Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows-Verschlüsselungs-Trojaner auf Win7

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.06.2012, 15:31   #1
McManaman
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



Hallo,
auch wir haben uns den Trojaner eingefangen.

System: Windows 7, 32bit-Version

Hier die Daten des Scans:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org
 
Datenbank Version: v2012.06.12.03
 
Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Ari :: ARI-MSI [Administrator]
 
Schutz: Deaktiviert
 
12.06.2012 14:46:40
mbam-log-2012-06-12 (14-46-40).txt
 
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 366120
Laufzeit: 33 Minute(n), 47 Sekunde(n)
 
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|1470A94A (Trojan.Agent.SZ) -> Daten: C:\Users\Ari\AppData\Roaming\Xell\6BB6EB991470A94AFBEA.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien: 2
C:\Users\Ari\AppData\Roaming\Xell\6BB6EB991470A94AFBEA.exe (Trojan.Agent.SZ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 
(Ende)
         
Wie gehts jetzt weiter? Danke für die Hilfe.

Gruß
Dennis

Nach dem verschieben der Funde in Quarantäne kann ich zumindest wieder im normalen Windows-Modus arbeiten, ohne dass das Fenster zum bezahlen kommt.

OTL.txt

Code:
ATTFilter
OTL logfile created on: 6/13/2012 2:19:37 PM - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Ari\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.17 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 66.40% Memory free
6.34 Gb Paging File | 5.01 Gb Available in Paging File | 79.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 273.39 Gb Total Space | 229.00 Gb Free Space | 83.76% Space Free | Partition Type: NTFS
Drive D: | 182.27 Gb Total Space | 168.82 Gb Free Space | 92.62% Space Free | Partition Type: NTFS
 
Computer Name: ARI-MSI | User Name: Ari | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/06/13 14:11:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ari\Desktop\OTL.exe
PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/04/24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/04/18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/31 04:38:14 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/03/31 04:38:12 | 000,954,256 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\KiesHelper.exe
PRC - [2012/03/28 22:12:02 | 000,694,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe
PRC - [2012/03/28 22:11:58 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe
PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/07/04 14:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/17 02:00:40 | 002,396,160 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2009/12/09 19:15:21 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/12/09 19:14:52 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/10/13 21:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/10 01:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/12 09:21:21 | 002,295,296 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c366ebd7f33816762268154efc68176d\System.Core.ni.dll
MOD - [2012/05/09 19:00:53 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 19:00:52 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c06efd2e3e05e4e3231904d543240c20\System.ServiceProcess.ni.dll
MOD - [2012/05/09 19:00:36 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\fe88a64f62eb6afc6dfc945fc335b92b\System.Web.ni.dll
MOD - [2012/05/09 19:00:23 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 19:00:20 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\558fa6c6131f14af258f94291a5d19d6\System.EnterpriseServices.ni.dll
MOD - [2012/05/09 19:00:17 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\61fbbd8bc7d76972115b292b132ff2d1\System.Transactions.ni.dll
MOD - [2012/05/09 19:00:14 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll
MOD - [2012/05/09 18:59:38 | 014,325,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\64e140108933b8090472da1a76b78c20\PresentationFramework.ni.dll
MOD - [2012/05/09 18:59:22 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9e953ea4e76b62ab1c4a1874abae2961\System.Windows.Forms.ni.dll
MOD - [2012/05/09 18:59:15 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bbf2cf8dd0409f1ccc989406e2942dac\System.Drawing.ni.dll
MOD - [2012/05/09 18:59:11 | 012,218,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b6370d1903505abc171c968e357fe1bf\PresentationCore.ni.dll
MOD - [2012/05/09 18:59:01 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/09 18:58:55 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/09 18:58:51 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/09 18:58:49 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/09 18:58:38 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/03/30 03:23:38 | 000,079,872 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FileService.dll
MOD - [2012/03/30 03:21:48 | 014,144,512 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
MOD - [2012/03/30 03:21:18 | 000,486,912 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
MOD - [2012/03/30 03:21:12 | 000,034,304 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
MOD - [2012/03/29 18:44:34 | 000,022,528 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
MOD - [2012/03/28 22:13:12 | 000,037,376 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\ASF_cSharpAPI.dll
MOD - [2012/03/28 22:12:04 | 000,839,680 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\System.Data.SQLite.dll
MOD - [2012/03/28 22:12:00 | 000,712,704 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\DeviceModules\SHOWDRM_UCC.dll
MOD - [2012/03/28 22:11:58 | 000,237,568 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\DeviceModules\drmcm.dll
MOD - [2012/03/28 22:11:28 | 000,720,896 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\LDBCShConv.dll
MOD - [2010/01/29 23:30:10 | 000,249,856 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010/01/29 23:30:00 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll
MOD - [2010/01/29 23:29:59 | 000,167,936 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2010/01/29 23:29:56 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010/01/29 23:29:55 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/01/29 23:29:53 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010/01/29 23:20:28 | 000,372,736 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3630.42316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:28 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3630.42335__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/01/29 23:20:28 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3630.42330__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/01/29 23:20:27 | 001,708,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3630.42432__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2010/01/29 23:20:27 | 000,827,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3630.42360__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:27 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3630.42404__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/01/29 23:20:27 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3630.42380__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/01/29 23:20:27 | 000,356,352 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3630.42371__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:27 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3630.42335__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:27 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3630.42403__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:27 | 000,102,400 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3630.42413__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:27 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:27 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3630.42372__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/01/29 23:20:27 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3630.42364__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:27 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3630.42385__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:27 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3630.42324__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3630.42404__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3630.42371__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3630.42367__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:27 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3630.42427__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:27 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3630.42403__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:27 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3630.42358__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:27 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3630.42325__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:27 | 000,019,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3630.42413__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:27 | 000,013,312 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3630.42432__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:26 | 001,142,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3630.42428__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:26 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3630.42336__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:26 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:26 | 000,372,736 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3630.42354__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:26 | 000,323,584 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3630.42366__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:26 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3630.42340__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010/01/29 23:20:26 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:26 | 000,151,552 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/01/29 23:20:26 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3630.42358__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:26 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3630.42364__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3630.42340__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:26 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3630.42365__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:26 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3622.19962__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/01/29 23:20:26 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3622.19963__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/01/29 23:20:26 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3622.19993__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/01/29 23:20:26 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3622.19964__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3622.19965__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3622.19974__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3622.19966__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3622.19978__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3622.19975__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3622.19967__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3622.19974__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/01/29 23:20:25 | 001,220,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3630.42320__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/01/29 23:20:25 | 000,741,376 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3630.42427__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010/01/29 23:20:25 | 000,565,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3630.42393__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010/01/29 23:20:25 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3630.42329__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/01/29 23:20:25 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3630.42398__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/01/29 23:20:25 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3630.42397__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/01/29 23:20:25 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3630.42314__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3630.42312__90ba9c70f846762e\APM.Server.dll
MOD - [2010/01/29 23:20:25 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3630.42315__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/01/29 23:20:25 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3622.19977__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3622.19970__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3630.42313__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3630.42409__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3622.19967__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/01/29 23:20:25 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3622.19972__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3622.19974__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3622.19977__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3622.19964__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3622.19967__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3622.19968__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3622.19967__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/01/29 23:20:25 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3630.42398__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/01/29 23:20:25 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3630.42313__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/08/31 23:56:04 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/06/10 23:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 23:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2006/09/14 09:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR 3.61 Multi\rarext.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/04 14:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Start_Pending] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/09 19:14:52 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/07/10 01:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] --  -- (aswTdi)
DRV - File not found [File_System | Auto | Stopped] -- aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/11 19:25:26 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/07/04 14:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 14:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 14:32:32 | 000,025,432 | ---- | M] () [Kernel | System | Stopped] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 14:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/06/02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/06/02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/06/02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/09 21:39:45 | 005,147,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009/12/09 18:22:19 | 000,121,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/12/09 17:02:47 | 006,229,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd)
DRV - [2009/12/05 03:50:02 | 000,082,128 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009/10/30 00:55:30 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009/10/26 06:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/10/05 03:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/25 04:13:12 | 000,159,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/09/17 06:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/07/14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/05/27 00:32:02 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{9606359B-FBEA-4B26-98FB-5C31BB188E00}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKCU\..\SearchScopes\{C2880F9E-025D-45DB-9D95-45DA92779E06}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=57b62a2b-5ac0-4585-8fe3-c66f2f30b9fa&apn_sauid=E8923FAA-3A1C-4E85-83F0-C26B603B87CF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/17 20:27:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/23 19:31:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/17 20:27:21 | 000,000,000 | ---D | M]
 
[2010/07/02 18:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ari\AppData\Roaming\mozilla\Extensions
[2012/06/12 14:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions
[2012/05/26 21:06:28 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com
[2010/06/08 11:29:10 | 000,000,927 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\efouTAgfxqjyLerasJgvL
[2012/05/26 21:06:28 | 000,002,344 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\ounpaeyLUssXDus
[2010/08/23 19:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/11/15 19:09:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/15 15:00:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/05/22 19:56:44 | 000,003,659 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/11/15 14:51:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/15 15:00:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/15 15:00:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/15 15:00:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/15 15:00:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D5FA4A3-4169-43CD-B417-D638ADEBE03F}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CB108C4-C3A3-4681-A8BC-B4F03C71BD96}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell - "" = AutoRun
O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/13 14:11:16 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ari\Desktop\OTL.exe
[2012/06/12 15:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/12 15:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/12 15:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/12 15:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/12 14:43:51 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Malwarebytes
[2012/06/12 14:43:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/03 16:31:12 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Xell
[2012/05/26 21:11:52 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Avira
[2012/05/26 21:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/05/26 21:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/05/26 21:04:50 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012/05/26 21:04:50 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012/05/26 21:04:50 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2012/05/26 21:04:50 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012/05/26 21:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/05/26 21:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/05/21 18:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/05/20 13:52:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/05/20 13:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/05/20 13:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/05/17 20:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2012/05/17 20:36:24 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Local\HP
[2012/05/17 20:33:26 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\HP
[2012/05/17 20:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012/05/17 20:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012/05/17 20:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/05/17 20:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2012/05/17 20:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/05/17 20:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/13 14:17:54 | 000,000,156 | ---- | M] () -- C:\Users\Ari\defogger_reenable
[2012/06/13 14:13:24 | 000,022,672 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 14:13:24 | 000,022,672 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 14:11:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ari\Desktop\OTL.exe
[2012/06/13 14:10:33 | 000,050,477 | ---- | M] () -- C:\Users\Ari\Desktop\Defogger.exe
[2012/06/13 14:01:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/13 14:01:19 | 2552,381,440 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/12 14:06:45 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2012/05/26 21:06:36 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/05/25 13:47:34 | 000,014,033 | ---- | M] () -- C:\Users\Ari\Desktop\LUaVplOssqxGQasfX
[2012/05/18 16:17:53 | 000,378,168 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/05/17 20:33:13 | 000,181,697 | ---- | M] () -- C:\windows\hpoins28.dat
[2012/05/17 20:27:08 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk
[2012/05/17 20:26:45 | 000,001,319 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012/05/17 20:26:28 | 000,002,079 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/05/14 16:56:27 | 000,694,430 | ---- | M] () -- C:\windows\System32\perfh00C.dat
[2012/05/14 16:56:27 | 000,693,454 | ---- | M] () -- C:\windows\System32\perfh00A.dat
[2012/05/14 16:56:27 | 000,689,108 | ---- | M] () -- C:\windows\System32\perfh010.dat
[2012/05/14 16:56:27 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/05/14 16:56:27 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/14 16:56:27 | 000,137,062 | ---- | M] () -- C:\windows\System32\perfc00A.dat
[2012/05/14 16:56:27 | 000,130,140 | ---- | M] () -- C:\windows\System32\perfc00C.dat
[2012/05/14 16:56:27 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/05/14 16:56:27 | 000,127,144 | ---- | M] () -- C:\windows\System32\perfc010.dat
[2012/05/14 16:56:27 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/06/13 14:17:53 | 000,000,156 | ---- | C] () -- C:\Users\Ari\defogger_reenable
[2012/06/13 14:10:32 | 000,050,477 | ---- | C] () -- C:\Users\Ari\Desktop\Defogger.exe
[2012/05/26 21:06:36 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/05/17 20:27:54 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2012/05/17 20:27:08 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk
[2012/05/17 20:26:45 | 000,001,319 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012/05/17 20:26:28 | 000,002,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/05/17 20:23:52 | 000,181,697 | ---- | C] () -- C:\windows\hpoins28.dat
[2012/05/17 20:23:52 | 000,000,442 | ---- | C] () -- C:\windows\hpomdl28.dat
[2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
[2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
[2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
[2012/03/11 19:56:26 | 000,025,432 | ---- | C] () -- C:\windows\System32\drivers\aswRdr.sys
 
========== LOP Check ==========
 
[2012/06/07 19:52:42 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\DAEMON Tools Lite
[2012/05/01 16:57:52 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Samsung
[2010/07/18 16:14:35 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Scan2PDF
[2012/06/12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Xell
[2012/05/21 18:37:25 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
         

Und hier Gmer.txt:

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-14 16:24:59
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000
Running: q0ncg1sr.exe; Driver: C:\Users\Ari\AppData\Local\Temp\fxldrpog.sys
 
 
---- System - GMER 1.0.15 ----
 
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwAllocateVirtualMemory [0x94995D8C]
SSDT            94EC864E                                                                                                               ZwCreateSection
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwFreeVirtualMemory [0x94995E3C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                  ZwProtectVirtualMemory [0x94995ED4]
SSDT            94EC8658                                                                                                               ZwRequestWaitReplyPort
SSDT            94EC8653                                                                                                               ZwSetContextThread
SSDT            94EC865D                                                                                                               ZwSetSecurityObject
SSDT            94EC8662                                                                                                               ZwSystemDebugControl
SSDT            94EC85EF                                                                                                               ZwTerminateProcess
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text           ntkrnlpa.exe!ZwRollbackTransaction + 13E9                                                                              8345D599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                 83482092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 23C                                                                                    8348988C 4 Bytes  [8C, 5D, 99, 94] {MOV WORD [EBP-0x67], DS; XCHG ESP, EAX}
.text           ntkrnlpa.exe!RtlSidHashLookup + 340                                                                                    83489990 4 Bytes  [4E, 86, EC, 94] {DEC ESI; XCHG AH, CH; XCHG ESP, EAX}
.text           ntkrnlpa.exe!RtlSidHashLookup + 3FC                                                                                    83489A4C 4 Bytes  [3C, 5E, 99, 94] {CMP AL, 0x5e; CDQ ; XCHG ESP, EAX}
.text           ntkrnlpa.exe!RtlSidHashLookup + 54C                                                                                    83489B9C 4 Bytes  [D4, 5E, 99, 94] {AAM 0x5e; CDQ ; XCHG ESP, EAX}
.text           ntkrnlpa.exe!RtlSidHashLookup + 69C                                                                                    83489CEC 4 Bytes  [58, 86, EC, 94] {POP EAX; XCHG AH, CH; XCHG ESP, EAX}
.text           ...                                                                                                                    
.text           C:\windows\system32\DRIVERS\atipmdag.sys                                                                               section is writeable [0x95440000, 0x2CBE50, 0xE8000020]
 
