0679 0188 Tcpip - ok
15:43:45.0913 0188 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
15:43:45.0944 0188 TCPIP6 - ok
15:43:46.0069 0188 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
15:43:46.0116 0188 tcpipreg - ok
15:43:46.0163 0188 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
15:43:46.0225 0188 TDPIPE - ok
15:43:46.0241 0188 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
15:43:46.0256 0188 TDTCP - ok
15:43:46.0288 0188 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
15:43:46.0350 0188 tdx - ok
15:43:46.0397 0188 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
15:43:46.0412 0188 TermDD - ok
15:43:46.0475 0188 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
15:43:46.0537 0188 TermService - ok
15:43:46.0568 0188 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
15:43:46.0584 0188 Themes - ok
15:43:46.0615 0188 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
15:43:46.0646 0188 THREADORDER - ok
15:43:46.0678 0188 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
15:43:46.0724 0188 TrkWks - ok
15:43:46.0802 0188 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
15:43:46.0865 0188 TrustedInstaller - ok
15:43:46.0880 0188 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
15:43:46.0927 0188 tssecsrv - ok
15:43:47.0005 0188 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
15:43:47.0068 0188 TsUsbFlt - ok
15:43:47.0114 0188 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
15:43:47.0177 0188 tunnel - ok
15:43:47.0224 0188 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
15:43:47.0239 0188 uagp35 - ok
15:43:47.0270 0188 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
15:43:47.0348 0188 udfs - ok
15:43:47.0380 0188 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
15:43:47.0411 0188 UI0Detect - ok
15:43:47.0442 0188 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
15:43:47.0473 0188 uliagpkx - ok
15:43:47.0489 0188 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
15:43:47.0504 0188 umbus - ok
15:43:47.0536 0188 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
15:43:47.0551 0188 UmPass - ok
15:43:47.0801 0188 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:43:47.0894 0188 UNS - ok
15:43:48.0019 0188 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
15:43:48.0097 0188 upnphost - ok
15:43:48.0144 0188 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\drivers\usbccgp.sys
15:43:48.0206 0188 usbccgp - ok
15:43:48.0238 0188 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
15:43:48.0284 0188 usbcir - ok
15:43:48.0331 0188 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
15:43:48.0347 0188 usbehci - ok
15:43:48.0378 0188 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
15:43:48.0440 0188 usbhub - ok
15:43:48.0456 0188 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
15:43:48.0503 0188 usbohci - ok
15:43:48.0534 0188 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
15:43:48.0581 0188 usbprint - ok
15:43:48.0628 0188 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
15:43:48.0659 0188 usbscan - ok
15:43:48.0690 0188 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\drivers\USBSTOR.SYS
15:43:48.0737 0188 USBSTOR - ok
15:43:48.0768 0188 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
15:43:48.0799 0188 usbuhci - ok
15:43:48.0830 0188 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
15:43:48.0908 0188 UxSms - ok
15:43:48.0924 0188 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:43:48.0940 0188 VaultSvc - ok
15:43:48.0971 0188 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
15:43:48.0986 0188 vdrvroot - ok
15:43:49.0033 0188 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
15:43:49.0096 0188 vds - ok
15:43:49.0127 0188 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
15:43:49.0158 0188 vga - ok
15:43:49.0174 0188 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
15:43:49.0189 0188 VgaSave - ok
15:43:49.0236 0188 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
15:43:49.0267 0188 vhdmp - ok
15:43:49.0298 0188 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
15:43:49.0314 0188 viaagp - ok
15:43:49.0345 0188 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
15:43:49.0376 0188 ViaC7 - ok
15:43:49.0423 0188 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
15:43:49.0454 0188 viaide - ok
15:43:49.0470 0188 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
15:43:49.0470 0188 volmgr - ok
15:43:49.0517 0188 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
15:43:49.0579 0188 volmgrx - ok
15:43:49.0626 0188 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
15:43:49.0657 0188 volsnap - ok
15:43:49.0704 0188 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
15:43:49.0735 0188 vsmraid - ok
15:43:49.0829 0188 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
15:43:49.0891 0188 VSS - ok
15:43:49.0907 0188 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
15:43:49.0922 0188 vwifibus - ok
15:43:49.0938 0188 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
15:43:49.0954 0188 vwififlt - ok
15:43:50.0000 0188 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
15:43:50.0016 0188 vwifimp - ok
15:43:50.0063 0188 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
15:43:50.0125 0188 W32Time - ok
15:43:50.0125 0188 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
15:43:50.0156 0188 WacomPen - ok
15:43:50.0203 0188 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
15:43:50.0266 0188 WANARP - ok
15:43:50.0266 0188 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
15:43:50.0297 0188 Wanarpv6 - ok
15:43:50.0422 0188 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
15:43:50.0468 0188 wbengine - ok
