Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 30.10.2012, 18:42   #1
latrofina
 
GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt - Standard

GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt



Hallo werter Hilfestellungleistender,

nach Abarbeitung der Anleitung: http://www.trojaner-board.de/69886-a...-beachten.html

hoffen wir auf Hilfe bei der Beseitigung des Störenfriedes.

Es ist der hier (wie wir gelesen haben) wohlbekannte GVU Trojaner.

Hier die logfiles:


Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:48 on 30/10/2012 (******)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         


Code:
ATTFilter
OTL logfile created on: 30.10.2012 14:50:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\******\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 86,41% Memory free
6,07 Gb Paging File | 5,88 Gb Available in Paging File | 96,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 44,73 Gb Free Space | 31,48% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 142,91 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: SCHLEPPTOP | User Name: ****** | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.30 14:29:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -- (McShield)
SRV - [2012.10.28 21:57:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.01.27 00:00:34 | 000,827,456 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Users\******\AppData\Local\Temp\019581~1.EXE -- (0195811351604275mcinstcleanup)
SRV - [2010.03.03 19:14:10 | 000,799,496 | ---- | M] (Interactive Brands Inc.) [Auto | Stopped] -- C:\Program Files\PDF Suite 2010\ConversionService.exe -- (PDF Suite 2010 Service)
SRV - [2009.12.12 00:47:44 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2009.05.04 15:35:00 | 000,163,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.04.22 10:27:12 | 001,129,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.14 01:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.autocompletepro.com/?si=10214&bi=400
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0E1AE0BF-899E-48C1-8774-96A98F8A52E4}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE350
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.autocompletepro.com/?si=10214&bi=400&q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "ACPro"
FF - prefs.js..browser.search.defaultenginename: "ACPro"
FF - prefs.js..browser.search.order.1: "ACPro"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/410"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\******\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 21:57:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.28 21:57:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 21:57:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.28 21:57:25 | 000,000,000 | ---D | M]
 
[2012.03.04 21:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions
[2012.10.24 19:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\83rt6t8k.default\extensions
[2011.09.09 10:59:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\83rt6t8k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.10.15 18:17:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\83rt6t8k.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.04 21:06:04 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\83rt6t8k.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012.07.29 12:22:44 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\83rt6t8k.default\extensions\support@predictad.com
[2012.03.04 21:05:55 | 000,002,515 | ---- | M] () -- C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\83rt6t8k.default\searchplugins\Search_Results.xml
[2012.10.28 21:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.10.28 21:57:24 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.28 21:57:30 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.05.14 19:17:53 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.29 12:22:44 | 000,003,189 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\acpro.xml
[2012.04.01 16:27:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.12 21:42:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.01 16:27:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.01 16:27:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.27 20:05:36 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012.03.04 21:05:55 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.04.01 16:27:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.01 16:27:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (PDF Suite Helper) - {1AD61D5B-58A3-4592-9B34-DC84688FF805} - C:\Program Files\PDF Suite 2010\PDFIEHelper.dll (Interactive Brands Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI9130~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PDF Suite Toolbar) - {261F6A8B-7AAF-4BF5-8552-6610F4D67819} - C:\Program Files\PDF Suite 2010\PDFIEPlugin.dll (Interactive Brands Inc.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{545B416E-09D9-4300-954D-B5FC90B79DEA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll) - C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll) - C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\******\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{27490f19-d8ab-11e1-94ac-002454014f88}\Shell - "" = AutoRun
O33 - MountPoints2\{27490f19-d8ab-11e1-94ac-002454014f88}\Shell\AutoRun\command - "" = G:\autostart.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.30 14:45:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2012.10.29 18:19:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.10.29 11:13:12 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\irrtalien12
[2012.10.29 11:06:10 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\speisekarte
[2012.10.28 21:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.30 14:53:50 | 000,000,680 | ---- | M] () -- C:\Users\******\AppData\Local\d3d9caps.dat
[2012.10.30 14:46:03 | 000,000,000 | ---- | M] () -- C:\Users\******\defogger_reenable
[2012.10.30 14:45:48 | 000,684,726 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.30 14:45:48 | 000,642,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.30 14:45:48 | 000,149,396 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.30 14:45:48 | 000,120,982 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.30 14:39:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.30 14:35:04 | 000,302,592 | ---- | M] () -- C:\Users\******\Desktop\z2fdpcxu.exe
[2012.10.30 14:29:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2012.10.30 14:28:22 | 000,050,477 | ---- | M] () -- C:\Users\******\Desktop\Defogger.exe
[2012.10.29 20:26:11 | 083,023,306 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.10.29 20:24:26 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.29 20:24:26 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.29 20:24:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.29 20:21:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.29 18:19:45 | 000,000,758 | ---- | M] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.10.29 17:15:24 | 000,374,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.10.30 14:46:03 | 000,000,000 | ---- | C] () -- C:\Users\******\defogger_reenable
[2012.10.30 14:45:08 | 000,302,592 | ---- | C] () -- C:\Users\******\Desktop\z2fdpcxu.exe
[2012.10.30 14:45:08 | 000,050,477 | ---- | C] () -- C:\Users\******\Desktop\Defogger.exe
[2012.10.30 14:42:48 | 000,000,680 | ---- | C] () -- C:\Users\******\AppData\Local\d3d9caps.dat
[2012.10.29 18:19:45 | 000,000,758 | ---- | C] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.10.29 18:19:42 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.06.08 14:34:43 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2012.06.08 14:34:43 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2012.03.04 21:05:53 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.10.22 14:23:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.20 18:42:27 | 000,028,672 | ---- | C] () -- C:\Users\******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.12.13 14:34:26 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Amazon
[2011.09.24 22:18:54 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.06.25 19:41:23 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Digilabs
[2012.10.29 20:26:40 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Dropbox
[2010.06.15 11:44:12 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Facebook
[2012.03.04 21:06:11 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\FreeAudioPack
[2010.03.25 17:14:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PDF Software
[2011.12.23 12:44:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PerformerSoft
[2010.03.11 22:43:22 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TeamViewer
 