---- User code sections - GMER 1.0.15 ----
 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] ntdll.dll!LdrUnloadDll                   7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] ntdll.dll!LdrLoadDll                     7751F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] kernel32.dll!GetBinaryTypeW + 70         76CE78FC 1 Byte  [62]
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!UnhookWindowsHookEx           773FCC7B 5 Bytes  JMP 00200A08 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!UnhookWinEvent                773FD924 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!SetWindowsHookExW             7740210A 5 Bytes  JMP 00200804 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!SetWinEventHook               7740507E 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[424] USER32.dll!SetWindowsHookExA             77426DFA 5 Bytes  JMP 00200600 
.text           C:\windows\system32\csrss.exe[480] kernel32.dll!GetBinaryTypeW + 70                                                    76CE78FC 1 Byte  [62]
.text           C:\windows\system32\wininit.exe[548] ntdll.dll!LdrUnloadDll                                                            7751BD1F 5 Bytes  JMP 000303FC 
.text           C:\windows\system32\wininit.exe[548] ntdll.dll!LdrLoadDll                                                              7751F425 5 Bytes  JMP 000301F8 
.text           C:\windows\system32\wininit.exe[548] kernel32.dll!GetBinaryTypeW + 70                                                  76CE78FC 1 Byte  [62]
.text           C:\windows\system32\wininit.exe[548] USER32.dll!UnhookWindowsHookEx                                                    773FCC7B 5 Bytes  JMP 00050A08 
.text           C:\windows\system32\wininit.exe[548] USER32.dll!UnhookWinEvent                                                         773FD924 5 Bytes  JMP 000503FC 
.text           C:\windows\system32\wininit.exe[548] USER32.dll!SetWindowsHookExW                                                      7740210A 5 Bytes  JMP 00050804 
.text           C:\windows\system32\wininit.exe[548] USER32.dll!SetWinEventHook                                                        7740507E 5 Bytes  JMP 000501F8 
.text           C:\windows\system32\wininit.exe[548] USER32.dll!SetWindowsHookExA                                                      77426DFA 5 Bytes  JMP 00050600 
.text           C:\windows\system32\csrss.exe[560] kernel32.dll!GetBinaryTypeW + 70                                                    76CE78FC 1 Byte  [62]
.text           C:\windows\system32\services.exe[600] ntdll.dll!LdrUnloadDll                                                           7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\services.exe[600] ntdll.dll!LdrLoadDll                                                             7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\services.exe[600] kernel32.dll!GetBinaryTypeW + 70                                                 76CE78FC 1 Byte  [62]
.text           C:\windows\system32\services.exe[600] USER32.dll!UnhookWindowsHookEx                                                   773FCC7B 5 Bytes  JMP 00130A08 
.text           C:\windows\system32\services.exe[600] USER32.dll!UnhookWinEvent                                                        773FD924 5 Bytes  JMP 001303FC 
.text           C:\windows\system32\services.exe[600] USER32.dll!SetWindowsHookExW                                                     7740210A 5 Bytes  JMP 00130804 
.text           C:\windows\system32\services.exe[600] USER32.dll!SetWinEventHook                                                       7740507E 5 Bytes  JMP 001301F8 
.text           C:\windows\system32\services.exe[600] USER32.dll!SetWindowsHookExA                                                     77426DFA 5 Bytes  JMP 00130600 
.text           C:\windows\system32\svchost.exe[612] ntdll.dll!LdrUnloadDll                                                            7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[612] ntdll.dll!LdrLoadDll                                                              7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[612] kernel32.dll!GetBinaryTypeW + 70                                                  76CE78FC 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[612] USER32.dll!UnhookWindowsHookEx                                                    773FCC7B 5 Bytes  JMP 00420A08 
.text           C:\windows\system32\svchost.exe[612] USER32.dll!UnhookWinEvent                                                         773FD924 5 Bytes  JMP 004203FC 
.text           C:\windows\system32\svchost.exe[612] USER32.dll!SetWindowsHookExW                                                      7740210A 5 Bytes  JMP 00420804 
.text           C:\windows\system32\svchost.exe[612] USER32.dll!SetWinEventHook                                                        7740507E 5 Bytes  JMP 004201F8 
.text           C:\windows\system32\svchost.exe[612] USER32.dll!SetWindowsHookExA                                                      77426DFA 5 Bytes  JMP 00420600 
.text           C:\windows\system32\lsass.exe[628] ntdll.dll!LdrUnloadDll                                                              7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\lsass.exe[628] ntdll.dll!LdrLoadDll                                                                7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\lsass.exe[628] kernel32.dll!GetBinaryTypeW + 70                                                    76CE78FC 1 Byte  [62]
.text           C:\windows\system32\lsm.exe[636] ntdll.dll!LdrUnloadDll                                                                7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\lsm.exe[636] ntdll.dll!LdrLoadDll                                                                  7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\lsm.exe[636] kernel32.dll!GetBinaryTypeW + 70                                                      76CE78FC 1 Byte  [62]
.text           C:\windows\system32\winlogon.exe[696] ntdll.dll!LdrUnloadDll                                                           7751BD1F 5 Bytes  JMP 000303FC 
.text           C:\windows\system32\winlogon.exe[696] ntdll.dll!LdrLoadDll                                                             7751F425 5 Bytes  JMP 000301F8 
.text           C:\windows\system32\winlogon.exe[696] kernel32.dll!GetBinaryTypeW + 70                                                 76CE78FC 1 Byte  [62]
.text           C:\windows\system32\winlogon.exe[696] USER32.dll!UnhookWindowsHookEx                                                   773FCC7B 5 Bytes  JMP 000C0A08 
.text           C:\windows\system32\winlogon.exe[696] USER32.dll!UnhookWinEvent                                                        773FD924 5 Bytes  JMP 000C03FC 
.text           C:\windows\system32\winlogon.exe[696] USER32.dll!SetWindowsHookExW                                                     7740210A 5 Bytes  JMP 000C0804 
.text           C:\windows\system32\winlogon.exe[696] USER32.dll!SetWinEventHook                                                       7740507E 5 Bytes  JMP 000C01F8 
.text           C:\windows\system32\winlogon.exe[696] USER32.dll!SetWindowsHookExA                                                     77426DFA 5 Bytes  JMP 000C0600 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] ntdll.dll!LdrUnloadDll                 7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] ntdll.dll!LdrLoadDll                   7751F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] kernel32.dll!GetBinaryTypeW + 70       76CE78FC 1 Byte  [62]
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!UnhookWindowsHookEx         773FCC7B 5 Bytes  JMP 00200A08 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!UnhookWinEvent              773FD924 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!SetWindowsHookExW           7740210A 5 Bytes  JMP 00200804 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!SetWinEventHook             7740507E 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[748] USER32.dll!SetWindowsHookExA           77426DFA 5 Bytes  JMP 00200600 
.text           C:\windows\system32\svchost.exe[788] ntdll.dll!LdrUnloadDll                                                            7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[788] ntdll.dll!LdrLoadDll                                                              7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[788] kernel32.dll!GetBinaryTypeW + 70                                                  76CE78FC 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[788] USER32.dll!UnhookWindowsHookEx                                                    773FCC7B 5 Bytes  JMP 001C0A08 
.text           C:\windows\system32\svchost.exe[788] USER32.dll!UnhookWinEvent                                                         773FD924 5 Bytes  JMP 001C03FC 
.text           C:\windows\system32\svchost.exe[788] USER32.dll!SetWindowsHookExW                                                      7740210A 5 Bytes  JMP 001C0804 
.text           C:\windows\system32\svchost.exe[788] USER32.dll!SetWinEventHook                                                        7740507E 5 Bytes  JMP 001C01F8 
.text           C:\windows\system32\svchost.exe[788] USER32.dll!SetWindowsHookExA                                                      77426DFA 5 Bytes  JMP 001C0600 
.text           C:\windows\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll                                                            7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[852] ntdll.dll!LdrLoadDll                                                              7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[852] kernel32.dll!GetBinaryTypeW + 70                                                  76CE78FC 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[900] ntdll.dll!LdrUnloadDll                                                            7751BD1F 5 Bytes  JMP 000A03FC 
.text           C:\windows\system32\svchost.exe[900] ntdll.dll!LdrLoadDll                                                              7751F425 5 Bytes  JMP 000A01F8 
.text           C:\windows\system32\svchost.exe[900] kernel32.dll!GetBinaryTypeW + 70                                                  76CE78FC 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[900] user32.dll!UnhookWindowsHookEx                                                    773FCC7B 5 Bytes  JMP 00330A08 
.text           C:\windows\system32\svchost.exe[900] user32.dll!UnhookWinEvent                                                         773FD924 5 Bytes  JMP 003303FC 
.text           C:\windows\system32\svchost.exe[900] user32.dll!SetWindowsHookExW                                                      7740210A 5 Bytes  JMP 00330804 
.text           C:\windows\system32\svchost.exe[900] user32.dll!SetWinEventHook                                                        7740507E 5 Bytes  JMP 003301F8 
.text           C:\windows\system32\svchost.exe[900] user32.dll!SetWindowsHookExA                                                      77426DFA 5 Bytes  JMP 00330600 
.text           C:\windows\system32\atiesrxx.exe[948] ntdll.dll!LdrUnloadDll                                                           7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\windows\system32\atiesrxx.exe[948] ntdll.dll!LdrLoadDll                                                             7751F425 5 Bytes  JMP 001601F8 
.text           C:\windows\system32\atiesrxx.exe[948] kernel32.dll!GetBinaryTypeW + 70                                                 76CE78FC 1 Byte  [62]
.text           C:\windows\system32\atiesrxx.exe[948] USER32.dll!UnhookWindowsHookEx                                                   773FCC7B 5 Bytes  JMP 001F0A08 
.text           C:\windows\system32\atiesrxx.exe[948] USER32.dll!UnhookWinEvent                                                        773FD924 5 Bytes  JMP 001F03FC 
.text           C:\windows\system32\atiesrxx.exe[948] USER32.dll!SetWindowsHookExW                                                     7740210A 5 Bytes  JMP 001F0804 
.text           C:\windows\system32\atiesrxx.exe[948] USER32.dll!SetWinEventHook                                                       7740507E 5 Bytes  JMP 001F01F8 
.text           C:\windows\system32\atiesrxx.exe[948] USER32.dll!SetWindowsHookExA                                                     77426DFA 5 Bytes  JMP 001F0600 
.text           C:\windows\System32\svchost.exe[1024] ntdll.dll!LdrUnloadDll                                                           7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\System32\svchost.exe[1024] ntdll.dll!LdrLoadDll                                                             7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\System32\svchost.exe[1024] kernel32.dll!GetBinaryTypeW + 70                                                 76CE78FC 1 Byte  [62]
.text           C:\windows\System32\svchost.exe[1036] ntdll.dll!LdrUnloadDll                                                           7751BD1F 5 Bytes  JMP 000A03FC 
.text           C:\windows\System32\svchost.exe[1036] ntdll.dll!LdrLoadDll                                                             7751F425 5 Bytes  JMP 000A01F8 
.text           C:\windows\System32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 70                                                 76CE78FC 1 Byte  [62]
.text           C:\windows\System32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx                                                   773FCC7B 5 Bytes  JMP 00510A08 
.text           C:\windows\System32\svchost.exe[1036] USER32.dll!UnhookWinEvent                                                        773FD924 5 Bytes  JMP 005103FC 
.text           C:\windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExW                                                     7740210A 5 Bytes  JMP 00510804 
.text           C:\windows\System32\svchost.exe[1036] USER32.dll!SetWinEventHook                                                       7740507E 5 Bytes  JMP 005101F8 
.text           C:\windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExA                                                     77426DFA 5 Bytes  JMP 00510600 
.text           C:\windows\System32\svchost.exe[1072] ntdll.dll!LdrUnloadDll                                                           7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\System32\svchost.exe[1072] ntdll.dll!LdrLoadDll                                                             7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\System32\svchost.exe[1072] kernel32.dll!GetBinaryTypeW + 70                                                 76CE78FC 1 Byte  [62]
.text           C:\windows\System32\svchost.exe[1072] USER32.dll!UnhookWindowsHookEx                                                   773FCC7B 5 Bytes  JMP 003B0A08 
.text           C:\windows\System32\svchost.exe[1072] USER32.dll!UnhookWinEvent                                                        773FD924 5 Bytes  JMP 003B03FC 
.text           C:\windows\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExW                                                     7740210A 5 Bytes  JMP 003B0804 
.text           C:\windows\System32\svchost.exe[1072] USER32.dll!SetWinEventHook                                                       7740507E 5 Bytes  JMP 003B01F8 
.text           C:\windows\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExA                                                     77426DFA 5 Bytes  JMP 003B0600 
.text           C:\windows\system32\svchost.exe[1104] ntdll.dll!LdrUnloadDll                                                           7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[1104] ntdll.dll!LdrLoadDll                                                             7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[1104] kernel32.dll!GetBinaryTypeW + 70                                                 76CE78FC 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[1104] USER32.dll!UnhookWindowsHookEx                                                   773FCC7B 5 Bytes  JMP 00A30A08 
.text           C:\windows\system32\svchost.exe[1104] USER32.dll!UnhookWinEvent                                                        773FD924 5 Bytes  JMP 00A303FC 
.text           C:\windows\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExW                                                     7740210A 5 Bytes  JMP 00A30804 
.text           C:\windows\system32\svchost.exe[1104] USER32.dll!SetWinEventHook                                                       7740507E 5 Bytes  JMP 00A301F8 
.text           C:\windows\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExA                                                     77426DFA 5 Bytes  JMP 00A30600 
.text           C:\Program Files\System Control Manager\MSIService.exe[1168] ntdll.dll!LdrUnloadDll                                    7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\System Control Manager\MSIService.exe[1168] ntdll.dll!LdrLoadDll                                      7751F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\System Control Manager\MSIService.exe[1168] kernel32.dll!GetBinaryTypeW + 70                          76CE78FC 1 Byte  [62]
.text           C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!UnhookWindowsHookEx                            773FCC7B 5 Bytes  JMP 00200A08 
.text           C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!UnhookWinEvent                                 773FD924 5 Bytes  JMP 002003FC 
.text           C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!SetWindowsHookExW                              7740210A 5 Bytes  JMP 00200804 
.text           C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!SetWinEventHook                                7740507E 5 Bytes  JMP 002001F8 
.text           C:\Program Files\System Control Manager\MSIService.exe[1168] USER32.dll!SetWindowsHookExA                              77426DFA 5 Bytes  JMP 00200600 
.text           C:\windows\system32\svchost.exe[1224] ntdll.dll!LdrUnloadDll                                                           7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[1224] ntdll.dll!LdrLoadDll                                                             7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[1224] kernel32.dll!GetBinaryTypeW + 70                                                 76CE78FC 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[1224] USER32.dll!UnhookWindowsHookEx                                                   773FCC7B 5 Bytes  JMP 00550A08 
.text           C:\windows\system32\svchost.exe[1224] USER32.dll!UnhookWinEvent                                                        773FD924 5 Bytes  JMP 005503FC 
.text           C:\windows\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExW                                                     7740210A 5 Bytes  JMP 00550804 
.text           C:\windows\system32\svchost.exe[1224] USER32.dll!SetWinEventHook                                                       7740507E 5 Bytes  JMP 005501F8 
.text           C:\windows\system32\svchost.exe[1224] USER32.dll!SetWindowsHookExA                                                     77426DFA 5 Bytes  JMP 00550600 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] ntdll.dll!LdrUnloadDll                          7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] ntdll.dll!LdrLoadDll                            7751F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] kernel32.dll!GetBinaryTypeW + 70                76CE78FC 1 Byte  [62]
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!UnhookWindowsHookEx                  773FCC7B 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!UnhookWinEvent                       773FD924 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!SetWindowsHookExW                    7740210A 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!SetWinEventHook                      7740507E 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1244] USER32.dll!SetWindowsHookExA                    77426DFA 5 Bytes  JMP 001F0600 
.text           C:\windows\system32\atieclxx.exe[1308] ntdll.dll!LdrUnloadDll                                                          7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\windows\system32\atieclxx.exe[1308] ntdll.dll!LdrLoadDll                                                            7751F425 5 Bytes  JMP 001601F8 
.text           C:\windows\system32\atieclxx.exe[1308] kernel32.dll!GetBinaryTypeW + 70                                                76CE78FC 1 Byte  [62]
.text           C:\windows\system32\atieclxx.exe[1308] USER32.dll!UnhookWindowsHookEx                                                  773FCC7B 5 Bytes  JMP 002F0A08 
.text           C:\windows\system32\atieclxx.exe[1308] USER32.dll!UnhookWinEvent                                                       773FD924 5 Bytes  JMP 002F03FC 
.text           C:\windows\system32\atieclxx.exe[1308] USER32.dll!SetWindowsHookExW                                                    7740210A 5 Bytes  JMP 002F0804 
.text           C:\windows\system32\atieclxx.exe[1308] USER32.dll!SetWinEventHook                                                      7740507E 5 Bytes  JMP 002F01F8 
.text           C:\windows\system32\atieclxx.exe[1308] USER32.dll!SetWindowsHookExA                                                    77426DFA 5 Bytes  JMP 002F0600 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] ntdll.dll!LdrUnloadDll                                      7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] ntdll.dll!LdrLoadDll                                        7751F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] kernel32.dll!GetBinaryTypeW + 70                            76CE78FC 1 Byte  [62]
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!UnhookWindowsHookEx                              773FCC7B 5 Bytes  JMP 00210A08 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!UnhookWinEvent                                   773FD924 5 Bytes  JMP 002103FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!SetWindowsHookExW                                7740210A 5 Bytes  JMP 00210804 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!SetWinEventHook                                  7740507E 5 Bytes  JMP 002101F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1352] USER32.dll!SetWindowsHookExA                                77426DFA 5 Bytes  JMP 00210600 
.text           C:\windows\system32\svchost.exe[1408] ntdll.dll!LdrUnloadDll                                                           7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[1408] ntdll.dll!LdrLoadDll                                                             7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[1408] kernel32.dll!GetBinaryTypeW + 70                                                 76CE78FC 1 Byte  [62]
.text           C:\windows\System32\spoolsv.exe[1484] ntdll.dll!LdrUnloadDll                                                           7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\System32\spoolsv.exe[1484] ntdll.dll!LdrLoadDll                                                             7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\System32\spoolsv.exe[1484] kernel32.dll!GetBinaryTypeW + 70                                                 76CE78FC 1 Byte  [62]
.text           C:\windows\System32\spoolsv.exe[1484] USER32.dll!UnhookWindowsHookEx                                                   773FCC7B 5 Bytes  JMP 00140A08 
.text           C:\windows\System32\spoolsv.exe[1484] USER32.dll!UnhookWinEvent                                                        773FD924 5 Bytes  JMP 001403FC 
.text           C:\windows\System32\spoolsv.exe[1484] USER32.dll!SetWindowsHookExW                                                     7740210A 5 Bytes  JMP 00140804 
.text           C:\windows\System32\spoolsv.exe[1484] USER32.dll!SetWinEventHook                                                       7740507E 5 Bytes  JMP 001401F8 
.text           C:\windows\System32\spoolsv.exe[1484] USER32.dll!SetWindowsHookExA                                                     77426DFA 5 Bytes  JMP 00140600 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] ntdll.dll!LdrUnloadDll                    7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] ntdll.dll!LdrLoadDll                      7751F425 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] kernel32.dll!GetBinaryTypeW + 70          76CE78FC 1 Byte  [62]
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!UnhookWindowsHookEx            773FCC7B 5 Bytes  JMP 00090A08 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!UnhookWinEvent                 773FD924 5 Bytes  JMP 000903FC 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!SetWindowsHookExW              7740210A 5 Bytes  JMP 00090804 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!SetWinEventHook                7740507E 5 Bytes  JMP 000901F8 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1524] USER32.dll!SetWindowsHookExA              77426DFA 5 Bytes  JMP 00090600 
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1544] kernel32.dll!SetUnhandledExceptionFilter                      76CD30E2 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1544] kernel32.dll!GetBinaryTypeW + 70                              76CE78FC 1 Byte  [62]
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] ntdll.dll!LdrUnloadDll                                          7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] ntdll.dll!LdrLoadDll                                            7751F425 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] kernel32.dll!GetBinaryTypeW + 70                                76CE78FC 1 Byte  [62]
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!UnhookWindowsHookEx                                  773FCC7B 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!UnhookWinEvent                                       773FD924 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!SetWindowsHookExW                                    7740210A 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!SetWinEventHook                                      7740507E 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Avira\AntiVir Desktop\sched.exe[1584] USER32.dll!SetWindowsHookExA                                    77426DFA 5 Bytes  JMP 001F0600 
.text           C:\windows\system32\taskhost.exe[1596] ntdll.dll!LdrUnloadDll                                                          7751BD1F 5 Bytes  JMP 000503FC 
.text           C:\windows\system32\taskhost.exe[1596] ntdll.dll!LdrLoadDll                                                            7751F425 5 Bytes  JMP 000501F8 
.text           C:\windows\system32\taskhost.exe[1596] kernel32.dll!GetBinaryTypeW + 70                                                76CE78FC 1 Byte  [62]
.text           C:\windows\system32\taskhost.exe[1596] USER32.dll!UnhookWindowsHookEx                                                  773FCC7B 5 Bytes  JMP 000E0A08 
.text           C:\windows\system32\taskhost.exe[1596] USER32.dll!UnhookWinEvent                                                       773FD924 5 Bytes  JMP 000E03FC 
.text           C:\windows\system32\taskhost.exe[1596] USER32.dll!SetWindowsHookExW                                                    7740210A 5 Bytes  JMP 000E0804 
.text           C:\windows\system32\taskhost.exe[1596] USER32.dll!SetWinEventHook                                                      7740507E 5 Bytes  JMP 000E01F8 
.text           C:\windows\system32\taskhost.exe[1596] USER32.dll!SetWindowsHookExA                                                    77426DFA 5 Bytes  JMP 000E0600 
.text           C:\windows\System32\svchost.exe[1816] ntdll.dll!LdrUnloadDll                                                           7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\System32\svchost.exe[1816] ntdll.dll!LdrLoadDll                                                             7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\System32\svchost.exe[1816] kernel32.dll!GetBinaryTypeW + 70                                                 76CE78FC 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[1900] ntdll.dll!LdrUnloadDll                                                           7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[1900] ntdll.dll!LdrLoadDll                                                             7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[1900] kernel32.dll!GetBinaryTypeW + 70                                                 76CE78FC 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[1900] USER32.dll!UnhookWindowsHookEx                                                   773FCC7B 5 Bytes  JMP 00240A08 
.text           C:\windows\system32\svchost.exe[1900] USER32.dll!UnhookWinEvent                                                        773FD924 5 Bytes  JMP 002403FC 
.text           C:\windows\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExW                                                     7740210A 5 Bytes  JMP 00240804 
.text           C:\windows\system32\svchost.exe[1900] USER32.dll!SetWinEventHook                                                       7740507E 5 Bytes  JMP 002401F8 
.text           C:\windows\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExA                                                     77426DFA 5 Bytes  JMP 00240600 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] ntdll.dll!LdrUnloadDll                                        7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] ntdll.dll!LdrLoadDll                                          7751F425 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] kernel32.dll!GetBinaryTypeW + 70                              76CE78FC 1 Byte  [62]
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!UnhookWindowsHookEx                                773FCC7B 5 Bytes  JMP 000F0A08 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!UnhookWinEvent                                     773FD924 5 Bytes  JMP 000F03FC 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!SetWindowsHookExW                                  7740210A 5 Bytes  JMP 000F0804 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!SetWinEventHook                                    7740507E 5 Bytes  JMP 000F01F8 
.text           C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1932] USER32.dll!SetWindowsHookExA                                  77426DFA 5 Bytes  JMP 000F0600 
.text           C:\windows\system32\Dwm.exe[2028] ntdll.dll!LdrUnloadDll                                                               7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\Dwm.exe[2028] ntdll.dll!LdrLoadDll                                                                 7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\Dwm.exe[2028] kernel32.dll!GetBinaryTypeW + 70                                                     76CE78FC 1 Byte  [62]
.text           C:\windows\system32\Dwm.exe[2028] USER32.dll!UnhookWindowsHookEx                                                       773FCC7B 5 Bytes  JMP 000F0A08 
.text           C:\windows\system32\Dwm.exe[2028] USER32.dll!UnhookWinEvent                                                            773FD924 5 Bytes  JMP 000F03FC 
.text           C:\windows\system32\Dwm.exe[2028] USER32.dll!SetWindowsHookExW                                                         7740210A 5 Bytes  JMP 000F0804 
.text           C:\windows\system32\Dwm.exe[2028] USER32.dll!SetWinEventHook                                                           7740507E 5 Bytes  JMP 000F01F8 
.text           C:\windows\system32\Dwm.exe[2028] USER32.dll!SetWindowsHookExA                                                         77426DFA 5 Bytes  JMP 000F0600 
.text           C:\windows\Explorer.EXE[2036] ntdll.dll!LdrUnloadDll                                                                   7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\Explorer.EXE[2036] ntdll.dll!LdrLoadDll                                                                     7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\Explorer.EXE[2036] kernel32.dll!GetBinaryTypeW + 70                                                         76CE78FC 1 Byte  [62]
.text           C:\windows\Explorer.EXE[2036] USER32.dll!UnhookWindowsHookEx                                                           773FCC7B 5 Bytes  JMP 00150A08 
.text           C:\windows\Explorer.EXE[2036] USER32.dll!UnhookWinEvent                                                                773FD924 5 Bytes  JMP 001503FC 
.text           C:\windows\Explorer.EXE[2036] USER32.dll!SetWindowsHookExW                                                             7740210A 5 Bytes  JMP 00150804 
.text           C:\windows\Explorer.EXE[2036] USER32.dll!SetWinEventHook                                                               7740507E 5 Bytes  JMP 001501F8 
.text           C:\windows\Explorer.EXE[2036] USER32.dll!SetWindowsHookExA                                                             77426DFA 5 Bytes  JMP 00150600 
.text           C:\Program Files\Samsung\Kies\KiesHelper.exe[2080] KERNEL32.dll!GetBinaryTypeW + 70                                    76CE78FC 1 Byte  [62]
.text           C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2252] ntdll.dll!DbgUiRemoteBreakin                  7755D5CB 1 Byte  [C3]
.text           C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2252] KERNEL32.dll!GetBinaryTypeW + 70              76CE78FC 1 Byte  [62]
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] ntdll.dll!LdrUnloadDll                                       7751BD1F 5 Bytes  JMP 000503FC 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] ntdll.dll!LdrLoadDll                                         7751F425 5 Bytes  JMP 000501F8 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] kernel32.dll!GetBinaryTypeW + 70                             76CE78FC 1 Byte  [62]
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!UnhookWindowsHookEx                               773FCC7B 5 Bytes  JMP 00080A08 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!UnhookWinEvent                                    773FD924 5 Bytes  JMP 000803FC 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!SetWindowsHookExW                                 7740210A 5 Bytes  JMP 00080804 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!SetWinEventHook                                   7740507E 5 Bytes  JMP 000801F8 
.text           C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[2464] USER32.dll!SetWindowsHookExA                                 77426DFA 5 Bytes  JMP 00080600 
.text           C:\windows\system32\conhost.exe[2472] ntdll.dll!LdrUnloadDll                                                           7751BD1F 5 Bytes  JMP 000303FC 
.text           C:\windows\system32\conhost.exe[2472] ntdll.dll!LdrLoadDll                                                             7751F425 5 Bytes  JMP 000301F8 
.text           C:\windows\system32\conhost.exe[2472] kernel32.dll!GetBinaryTypeW + 70                                                 76CE78FC 1 Byte  [62]
.text           C:\windows\system32\conhost.exe[2472] USER32.dll!UnhookWindowsHookEx                                                   773FCC7B 5 Bytes  JMP 00100A08 