15:43:50.0500 0188 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
15:43:50.0515 0188 WbioSrvc - ok
15:43:50.0578 0188 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\windows\WindowsMobile\wcescomm.dll
15:43:50.0624 0188 WcesComm - ok
15:43:50.0656 0188 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
15:43:50.0687 0188 wcncsvc - ok
15:43:50.0718 0188 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
15:43:50.0780 0188 WcsPlugInService - ok
15:43:50.0858 0188 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
15:43:50.0874 0188 Wd - ok
15:43:50.0905 0188 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
15:43:50.0952 0188 Wdf01000 - ok
15:43:50.0983 0188 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
15:43:51.0077 0188 WdiServiceHost - ok
15:43:51.0077 0188 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
15:43:51.0108 0188 WdiSystemHost - ok
15:43:51.0139 0188 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
15:43:51.0155 0188 WebClient - ok
15:43:51.0186 0188 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
15:43:51.0217 0188 Wecsvc - ok
15:43:51.0248 0188 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
15:43:51.0311 0188 wercplsupport - ok
15:43:51.0358 0188 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
15:43:51.0389 0188 WerSvc - ok
15:43:51.0404 0188 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
15:43:51.0467 0188 WfpLwf - ok
15:43:51.0514 0188 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
15:43:51.0529 0188 WIMMount - ok
15:43:51.0623 0188 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:43:51.0716 0188 WinDefend - ok
15:43:51.0732 0188 WinHttpAutoProxySvc - ok
15:43:51.0794 0188 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
15:43:51.0857 0188 Winmgmt - ok
15:43:51.0966 0188 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
15:43:52.0044 0188 WinRM - ok
15:43:52.0153 0188 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\drivers\WinUSB.SYS
15:43:52.0200 0188 WINUSB - ok
15:43:52.0278 0188 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
15:43:52.0340 0188 Wlansvc - ok
15:43:52.0372 0188 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
15:43:52.0418 0188 WmiAcpi - ok
15:43:52.0481 0188 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
15:43:52.0528 0188 wmiApSrv - ok
15:43:52.0684 0188 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:43:52.0762 0188 WMPNetworkSvc - ok
15:43:52.0871 0188 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
15:43:52.0902 0188 WPCSvc - ok
15:43:52.0918 0188 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
15:43:52.0996 0188 WPDBusEnum - ok
15:43:53.0058 0188 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
15:43:53.0120 0188 ws2ifsl - ok
15:43:53.0167 0188 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll
15:43:53.0214 0188 wscsvc - ok
15:43:53.0214 0188 WSearch - ok
15:43:53.0386 0188 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
15:43:53.0448 0188 wuauserv - ok
15:43:53.0573 0188 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
15:43:53.0651 0188 WudfPf - ok
15:43:53.0713 0188 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
15:43:53.0776 0188 WUDFRd - ok
15:43:53.0807 0188 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
15:43:53.0854 0188 wudfsvc - ok
15:43:53.0900 0188 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
15:43:53.0947 0188 WwanSvc - ok
15:43:53.0994 0188 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:43:54.0415 0188 \Device\Harddisk0\DR0 - ok
15:43:54.0431 0188 Boot (0x1200) (bcfb390c95a188b4f8ad4d50a950cb4a) \Device\Harddisk0\DR0\Partition0
15:43:54.0431 0188 \Device\Harddisk0\DR0\Partition0 - ok
15:43:54.0462 0188 Boot (0x1200) (aee078fdf92e36efa5bbf64cd7f46bb9) \Device\Harddisk0\DR0\Partition1
15:43:54.0462 0188 \Device\Harddisk0\DR0\Partition1 - ok
15:43:54.0462 0188 ============================================================
15:43:54.0462 0188 Scan finished
15:43:54.0462 0188 ============================================================
15:43:54.0478 3272 Detected object count: 7
15:43:54.0478 3272 Actual detected object count: 7
15:50:50.0998 3272 aswRdr ( ForgedFile.Multi.Generic ) - skipped by user
15:50:50.0998 3272 aswRdr ( ForgedFile.Multi.Generic ) - User select action: Skip
15:50:50.0998 3272 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
15:50:50.0998 3272 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:50:50.0998 3272 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:50:50.0998 3272 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:50:51.0014 3272 Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
15:50:51.0014 3272 Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:50:51.0014 3272 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:50:51.0014 3272 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:50:51.0014 3272 NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - skipped by user
15:50:51.0014 3272 NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:50:51.0014 3272 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:50:51.0014 3272 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
20.06.2012, 15:39
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschlüsselungs-Trojaner auf Win7 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.06.2012, 12:53
| #13 |
| | Windows-Verschlüsselungs-Trojaner auf Win7 combofix.txt Code:
ATTFilter ComboFix 12-06-21.01 - Ari 21.06.2012 8:56.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3246.1972 [GMT 2:00]
ausgeführt von:: c:\users\Ari\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ari\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-21 bis 2012-06-21 ))))))))))))))))))))))))))))))
.
.