========== Purity Check ==========
 
 

< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 30.10.2012 14:50:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\******\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 86,41% Memory free
6,07 Gb Paging File | 5,88 Gb Available in Paging File | 96,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 44,73 Gb Free Space | 31,48% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 142,91 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: SCHLEPPTOP | User Name: ****** | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9B025485-6730-4EF1-A9A3-3C0AAF7475D3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E1FBECC-913A-4E20-B950-3BF796935AD3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3E9D0CA9-ABA1-487B-837E-6108DFC3C815}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4CE763EC-CF2C-4A66-9DEF-7278AC32063B}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{C49D968C-C483-4A2C-BC20-A31911331C69}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{7DC018F2-6110-464B-8124-EB1071BA8508}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | 
"UDP Query User{59CE1514-2FA9-4A07-BFE4-032B4B0B4636}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{098E5A44-AB95-428B-BA4C-A263C693E1AC}" = KODAK Create@Home Software (für dm)
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{3832FA99-2EDD-41E0-94AD-FBF9FABAFEF9}" = Atheros WLAN Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{75C90944-2975-4B5E-8AFB-FD5E101A0C38}" = PDF Suite 2010
"{7A92A322-1A10-4153-B551-D547AA9B4649}" = Die große media Mahjongg-Sammlung
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AutocompletePro3_is1" = AutocompletePro
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"CrazyWords" = CrazyWords
"Driver Performer_is1" = Driver Performer
"EA Download Manager" = EA Download Manager
"EA Installer.1475696318" = EA Installer
"f4" = f4 3.1.0
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenVPN" = OpenVPN 2.1.1
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.5
"Windows Searchqu Toolbar" = Windows Searchqu Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.10.2012 04:42:57 | Computer Name = schlepptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.10.2012 10:29:32 | Computer Name = schlepptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.10.2012 16:46:13 | Computer Name = schlepptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.10.2012 16:02:28 | Computer Name = schlepptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.10.2012 00:12:27 | Computer Name = schlepptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.10.2012 05:34:23 | Computer Name = schlepptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.10.2012 13:14:10 | Computer Name = schlepptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.10.2012 15:31:53 | Computer Name = schlepptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.10.2012 15:57:04 | Computer Name = schlepptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.10.2012 13:54:46 | Computer Name = schlepptop | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 03.02.2012 07:02:34 | Computer Name = schlepptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.02.2012 07:02:34 | Computer Name = schlepptop | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 03.02.2012 07:03:18 | Computer Name = schlepptop | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 03.02.2012 08:12:18 | Computer Name = schlepptop | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 04.02.2012 08:12:23 | Computer Name = schlepptop | Source = HTTP | ID = 15016
Description = 
 
Error - 04.02.2012 08:13:14 | Computer Name = schlepptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 04.02.2012 08:13:59 | Computer Name = schlepptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.02.2012 08:13:59 | Computer Name = schlepptop | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 04.02.2012 08:14:36 | Computer Name = schlepptop | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 04.02.2012 09:22:23 | Computer Name = schlepptop | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
 
< End of report >
         


Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-30 16:23:45
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: z2fdpcxu.exe; Driver: C:\Users\******\AppData\Local\Temp\uxloikod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                 fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
vielen Dank schonmal!
falls noch Fragen offen sein sollten, oder wir was vergessen haben zu tun, so melde dich einfach.