.text           C:\windows\system32\conhost.exe[2472] USER32.dll!UnhookWinEvent                                                        773FD924 5 Bytes  JMP 001003FC 
.text           C:\windows\system32\conhost.exe[2472] USER32.dll!SetWindowsHookExW                                                     7740210A 5 Bytes  JMP 00100804 
.text           C:\windows\system32\conhost.exe[2472] USER32.dll!SetWinEventHook                                                       7740507E 5 Bytes  JMP 001001F8 
.text           C:\windows\system32\conhost.exe[2472] USER32.dll!SetWindowsHookExA                                                     77426DFA 5 Bytes  JMP 00100600 
.text           C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] ntdll.dll!LdrUnloadDll                                       7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] ntdll.dll!LdrLoadDll                                         7751F425 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] kernel32.dll!GetBinaryTypeW + 70                             76CE78FC 1 Byte  [62]
.text           C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!UnhookWindowsHookEx                               773FCC7B 5 Bytes  JMP 000F0A08 
.text           C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!UnhookWinEvent                                    773FD924 5 Bytes  JMP 000F03FC 
.text           C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!SetWindowsHookExW                                 7740210A 5 Bytes  JMP 000F0804 
.text           C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!SetWinEventHook                                   7740507E 5 Bytes  JMP 000F01F8 
.text           C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[2496] USER32.dll!SetWindowsHookExA                                 77426DFA 5 Bytes  JMP 000F0600 
.text           C:\windows\system32\svchost.exe[2824] ntdll.dll!LdrUnloadDll                                                           7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[2824] ntdll.dll!LdrLoadDll                                                             7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[2824] kernel32.dll!GetBinaryTypeW + 70                                                 76CE78FC 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[2824] USER32.dll!UnhookWindowsHookEx                                                   773FCC7B 5 Bytes  JMP 00190A08 
.text           C:\windows\system32\svchost.exe[2824] USER32.dll!UnhookWinEvent                                                        773FD924 5 Bytes  JMP 001903FC 
.text           C:\windows\system32\svchost.exe[2824] USER32.dll!SetWindowsHookExW                                                     7740210A 5 Bytes  JMP 00190804 
.text           C:\windows\system32\svchost.exe[2824] USER32.dll!SetWinEventHook                                                       7740507E 5 Bytes  JMP 001901F8 
.text           C:\windows\system32\svchost.exe[2824] USER32.dll!SetWindowsHookExA                                                     77426DFA 5 Bytes  JMP 00190600 
.text           C:\Windows\System32\hkcmd.exe[2936] ntdll.dll!LdrUnloadDll                                                             7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Windows\System32\hkcmd.exe[2936] ntdll.dll!LdrLoadDll                                                               7751F425 5 Bytes  JMP 001601F8 
.text           C:\Windows\System32\hkcmd.exe[2936] kernel32.dll!GetBinaryTypeW + 70                                                   76CE78FC 1 Byte  [62]
.text           C:\Windows\System32\hkcmd.exe[2936] USER32.dll!UnhookWindowsHookEx                                                     773FCC7B 5 Bytes  JMP 00210A08 
.text           C:\Windows\System32\hkcmd.exe[2936] USER32.dll!UnhookWinEvent                                                          773FD924 5 Bytes  JMP 002103FC 
.text           C:\Windows\System32\hkcmd.exe[2936] USER32.dll!SetWindowsHookExW                                                       7740210A 5 Bytes  JMP 00210804 
.text           C:\Windows\System32\hkcmd.exe[2936] USER32.dll!SetWinEventHook                                                         7740507E 5 Bytes  JMP 002101F8 
.text           C:\Windows\System32\hkcmd.exe[2936] USER32.dll!SetWindowsHookExA                                                       77426DFA 5 Bytes  JMP 00210600 
.text           C:\Windows\System32\igfxpers.exe[2964] ntdll.dll!LdrUnloadDll                                                          7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Windows\System32\igfxpers.exe[2964] ntdll.dll!LdrLoadDll                                                            7751F425 5 Bytes  JMP 001601F8 
.text           C:\Windows\System32\igfxpers.exe[2964] kernel32.dll!GetBinaryTypeW + 70                                                76CE78FC 1 Byte  [62]
.text           C:\Windows\System32\igfxpers.exe[2964] USER32.dll!UnhookWindowsHookEx                                                  773FCC7B 5 Bytes  JMP 00200A08 
.text           C:\Windows\System32\igfxpers.exe[2964] USER32.dll!UnhookWinEvent                                                       773FD924 5 Bytes  JMP 002003FC 
.text           C:\Windows\System32\igfxpers.exe[2964] USER32.dll!SetWindowsHookExW                                                    7740210A 5 Bytes  JMP 00200804 
.text           C:\Windows\System32\igfxpers.exe[2964] USER32.dll!SetWinEventHook                                                      7740507E 5 Bytes  JMP 002001F8 
.text           C:\Windows\System32\igfxpers.exe[2964] USER32.dll!SetWindowsHookExA                                                    77426DFA 5 Bytes  JMP 00200600 
.text           C:\windows\system32\igfxsrvc.exe[2972] ntdll.dll!LdrUnloadDll                                                          7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\windows\system32\igfxsrvc.exe[2972] ntdll.dll!LdrLoadDll                                                            7751F425 5 Bytes  JMP 001601F8 
.text           C:\windows\system32\igfxsrvc.exe[2972] kernel32.dll!GetBinaryTypeW + 70                                                76CE78FC 1 Byte  [62]
.text           C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!UnhookWindowsHookEx                                                  773FCC7B 5 Bytes  JMP 002F0A08 
.text           C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!UnhookWinEvent                                                       773FD924 5 Bytes  JMP 002F03FC 
.text           C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!SetWindowsHookExW                                                    7740210A 5 Bytes  JMP 002F0804 
.text           C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!SetWinEventHook                                                      7740507E 5 Bytes  JMP 002F01F8 
.text           C:\windows\system32\igfxsrvc.exe[2972] USER32.dll!SetWindowsHookExA                                                    77426DFA 5 Bytes  JMP 002F0600 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3056] KERNEL32.dll!GetBinaryTypeW + 70                   76CE78FC 1 Byte  [62]
.text           C:\windows\system32\AUDIODG.EXE[3120] kernel32.dll!GetBinaryTypeW + 70                                                 76CE78FC 1 Byte  [62]
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] ntdll.dll!LdrUnloadDll                                           7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] ntdll.dll!LdrLoadDll                                             7751F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] kernel32.dll!GetBinaryTypeW + 70                                 76CE78FC 1 Byte  [62]
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!UnhookWindowsHookEx                                   773FCC7B 5 Bytes  JMP 00200A08 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!UnhookWinEvent                                        773FD924 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!SetWindowsHookExW                                     7740210A 5 Bytes  JMP 00200804 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!SetWinEventHook                                       7740507E 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3184] USER32.dll!SetWindowsHookExA                                     77426DFA 5 Bytes  JMP 00200600 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] ntdll.dll!LdrUnloadDll                          7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] ntdll.dll!LdrLoadDll                            7751F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] kernel32.dll!GetBinaryTypeW + 70                76CE78FC 1 Byte  [62]
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!UnhookWindowsHookEx                  773FCC7B 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!UnhookWinEvent                       773FD924 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!SetWindowsHookExW                    7740210A 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!SetWinEventHook                      7740507E 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3196] USER32.dll!SetWindowsHookExA                    77426DFA 5 Bytes  JMP 001F0600 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] ntdll.dll!LdrUnloadDll                                     7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] ntdll.dll!LdrLoadDll                                       7751F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] kernel32.dll!GetBinaryTypeW + 70                           76CE78FC 1 Byte  [62]
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!UnhookWindowsHookEx                             773FCC7B 5 Bytes  JMP 00300A08 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!UnhookWinEvent                                  773FD924 5 Bytes  JMP 003003FC 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!SetWindowsHookExW                               7740210A 5 Bytes  JMP 00300804 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!SetWinEventHook                                 7740507E 5 Bytes  JMP 003001F8 
.text           C:\Program Files\System Control Manager\MGSysCtrl.exe[3228] USER32.dll!SetWindowsHookExA                               77426DFA 5 Bytes  JMP 00300600 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] ntdll.dll!LdrUnloadDll                 7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] ntdll.dll!LdrLoadDll                   7751F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] kernel32.dll!GetBinaryTypeW + 70       76CE78FC 1 Byte  [62]
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!UnhookWindowsHookEx         773FCC7B 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!UnhookWinEvent              773FD924 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!SetWindowsHookExW           7740210A 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!SetWinEventHook             7740507E 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3324] USER32.dll!SetWindowsHookExA           77426DFA 5 Bytes  JMP 001F0600 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] ntdll.dll!LdrUnloadDll                    7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] ntdll.dll!LdrLoadDll                      7751F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] kernel32.dll!GetBinaryTypeW + 70          76CE78FC 1 Byte  [62]
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!UnhookWindowsHookEx            773FCC7B 5 Bytes  JMP 00540A08 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!UnhookWinEvent                 773FD924 5 Bytes  JMP 005403FC 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!SetWindowsHookExW              7740210A 5 Bytes  JMP 00540804 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!SetWinEventHook                7740507E 5 Bytes  JMP 005401F8 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3464] USER32.dll!SetWindowsHookExA              77426DFA 5 Bytes  JMP 00540600 
.text           C:\windows\system32\wbem\unsecapp.exe[3476] ntdll.dll!LdrUnloadDll                                                     7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\wbem\unsecapp.exe[3476] ntdll.dll!LdrLoadDll                                                       7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\wbem\unsecapp.exe[3476] kernel32.dll!GetBinaryTypeW + 70                                           76CE78FC 1 Byte  [62]
.text           C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!UnhookWindowsHookEx                                             773FCC7B 5 Bytes  JMP 000F0A08 
.text           C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!UnhookWinEvent                                                  773FD924 5 Bytes  JMP 000F03FC 
.text           C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!SetWindowsHookExW                                               7740210A 5 Bytes  JMP 000F0804 
.text           C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!SetWinEventHook                                                 7740507E 5 Bytes  JMP 000F01F8 
.text           C:\windows\system32\wbem\unsecapp.exe[3476] USER32.dll!SetWindowsHookExA                                               77426DFA 5 Bytes  JMP 000F0600 
.text           C:\Windows\WindowsMobile\wmdc.exe[3520] ntdll.dll!LdrUnloadDll                                                         7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\Windows\WindowsMobile\wmdc.exe[3520] ntdll.dll!LdrLoadDll                                                           7751F425 5 Bytes  JMP 000601F8 
.text           C:\Windows\WindowsMobile\wmdc.exe[3520] kernel32.dll!GetBinaryTypeW + 70                                               76CE78FC 1 Byte  [62]
.text           C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!UnhookWindowsHookEx                                                 773FCC7B 5 Bytes  JMP 00140A08 
.text           C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!UnhookWinEvent                                                      773FD924 5 Bytes  JMP 001403FC 
.text           C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!SetWindowsHookExW                                                   7740210A 5 Bytes  JMP 00140804 
.text           C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!SetWinEventHook                                                     7740507E 5 Bytes  JMP 001401F8 
.text           C:\Windows\WindowsMobile\wmdc.exe[3520] USER32.dll!SetWindowsHookExA                                                   77426DFA 5 Bytes  JMP 00140600 
.text           C:\windows\system32\wbem\wmiprvse.exe[3532] ntdll.dll!LdrUnloadDll                                                     7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\wbem\wmiprvse.exe[3532] ntdll.dll!LdrLoadDll                                                       7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\wbem\wmiprvse.exe[3532] kernel32.dll!GetBinaryTypeW + 70                                           76CE78FC 1 Byte  [62]
.text           C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!UnhookWindowsHookEx                                             773FCC7B 5 Bytes  JMP 00140A08 
.text           C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!UnhookWinEvent                                                  773FD924 5 Bytes  JMP 001403FC 
.text           C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!SetWindowsHookExW                                               7740210A 5 Bytes  JMP 00140804 
.text           C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!SetWinEventHook                                                 7740507E 5 Bytes  JMP 001401F8 
.text           C:\windows\system32\wbem\wmiprvse.exe[3532] USER32.dll!SetWindowsHookExA                                               77426DFA 5 Bytes  JMP 00140600 
.text           C:\windows\system32\SearchIndexer.exe[3572] ntdll.dll!LdrUnloadDll                                                     7751BD1F 5 Bytes  JMP 000D03FC 
.text           C:\windows\system32\SearchIndexer.exe[3572] ntdll.dll!LdrLoadDll                                                       7751F425 5 Bytes  JMP 000D01F8 
.text           C:\windows\system32\SearchIndexer.exe[3572] kernel32.dll!GetBinaryTypeW + 70                                           76CE78FC 1 Byte  [62]
.text           C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!UnhookWindowsHookEx                                             773FCC7B 5 Bytes  JMP 00170A08 
.text           C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!UnhookWinEvent                                                  773FD924 5 Bytes  JMP 001703FC 
.text           C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!SetWindowsHookExW                                               7740210A 5 Bytes  JMP 00170804 
.text           C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!SetWinEventHook                                                 7740507E 5 Bytes  JMP 001701F8 
.text           C:\windows\system32\SearchIndexer.exe[3572] USER32.dll!SetWindowsHookExA                                               77426DFA 5 Bytes  JMP 00170600 
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] ntdll.dll!LdrUnloadDll                                           7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] ntdll.dll!LdrLoadDll                                             7751F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] kernel32.dll!GetBinaryTypeW + 70                                 76CE78FC 1 Byte  [62]
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!UnhookWindowsHookEx                                   773FCC7B 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!UnhookWinEvent                                        773FD924 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!SetWindowsHookExW                                     7740210A 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!SetWinEventHook                                       7740507E 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[3672] USER32.dll!SetWindowsHookExA                                     77426DFA 5 Bytes  JMP 001F0600 
.text           C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3700] KERNEL32.dll!GetBinaryTypeW + 70                   76CE78FC 1 Byte  [62]
.text           C:\windows\system32\svchost.exe[3712] ntdll.dll!LdrUnloadDll                                                           7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\svchost.exe[3712] ntdll.dll!LdrLoadDll                                                             7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\svchost.exe[3712] kernel32.dll!GetBinaryTypeW + 70                                                 76CE78FC 1 Byte  [62]
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] ntdll.dll!LdrUnloadDll                                      7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] ntdll.dll!LdrLoadDll                                        7751F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] kernel32.dll!GetBinaryTypeW + 70                            76CE78FC 1 Byte  [62]
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!UnhookWindowsHookEx                              773FCC7B 5 Bytes  JMP 002F0A08 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!UnhookWinEvent                                   773FD924 5 Bytes  JMP 002F03FC 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!SetWindowsHookExW                                7740210A 5 Bytes  JMP 002F0804 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!SetWinEventHook                                  7740507E 5 Bytes  JMP 002F01F8 
.text           C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3736] USER32.dll!SetWindowsHookExA                                77426DFA 5 Bytes  JMP 002F0600 
.text           C:\Program Files\Ask.com\Updater\Updater.exe[3824] ntdll.dll!LdrUnloadDll                                              7751BD1F 5 Bytes  JMP 000703FC 
.text           C:\Program Files\Ask.com\Updater\Updater.exe[3824] ntdll.dll!LdrLoadDll                                                7751F425 5 Bytes  JMP 000701F8 
.text           C:\Program Files\Ask.com\Updater\Updater.exe[3824] kernel32.dll!GetBinaryTypeW + 70                                    76CE78FC 1 Byte  [62]
.text           C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!UnhookWindowsHookEx                                      773FCC7B 5 Bytes  JMP 00100A08 
.text           C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!UnhookWinEvent                                           773FD924 5 Bytes  JMP 001003FC 
.text           C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!SetWindowsHookExW                                        7740210A 5 Bytes  JMP 00100804 
.text           C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!SetWinEventHook                                          7740507E 5 Bytes  JMP 001001F8 
.text           C:\Program Files\Ask.com\Updater\Updater.exe[3824] USER32.dll!SetWindowsHookExA                                        77426DFA 5 Bytes  JMP 00100600 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] ntdll.dll!LdrUnloadDll                                          7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] ntdll.dll!LdrLoadDll                                            7751F425 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] kernel32.dll!GetBinaryTypeW + 70                                76CE78FC 1 Byte  [62]
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!UnhookWindowsHookEx                                  773FCC7B 5 Bytes  JMP 000F0A08 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!UnhookWinEvent                                       773FD924 5 Bytes  JMP 000F03FC 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!SetWindowsHookExW                                    7740210A 5 Bytes  JMP 000F0804 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!SetWinEventHook                                      7740507E 5 Bytes  JMP 000F01F8 
.text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3908] USER32.dll!SetWindowsHookExA                                    77426DFA 5 Bytes  JMP 000F0600 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] ntdll.dll!LdrUnloadDll                                   7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] ntdll.dll!LdrLoadDll                                     7751F425 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] kernel32.dll!GetBinaryTypeW + 70                         76CE78FC 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!UnhookWindowsHookEx                           773FCC7B 5 Bytes  JMP 00110A08 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!UnhookWinEvent                                773FD924 5 Bytes  JMP 001103FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!SetWindowsHookExW                             7740210A 5 Bytes  JMP 00110804 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!SetWinEventHook                               7740507E 5 Bytes  JMP 001101F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3920] USER32.dll!SetWindowsHookExA                             77426DFA 5 Bytes  JMP 00110600 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!LdrUnloadDll                                7751BD1F 5 Bytes  JMP 001703FC 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] ntdll.dll!LdrLoadDll                                  7751F425 5 Bytes  JMP 001701F8 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] kernel32.dll!GetBinaryTypeW + 70                      76CE78FC 1 Byte  [62]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!UnhookWindowsHookEx                        773FCC7B 5 Bytes  JMP 00210A08 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!UnhookWinEvent                             773FD924 5 Bytes  JMP 002103FC 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!SetWindowsHookExW                          7740210A 5 Bytes  JMP 00210804 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!SetWinEventHook                            7740507E 5 Bytes  JMP 002101F8 
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3936] USER32.dll!SetWindowsHookExA                          77426DFA 5 Bytes  JMP 00210600 
.text           C:\windows\system32\wuauclt.exe[4188] ntdll.dll!LdrUnloadDll                                                           7751BD1F 5 Bytes  JMP 000703FC 
.text           C:\windows\system32\wuauclt.exe[4188] ntdll.dll!LdrLoadDll                                                             7751F425 5 Bytes  JMP 000701F8 
.text           C:\windows\system32\wuauclt.exe[4188] kernel32.dll!GetBinaryTypeW + 70                                                 76CE78FC 1 Byte  [62]
.text           C:\windows\system32\wuauclt.exe[4188] USER32.dll!UnhookWindowsHookEx                                                   773FCC7B 5 Bytes  JMP 00110A08 
.text           C:\windows\system32\wuauclt.exe[4188] USER32.dll!UnhookWinEvent                                                        773FD924 5 Bytes  JMP 001103FC 
.text           C:\windows\system32\wuauclt.exe[4188] USER32.dll!SetWindowsHookExW                                                     7740210A 5 Bytes  JMP 00110804 
.text           C:\windows\system32\wuauclt.exe[4188] USER32.dll!SetWinEventHook                                                       7740507E 5 Bytes  JMP 001101F8 
.text           C:\windows\system32\wuauclt.exe[4188] USER32.dll!SetWindowsHookExA                                                     77426DFA 5 Bytes  JMP 00110600 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] ntdll.dll!LdrUnloadDll                                      7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] ntdll.dll!LdrLoadDll                                        7751F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] kernel32.dll!GetBinaryTypeW + 70                            76CE78FC 1 Byte  [62]
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!UnhookWindowsHookEx                              773FCC7B 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!UnhookWinEvent                                   773FD924 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!SetWindowsHookExW                                7740210A 5 Bytes  JMP 001F0804 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!SetWinEventHook                                  7740507E 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4220] USER32.dll!SetWindowsHookExA                                77426DFA 5 Bytes  JMP 001F0600 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] ntdll.dll!LdrUnloadDll                                      7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] ntdll.dll!LdrLoadDll                                        7751F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] kernel32.dll!GetBinaryTypeW + 70                            76CE78FC 1 Byte  [62]
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!UnhookWindowsHookEx                              773FCC7B 5 Bytes  JMP 00180A08 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!UnhookWinEvent                                   773FD924 5 Bytes  JMP 001803FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!SetWindowsHookExW                                7740210A 5 Bytes  JMP 00180804 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!SetWinEventHook                                  7740507E 5 Bytes  JMP 001801F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4268] USER32.dll!SetWindowsHookExA                                77426DFA 5 Bytes  JMP 00180600 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] ntdll.dll!LdrUnloadDll                                      7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] ntdll.dll!LdrLoadDll                                        7751F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] kernel32.dll!GetBinaryTypeW + 70                            76CE78FC 1 Byte  [62]
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!UnhookWindowsHookEx                              773FCC7B 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!UnhookWinEvent                                   773FD924 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!SetWindowsHookExW                                7740210A 5 Bytes  JMP 001F0804 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!SetWinEventHook                                  7740507E 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4324] USER32.dll!SetWindowsHookExA                                77426DFA 5 Bytes  JMP 001F0600 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] ntdll.dll!LdrUnloadDll                    7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] ntdll.dll!LdrLoadDll                      7751F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] kernel32.dll!SetUnhandledExceptionFilter  76CD30E2 5 Bytes  JMP 00468140 C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe (DeviceManager.exe/Mobileleader Co., Ltd.)
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] kernel32.dll!GetBinaryTypeW + 70          76CE78FC 1 Byte  [62]
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!UnhookWindowsHookEx            773FCC7B 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!UnhookWinEvent                 773FD924 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!SetWindowsHookExW              7740210A 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!SetWinEventHook                7740507E 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[4332] USER32.dll!SetWindowsHookExA              77426DFA 5 Bytes  JMP 001F0600 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] ntdll.dll!LdrUnloadDll                7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] ntdll.dll!LdrLoadDll                  7751F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] kernel32.dll!GetBinaryTypeW + 70      76CE78FC 1 Byte  [62]
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!UnhookWindowsHookEx        773FCC7B 5 Bytes  JMP 00200A08 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!UnhookWinEvent             773FD924 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!SetWindowsHookExW          7740210A 5 Bytes  JMP 00200804 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!SetWinEventHook            7740507E 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe[4356] USER32.dll!SetWindowsHookExA          77426DFA 5 Bytes  JMP 00200600 
.text           C:\windows\system32\taskeng.exe[4536] ntdll.dll!LdrUnloadDll                                                           7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\windows\system32\taskeng.exe[4536] ntdll.dll!LdrLoadDll                                                             7751F425 5 Bytes  JMP 000601F8 
.text           C:\windows\system32\taskeng.exe[4536] kernel32.dll!GetBinaryTypeW + 70                                                 76CE78FC 1 Byte  [62]
.text           C:\windows\system32\taskeng.exe[4536] USER32.dll!UnhookWindowsHookEx                                                   773FCC7B 5 Bytes  JMP 00130A08 
.text           C:\windows\system32\taskeng.exe[4536] USER32.dll!UnhookWinEvent                                                        773FD924 5 Bytes  JMP 001303FC 
.text           C:\windows\system32\taskeng.exe[4536] USER32.dll!SetWindowsHookExW                                                     7740210A 5 Bytes  JMP 00130804 
.text           C:\windows\system32\taskeng.exe[4536] USER32.dll!SetWinEventHook                                                       7740507E 5 Bytes  JMP 001301F8 
.text           C:\windows\system32\taskeng.exe[4536] USER32.dll!SetWindowsHookExA                                                     77426DFA 5 Bytes  JMP 00130600 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] ntdll.dll!LdrUnloadDll                               7751BD1F 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] ntdll.dll!LdrLoadDll                                 7751F425 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] kernel32.dll!GetBinaryTypeW + 70                     76CE78FC 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!UnhookWindowsHookEx                       773FCC7B 5 Bytes  JMP 00AB0A08 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!UnhookWinEvent                            773FD924 5 Bytes  JMP 00AB03FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!SetWindowsHookExW                         7740210A 5 Bytes  JMP 00AB0804 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!SetWinEventHook                           7740507E 5 Bytes  JMP 00AB01F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4752] USER32.dll!SetWindowsHookExA                         77426DFA 5 Bytes  JMP 00AB0600 
.text           C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] ntdll.dll!LdrUnloadDll                                                       7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] ntdll.dll!LdrLoadDll                                                         7751F425 5 Bytes  JMP 001601F8 
.text           C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] kernel32.dll!GetBinaryTypeW + 70                                             76CE78FC 1 Byte  [62]
.text           C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!UnhookWindowsHookEx                                               773FCC7B 5 Bytes  JMP 00210A08 
.text           C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!UnhookWinEvent                                                    773FD924 5 Bytes  JMP 002103FC 
.text           C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!SetWindowsHookExW                                                 7740210A 5 Bytes  JMP 00210804 
.text           C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!SetWinEventHook                                                   7740507E 5 Bytes  JMP 002101F8 
.text           C:\Users\Ari\Downloads\q0ncg1sr.exe[5504] USER32.dll!SetWindowsHookExA                                                 77426DFA 5 Bytes  JMP 00210600 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] ntdll.dll!LdrUnloadDll                  7751BD1F 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] ntdll.dll!LdrLoadDll                    7751F425 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] kernel32.dll!GetBinaryTypeW + 70        76CE78FC 1 Byte  [62]
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!UnhookWindowsHookEx          773FCC7B 5 Bytes  JMP 00340A08 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!UnhookWinEvent               773FD924 5 Bytes  JMP 003403FC 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!SetWindowsHookExW            7740210A 5 Bytes  JMP 00340804 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!SetWinEventHook              7740507E 5 Bytes  JMP 003401F8 
.text           C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5684] USER32.dll!SetWindowsHookExA            77426DFA 5 Bytes  JMP 00340600 
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 
Device          \Driver\ACPI_HAL \Device\0000004e                                                                                      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 
---- Threads - GMER 1.0.15 ----
 