2012-06-21 07:01 . 2012-06-21 07:13 -------- d-----w- c:\users\Ari\AppData\Local\temp
2012-06-21 07:01 . 2012-06-21 07:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-19 18:09 . 2012-06-19 18:09 -------- d-----w- c:\windows\system32\SPReview
2012-06-19 18:08 . 2012-06-19 18:08 -------- d-----w- c:\windows\system32\EventProviders
2012-06-18 10:58 . 2012-06-18 10:58 -------- d-----w- c:\program files\ESET
2012-06-14 14:29 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 14:29 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 14:29 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 14:29 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 14:29 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 14:29 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 14:29 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 14:29 . 2010-11-20 12:20 28672 ----a-w- c:\windows\system32\profprov.dll
2012-06-14 14:29 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 14:29 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 14:29 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 13:59 . 2012-06-12 13:59 -------- d-----w- c:\program files\Common Files\Java
2012-06-12 13:58 . 2012-06-12 13:58 -------- d-----w- c:\program files\Oracle
2012-06-12 13:57 . 2012-04-04 16:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-12 13:57 . 2012-04-04 16:47 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-12 13:57 . 2012-06-12 13:57 -------- d-----w- c:\program files\Java
2012-06-12 12:43 . 2012-06-12 12:43 -------- d-----w- c:\users\Ari\AppData\Roaming\Malwarebytes
2012-06-12 12:43 . 2012-06-12 12:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-12 12:43 . 2012-06-12 12:43 -------- d-----w- c:\programdata\Malwarebytes
2012-06-12 12:43 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-26 19:11 . 2012-05-26 19:11 -------- d-----w- c:\users\Ari\AppData\Roaming\Avira
2012-05-26 19:04 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-26 19:04 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-26 19:04 . 2012-04-16 19:17 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-26 19:04 . 2012-05-26 19:06 -------- d-----w- c:\programdata\Avira
2012-05-26 19:04 . 2012-05-26 19:04 -------- d-----w- c:\program files\Avira
2012-05-25 11:50 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{035046B4-6A7E-45F8-B9C8-99B57B6AC79D}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 18:38 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-03-31 04:39 . 2012-05-09 14:32 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 14:32 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-09 14:33 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-28 20:11 . 2012-05-01 14:54 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-03-28 20:11 . 2012-03-28 20:11 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-03-28 20:11 . 2012-03-28 20:11 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-03-28 20:11 . 2012-03-28 20:11 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-03-28 20:11 . 2012-03-28 20:11 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-03-28 20:11 . 2012-03-28 20:11 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-03-28 20:11 . 2012-03-28 20:11 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-03-28 20:11 . 2012-03-28 20:11 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-03-28 20:11 . 2012-03-28 20:11 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-03-28 20:11 . 2012-03-28 20:11 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-03-28 20:11 . 2012-03-28 20:11 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-03-28 20:11 . 2012-03-28 20:11 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-03-28 20:11 . 2012-03-28 20:11 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-03-28 20:11 . 2012-03-28 20:11 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-03-28 20:11 . 2012-03-28 20:11 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-03-28 20:11 . 2012-03-28 20:11 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-03-28 20:11 . 2012-03-28 20:11 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-03-28 20:11 . 2012-03-28 20:11 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-03-28 20:11 . 2012-03-28 20:11 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-03-28 20:11 . 2012-03-28 20:11 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-03-28 20:11 . 2012-03-28 20:11 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-03-28 20:11 . 2012-03-28 20:11 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-03-28 20:11 . 2012-05-01 14:54 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-11-15 17:09 . 2010-08-23 17:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-03-31 954256]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-31 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-09 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-09 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-09 166424]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-10 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-03 8120864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-12-17 2396160]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-03-31 3521424]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Live Update 5"="c:\program files\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R1 aswSnx;aswSnx; [x]
R2 aswFsBlk;aswFsBlk;aswFsBlk.sys [x]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 82128]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [2010-05-10 25912]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\msi\Live Update 5\NTIOLib.sys [2010-10-20 7680]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 136808]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S1 aswSP;aswSP; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-11 242240]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-09 172032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-12-09 5147136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-12-09 121344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-29 209920]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-12-09 6229504]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Samsung\Kies\External\DeviceModules\DeviceManager.exe
c:\program files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-21 09:15:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-21 07:15
.
Vor Suchlauf: 8 Verzeichnis(se), 241.423.515.648 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 240.780.251.136 Bytes frei
.
- - End Of File - - 1DECD5607A36EDD93B472FCFA9DB38A5
|
|
21.06.2012, 14:40
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows-Verschlüsselungs-Trojaner auf Win7 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.06.2012, 14:45
| #15 |
| | Windows-Verschlüsselungs-Trojaner auf Win7 Das habe ich ja bereits gemacht. Siehe Beitrag vorher. |
|
| Themen zu Windows-Verschlüsselungs-Trojaner auf Win7 |
| administrator, anti-malware, appdata, audiodg.exe, autostart, avira searchfree toolbar, branding, bösartige, ccc.exe, code, dateien, dateisystem, daten, device driver, document, erfolgreich, explorer, gelöscht, heuristiks/extra, heuristiks/shuriken, locker, malwarebytes, microsoft, minute, mom.exe, ntdll.dll, plug-in, quarantäne, registrierung, roaming, searchscopes, software, speicher, test, trojan.fakealert, trojaner, version, version=1.0, win7, windows |
Button.
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Hybrid-Darstellung