Alt 30.10.2012, 18:52   #2
markusg
/// Malware-holic
 
GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt - Standard

GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
 :Files
:Commands
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden


für eine weitere analyse benötige ich mal bitte folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
wenn dies erledigt ist, bittemelden.
__________________

__________________

Alt 30.10.2012, 20:19   #3
latrofina
 
GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt - Standard

GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt



Hallo Markus,
vielen Dank für deine rasche Antwort!!!
Den gepackten Cache-Ordner habe ich im Upload-Channel hochgeladen. Passt das so?
Hier noch das OTL-Log:

Code:
ATTFilter
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
[LocalizedFileNames]
Microsoft Office - 60 Day Trial.lnk=@C:\PROGRA~1\MI8627~1\mui\oaa.dll,-103
         
Ach ja, die Desktop-Symbole waren alle vorhanden. Vielleicht ist das auch noch relevant.
Gutes Rumdoktoren! Mir scheint, du bist ein guter Arzt! :-)
Liebe Grüße, Latrofina
__________________

Alt 30.10.2012, 21:44   #4
markusg
/// Malware-holic
 
GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt - Standard

GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt



hi
thx fürs hochladen
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.10.2012, 14:43   #5
latrofina
 
GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt - Standard

GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt



Hallo,
vielen Dank für deine tolle Hilfe!!
Hier ist der logfile von combofix:

Code:
ATTFilter
ComboFix 12-10-31.03 - Miriam 31.10.2012  14:16:14.1.2 - x86
MicrosoftÆ Windows Vistaô Home Premium   6.0.6001.1.1252.49.1031.18.3004.1958 [GMT 1:00]
ausgef¸hrt von:: c:\users\Miriam\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Lˆschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\64\AutocompletePro64.dll
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\ChromeSetSearchInBrowser.exe
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml.alt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf.alt
c:\program files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
c:\program files\Windows Searchqu Toolbar\sysid.ini
c:\program files\Windows Searchqu Toolbar\uninstall.exe
c:\programdata\0tbpw.pad
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-28 bis 2012-10-31  ))))))))))))))))))))))))))))))
.
.
2012-10-30 19:01 . 2012-10-17 01:32	6918632	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{46C03B77-6426-477B-BE3B-667A851BD2B8}\mpengine.dll
2012-10-30 19:01 . 2012-05-31 11:25	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-10-30 18:43 . 2012-10-30 18:43	--------	d-----w-	C:\_OTL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-28 20:57 . 2012-10-28 20:57	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1AD61D5B-58A3-4592-9B34-DC84688FF805}]
2010-03-03 18:14	107272	----a-w-	c:\program files\PDF Suite 2010\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Miriam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Miriam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Miriam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-11 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-21 7420448]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1049896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-09-06 162408]
.
c:\users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Miriam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-05 c:\windows\Tasks\DriverPerformer_UPDATES.job
- c:\program files\Driver Performer\driverperformer.exe [2011-12-17 15:17]
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 00:07]
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 00:07]
.
.
------- Zus‰tzlicher Suchlauf -------
.
uStart Page = hxxp://search.autocompletepro.com/?si=10214&bi=400
uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=10214&bi=400
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\83rt6t8k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/410
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=
FF - ExtSQL: !HIDDEN! 2009-10-22 14:50; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseintr‰ge - - - -
.
Toolbar-10 - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-DATAMNGR - c:\progra~1\WI9130~1\Datamngr\DATAMN~1.EXE
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
AddRemove-Windows Searchqu Toolbar - c:\program files\Windows Searchqu Toolbar\uninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteintr‰ge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2117472785-4164242046-2671677968-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ab,af,2f,57,eb,91,54,c4,22,fa,ac,a0,b1,d0,1c,99,13,6b,ac,88,44,35,8a,
   0c,f9,c7,3f,c7,65,14,94,78,b5,31,2a,6a,b5,71,17,56,d9,a2,20,c8,fa,08,db,88,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-2117472785-4164242046-2671677968-1000\Software\SecuROM\License information*]
"datasecu"=hex:e8,f6,9f,a7,f4,98,cf,6e,e3,3c,1b,84,3a,8e,e5,2a,f8,4f,c1,cf,25,
   32,6c,0d,89,21,dc,48,b3,48,8f,e7,b7,77,de,ea,af,7c,ae,ec,44,62,81,29,29,bb,\
"rkeysecu"=hex:db,77,8c,be,49,f5,fb,f8,40,5c,1f,c4,7e,05,3c,5d
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3644)
c:\users\Miriam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\PDF Suite 2010\ConversionService.exe
c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxsrvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-31  14:28:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-31 13:28
.
Vor Suchlauf: 10 Verzeichnis(se), 47.037.677.568 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 47.188.160.512 Bytes frei
.
- - End Of File - - 77A3F7B65AB192E88CC16C71E1D4D5EB
         