Thread          System [4:1660]                                                                                                        BCE32F2E
 
---- Registry - GMER 1.0.15 ----
 
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002421d25b11                                            
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002421d25b11 (not active ControlSet)                        
 
---- EOF - GMER 1.0.15 ----
         

Alt 15.06.2012, 18:53   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________

Alt 15.06.2012, 21:12   #3
McManaman
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



Hallo.

Nein, vorher kein Scan. Habe das Programm erst neu installiert.
__________________

Alt 15.06.2012, 21:40   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
         
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
         
Poste nun den Inhalt der log.txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.06.2012, 19:58   #5
McManaman
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



log.txt

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0192eff3705fc04493db60c5e141e7e4
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-18 11:55:03
# local_time=2012-06-18 01:55:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1792 16777215 100 0 1958262 1958262 0 0
# compatibility_mode=5893 16776574 100 94 2070724 91648542 0 0
# compatibility_mode=8192 67108863 100 0 223 223 0 0
# scanned=35937
# found=0
# cleaned=0
# scan_time=3152
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0192eff3705fc04493db60c5e141e7e4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-19 05:50:02
# local_time=2012-06-19 07:50:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1792 16777215 100 0 2061506 2061506 0 0
# compatibility_mode=5893 16776574 100 94 2173968 91751786 0 0
# compatibility_mode=8192 67108863 100 0 103467 103467 0 0
# scanned=191021
# found=1
# cleaned=0
# scan_time=7628
C:\Users\Ari\Downloads\sqvepgXUGdxrusyfLgX	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
         


Alt 20.06.2012, 00:18   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Windows-Verschlüsselungs-Trojaner auf Win7

Alt 20.06.2012, 12:35   #7
McManaman
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



Hier jetzt die OTL.txt

Code:
ATTFilter
OTL logfile created on: 6/20/2012 12:22:01 PM - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = D:\
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.17 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 55.29% Memory free
6.34 Gb Paging File | 4.74 Gb Available in Paging File | 74.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 273.39 Gb Total Space | 225.85 Gb Free Space | 82.61% Space Free | Partition Type: NTFS
Drive D: | 182.27 Gb Total Space | 164.13 Gb Free Space | 90.05% Space Free | Partition Type: NTFS
 
Computer Name: ARI-MSI | User Name: Ari | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/06/13 14:11:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2012/05/17 16:59:22 | 001,927,736 | ---- | M] (Micro-Star International) -- C:\Program Files\msi\Live Update 5\LU5.exe
PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/04/24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/04/18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/31 04:38:26 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/03/31 04:38:14 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/03/31 04:38:12 | 000,954,256 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\KiesHelper.exe
PRC - [2012/03/28 22:12:02 | 000,694,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe
PRC - [2012/03/28 22:11:58 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe
PRC - [2011/07/04 14:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/17 02:00:40 | 002,396,160 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2009/12/09 19:15:21 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/12/09 19:14:52 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/10/13 21:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/07/10 01:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/06/19 20:57:30 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
MOD - [2012/06/19 20:57:24 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\299d0b38053fd7cbd84bac2178c3703b\PresentationFramework.Aero.ni.dll
MOD - [2012/06/19 20:57:19 | 014,339,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bfaf8f86e69928fb2f67987c0203f603\PresentationFramework.ni.dll
MOD - [2012/06/19 20:57:05 | 012,234,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ad23de8284d4594aa658dfb5e667d97\PresentationCore.ni.dll
MOD - [2012/06/19 20:56:55 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2012/06/19 20:56:16 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\20008c75bb41e2febf84d4d4aea5b4e8\System.ServiceProcess.ni.dll
MOD - [2012/06/19 20:56:12 | 012,432,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2012/06/19 20:55:56 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2012/06/19 20:55:54 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\887ef2648686aad19feff405eddbffd2\System.EnterpriseServices.ni.dll
MOD - [2012/06/19 20:55:54 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad18f93fc713db2c4b29b25116c13bd8\System.Transactions.ni.dll
MOD - [2012/06/19 20:55:53 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\1e85062785e286cd9eae9c26d2c61f73\System.Data.ni.dll
MOD - [2012/06/19 20:55:49 | 011,819,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll
MOD - [2012/06/19 20:55:42 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2012/06/19 20:55:30 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2012/06/19 20:55:26 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2012/06/19 20:55:25 | 007,963,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2012/06/19 20:54:39 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2012/06/14 16:39:35 | 013,198,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012/06/14 16:36:44 | 018,019,840 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012/06/14 16:36:31 | 011,522,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012/06/14 16:36:21 | 003,881,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012/06/14 16:36:16 | 001,666,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012/06/02 18:21:35 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012/06/02 18:20:04 | 000,762,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/20 13:39:51 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012/05/09 17:10:09 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 17:07:13 | 007,069,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012/05/09 17:07:10 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012/05/09 17:07:03 | 009,092,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012/05/09 17:06:57 | 014,414,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012/05/01 16:58:02 | 000,115,137 | ---- | M] () -- C:\Users\Ari\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012/03/31 04:38:26 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/03/30 03:23:38 | 000,079,872 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FileService.dll
MOD - [2012/03/30 03:21:48 | 014,144,512 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
MOD - [2012/03/30 03:21:18 | 000,486,912 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
MOD - [2012/03/30 03:21:12 | 000,034,304 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
MOD - [2012/03/29 18:44:34 | 000,022,528 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
MOD - [2012/03/28 22:13:12 | 000,037,376 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\ASF_cSharpAPI.dll
MOD - [2012/03/28 22:12:04 | 000,839,680 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\System.Data.SQLite.dll
MOD - [2012/03/28 22:12:00 | 000,712,704 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\DeviceModules\SHOWDRM_UCC.dll
MOD - [2012/03/28 22:11:58 | 000,237,568 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\DeviceModules\drmcm.dll
MOD - [2012/03/28 22:11:28 | 000,720,896 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\LDBCShConv.dll
MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/01/29 23:30:10 | 000,249,856 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010/01/29 23:30:00 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll
MOD - [2010/01/29 23:29:59 | 000,167,936 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2010/01/29 23:29:56 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010/01/29 23:29:55 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/01/29 23:29:53 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010/01/29 23:20:28 | 000,372,736 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3630.42316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:28 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3630.42335__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/01/29 23:20:28 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3630.42330__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/01/29 23:20:27 | 001,708,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3630.42432__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2010/01/29 23:20:27 | 000,827,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3630.42360__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:27 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3630.42404__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/01/29 23:20:27 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3630.42380__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/01/29 23:20:27 | 000,356,352 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3630.42371__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:27 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3630.42335__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:27 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3630.42403__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:27 | 000,102,400 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3630.42413__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:27 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:27 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3630.42372__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/01/29 23:20:27 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3630.42364__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:27 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3630.42385__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:27 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3630.42324__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3630.42404__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3630.42371__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:27 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3630.42367__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:27 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3630.42427__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:27 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3630.42403__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:27 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3630.42358__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:27 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3630.42325__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:27 | 000,019,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3630.42413__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:27 | 000,013,312 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3630.42432__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:26 | 001,142,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3630.42428__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:26 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3630.42336__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:26 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:26 | 000,372,736 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3630.42354__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:26 | 000,323,584 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3630.42366__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:26 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3630.42340__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010/01/29 23:20:26 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/01/29 23:20:26 | 000,151,552 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/01/29 23:20:26 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3630.42358__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:26 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3630.42364__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3630.42340__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:26 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3630.42359__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:26 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3630.42365__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/01/29 23:20:26 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3622.19962__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/01/29 23:20:26 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3622.19963__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/01/29 23:20:26 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3622.19993__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/01/29 23:20:26 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3622.19964__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3622.19965__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3622.19974__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3622.19966__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3622.19978__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3622.19975__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3622.19967__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3622.19974__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/01/29 23:20:26 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/01/29 23:20:25 | 001,220,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3630.42320__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/01/29 23:20:25 | 000,741,376 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3630.42427__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010/01/29 23:20:25 | 000,565,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3630.42393__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010/01/29 23:20:25 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3630.42329__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/01/29 23:20:25 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3630.42398__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/01/29 23:20:25 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3630.42397__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/01/29 23:20:25 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3630.42314__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3630.42312__90ba9c70f846762e\APM.Server.dll
MOD - [2010/01/29 23:20:25 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3630.42315__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/01/29 23:20:25 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3622.19977__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3622.19970__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3630.42313__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/01/29 23:20:25 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3630.42409__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3622.19967__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/01/29 23:20:25 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3622.19972__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3622.19974__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3622.19977__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3622.19964__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3622.19967__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3622.19968__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3622.19967__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/01/29 23:20:25 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3630.42398__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/01/29 23:20:25 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/01/29 23:20:25 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3630.42313__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/08/31 23:56:04 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/06/10 23:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/04 14:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Start_Pending] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/09 19:14:52 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/10/13 21:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/07/10 01:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] --  -- (aswTdi)
DRV - File not found [File_System | Auto | Stopped] -- aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/04/27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/11 19:25:26 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/07/04 14:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 14:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 14:32:32 | 000,025,432 | ---- | M] () [Kernel | System | Stopped] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 14:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/06/27 01:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/06/02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/06/02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/06/02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010/10/20 14:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files\msi\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2009/12/09 21:39:45 | 005,147,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009/12/09 18:22:19 | 000,121,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/12/09 17:02:47 | 006,229,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd)
DRV - [2009/12/05 03:50:02 | 000,082,128 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009/10/30 00:55:30 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009/10/26 06:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/25 04:13:12 | 000,159,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/09/17 06:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/05/27 00:32:02 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{9606359B-FBEA-4B26-98FB-5C31BB188E00}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com
IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\SearchScopes\{C2880F9E-025D-45DB-9D95-45DA92779E06}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=57b62a2b-5ac0-4585-8fe3-c66f2f30b9fa&apn_sauid=E8923FAA-3A1C-4E85-83F0-C26B603B87CF
IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/17 20:27:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/23 19:31:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/17 20:27:21 | 000,000,000 | ---D | M]
 
[2010/07/02 18:33:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ari\AppData\Roaming\mozilla\Extensions
[2012/06/12 14:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions
[2012/05/26 21:06:28 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com
[2010/06/08 11:29:10 | 000,000,927 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\efouTAgfxqjyLerasJgvL
[2012/05/26 21:06:28 | 000,002,344 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\ounpaeyLUssXDus
[2010/08/23 19:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/11/15 19:09:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/15 15:00:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/05/22 19:56:44 | 000,003,659 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/11/15 14:51:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/15 15:00:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/15 15:00:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/15 15:00:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/15 15:00:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\BootStartLiveupdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D5FA4A3-4169-43CD-B417-D638ADEBE03F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell - "" = AutoRun
O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/19 20:09:05 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2012/06/19 20:08:04 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2012/06/18 12:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/12 15:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/12 15:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/12 15:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/12 15:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/12 14:43:51 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Malwarebytes
[2012/06/12 14:43:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/12 14:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/03 16:31:12 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Xell
[2012/05/26 21:11:52 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Avira
[2012/05/26 21:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/05/26 21:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/05/26 21:04:50 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012/05/26 21:04:50 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012/05/26 21:04:50 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2012/05/26 21:04:50 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012/05/26 21:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/05/26 21:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/05/21 18:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/20 10:53:13 | 000,022,672 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/20 10:53:13 | 000,022,672 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/20 10:52:37 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/06/20 10:52:37 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/06/20 10:52:37 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/06/20 10:52:37 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/06/20 10:41:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/20 10:41:04 | 2552,381,440 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/19 20:47:04 | 000,378,168 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/06/14 14:48:59 | 511,223,463 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/06/13 14:17:54 | 000,000,156 | ---- | M] () -- C:\Users\Ari\defogger_reenable
[2012/06/12 14:06:45 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2012/05/26 21:06:36 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/05/25 13:47:34 | 000,014,033 | ---- | M] () -- C:\Users\Ari\Desktop\LUaVplOssqxGQasfX
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/06/13 14:17:53 | 000,000,156 | ---- | C] () -- C:\Users\Ari\defogger_reenable
[2012/05/26 21:06:36 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/05/17 20:23:52 | 000,181,697 | ---- | C] () -- C:\windows\hpoins28.dat
[2012/05/17 20:23:52 | 000,000,442 | ---- | C] () -- C:\windows\hpomdl28.dat
[2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
[2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
[2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
[2012/03/11 19:56:26 | 000,025,432 | ---- | C] () -- C:\windows\System32\drivers\aswRdr.sys
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
 
========== LOP Check ==========
 
[2012/06/07 19:52:42 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\DAEMON Tools Lite
[2012/05/01 16:57:52 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Samsung
[2010/07/18 16:14:35 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Scan2PDF
[2012/06/12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Xell
[2012/05/21 18:37:25 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/07/03 14:32:02 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Adobe
[2010/08/14 18:53:08 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\ArcSoft
[2010/07/02 15:23:41 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\ATI
[2012/05/26 21:11:52 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Avira
[2012/06/07 19:52:42 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\DAEMON Tools Lite
[2012/05/17 20:38:47 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\HP
[2010/07/02 15:23:23 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Identities
[2010/07/02 18:30:56 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Macromedia
[2012/06/12 14:43:51 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Malwarebytes
[2010/01/29 23:22:42 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Media Center Programs
[2012/06/19 22:30:33 | 000,000,000 | --SD | M] -- C:\Users\Ari\AppData\Roaming\Microsoft
[2010/07/02 18:33:39 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Mozilla
[2012/05/01 16:57:52 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Samsung
[2010/07/18 16:14:35 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Scan2PDF
[2012/06/12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Ari\AppData\Roaming\Xell
 
< %APPDATA%\*.exe /s >
[2012/05/09 14:43:21 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Ari\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x86.exe
[2012/03/31 04:38:30 | 000,371,088 | ---- | M] (ml) -- C:\Users\Ari\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012/05/04 07:37:12 | 000,371,088 | ---- | M] (ml) -- C:\Users\Ari\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/10/13 21:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/10/13 21:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\drivers\iaStor.sys
[2009/10/13 21:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_3f3653f13a033ed4\iaStor.sys
[2009/10/13 21:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/12/09 19:15:49 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\windows\system32\ATIDEMGX.dll

< End of report >
         

Alt 20.06.2012, 13:12   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\..\SearchScopes\{C2880F9E-025D-45DB-9D95-45DA92779E06}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=57b62a2b-5ac0-4585-8fe3-c66f2f30b9fa&apn_sauid=E8923FAA-3A1C-4E85-83F0-C26B603B87CF
IE - HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
FF - user.js - File not found
[2012/05/26 21:06:28 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com
[2010/06/08 11:29:10 | 000,000,927 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\efouTAgfxqjyLerasJgvL
[2012/05/26 21:06:28 | 000,002,344 | ---- | M] () -- C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\ounpaeyLUssXDus
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell - "" = AutoRun
O33 - MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\Shell\AutoRun\command - "" = G:\autorun.exe
[2012/06/03 16:31:12 | 000,000,000 | ---D | C] -- C:\Users\Ari\AppData\Roaming\Xell
:Files
C:\Program Files\Ask.com
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.06.2012, 14:05   #9
McManaman
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



Hier der Inhalt des Logs nachdem Win neu gestartet hat.

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_USERS\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
HKEY_USERS\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C2880F9E-025D-45DB-9D95-45DA92779E06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2880F9E-025D-45DB-9D95-45DA92779E06}\ not found.
HKU\S-1-5-21-2757043832-3823914018-2861295685-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
Folder move failed. C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\defaults scheduled to be moved on reboot.
C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
Folder move failed. C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com scheduled to be moved on reboot.
C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\efouTAgfxqjyLerasJgvL moved successfully.
C:\Users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\searchplugins\ounpaeyLUssXDus moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{808a24fc-6b9d-11e1-8290-4061861e300d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{808a24fc-6b9d-11e1-8290-4061861e300d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{808a24fc-6b9d-11e1-8290-4061861e300d}\ not found.
File G:\autorun.exe not found.
C:\Users\Ari\AppData\Roaming\Xell folder moved successfully.
========== FILES ==========
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Ari
->Temp folder emptied: 1541470152 bytes
->Temporary Internet Files folder emptied: 208109481 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 418502234 bytes
->Flash cache emptied: 119643 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 6 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 168218055 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 18103226 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2,245.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Ari
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.48.0 log created on 06202012_134310

Files\Folders moved on Reboot...
C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Ari\AppData\Roaming\mozilla\Firefox\Profiles\8y344oqn.default\extensions\toolbar@ask.com folder moved successfully.

Registry entries deleted on Reboot...
         

Alt 20.06.2012, 15:25   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.06.2012, 15:46   #11
McManaman
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



Code:
ATTFilter
15:42:14.0357 6132	TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
15:42:16.0369 6132	============================================================
15:42:16.0369 6132	Current date / time: 2012/06/20 15:42:16.0369
15:42:16.0369 6132	SystemInfo:
15:42:16.0369 6132	
15:42:16.0369 6132	OS Version: 6.1.7601 ServicePack: 1.0
15:42:16.0369 6132	Product type: Workstation
15:42:16.0369 6132	ComputerName: ARI-MSI
15:42:16.0369 6132	UserName: Ari
15:42:16.0369 6132	Windows directory: C:\windows
15:42:16.0369 6132	System windows directory: C:\windows
15:42:16.0369 6132	Processor architecture: Intel x86
15:42:16.0369 6132	Number of processors: 4
15:42:16.0369 6132	Page size: 0x1000
15:42:16.0369 6132	Boot type: Normal boot
15:42:16.0369 6132	============================================================
15:42:16.0853 6132	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:42:16.0868 6132	============================================================
15:42:16.0868 6132	\Device\Harddisk0\DR0:
15:42:16.0868 6132	MBR partitions:
15:42:16.0868 6132	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1432800, BlocksNum 0x222C844C
15:42:16.0868 6132	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x236FAC4C, BlocksNum 0x16C8ABE4
15:42:16.0868 6132	============================================================
15:42:16.0899 6132	C: <-> \Device\Harddisk0\DR0\Partition0
15:42:16.0931 6132	D: <-> \Device\Harddisk0\DR0\Partition1
15:42:16.0931 6132	============================================================
15:42:16.0931 6132	Initialize success
15:42:16.0931 6132	============================================================
15:42:34.0730 1004	============================================================
15:42:34.0730 1004	Scan started
15:42:34.0730 1004	Mode: Manual; SigCheck; TDLFS; 
15:42:34.0730 1004	============================================================
15:42:35.0105 1004	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
15:42:35.0214 1004	1394ohci - ok
15:42:35.0339 1004	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:42:35.0370 1004	ACDaemon - ok
15:42:35.0432 1004	ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
15:42:35.0464 1004	ACPI - ok
15:42:35.0495 1004	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
15:42:35.0526 1004	AcpiPmi - ok
15:42:35.0573 1004	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
15:42:35.0604 1004	adp94xx - ok
15:42:35.0635 1004	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
15:42:35.0651 1004	adpahci - ok
15:42:35.0666 1004	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
15:42:35.0682 1004	adpu320 - ok
15:42:35.0713 1004	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
15:42:35.0713 1004	AeLookupSvc - ok
15:42:35.0791 1004	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
15:42:35.0807 1004	AFD - ok
15:42:35.0854 1004	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
15:42:35.0854 1004	agp440 - ok
15:42:35.0900 1004	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
15:42:35.0916 1004	aic78xx - ok
15:42:35.0947 1004	ALG             (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
15:42:35.0963 1004	ALG - ok
15:42:35.0994 1004	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
15:42:36.0025 1004	aliide - ok
15:42:36.0056 1004	AMD External Events Utility (4fca011a5afb252cab7b30ef12a99ce8) C:\windows\system32\atiesrxx.exe
15:42:36.0072 1004	AMD External Events Utility - ok
15:42:36.0103 1004	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
15:42:36.0119 1004	amdagp - ok
15:42:36.0134 1004	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
15:42:36.0150 1004	amdide - ok
15:42:36.0166 1004	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
15:42:36.0181 1004	AmdK8 - ok
15:42:36.0556 1004	amdkmdag        (b0ad0b3ed60d9c60b85731a9e08e27b9) C:\windows\system32\DRIVERS\atipmdag.sys
15:42:36.0618 1004	amdkmdag - ok
15:42:36.0790 1004	amdkmdap        (9c07c155b0e1b0df48fae92f0e6c0761) C:\windows\system32\DRIVERS\atikmpag.sys
15:42:36.0821 1004	amdkmdap - ok
15:42:36.0852 1004	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
15:42:36.0868 1004	AmdPPM - ok
15:42:36.0883 1004	amdsata         (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
15:42:36.0899 1004	amdsata - ok
15:42:36.0930 1004	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
15:42:36.0946 1004	amdsbs - ok
15:42:36.0961 1004	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
15:42:36.0977 1004	amdxata - ok
15:42:37.0055 1004	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:42:37.0070 1004	AntiVirSchedulerService - ok
15:42:37.0102 1004	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:42:37.0102 1004	AntiVirService - ok
15:42:37.0164 1004	AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
15:42:37.0195 1004	AntiVirWebService - ok
15:42:37.0258 1004	AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
15:42:37.0304 1004	AppID - ok
15:42:37.0336 1004	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
15:42:37.0382 1004	AppIDSvc - ok
15:42:37.0398 1004	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
15:42:37.0429 1004	Appinfo - ok
15:42:37.0460 1004	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
15:42:37.0476 1004	arc - ok
15:42:37.0476 1004	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
15:42:37.0492 1004	arcsas - ok
15:42:37.0523 1004	ArcSoftKsUFilter (dfd07f0a36bd4f7e7ad2bc5548213694) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
15:42:37.0538 1004	ArcSoftKsUFilter - ok
15:42:37.0538 1004	aswFsBlk - ok
15:42:37.0601 1004	aswMonFlt       (ff83c93aeee8b0cf4b464ca667a67acd) C:\windows\system32\drivers\aswMonFlt.sys
15:42:37.0616 1004	aswMonFlt - ok
15:42:37.0648 1004	aswRdr          (2fdcfa71d5462effc178fd2e70b301cb) C:\windows\system32\drivers\aswRdr.sys
15:42:37.0648 1004	Suspicious file (Forged): C:\windows\system32\drivers\aswRdr.sys. Real md5: 2fdcfa71d5462effc178fd2e70b301cb, Fake md5: aa96492df3a150bf0741f7d5201e7dd0
15:42:37.0648 1004	aswRdr ( ForgedFile.Multi.Generic ) - warning
15:42:37.0648 1004	aswRdr - detected ForgedFile.Multi.Generic (1)
15:42:37.0694 1004	aswSnx          (17230708a2028cd995656df455f2e303) C:\windows\system32\drivers\aswSnx.sys
15:42:37.0726 1004	aswSnx - ok
15:42:37.0757 1004	aswSP           (dbedd9d43b00630966ef05d2d8d04cee) C:\windows\system32\drivers\aswSP.sys
15:42:37.0772 1004	aswSP - ok
15:42:37.0788 1004	aswTdi - ok
15:42:37.0819 1004	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
15:42:37.0850 1004	AsyncMac - ok
15:42:37.0882 1004	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
15:42:37.0897 1004	atapi - ok
15:42:38.0084 1004	athr            (31cb2740bfdbac1e48e2b7ead38f0d27) C:\windows\system32\DRIVERS\athr.sys
15:42:38.0131 1004	athr - ok
15:42:38.0303 1004	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
15:42:38.0350 1004	AudioEndpointBuilder - ok
15:42:38.0350 1004	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
15:42:38.0381 1004	Audiosrv - ok
15:42:38.0459 1004	avast! Antivirus (d16c826f375a44802bf317982e81a7e2) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:42:38.0474 1004	avast! Antivirus - ok
15:42:38.0552 1004	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\windows\system32\DRIVERS\avgntflt.sys
15:42:38.0584 1004	avgntflt - ok
15:42:38.0599 1004	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\windows\system32\DRIVERS\avipbb.sys
15:42:38.0615 1004	avipbb - ok
15:42:38.0615 1004	avkmgr          (53e56450da16a1a7f0d002f511113f67) C:\windows\system32\DRIVERS\avkmgr.sys
15:42:38.0630 1004	avkmgr - ok
15:42:38.0677 1004	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
15:42:38.0708 1004	AxInstSV - ok
15:42:38.0755 1004	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
15:42:38.0771 1004	b06bdrv - ok
15:42:38.0818 1004	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
15:42:38.0833 1004	b57nd60x - ok
15:42:38.0880 1004	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
15:42:38.0896 1004	BDESVC - ok
15:42:38.0927 1004	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
15:42:38.0958 1004	Beep - ok
15:42:39.0020 1004	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
15:42:39.0067 1004	BFE - ok
15:42:39.0145 1004	BITS            (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
15:42:39.0192 1004	BITS - ok
15:42:39.0223 1004	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
15:42:39.0239 1004	blbdrive - ok
15:42:39.0254 1004	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
15:42:39.0270 1004	bowser - ok
15:42:39.0286 1004	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
15:42:39.0301 1004	BrFiltLo - ok
15:42:39.0317 1004	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
15:42:39.0332 1004	BrFiltUp - ok
15:42:39.0348 1004	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
15:42:39.0379 1004	Browser - ok
15:42:39.0395 1004	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
15:42:39.0410 1004	Brserid - ok
15:42:39.0426 1004	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
15:42:39.0442 1004	BrSerWdm - ok
15:42:39.0457 1004	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
15:42:39.0473 1004	BrUsbMdm - ok
15:42:39.0488 1004	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
15:42:39.0504 1004	BrUsbSer - ok
15:42:39.0535 1004	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
15:42:39.0566 1004	BthEnum - ok
15:42:39.0582 1004	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
15:42:39.0598 1004	BTHMODEM - ok
15:42:39.0629 1004	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
15:42:39.0660 1004	BthPan - ok
15:42:39.0722 1004	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
15:42:39.0816 1004	BTHPORT - ok
15:42:39.0847 1004	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
15:42:39.0910 1004	bthserv - ok
15:42:39.0956 1004	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
15:42:39.0988 1004	BTHUSB - ok
15:42:40.0034 1004	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
15:42:40.0097 1004	cdfs - ok
15:42:40.0144 1004	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
15:42:40.0190 1004	cdrom - ok
15:42:40.0222 1004	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
15:42:40.0284 1004	CertPropSvc - ok
15:42:40.0315 1004	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
15:42:40.0346 1004	circlass - ok
15:42:40.0409 1004	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
15:42:40.0440 1004	CLFS - ok
15:42:40.0502 1004	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:42:40.0534 1004	clr_optimization_v2.0.50727_32 - ok
15:42:40.0627 1004	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:42:40.0643 1004	clr_optimization_v4.0.30319_32 - ok
15:42:40.0674 1004	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
15:42:40.0721 1004	CmBatt - ok
15:42:40.0752 1004	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
15:42:40.0768 1004	cmdide - ok
15:42:40.0814 1004	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
15:42:40.0877 1004	CNG - ok
15:42:40.0908 1004	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
15:42:40.0924 1004	Compbatt - ok
15:42:40.0955 1004	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
15:42:40.0986 1004	CompositeBus - ok
15:42:41.0002 1004	COMSysApp - ok
15:42:41.0033 1004	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
15:42:41.0048 1004	crcdisk - ok
15:42:41.0080 1004	CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
15:42:41.0158 1004	CryptSvc - ok
15:42:41.0220 1004	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
15:42:41.0298 1004	DcomLaunch - ok
15:42:41.0345 1004	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
15:42:41.0407 1004	defragsvc - ok
15:42:41.0454 1004	DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
15:42:41.0532 1004	DfsC - ok
15:42:41.0610 1004	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
15:42:41.0688 1004	Dhcp - ok
15:42:41.0719 1004	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
15:42:41.0766 1004	discache - ok
15:42:41.0813 1004	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
15:42:41.0844 1004	Disk - ok
15:42:41.0891 1004	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
15:42:41.0953 1004	Dnscache - ok
15:42:41.0984 1004	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
15:42:42.0047 1004	dot3svc - ok
15:42:42.0109 1004	Dot4            (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys
15:42:42.0172 1004	Dot4 - ok
15:42:42.0218 1004	Dot4Print       (caefd09b6a6249c53a67d55a9a9fcabf) C:\windows\system32\drivers\Dot4Prt.sys
15:42:42.0265 1004	Dot4Print - ok
15:42:42.0312 1004	dot4usb         (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys
15:42:42.0359 1004	dot4usb - ok
15:42:42.0390 1004	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
15:42:42.0468 1004	DPS - ok
15:42:42.0499 1004	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
15:42:42.0530 1004	drmkaud - ok
15:42:42.0593 1004	dtsoftbus01     (687af6bb383885ff6a64071b189a7f3e) C:\windows\system32\DRIVERS\dtsoftbus01.sys
15:42:42.0608 1004	dtsoftbus01 - ok
15:42:42.0686 1004	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
15:42:42.0749 1004	DXGKrnl - ok
15:42:42.0796 1004	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
15:42:42.0858 1004	EapHost - ok
15:42:43.0123 1004	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
15:42:43.0264 1004	ebdrv - ok
15:42:43.0388 1004	EFS             (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
15:42:43.0451 1004	EFS - ok
15:42:43.0544 1004	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
15:42:43.0669 1004	ehRecvr - ok
15:42:43.0700 1004	ehSched         (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
15:42:43.0778 1004	ehSched - ok
15:42:43.0872 1004	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
15:42:43.0934 1004	elxstor - ok
15:42:43.0966 1004	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
15:42:44.0012 1004	ErrDev - ok
15:42:44.0090 1004	EUCR            (73fafd5a8e5e01302c71b4997ee28bde) C:\windows\system32\DRIVERS\EUCR6SK.SYS
15:42:44.0106 1004	EUCR - ok
15:42:44.0153 1004	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
15:42:44.0246 1004	EventSystem - ok
15:42:44.0293 1004	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
15:42:44.0356 1004	exfat - ok
15:42:44.0371 1004	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
15:42:44.0418 1004	fastfat - ok
15:42:44.0496 1004	Fax             (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
15:42:44.0558 1004	Fax - ok
15:42:44.0605 1004	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
15:42:44.0636 1004	fdc - ok
15:42:44.0683 1004	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
15:42:44.0746 1004	fdPHost - ok
15:42:44.0761 1004	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
15:42:44.0808 1004	FDResPub - ok
15:42:44.0824 1004	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
15:42:44.0839 1004	FileInfo - ok
15:42:44.0839 1004	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
15:42:44.0886 1004	Filetrace - ok
15:42:44.0933 1004	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
15:42:44.0964 1004	flpydisk - ok
15:42:45.0026 1004	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
15:42:45.0042 1004	FltMgr - ok
15:42:45.0120 1004	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
15:42:45.0214 1004	FontCache - ok
15:42:45.0323 1004	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:42:45.0338 1004	FontCache3.0.0.0 - ok
15:42:45.0354 1004	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
15:42:45.0385 1004	FsDepends - ok
15:42:45.0401 1004	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
15:42:45.0416 1004	Fs_Rec - ok
15:42:45.0463 1004	fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
15:42:45.0494 1004	fvevol - ok
15:42:45.0510 1004	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
15:42:45.0526 1004	gagp30kx - ok
15:42:45.0588 1004	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
15:42:45.0666 1004	gpsvc - ok
15:42:45.0666 1004	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
15:42:45.0713 1004	hcw85cir - ok
15:42:45.0775 1004	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
15:42:45.0838 1004	HdAudAddService - ok
15:42:45.0884 1004	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
15:42:45.0931 1004	HDAudBus - ok
15:42:45.0978 1004	HECI            (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
15:42:46.0025 1004	HECI - ok
15:42:46.0025 1004	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
15:42:46.0072 1004	HidBatt - ok
15:42:46.0087 1004	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
15:42:46.0118 1004	HidBth - ok
15:42:46.0150 1004	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
15:42:46.0196 1004	HidIr - ok
15:42:46.0228 1004	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
15:42:46.0306 1004	hidserv - ok
15:42:46.0337 1004	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
15:42:46.0384 1004	HidUsb - ok
15:42:46.0415 1004	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
15:42:46.0462 1004	hkmsvc - ok
15:42:46.0493 1004	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
15:42:46.0571 1004	HomeGroupListener - ok
15:42:46.0618 1004	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
15:42:46.0664 1004	HomeGroupProvider - ok
15:42:46.0820 1004	hpqcxs08        (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:42:46.0852 1004	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
15:42:46.0852 1004	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
15:42:46.0898 1004	hpqddsvc        (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:42:46.0930 1004	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
15:42:46.0930 1004	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
15:42:46.0992 1004	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
15:42:47.0008 1004	HpSAMD - ok
15:42:47.0086 1004	HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
15:42:47.0132 1004	HTTP - ok
15:42:47.0164 1004	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
15:42:47.0179 1004	hwpolicy - ok
15:42:47.0210 1004	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
15:42:47.0257 1004	i8042prt - ok
15:42:47.0351 1004	IAANTMON        (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:42:47.0382 1004	IAANTMON - ok
15:42:47.0413 1004	iaStor          (0baa4115dfffd6a6d809a89d65e1281a) C:\windows\system32\DRIVERS\iaStor.sys
15:42:47.0444 1004	iaStor - ok
15:42:47.0507 1004	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
15:42:47.0538 1004	iaStorV - ok
15:42:47.0647 1004	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:42:47.0756 1004	idsvc - ok
15:42:47.0881 1004	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
15:42:47.0912 1004	iirsp - ok
15:42:48.0006 1004	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
15:42:48.0068 1004	IKEEXT - ok
15:42:48.0146 1004	Impcd           (2db41ba61d5e44d0667cf126d35dcf34) C:\windows\system32\DRIVERS\Impcd.sys
15:42:48.0193 1004	Impcd - ok
15:42:48.0474 1004	IntcAzAudAddService (97fa95e4f486f37d60ad3744d86f3d7e) C:\windows\system32\drivers\RTKVHDA.sys
15:42:48.0614 1004	IntcAzAudAddService - ok
15:42:48.0786 1004	IntcDAud        (29061f25abb6e60a5b49fbeed7a5698a) C:\windows\system32\DRIVERS\IntcDAud.sys
15:42:48.0864 1004	IntcDAud - ok
15:42:48.0895 1004	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
15:42:48.0911 1004	intelide - ok
15:42:49.0394 1004	intelkmd        (faf70667be6d1e1ffbacc8d4fc15d645) C:\windows\system32\DRIVERS\igdpmd32.sys
15:42:49.0597 1004	intelkmd - ok
15:42:49.0769 1004	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
15:42:49.0816 1004	intelppm - ok
15:42:49.0847 1004	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
15:42:49.0909 1004	IPBusEnum - ok
15:42:49.0909 1004	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:42:49.0940 1004	IpFilterDriver - ok
15:42:50.0018 1004	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
15:42:50.0096 1004	iphlpsvc - ok
15:42:50.0128 1004	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
15:42:50.0159 1004	IPMIDRV - ok
15:42:50.0206 1004	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
15:42:50.0237 1004	IPNAT - ok
15:42:50.0268 1004	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
15:42:50.0330 1004	IRENUM - ok
15:42:50.0346 1004	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
15:42:50.0362 1004	isapnp - ok
15:42:50.0408 1004	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
15:42:50.0440 1004	iScsiPrt - ok
15:42:50.0471 1004	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
15:42:50.0486 1004	kbdclass - ok
15:42:50.0502 1004	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
15:42:50.0518 1004	kbdhid - ok
15:42:50.0549 1004	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:42:50.0564 1004	KeyIso - ok
15:42:50.0580 1004	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
15:42:50.0596 1004	KSecDD - ok
15:42:50.0627 1004	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
15:42:50.0658 1004	KSecPkg - ok
15:42:50.0705 1004	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
15:42:50.0783 1004	KtmRm - ok
15:42:50.0861 1004	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
15:42:50.0923 1004	LanmanServer - ok
15:42:50.0954 1004	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
15:42:51.0017 1004	LanmanWorkstation - ok
15:42:51.0064 1004	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
15:42:51.0126 1004	lltdio - ok
15:42:51.0173 1004	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
15:42:51.0251 1004	lltdsvc - ok
15:42:51.0266 1004	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
15:42:51.0313 1004	lmhosts - ok
15:42:51.0438 1004	LMS             (7485fbcef9136f530953575e2977859d) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:42:51.0469 1004	LMS - ok
15:42:51.0500 1004	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
15:42:51.0516 1004	LSI_FC - ok
15:42:51.0532 1004	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
15:42:51.0547 1004	LSI_SAS - ok
15:42:51.0563 1004	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
15:42:51.0563 1004	LSI_SAS2 - ok
15:42:51.0578 1004	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
15:42:51.0594 1004	LSI_SCSI - ok
15:42:51.0610 1004	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
15:42:51.0656 1004	luafv - ok
15:42:51.0688 1004	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
15:42:51.0688 1004	MBAMProtector - ok
15:42:51.0781 1004	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:42:51.0828 1004	MBAMService - ok
15:42:51.0859 1004	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
15:42:51.0890 1004	Mcx2Svc - ok
15:42:51.0906 1004	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
15:42:51.0922 1004	megasas - ok
15:42:51.0953 1004	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
15:42:51.0984 1004	MegaSR - ok
15:42:52.0046 1004	Micro Star SCM  (71c6748ee8de938532057ef10b4b7e44) C:\Program Files\System Control Manager\MSIService.exe
15:42:52.0078 1004	Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
15:42:52.0078 1004	Micro Star SCM - detected UnsignedFile.Multi.Generic (1)
15:42:52.0124 1004	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
15:42:52.0187 1004	MMCSS - ok
15:42:52.0218 1004	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
15:42:52.0265 1004	Modem - ok
15:42:52.0265 1004	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
15:42:52.0280 1004	monitor - ok
15:42:52.0327 1004	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
15:42:52.0343 1004	mouclass - ok
15:42:52.0374 1004	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
15:42:52.0405 1004	mouhid - ok
15:42:52.0452 1004	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
15:42:52.0468 1004	mountmgr - ok
15:42:52.0499 1004	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
15:42:52.0514 1004	mpio - ok
15:42:52.0546 1004	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
15:42:52.0608 1004	mpsdrv - ok
15:42:52.0670 1004	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
15:42:52.0748 1004	MpsSvc - ok
15:42:52.0795 1004	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
15:42:52.0858 1004	MRxDAV - ok
15:42:52.0889 1004	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
15:42:52.0920 1004	mrxsmb - ok
15:42:52.0951 1004	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:42:52.0998 1004	mrxsmb10 - ok
15:42:53.0029 1004	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:42:53.0076 1004	mrxsmb20 - ok
15:42:53.0092 1004	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
15:42:53.0123 1004	msahci - ok
15:42:53.0138 1004	msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
15:42:53.0154 1004	msdsm - ok
15:42:53.0185 1004	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
15:42:53.0263 1004	MSDTC - ok
15:42:53.0310 1004	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
15:42:53.0388 1004	Msfs - ok
15:42:53.0404 1004	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
15:42:53.0450 1004	mshidkmdf - ok
15:42:53.0482 1004	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
15:42:53.0497 1004	msisadrv - ok
15:42:53.0528 1004	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
15:42:53.0575 1004	MSiSCSI - ok
15:42:53.0575 1004	msiserver - ok
15:42:53.0684 1004	MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\Program Files\MSI\Live Update 5\msibios32_100507.sys
15:42:53.0716 1004	MSI_MSIBIOS_010507 - ok
15:42:53.0731 1004	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
15:42:53.0794 1004	MSKSSRV - ok
15:42:53.0809 1004	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
15:42:53.0856 1004	MSPCLOCK - ok
15:42:53.0872 1004	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
15:42:53.0950 1004	MSPQM - ok
15:42:53.0996 1004	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
15:42:54.0012 1004	MsRPC - ok
15:42:54.0043 1004	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
15:42:54.0059 1004	mssmbios - ok
15:42:54.0074 1004	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
15:42:54.0106 1004	MSTEE - ok
15:42:54.0137 1004	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
15:42:54.0152 1004	MTConfig - ok
15:42:54.0184 1004	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
15:42:54.0199 1004	Mup - ok
15:42:54.0230 1004	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
15:42:54.0308 1004	napagent - ok
15:42:54.0386 1004	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
15:42:54.0433 1004	NativeWifiP - ok
15:42:54.0511 1004	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
15:42:54.0542 1004	NDIS - ok
15:42:54.0574 1004	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
15:42:54.0636 1004	NdisCap - ok
15:42:54.0667 1004	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
15:42:54.0698 1004	NdisTapi - ok
15:42:54.0714 1004	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
15:42:54.0745 1004	Ndisuio - ok
15:42:54.0776 1004	NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
15:42:54.0839 1004	NdisWan - ok
15:42:54.0870 1004	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
15:42:54.0932 1004	NDProxy - ok
15:42:54.0979 1004	Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\windows\system32\HPZinw12.dll
15:42:55.0010 1004	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:42:55.0010 1004	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:42:55.0042 1004	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
15:42:55.0104 1004	NetBIOS - ok
15:42:55.0151 1004	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
15:42:55.0229 1004	NetBT - ok
15:42:55.0260 1004	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:42:55.0276 1004	Netlogon - ok
15:42:55.0322 1004	Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
15:42:55.0385 1004	Netman - ok
15:42:55.0416 1004	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
15:42:55.0478 1004	netprofm - ok
15:42:55.0556 1004	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:42:55.0603 1004	NetTcpPortSharing - ok
15:42:55.0650 1004	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
15:42:55.0666 1004	nfrd960 - ok
15:42:55.0728 1004	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
15:42:55.0775 1004	NlaSvc - ok
15:42:55.0790 1004	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
15:42:55.0822 1004	Npfs - ok
15:42:55.0853 1004	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
15:42:55.0900 1004	nsi - ok
15:42:55.0931 1004	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
15:42:55.0978 1004	nsiproxy - ok
15:42:56.0102 1004	Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
15:42:56.0180 1004	Ntfs - ok
15:42:56.0274 1004	NTIOLib_1_0_4   (cd2166c9511d336a058cde91778aaa69) C:\Program Files\msi\Live Update 5\NTIOLib.sys
15:42:56.0290 1004	NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - warning
15:42:56.0290 1004	NTIOLib_1_0_4 - detected UnsignedFile.Multi.Generic (1)
15:42:56.0414 1004	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
15:42:56.0477 1004	Null - ok
15:42:56.0524 1004	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
15:42:56.0570 1004	nvraid - ok
15:42:56.0586 1004	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
15:42:56.0602 1004	nvstor - ok
15:42:56.0633 1004	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
15:42:56.0664 1004	nv_agp - ok
15:42:56.0695 1004	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
15:42:56.0742 1004	ohci1394 - ok
15:42:56.0836 1004	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:42:56.0851 1004	ose - ok
15:42:57.0226 1004	osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:42:57.0397 1004	osppsvc - ok
15:42:57.0413 1004	Scan interrupted by user!
15:42:57.0413 1004	Scan interrupted by user!
15:42:57.0413 1004	Scan interrupted by user!
15:42:57.0413 1004	============================================================
15:42:57.0413 1004	Scan finished
15:42:57.0413 1004	============================================================
15:42:57.0413 5292	Detected object count: 6
15:42:57.0413 5292	Actual detected object count: 6
15:42:59.0940 5292	aswRdr ( ForgedFile.Multi.Generic ) - skipped by user
15:42:59.0940 5292	aswRdr ( ForgedFile.Multi.Generic ) - User select action: Skip 
15:42:59.0940 5292	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:59.0940 5292	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:42:59.0940 5292	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:59.0940 5292	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:42:59.0956 5292	Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:59.0956 5292	Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:42:59.0956 5292	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:59.0956 5292	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:42:59.0956 5292	NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - skipped by user
15:42:59.0956 5292	NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:43:21.0109 0188	============================================================
15:43:21.0109 0188	Scan started
15:43:21.0109 0188	Mode: Manual; SigCheck; TDLFS; 
15:43:21.0109 0188	============================================================
15:43:21.0390 0188	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
15:43:21.0421 0188	1394ohci - ok
15:43:21.0499 0188	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:43:21.0515 0188	ACDaemon - ok
15:43:21.0562 0188	ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
15:43:21.0593 0188	ACPI - ok
15:43:21.0624 0188	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
15:43:21.0640 0188	AcpiPmi - ok
15:43:21.0686 0188	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
15:43:21.0702 0188	adp94xx - ok
15:43:21.0733 0188	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
15:43:21.0749 0188	adpahci - ok
15:43:21.0764 0188	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
15:43:21.0764 0188	adpu320 - ok
15:43:21.0811 0188	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
15:43:21.0827 0188	AeLookupSvc - ok
15:43:21.0874 0188	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
15:43:21.0889 0188	AFD - ok
15:43:21.0920 0188	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
15:43:21.0936 0188	agp440 - ok
15:43:21.0952 0188	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
15:43:21.0967 0188	aic78xx - ok
15:43:21.0998 0188	ALG             (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
15:43:22.0014 0188	ALG - ok
15:43:22.0045 0188	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
15:43:22.0045 0188	aliide - ok
15:43:22.0076 0188	AMD External Events Utility (4fca011a5afb252cab7b30ef12a99ce8) C:\windows\system32\atiesrxx.exe
15:43:22.0092 0188	AMD External Events Utility - ok
15:43:22.0108 0188	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
15:43:22.0123 0188	amdagp - ok
15:43:22.0123 0188	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
15:43:22.0139 0188	amdide - ok
15:43:22.0154 0188	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
15:43:22.0170 0188	AmdK8 - ok
15:43:22.0529 0188	amdkmdag        (b0ad0b3ed60d9c60b85731a9e08e27b9) C:\windows\system32\DRIVERS\atipmdag.sys
15:43:22.0607 0188	amdkmdag - ok
15:43:22.0716 0188	amdkmdap        (9c07c155b0e1b0df48fae92f0e6c0761) C:\windows\system32\DRIVERS\atikmpag.sys
15:43:22.0747 0188	amdkmdap - ok
15:43:22.0763 0188	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
15:43:22.0778 0188	AmdPPM - ok
15:43:22.0810 0188	amdsata         (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
15:43:22.0810 0188	amdsata - ok
15:43:22.0841 0188	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
15:43:22.0856 0188	amdsbs - ok
15:43:22.0872 0188	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
15:43:22.0888 0188	amdxata - ok
15:43:22.0934 0188	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:43:22.0966 0188	AntiVirSchedulerService - ok
15:43:22.0981 0188	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:43:22.0997 0188	AntiVirService - ok
15:43:23.0028 0188	AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
15:43:23.0059 0188	AntiVirWebService - ok
15:43:23.0075 0188	AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
15:43:23.0122 0188	AppID - ok
15:43:23.0153 0188	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
15:43:23.0184 0188	AppIDSvc - ok
15:43:23.0200 0188	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
15:43:23.0231 0188	Appinfo - ok
15:43:23.0246 0188	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
15:43:23.0262 0188	arc - ok
15:43:23.0278 0188	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
15:43:23.0278 0188	arcsas - ok
15:43:23.0309 0188	ArcSoftKsUFilter (dfd07f0a36bd4f7e7ad2bc5548213694) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
15:43:23.0309 0188	ArcSoftKsUFilter - ok
15:43:23.0309 0188	aswFsBlk - ok
15:43:23.0340 0188	aswMonFlt       (ff83c93aeee8b0cf4b464ca667a67acd) C:\windows\system32\drivers\aswMonFlt.sys
15:43:23.0356 0188	aswMonFlt - ok
15:43:23.0371 0188	aswRdr          (2fdcfa71d5462effc178fd2e70b301cb) C:\windows\system32\drivers\aswRdr.sys
15:43:23.0371 0188	Suspicious file (Forged): C:\windows\system32\drivers\aswRdr.sys. Real md5: 2fdcfa71d5462effc178fd2e70b301cb, Fake md5: aa96492df3a150bf0741f7d5201e7dd0
15:43:23.0371 0188	aswRdr ( ForgedFile.Multi.Generic ) - warning
15:43:23.0371 0188	aswRdr - detected ForgedFile.Multi.Generic (1)
15:43:23.0402 0188	aswSnx          (17230708a2028cd995656df455f2e303) C:\windows\system32\drivers\aswSnx.sys
15:43:23.0434 0188	aswSnx - ok
15:43:23.0480 0188	aswSP           (dbedd9d43b00630966ef05d2d8d04cee) C:\windows\system32\drivers\aswSP.sys
15:43:23.0496 0188	aswSP - ok
15:43:23.0496 0188	aswTdi - ok
15:43:23.0512 0188	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
15:43:23.0543 0188	AsyncMac - ok
15:43:23.0574 0188	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
15:43:23.0574 0188	atapi - ok
15:43:23.0761 0188	athr            (31cb2740bfdbac1e48e2b7ead38f0d27) C:\windows\system32\DRIVERS\athr.sys
15:43:23.0808 0188	athr - ok
15:43:23.0933 0188	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
15:43:23.0995 0188	AudioEndpointBuilder - ok
15:43:23.0995 0188	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
15:43:24.0026 0188	Audiosrv - ok
15:43:24.0104 0188	avast! Antivirus (d16c826f375a44802bf317982e81a7e2) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:43:24.0120 0188	avast! Antivirus - ok
15:43:24.0167 0188	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\windows\system32\DRIVERS\avgntflt.sys
15:43:24.0198 0188	avgntflt - ok
15:43:24.0214 0188	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\windows\system32\DRIVERS\avipbb.sys
15:43:24.0245 0188	avipbb - ok
15:43:24.0260 0188	avkmgr          (53e56450da16a1a7f0d002f511113f67) C:\windows\system32\DRIVERS\avkmgr.sys
15:43:24.0276 0188	avkmgr - ok
15:43:24.0307 0188	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
15:43:24.0323 0188	AxInstSV - ok
15:43:24.0385 0188	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
15:43:24.0416 0188	b06bdrv - ok
15:43:24.0448 0188	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
15:43:24.0463 0188	b57nd60x - ok
15:43:24.0479 0188	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
15:43:24.0510 0188	BDESVC - ok
15:43:24.0510 0188	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
15:43:24.0541 0188	Beep - ok
15:43:24.0588 0188	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
15:43:24.0635 0188	BFE - ok
15:43:24.0697 0188	BITS            (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
15:43:24.0744 0188	BITS - ok
15:43:24.0760 0188	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
15:43:24.0760 0188	blbdrive - ok
15:43:24.0791 0188	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
15:43:24.0806 0188	bowser - ok
15:43:24.0806 0188	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
15:43:24.0822 0188	BrFiltLo - ok
15:43:24.0838 0188	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
15:43:24.0853 0188	BrFiltUp - ok
15:43:24.0869 0188	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
15:43:24.0900 0188	Browser - ok
15:43:24.0916 0188	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
15:43:24.0931 0188	Brserid - ok
15:43:24.0947 0188	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
15:43:24.0962 0188	BrSerWdm - ok
15:43:24.0962 0188	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
15:43:24.0978 0188	BrUsbMdm - ok
15:43:24.0994 0188	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
15:43:25.0009 0188	BrUsbSer - ok
15:43:25.0025 0188	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
15:43:25.0040 0188	BthEnum - ok
15:43:25.0040 0188	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
15:43:25.0056 0188	BTHMODEM - ok
15:43:25.0072 0188	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
15:43:25.0087 0188	BthPan - ok
15:43:25.0134 0188	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
15:43:25.0150 0188	BTHPORT - ok
15:43:25.0181 0188	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
15:43:25.0212 0188	bthserv - ok
15:43:25.0228 0188	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
15:43:25.0243 0188	BTHUSB - ok
15:43:25.0259 0188	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
15:43:25.0290 0188	cdfs - ok
15:43:25.0321 0188	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
15:43:25.0337 0188	cdrom - ok
15:43:25.0352 0188	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
15:43:25.0368 0188	CertPropSvc - ok
15:43:25.0384 0188	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
15:43:25.0399 0188	circlass - ok
15:43:25.0477 0188	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
15:43:25.0493 0188	CLFS - ok
15:43:25.0555 0188	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:43:25.0571 0188	clr_optimization_v2.0.50727_32 - ok
15:43:25.0649 0188	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:43:25.0664 0188	clr_optimization_v4.0.30319_32 - ok
15:43:25.0680 0188	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
15:43:25.0711 0188	CmBatt - ok
15:43:25.0727 0188	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
15:43:25.0742 0188	cmdide - ok
15:43:25.0789 0188	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
15:43:25.0836 0188	CNG - ok
15:43:25.0836 0188	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
15:43:25.0836 0188	Compbatt - ok
15:43:25.0852 0188	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
15:43:25.0867 0188	CompositeBus - ok
15:43:25.0867 0188	COMSysApp - ok
15:43:25.0898 0188	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
15:43:25.0914 0188	crcdisk - ok
15:43:25.0930 0188	CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
15:43:25.0945 0188	CryptSvc - ok
15:43:25.0992 0188	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
15:43:26.0023 0188	DcomLaunch - ok
15:43:26.0070 0188	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
15:43:26.0117 0188	defragsvc - ok
15:43:26.0132 0188	DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
15:43:26.0164 0188	DfsC - ok
15:43:26.0195 0188	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
15:43:26.0226 0188	Dhcp - ok
15:43:26.0257 0188	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
15:43:26.0288 0188	discache - ok
15:43:26.0320 0188	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
15:43:26.0320 0188	Disk - ok
15:43:26.0351 0188	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
15:43:26.0366 0188	Dnscache - ok
15:43:26.0398 0188	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
15:43:26.0429 0188	dot3svc - ok
15:43:26.0460 0188	Dot4            (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys
15:43:26.0476 0188	Dot4 - ok
15:43:26.0491 0188	Dot4Print       (caefd09b6a6249c53a67d55a9a9fcabf) C:\windows\system32\drivers\Dot4Prt.sys
15:43:26.0507 0188	Dot4Print - ok
15:43:26.0538 0188	dot4usb         (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys
15:43:26.0554 0188	dot4usb - ok
15:43:26.0585 0188	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
15:43:26.0616 0188	DPS - ok
15:43:26.0616 0188	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
15:43:26.0632 0188	drmkaud - ok
15:43:26.0678 0188	dtsoftbus01     (687af6bb383885ff6a64071b189a7f3e) C:\windows\system32\DRIVERS\dtsoftbus01.sys
15:43:26.0710 0188	dtsoftbus01 - ok
15:43:26.0788 0188	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
15:43:26.0803 0188	DXGKrnl - ok
15:43:26.0834 0188	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
15:43:26.0866 0188	EapHost - ok
15:43:27.0100 0188	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
15:43:27.0146 0188	ebdrv - ok
15:43:27.0256 0188	EFS             (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
15:43:27.0287 0188	EFS - ok
15:43:27.0365 0188	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
15:43:27.0396 0188	ehRecvr - ok
15:43:27.0427 0188	ehSched         (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
15:43:27.0458 0188	ehSched - ok
15:43:27.0536 0188	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
15:43:27.0583 0188	elxstor - ok
15:43:27.0614 0188	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
15:43:27.0630 0188	ErrDev - ok
15:43:27.0630 0188	EUCR            (73fafd5a8e5e01302c71b4997ee28bde) C:\windows\system32\DRIVERS\EUCR6SK.SYS
15:43:27.0646 0188	EUCR - ok
15:43:27.0692 0188	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
15:43:27.0724 0188	EventSystem - ok
15:43:27.0739 0188	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
15:43:27.0770 0188	exfat - ok
15:43:27.0770 0188	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
15:43:27.0802 0188	fastfat - ok
15:43:27.0880 0188	Fax             (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
15:43:27.0911 0188	Fax - ok
15:43:27.0942 0188	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
15:43:27.0942 0188	fdc - ok
15:43:27.0958 0188	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
15:43:27.0989 0188	fdPHost - ok
15:43:28.0020 0188	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
15:43:28.0051 0188	FDResPub - ok
15:43:28.0051 0188	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
15:43:28.0067 0188	FileInfo - ok
15:43:28.0067 0188	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
15:43:28.0098 0188	Filetrace - ok
15:43:28.0098 0188	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
15:43:28.0114 0188	flpydisk - ok
15:43:28.0129 0188	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
15:43:28.0145 0188	FltMgr - ok
15:43:28.0254 0188	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
15:43:28.0285 0188	FontCache - ok
15:43:28.0363 0188	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:43:28.0379 0188	FontCache3.0.0.0 - ok
15:43:28.0394 0188	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
15:43:28.0410 0188	FsDepends - ok
15:43:28.0426 0188	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
15:43:28.0441 0188	Fs_Rec - ok
15:43:28.0472 0188	fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
15:43:28.0504 0188	fvevol - ok
15:43:28.0504 0188	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
15:43:28.0519 0188	gagp30kx - ok
15:43:28.0566 0188	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
15:43:28.0613 0188	gpsvc - ok
15:43:28.0613 0188	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
15:43:28.0628 0188	hcw85cir - ok
15:43:28.0675 0188	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
15:43:28.0691 0188	HdAudAddService - ok
15:43:28.0706 0188	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
15:43:28.0722 0188	HDAudBus - ok
15:43:28.0738 0188	HECI            (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
15:43:28.0753 0188	HECI - ok
15:43:28.0753 0188	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
15:43:28.0769 0188	HidBatt - ok
15:43:28.0784 0188	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
15:43:28.0800 0188	HidBth - ok
15:43:28.0800 0188	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
15:43:28.0816 0188	HidIr - ok
15:43:28.0847 0188	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
15:43:28.0878 0188	hidserv - ok
15:43:28.0894 0188	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
15:43:28.0909 0188	HidUsb - ok
15:43:28.0940 0188	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
15:43:28.0972 0188	hkmsvc - ok
15:43:28.0987 0188	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
15:43:29.0003 0188	HomeGroupListener - ok
15:43:29.0034 0188	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
15:43:29.0050 0188	HomeGroupProvider - ok
15:43:29.0190 0188	hpqcxs08        (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:43:29.0190 0188	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
15:43:29.0190 0188	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
15:43:29.0221 0188	hpqddsvc        (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:43:29.0221 0188	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
15:43:29.0221 0188	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
15:43:29.0252 0188	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
15:43:29.0268 0188	HpSAMD - ok
15:43:29.0330 0188	HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
15:43:29.0362 0188	HTTP - ok
15:43:29.0377 0188	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
15:43:29.0393 0188	hwpolicy - ok
15:43:29.0408 0188	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
15:43:29.0424 0188	i8042prt - ok
15:43:29.0502 0188	IAANTMON        (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:43:29.0533 0188	IAANTMON - ok
15:43:29.0564 0188	iaStor          (0baa4115dfffd6a6d809a89d65e1281a) C:\windows\system32\DRIVERS\iaStor.sys
15:43:29.0596 0188	iaStor - ok
15:43:29.0642 0188	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
15:43:29.0658 0188	iaStorV - ok
15:43:29.0767 0188	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:43:29.0798 0188	idsvc - ok
15:43:29.0908 0188	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
15:43:29.0939 0188	iirsp - ok
15:43:30.0001 0188	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
15:43:30.0064 0188	IKEEXT - ok
15:43:30.0079 0188	Impcd           (2db41ba61d5e44d0667cf126d35dcf34) C:\windows\system32\DRIVERS\Impcd.sys
15:43:30.0079 0188	Impcd - ok
15:43:30.0313 0188	IntcAzAudAddService (97fa95e4f486f37d60ad3744d86f3d7e) C:\windows\system32\drivers\RTKVHDA.sys
15:43:30.0376 0188	IntcAzAudAddService - ok
15:43:30.0516 0188	IntcDAud        (29061f25abb6e60a5b49fbeed7a5698a) C:\windows\system32\DRIVERS\IntcDAud.sys
15:43:30.0532 0188	IntcDAud - ok
15:43:30.0563 0188	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
15:43:30.0578 0188	intelide - ok
15:43:31.0015 0188	intelkmd        (faf70667be6d1e1ffbacc8d4fc15d645) C:\windows\system32\DRIVERS\igdpmd32.sys
15:43:31.0093 0188	intelkmd - ok
15:43:31.0249 0188	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
15:43:31.0280 0188	intelppm - ok
15:43:31.0312 0188	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
15:43:31.0358 0188	IPBusEnum - ok
15:43:31.0358 0188	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:43:31.0390 0188	IpFilterDriver - ok
15:43:31.0436 0188	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
15:43:31.0468 0188	iphlpsvc - ok
15:43:31.0499 0188	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
15:43:31.0499 0188	IPMIDRV - ok
15:43:31.0530 0188	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
15:43:31.0577 0188	IPNAT - ok
15:43:31.0592 0188	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
15:43:31.0608 0188	IRENUM - ok
15:43:31.0624 0188	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
15:43:31.0639 0188	isapnp - ok
15:43:31.0670 0188	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
15:43:31.0702 0188	iScsiPrt - ok
15:43:31.0717 0188	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
15:43:31.0717 0188	kbdclass - ok
15:43:31.0733 0188	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
15:43:31.0748 0188	kbdhid - ok
15:43:31.0764 0188	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:43:31.0780 0188	KeyIso - ok
15:43:31.0811 0188	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
15:43:31.0826 0188	KSecDD - ok
15:43:31.0842 0188	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
15:43:31.0858 0188	KSecPkg - ok
15:43:31.0904 0188	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
15:43:31.0951 0188	KtmRm - ok
15:43:31.0982 0188	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
15:43:32.0014 0188	LanmanServer - ok
15:43:32.0045 0188	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
15:43:32.0060 0188	LanmanWorkstation - ok
15:43:32.0092 0188	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
15:43:32.0123 0188	lltdio - ok
15:43:32.0154 0188	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
15:43:32.0185 0188	lltdsvc - ok
15:43:32.0201 0188	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
15:43:32.0216 0188	lmhosts - ok
15:43:32.0310 0188	LMS             (7485fbcef9136f530953575e2977859d) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:43:32.0341 0188	LMS - ok
15:43:32.0357 0188	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
15:43:32.0372 0188	LSI_FC - ok
15:43:32.0388 0188	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
15:43:32.0404 0188	LSI_SAS - ok
15:43:32.0419 0188	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
15:43:32.0435 0188	LSI_SAS2 - ok
15:43:32.0435 0188	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
15:43:32.0450 0188	LSI_SCSI - ok
15:43:32.0466 0188	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
15:43:32.0497 0188	luafv - ok
15:43:32.0513 0188	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
15:43:32.0528 0188	MBAMProtector - ok
15:43:32.0622 0188	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:43:32.0653 0188	MBAMService - ok
15:43:32.0669 0188	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
15:43:32.0684 0188	Mcx2Svc - ok
15:43:32.0716 0188	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
15:43:32.0716 0188	megasas - ok
15:43:32.0747 0188	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
15:43:32.0762 0188	MegaSR - ok
15:43:32.0809 0188	Micro Star SCM  (71c6748ee8de938532057ef10b4b7e44) C:\Program Files\System Control Manager\MSIService.exe
15:43:32.0825 0188	Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
15:43:32.0825 0188	Micro Star SCM - detected UnsignedFile.Multi.Generic (1)
15:43:32.0840 0188	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
15:43:32.0887 0188	MMCSS - ok
15:43:32.0903 0188	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
15:43:32.0934 0188	Modem - ok
15:43:32.0934 0188	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
15:43:32.0950 0188	monitor - ok
15:43:32.0981 0188	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
15:43:32.0996 0188	mouclass - ok
15:43:32.0996 0188	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
15:43:33.0012 0188	mouhid - ok
15:43:33.0043 0188	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
15:43:33.0059 0188	mountmgr - ok
15:43:33.0074 0188	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
15:43:33.0090 0188	mpio - ok
15:43:33.0106 0188	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
15:43:33.0137 0188	mpsdrv - ok
15:43:33.0215 0188	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
15:43:33.0262 0188	MpsSvc - ok
15:43:33.0293 0188	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
15:43:33.0308 0188	MRxDAV - ok
15:43:33.0355 0188	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
15:43:33.0371 0188	mrxsmb - ok
15:43:33.0402 0188	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:43:33.0418 0188	mrxsmb10 - ok
15:43:33.0449 0188	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:43:33.0464 0188	mrxsmb20 - ok
15:43:33.0496 0188	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
15:43:33.0511 0188	msahci - ok
15:43:33.0542 0188	msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
15:43:33.0558 0188	msdsm - ok
15:43:33.0589 0188	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
15:43:33.0605 0188	MSDTC - ok
15:43:33.0620 0188	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
15:43:33.0652 0188	Msfs - ok
15:43:33.0667 0188	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
15:43:33.0683 0188	mshidkmdf - ok
15:43:33.0714 0188	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
15:43:33.0730 0188	msisadrv - ok
15:43:33.0761 0188	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
15:43:33.0792 0188	MSiSCSI - ok
15:43:33.0792 0188	msiserver - ok
15:43:33.0870 0188	MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\Program Files\MSI\Live Update 5\msibios32_100507.sys
15:43:33.0886 0188	MSI_MSIBIOS_010507 - ok
15:43:33.0901 0188	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
15:43:33.0948 0188	MSKSSRV - ok
15:43:33.0964 0188	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
15:43:33.0995 0188	MSPCLOCK - ok
15:43:34.0010 0188	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
15:43:34.0026 0188	MSPQM - ok
15:43:34.0057 0188	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
15:43:34.0073 0188	MsRPC - ok
15:43:34.0104 0188	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
15:43:34.0104 0188	mssmbios - ok
15:43:34.0135 0188	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
15:43:34.0166 0188	MSTEE - ok
15:43:34.0166 0188	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
15:43:34.0182 0188	MTConfig - ok
15:43:34.0198 0188	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
15:43:34.0213 0188	Mup - ok
15:43:34.0244 0188	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
15:43:34.0276 0188	napagent - ok
15:43:34.0307 0188	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
15:43:34.0338 0188	NativeWifiP - ok
15:43:34.0400 0188	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
15:43:34.0416 0188	NDIS - ok
15:43:34.0447 0188	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
15:43:34.0478 0188	NdisCap - ok
15:43:34.0478 0188	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
15:43:34.0510 0188	NdisTapi - ok
15:43:34.0525 0188	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
15:43:34.0556 0188	Ndisuio - ok
15:43:34.0588 0188	NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
15:43:34.0603 0188	NdisWan - ok
15:43:34.0634 0188	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
15:43:34.0666 0188	NDProxy - ok
15:43:34.0697 0188	Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\windows\system32\HPZinw12.dll
15:43:34.0697 0188	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:43:34.0697 0188	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:43:34.0712 0188	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
15:43:34.0744 0188	NetBIOS - ok
15:43:34.0790 0188	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
15:43:34.0822 0188	NetBT - ok
15:43:34.0837 0188	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:43:34.0853 0188	Netlogon - ok
15:43:34.0900 0188	Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
15:43:34.0931 0188	Netman - ok
15:43:34.0962 0188	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
15:43:34.0993 0188	netprofm - ok
15:43:35.0056 0188	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:43:35.0087 0188	NetTcpPortSharing - ok
15:43:35.0102 0188	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
15:43:35.0134 0188	nfrd960 - ok
15:43:35.0165 0188	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
15:43:35.0196 0188	NlaSvc - ok
15:43:35.0212 0188	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
15:43:35.0227 0188	Npfs - ok
15:43:35.0258 0188	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
15:43:35.0290 0188	nsi - ok
15:43:35.0305 0188	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
15:43:35.0321 0188	nsiproxy - ok
15:43:35.0414 0188	Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
15:43:35.0461 0188	Ntfs - ok
15:43:35.0524 0188	NTIOLib_1_0_4   (cd2166c9511d336a058cde91778aaa69) C:\Program Files\msi\Live Update 5\NTIOLib.sys
15:43:35.0524 0188	NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - warning
15:43:35.0524 0188	NTIOLib_1_0_4 - detected UnsignedFile.Multi.Generic (1)
15:43:35.0664 0188	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
15:43:35.0695 0188	Null - ok
15:43:35.0726 0188	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
15:43:35.0742 0188	nvraid - ok
15:43:35.0773 0188	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
15:43:35.0789 0188	nvstor - ok
15:43:35.0804 0188	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
15:43:35.0804 0188	nv_agp - ok
15:43:35.0836 0188	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
15:43:35.0851 0188	ohci1394 - ok
15:43:35.0914 0188	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:43:35.0929 0188	ose - ok
15:43:36.0288 0188	osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:43:36.0366 0188	osppsvc - ok
15:43:36.0522 0188	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
15:43:36.0600 0188	p2pimsvc - ok
15:43:36.0631 0188	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
15:43:36.0662 0188	p2psvc - ok
15:43:36.0740 0188	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
15:43:36.0787 0188	Parport - ok
15:43:36.0818 0188	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
15:43:36.0834 0188	partmgr - ok
15:43:36.0850 0188	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
15:43:36.0881 0188	Parvdm - ok
15:43:36.0928 0188	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
15:43:36.0959 0188	PcaSvc - ok
15:43:37.0006 0188	pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
15:43:37.0037 0188	pci - ok
15:43:37.0052 0188	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
15:43:37.0052 0188	pciide - ok
15:43:37.0099 0188	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
15:43:37.0115 0188	pcmcia - ok
15:43:37.0115 0188	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
15:43:37.0130 0188	pcw - ok
15:43:37.0177 0188	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
15:43:37.0271 0188	PEAUTH - ok
15:43:37.0411 0188	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
15:43:37.0474 0188	pla - ok
15:43:37.0614 0188	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
15:43:37.0661 0188	PlugPlay - ok
15:43:37.0723 0188	Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\windows\system32\HPZipm12.dll
15:43:37.0754 0188	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:43:37.0754 0188	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:43:37.0786 0188	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
15:43:37.0801 0188	PNRPAutoReg - ok
15:43:37.0832 0188	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
15:43:37.0864 0188	PNRPsvc - ok
15:43:37.0910 0188	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
15:43:37.0973 0188	PolicyAgent - ok
15:43:38.0004 0188	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
15:43:38.0082 0188	Power - ok
15:43:38.0160 0188	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
15:43:38.0207 0188	PptpMiniport - ok
15:43:38.0222 0188	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
15:43:38.0269 0188	Processor - ok
15:43:38.0300 0188	ProfSvc         (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll
15:43:38.0378 0188	ProfSvc - ok
15:43:38.0410 0188	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:43:38.0425 0188	ProtectedStorage - ok
15:43:38.0456 0188	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
15:43:38.0503 0188	Psched - ok
15:43:38.0612 0188	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
15:43:38.0722 0188	ql2300 - ok
15:43:38.0846 0188	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
15:43:38.0878 0188	ql40xx - ok
15:43:38.0909 0188	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
15:43:38.0940 0188	QWAVE - ok
15:43:38.0940 0188	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
15:43:38.0971 0188	QWAVEdrv - ok
15:43:39.0049 0188	RapiMgr         (8f97d374ad1857e1eed85a79f29a1d3d) C:\windows\WindowsMobile\rapimgr.dll
15:43:39.0080 0188	RapiMgr - ok
15:43:39.0096 0188	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
15:43:39.0143 0188	RasAcd - ok
15:43:39.0190 0188	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
15:43:39.0252 0188	RasAgileVpn - ok
15:43:39.0283 0188	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
15:43:39.0346 0188	RasAuto - ok
15:43:39.0377 0188	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
15:43:39.0439 0188	Rasl2tp - ok
15:43:39.0486 0188	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
15:43:39.0533 0188	RasMan - ok
15:43:39.0548 0188	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
15:43:39.0595 0188	RasPppoe - ok
15:43:39.0626 0188	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
15:43:39.0704 0188	RasSstp - ok
15:43:39.0736 0188	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
15:43:39.0798 0188	rdbss - ok
15:43:39.0845 0188	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
15:43:39.0860 0188	rdpbus - ok
15:43:39.0892 0188	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
15:43:39.0938 0188	RDPCDD - ok
15:43:39.0970 0188	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
15:43:40.0016 0188	RDPENCDD - ok
15:43:40.0032 0188	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
15:43:40.0094 0188	RDPREFMP - ok
15:43:40.0141 0188	RDPWD           (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
15:43:40.0204 0188	RDPWD - ok
15:43:40.0266 0188	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
15:43:40.0282 0188	rdyboost - ok
15:43:40.0313 0188	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
15:43:40.0344 0188	RemoteAccess - ok
15:43:40.0391 0188	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
15:43:40.0453 0188	RemoteRegistry - ok
15:43:40.0500 0188	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
15:43:40.0516 0188	RFCOMM - ok
15:43:40.0547 0188	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
15:43:40.0594 0188	RpcEptMapper - ok
15:43:40.0625 0188	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
15:43:40.0672 0188	RpcLocator - ok
15:43:40.0718 0188	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
15:43:40.0765 0188	RpcSs - ok
15:43:40.0796 0188	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
15:43:40.0874 0188	rspndr - ok
15:43:40.0906 0188	RTHDMIAzAudService (d82223ba9dc7ed479b61be2b521fb6e6) C:\windows\system32\drivers\RtHDMIV.sys
15:43:40.0937 0188	RTHDMIAzAudService - ok
15:43:40.0999 0188	RTL8167         (5283b9a27ff230f2ff70d92451ff409a) C:\windows\system32\DRIVERS\Rt86win7.sys
15:43:41.0030 0188	RTL8167 - ok
15:43:41.0046 0188	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:43:41.0062 0188	SamSs - ok
15:43:41.0093 0188	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
15:43:41.0124 0188	sbp2port - ok
15:43:41.0171 0188	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
15:43:41.0202 0188	SCardSvr - ok
15:43:41.0233 0188	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
15:43:41.0296 0188	scfilter - ok
15:43:41.0389 0188	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
15:43:41.0452 0188	Schedule - ok
15:43:41.0530 0188	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
15:43:41.0576 0188	SCPolicySvc - ok
15:43:41.0608 0188	sdbus           (0328be1c7f1cba23848179f8762e391c) C:\windows\system32\drivers\sdbus.sys
15:43:41.0639 0188	sdbus - ok
15:43:41.0686 0188	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
15:43:41.0748 0188	SDRSVC - ok
15:43:41.0842 0188	SeaPort         (d358e077a0a05d9b12da22d137ee8464) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:43:41.0857 0188	SeaPort - ok
15:43:41.0904 0188	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
15:43:41.0951 0188	secdrv - ok
15:43:41.0966 0188	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
15:43:42.0013 0188	seclogon - ok
15:43:42.0044 0188	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
15:43:42.0091 0188	SENS - ok
15:43:42.0122 0188	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
15:43:42.0169 0188	SensrSvc - ok
15:43:42.0185 0188	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
15:43:42.0232 0188	Serenum - ok
15:43:42.0247 0188	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
15:43:42.0294 0188	Serial - ok
15:43:42.0325 0188	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
15:43:42.0356 0188	sermouse - ok
15:43:42.0403 0188	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
15:43:42.0450 0188	SessionEnv - ok
15:43:42.0466 0188	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
15:43:42.0497 0188	sffdisk - ok
15:43:42.0512 0188	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
15:43:42.0544 0188	sffp_mmc - ok
15:43:42.0559 0188	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
15:43:42.0590 0188	sffp_sd - ok
15:43:42.0637 0188	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
15:43:42.0668 0188	sfloppy - ok
15:43:42.0731 0188	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
15:43:42.0762 0188	SharedAccess - ok
15:43:42.0809 0188	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
15:43:42.0871 0188	ShellHWDetection - ok
15:43:42.0918 0188	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
15:43:42.0934 0188	sisagp - ok
15:43:42.0965 0188	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
15:43:42.0980 0188	SiSRaid2 - ok
15:43:42.0980 0188	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
15:43:42.0996 0188	SiSRaid4 - ok
15:43:43.0012 0188	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
15:43:43.0058 0188	Smb - ok
15:43:43.0152 0188	smserial        (19301c27f3425dc39f6c599f527e507d) C:\windows\system32\DRIVERS\smserial.sys
15:43:43.0246 0188	smserial - ok
15:43:43.0292 0188	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
15:43:43.0308 0188	SNMPTRAP - ok
15:43:43.0308 0188	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
15:43:43.0324 0188	spldr - ok
15:43:43.0370 0188	Spooler         (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
15:43:43.0433 0188	Spooler - ok
15:43:43.0682 0188	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
15:43:43.0760 0188	sppsvc - ok
15:43:43.0901 0188	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
15:43:43.0963 0188	sppuinotify - ok
15:43:44.0026 0188	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
15:43:44.0088 0188	srv - ok
15:43:44.0135 0188	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
15:43:44.0166 0188	srv2 - ok
15:43:44.0197 0188	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
15:43:44.0244 0188	srvnet - ok
15:43:44.0291 0188	ssadbus         (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\windows\system32\DRIVERS\ssadbus.sys
15:43:44.0369 0188	ssadbus - ok
15:43:44.0384 0188	ssadmdfl        (bb2c84a15c765da89fd832b0e73f26ce) C:\windows\system32\DRIVERS\ssadmdfl.sys
15:43:44.0462 0188	ssadmdfl - ok
15:43:44.0494 0188	ssadmdm         (6d0d132ddc6f43eda00dced6d8b1ca31) C:\windows\system32\DRIVERS\ssadmdm.sys
15:43:44.0556 0188	ssadmdm - ok
15:43:44.0603 0188	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
15:43:44.0665 0188	SSDPSRV - ok
15:43:44.0696 0188	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
15:43:44.0712 0188	ssmdrv - ok
15:43:44.0728 0188	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
15:43:44.0774 0188	SstpSvc - ok
15:43:44.0806 0188	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
15:43:44.0821 0188	stexstor - ok
15:43:44.0884 0188	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
15:43:44.0946 0188	StiSvc - ok
15:43:44.0962 0188	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
15:43:44.0977 0188	swenum - ok
15:43:45.0024 0188	swprv           (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
15:43:45.0086 0188	swprv - ok
15:43:45.0196 0188	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
15:43:45.0242 0188	SysMain - ok
15:43:45.0274 0188	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
15:43:45.0305 0188	TabletInputService - ok
15:43:45.0336 0188	TapiSrv         (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
15:43:45.0383 0188	TapiSrv - ok
15:43:45.0398 0188	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
15:43:45.0445 0188	TBS - ok
15:43:45.0601 0188	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
15:43:45.0679 0188	Tcpip - ok
15:43:45.0913 0188	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
15:43:45.0944 0188	TCPIP6 - ok
15:43:46.0069 0188	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
15:43:46.0116 0188	tcpipreg - ok
15:43:46.0163 0188	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
15:43:46.0225 0188	TDPIPE - ok
15:43:46.0241 0188	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
15:43:46.0256 0188	TDTCP - ok
15:43:46.0288 0188	tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
15:43:46.0350 0188	tdx - ok
15:43:46.0397 0188	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
15:43:46.0412 0188	TermDD - ok
15:43:46.0475 0188	TermService     (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
15:43:46.0537 0188	TermService - ok
15:43:46.0568 0188	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
15:43:46.0584 0188	Themes - ok
15:43:46.0615 0188	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
15:43:46.0646 0188	THREADORDER - ok
15:43:46.0678 0188	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
15:43:46.0724 0188	TrkWks - ok
15:43:46.0802 0188	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
15:43:46.0865 0188	TrustedInstaller - ok
15:43:46.0880 0188	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
15:43:46.0927 0188	tssecsrv - ok
15:43:47.0005 0188	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
15:43:47.0068 0188	TsUsbFlt - ok
15:43:47.0114 0188	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
15:43:47.0177 0188	tunnel - ok
15:43:47.0224 0188	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
15:43:47.0239 0188	uagp35 - ok
15:43:47.0270 0188	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
15:43:47.0348 0188	udfs - ok
15:43:47.0380 0188	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
15:43:47.0411 0188	UI0Detect - ok
15:43:47.0442 0188	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
15:43:47.0473 0188	uliagpkx - ok
15:43:47.0489 0188	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
15:43:47.0504 0188	umbus - ok
15:43:47.0536 0188	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
15:43:47.0551 0188	UmPass - ok
15:43:47.0801 0188	UNS             (765f2dd351ba064f657751d8d75e58c0) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:43:47.0894 0188	UNS - ok
15:43:48.0019 0188	upnphost        (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
15:43:48.0097 0188	upnphost - ok
15:43:48.0144 0188	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\drivers\usbccgp.sys
15:43:48.0206 0188	usbccgp - ok
15:43:48.0238 0188	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
15:43:48.0284 0188	usbcir - ok
15:43:48.0331 0188	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
15:43:48.0347 0188	usbehci - ok
15:43:48.0378 0188	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
15:43:48.0440 0188	usbhub - ok
15:43:48.0456 0188	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
15:43:48.0503 0188	usbohci - ok
15:43:48.0534 0188	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
15:43:48.0581 0188	usbprint - ok
15:43:48.0628 0188	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
15:43:48.0659 0188	usbscan - ok
15:43:48.0690 0188	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\windows\system32\drivers\USBSTOR.SYS
15:43:48.0737 0188	USBSTOR - ok
15:43:48.0768 0188	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
15:43:48.0799 0188	usbuhci - ok
15:43:48.0830 0188	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
15:43:48.0908 0188	UxSms - ok
15:43:48.0924 0188	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:43:48.0940 0188	VaultSvc - ok
15:43:48.0971 0188	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
15:43:48.0986 0188	vdrvroot - ok
15:43:49.0033 0188	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
15:43:49.0096 0188	vds - ok
15:43:49.0127 0188	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
15:43:49.0158 0188	vga - ok
15:43:49.0174 0188	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
15:43:49.0189 0188	VgaSave - ok
15:43:49.0236 0188	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
15:43:49.0267 0188	vhdmp - ok
15:43:49.0298 0188	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
15:43:49.0314 0188	viaagp - ok
15:43:49.0345 0188	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
15:43:49.0376 0188	ViaC7 - ok
15:43:49.0423 0188	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
15:43:49.0454 0188	viaide - ok
15:43:49.0470 0188	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
15:43:49.0470 0188	volmgr - ok
15:43:49.0517 0188	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
15:43:49.0579 0188	volmgrx - ok
15:43:49.0626 0188	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
15:43:49.0657 0188	volsnap - ok
15:43:49.0704 0188	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
15:43:49.0735 0188	vsmraid - ok
15:43:49.0829 0188	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
15:43:49.0891 0188	VSS - ok
15:43:49.0907 0188	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
15:43:49.0922 0188	vwifibus - ok
15:43:49.0938 0188	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
15:43:49.0954 0188	vwififlt - ok
15:43:50.0000 0188	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
15:43:50.0016 0188	vwifimp - ok
15:43:50.0063 0188	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
15:43:50.0125 0188	W32Time - ok
15:43:50.0125 0188	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
15:43:50.0156 0188	WacomPen - ok
15:43:50.0203 0188	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
15:43:50.0266 0188	WANARP - ok
15:43:50.0266 0188	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
15:43:50.0297 0188	Wanarpv6 - ok
15:43:50.0422 0188	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
15:43:50.0468 0188	wbengine - ok
15:43:50.0500 0188	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
15:43:50.0515 0188	WbioSrvc - ok
15:43:50.0578 0188	WcesComm        (59e19bd13c3bdb857646b9e436ba27f7) C:\windows\WindowsMobile\wcescomm.dll
15:43:50.0624 0188	WcesComm - ok
15:43:50.0656 0188	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
15:43:50.0687 0188	wcncsvc - ok
15:43:50.0718 0188	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
15:43:50.0780 0188	WcsPlugInService - ok
15:43:50.0858 0188	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
15:43:50.0874 0188	Wd - ok
15:43:50.0905 0188	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
15:43:50.0952 0188	Wdf01000 - ok
15:43:50.0983 0188	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
15:43:51.0077 0188	WdiServiceHost - ok
15:43:51.0077 0188	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
15:43:51.0108 0188	WdiSystemHost - ok
15:43:51.0139 0188	WebClient       (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
15:43:51.0155 0188	WebClient - ok
15:43:51.0186 0188	Wecsvc          (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
15:43:51.0217 0188	Wecsvc - ok
15:43:51.0248 0188	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
15:43:51.0311 0188	wercplsupport - ok
15:43:51.0358 0188	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
15:43:51.0389 0188	WerSvc - ok
15:43:51.0404 0188	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
15:43:51.0467 0188	WfpLwf - ok
15:43:51.0514 0188	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
15:43:51.0529 0188	WIMMount - ok
15:43:51.0623 0188	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:43:51.0716 0188	WinDefend - ok
15:43:51.0732 0188	WinHttpAutoProxySvc - ok
15:43:51.0794 0188	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
15:43:51.0857 0188	Winmgmt - ok
15:43:51.0966 0188	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
15:43:52.0044 0188	WinRM - ok
15:43:52.0153 0188	WINUSB          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\drivers\WinUSB.SYS
15:43:52.0200 0188	WINUSB - ok
15:43:52.0278 0188	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
15:43:52.0340 0188	Wlansvc - ok
15:43:52.0372 0188	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
15:43:52.0418 0188	WmiAcpi - ok
15:43:52.0481 0188	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
15:43:52.0528 0188	wmiApSrv - ok
15:43:52.0684 0188	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:43:52.0762 0188	WMPNetworkSvc - ok
15:43:52.0871 0188	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
15:43:52.0902 0188	WPCSvc - ok
15:43:52.0918 0188	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
15:43:52.0996 0188	WPDBusEnum - ok
15:43:53.0058 0188	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
15:43:53.0120 0188	ws2ifsl - ok
15:43:53.0167 0188	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll
15:43:53.0214 0188	wscsvc - ok
15:43:53.0214 0188	WSearch - ok
15:43:53.0386 0188	wuauserv        (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
15:43:53.0448 0188	wuauserv - ok
15:43:53.0573 0188	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
15:43:53.0651 0188	WudfPf - ok
15:43:53.0713 0188	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
15:43:53.0776 0188	WUDFRd - ok
15:43:53.0807 0188	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
15:43:53.0854 0188	wudfsvc - ok
15:43:53.0900 0188	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
15:43:53.0947 0188	WwanSvc - ok
15:43:53.0994 0188	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:43:54.0415 0188	\Device\Harddisk0\DR0 - ok
15:43:54.0431 0188	Boot (0x1200)   (bcfb390c95a188b4f8ad4d50a950cb4a) \Device\Harddisk0\DR0\Partition0
15:43:54.0431 0188	\Device\Harddisk0\DR0\Partition0 - ok
15:43:54.0462 0188	Boot (0x1200)   (aee078fdf92e36efa5bbf64cd7f46bb9) \Device\Harddisk0\DR0\Partition1
15:43:54.0462 0188	\Device\Harddisk0\DR0\Partition1 - ok
15:43:54.0462 0188	============================================================
15:43:54.0462 0188	Scan finished
15:43:54.0462 0188	============================================================
15:43:54.0478 3272	Detected object count: 7
15:43:54.0478 3272	Actual detected object count: 7
15:50:50.0998 3272	aswRdr ( ForgedFile.Multi.Generic ) - skipped by user
15:50:50.0998 3272	aswRdr ( ForgedFile.Multi.Generic ) - User select action: Skip 
15:50:50.0998 3272	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
15:50:50.0998 3272	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:50:50.0998 3272	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:50:50.0998 3272	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:50:51.0014 3272	Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
15:50:51.0014 3272	Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:50:51.0014 3272	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:50:51.0014 3272	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:50:51.0014 3272	NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - skipped by user
15:50:51.0014 3272	NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:50:51.0014 3272	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:50:51.0014 3272	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 20.06.2012, 16:39   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.06.2012, 13:53   #13
McManaman
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



combofix.txt

Code:
ATTFilter
ComboFix 12-06-21.01 - Ari 21.06.2012   8:56.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3246.1972 [GMT 2:00]
ausgeführt von:: c:\users\Ari\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ari\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\windows\system32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-21 bis 2012-06-21  ))))))))))))))))))))))))))))))
.
.
2012-06-21 07:01 . 2012-06-21 07:13	--------	d-----w-	c:\users\Ari\AppData\Local\temp
2012-06-21 07:01 . 2012-06-21 07:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-19 18:09 . 2012-06-19 18:09	--------	d-----w-	c:\windows\system32\SPReview
2012-06-19 18:08 . 2012-06-19 18:08	--------	d-----w-	c:\windows\system32\EventProviders
2012-06-18 10:58 . 2012-06-18 10:58	--------	d-----w-	c:\program files\ESET
2012-06-14 14:29 . 2012-04-28 03:17	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-14 14:29 . 2012-05-15 01:05	2343936	----a-w-	c:\windows\system32\win32k.sys
2012-06-14 14:29 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\system32\msi.dll
2012-06-14 14:29 . 2012-05-01 04:44	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-06-14 14:29 . 2012-04-26 04:45	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-14 14:29 . 2012-04-26 04:45	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-14 14:29 . 2012-04-26 04:41	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-14 14:29 . 2010-11-20 12:20	28672	----a-w-	c:\windows\system32\profprov.dll
2012-06-14 14:29 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\system32\crypt32.dll
2012-06-14 14:29 . 2012-04-24 04:36	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-14 14:29 . 2012-04-24 04:36	103936	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-12 13:59 . 2012-06-12 13:59	--------	d-----w-	c:\program files\Common Files\Java
2012-06-12 13:58 . 2012-06-12 13:58	--------	d-----w-	c:\program files\Oracle
2012-06-12 13:57 . 2012-04-04 16:47	772504	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-06-12 13:57 . 2012-04-04 16:47	687504	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-12 13:57 . 2012-06-12 13:57	--------	d-----w-	c:\program files\Java
2012-06-12 12:43 . 2012-06-12 12:43	--------	d-----w-	c:\users\Ari\AppData\Roaming\Malwarebytes
2012-06-12 12:43 . 2012-06-12 12:43	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-12 12:43 . 2012-06-12 12:43	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-12 12:43 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-26 19:11 . 2012-05-26 19:11	--------	d-----w-	c:\users\Ari\AppData\Roaming\Avira
2012-05-26 19:04 . 2012-04-27 08:20	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-26 19:04 . 2012-04-24 22:32	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-26 19:04 . 2012-04-16 19:17	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-05-26 19:04 . 2012-05-26 19:06	--------	d-----w-	c:\programdata\Avira
2012-05-26 19:04 . 2012-05-26 19:04	--------	d-----w-	c:\program files\Avira
2012-05-25 11:50 . 2012-05-08 16:40	6737808	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{035046B4-6A7E-45F8-B9C8-99B57B6AC79D}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 18:38 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2012-03-31 04:39 . 2012-05-09 14:32	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 14:32	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-09 14:33	1291632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-28 20:11 . 2012-05-01 14:54	4659712	----a-w-	c:\windows\system32\Redemption.dll
2012-03-28 20:11 . 2012-03-28 20:11	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2012-03-28 20:11 . 2012-03-28 20:11	325552	----a-w-	c:\windows\MASetupCaller.dll
2012-03-28 20:11 . 2012-03-28 20:11	30568	----a-w-	c:\windows\MusiccityDownload.exe
2012-03-28 20:11 . 2012-03-28 20:11	974848	----a-w-	c:\windows\system32\cis-2.4.dll
2012-03-28 20:11 . 2012-03-28 20:11	81920	----a-w-	c:\windows\system32\issacapi_bs-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11	65536	----a-w-	c:\windows\system32\issacapi_pe-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11	57344	----a-w-	c:\windows\system32\MTXSYNCICON.dll
2012-03-28 20:11 . 2012-03-28 20:11	57344	----a-w-	c:\windows\system32\MK_Lyric.dll
2012-03-28 20:11 . 2012-03-28 20:11	57344	----a-w-	c:\windows\system32\issacapi_se-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11	569344	----a-w-	c:\windows\system32\muzdecode.ax
2012-03-28 20:11 . 2012-03-28 20:11	491520	----a-w-	c:\windows\system32\muzapp.dll
2012-03-28 20:11 . 2012-03-28 20:11	49152	----a-w-	c:\windows\system32\MaJGUILib.dll
2012-03-28 20:11 . 2012-03-28 20:11	45320	----a-w-	c:\windows\system32\MAMACExtract.dll
2012-03-28 20:11 . 2012-03-28 20:11	45056	----a-w-	c:\windows\system32\MaXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11	45056	----a-w-	c:\windows\system32\MACXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11	40960	----a-w-	c:\windows\system32\MTTELECHIP.dll
2012-03-28 20:11 . 2012-03-28 20:11	352256	----a-w-	c:\windows\system32\MSLUR71.dll
2012-03-28 20:11 . 2012-03-28 20:11	258048	----a-w-	c:\windows\system32\muzoggsp.ax
2012-03-28 20:11 . 2012-03-28 20:11	245760	----a-w-	c:\windows\system32\MSCLib.dll
2012-03-28 20:11 . 2012-03-28 20:11	24576	----a-w-	c:\windows\system32\MASetupCleaner.exe
2012-03-28 20:11 . 2012-03-28 20:11	200704	----a-w-	c:\windows\system32\muzwmts.dll
2012-03-28 20:11 . 2012-03-28 20:11	155648	----a-w-	c:\windows\system32\MSFLib.dll
2012-03-28 20:11 . 2012-03-28 20:11	143360	----a-w-	c:\windows\system32\3DAudio.ax
2012-03-28 20:11 . 2012-03-28 20:11	135168	----a-w-	c:\windows\system32\muzaf1.dll
2012-03-28 20:11 . 2012-03-28 20:11	131072	----a-w-	c:\windows\system32\muzmpgsp.ax
2012-03-28 20:11 . 2012-03-28 20:11	122880	----a-w-	c:\windows\system32\muzeffect.ax
2012-03-28 20:11 . 2012-03-28 20:11	118784	----a-w-	c:\windows\system32\MaDRM.dll
2012-03-28 20:11 . 2012-03-28 20:11	110592	----a-w-	c:\windows\system32\muzmp4sp.ax
2012-03-28 20:11 . 2012-05-01 14:54	821824	----a-w-	c:\windows\system32\dgderapi.dll
2011-11-15 17:09 . 2010-08-23 17:31	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-03-31 954256]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-31 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-09 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-09 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-09 166424]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-10 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-03 8120864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-12-17 2396160]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-03-31 3521424]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Live Update 5"="c:\program files\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R1 aswSnx;aswSnx; [x]
R2 aswFsBlk;aswFsBlk;aswFsBlk.sys [x]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 82128]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [2010-05-10 25912]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\msi\Live Update 5\NTIOLib.sys [2010-10-20 7680]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 136808]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S1 aswSP;aswSP; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-11 242240]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-09 172032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-12-09 5147136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-12-09 121344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-29 209920]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-12-09 6229504]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ari\AppData\Roaming\Mozilla\Firefox\Profiles\8y344oqn.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Samsung\Kies\External\DeviceModules\DeviceManager.exe
c:\program files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-21  09:15:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-21 07:15
.
Vor Suchlauf: 8 Verzeichnis(se), 241.423.515.648 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 240.780.251.136 Bytes frei
.
- - End Of File - - 1DECD5607A36EDD93B472FCFA9DB38A5
         

Alt 21.06.2012, 15:40   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.06.2012, 15:45   #15
McManaman
 
Windows-Verschlüsselungs-Trojaner auf Win7 - Standard

Windows-Verschlüsselungs-Trojaner auf Win7



Das habe ich ja bereits gemacht. Siehe Beitrag vorher.

Antwort

Themen zu Windows-Verschlüsselungs-Trojaner auf Win7
administrator, anti-malware, appdata, audiodg.exe, autostart, avira searchfree toolbar, branding, bösartige, ccc.exe, code, dateien, dateisystem, daten, device driver, document, erfolgreich, explorer, gelöscht, heuristiks/extra, heuristiks/shuriken, locker, malwarebytes, microsoft, minute, mom.exe, ntdll.dll, quarantäne, registrierung, roaming, searchscopes, software, speicher, test, trojan.fakealert, trojaner, version, version=1.0, win7, windows



Ähnliche Themen: Windows-Verschlüsselungs-Trojaner auf Win7


  1. Hilfe Win7 mit Verschlüsselungs Trojaner mit Dateibezeichnung AaynjEyLjEqnQrJgQNv
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (15)
  2. SUISA-Trojaner (Verschlüsselungs-Trojaner) befall auf HP-Pro-Laptop Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (19)
  3. Windows-Verschlüsselungs-Trojaner unter Windows 7 auf einem MAC
    Log-Analyse und Auswertung - 14.06.2012 (3)
  4. Windows Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (1)
  5. Windows Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (7)
  6. Willkomen bei Windows Update, Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 06.06.2012 (1)
  7. 100€ Windows Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.06.2012 (33)
  8. Windows- Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (10)
  9. Windows Verschlüsselungs-Trojaner / OTL log
    Log-Analyse und Auswertung - 22.05.2012 (6)
  10. windows verschlüsselungs trojaner win7
    Log-Analyse und Auswertung - 20.05.2012 (1)
  11. Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (19)
  12. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  13. Verschlüsselungs-Trojaner Win7
    Plagegeister aller Art und deren Bekämpfung - 03.05.2012 (3)
  14. Windows Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.05.2012 (6)
  15. Windows verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 30.04.2012 (23)
  16. "Willkommen bei Windows Update Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 27.04.2012 (3)
  17. Windows Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 25.04.2012 (1)

Zum Thema Windows-Verschlüsselungs-Trojaner auf Win7 - Hallo, auch wir haben uns den Trojaner eingefangen. System: Windows 7, 32bit-Version Hier die Daten des Scans: Code: Alles auswählen Aufklappen ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.12.03 - Windows-Verschlüsselungs-Trojaner auf Win7...
Archiv
Du betrachtest: Windows-Verschlüsselungs-Trojaner auf Win7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.