Die angesprochene Fehlermeldung kam tatsächlich, war mit Neustart aber kein Problem.
Ich hoffe, ich habe bis jetzt alles zu deiner Zufriedenheit erfüllt und verbleibe weiterhin voller Dank!
Gruß, L.


Alt 31.10.2012, 16:56   #6
markusg
/// Malware-holic
 
GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt - Standard

GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt



malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
--> GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt

Alt 31.10.2012, 19:26   #7
latrofina
 
GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt - Standard

GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt



hallo,
ich habe alles gemacht wie beschrieben, allerdings konnte ich nirgendwo ergebnisse anzeigen bzw. entfernen. laut logfile wurde allerdings auch nichts gefunden.
hier der logfile:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.09.29.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
****** :: SCHLEPPTOP [Administrator]

Schutz: Aktiviert

31.10.2012 18:11:19
mbam-log-2012-10-31 (18-11-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 377765
Laufzeit: 1 Stunde(n), 3 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
grüße.

Alt 01.11.2012, 00:33   #8
markusg
/// Malware-holic
 
GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt - Standard

GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt



ok passt.
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
klicke dann mit rechts auf computer )arbeitsplatz) eigenschaften, prüfe dort ob das servicepack 2 instaliert wurde.
wenn fertig bitte melden
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.11.2012, 13:45   #9
latrofina
 
GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt - Standard

GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt



hallo,
sorry, hat diesmal ein bisschen gedauert.
das service pack konnte nicht installiert werden. habs zweimal probiert.
nun ist die frage, ob das servicepack so wichtig ist, da ich vorhabe, die platte zu splitten und auf den einen teil ubuntu zu installieren und nur noch darüber ins netz zu gehen...?
grüße!

Alt 05.11.2012, 19:52   #10
markusg
/// Malware-holic
 
GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt - Standard

GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt



warum war es nicht möglich? welche fehlermeldung?
wenn du sowieso die platte splitten wolltest, wäre es vllt günstig alles neu aufzusetzen, dann kann man gleich partitionieren.
servicepacks etc sollte man trotzdem instalieren.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.11.2012, 11:49   #11
latrofina
 
GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt - Standard

GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt



sorry, dass ich jetzt erst antworte. die fehlermeldung war 80242016. habs zweimal probiert und beides mal kam die meldung.

liebe grüße!

Alt 12.11.2012, 14:05   #12
markusg
/// Malware-holic
 
GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt - Standard

GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.11.2012, 20:39   #13
latrofina
 
GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt - Standard

GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt



Code:
ATTFilter
20:30:55.0572 0236  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:30:55.0619 0236  ============================================================
20:30:55.0619 0236  Current date / time: 2012/11/14 20:30:55.0619
20:30:55.0619 0236  SystemInfo:
20:30:55.0619 0236  
20:30:55.0619 0236  OS Version: 6.0.6001 ServicePack: 1.0
20:30:55.0619 0236  Product type: Workstation
20:30:55.0619 0236  ComputerName: SCHLEPPTOP
20:30:55.0634 0236  UserName: ******
20:30:55.0634 0236  Windows directory: C:\Windows
20:30:55.0634 0236  System windows directory: C:\Windows
20:30:55.0634 0236  Processor architecture: Intel x86
20:30:55.0634 0236  Number of processors: 2
20:30:55.0634 0236  Page size: 0x1000
20:30:55.0634 0236  Boot type: Normal boot
20:30:55.0634 0236  ============================================================
20:30:56.0087 0236  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:30:56.0087 0236  ============================================================
20:30:56.0087 0236  \Device\Harddisk0\DR0:
20:30:56.0087 0236  MBR partitions:
20:30:56.0087 0236  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x11C2C800
20:30:56.0087 0236  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1362D000, BlocksNum 0x11E01000
20:30:56.0087 0236  ============================================================
20:30:56.0165 0236  C: <-> \Device\Harddisk0\DR0\Partition1
20:30:56.0212 0236  D: <-> \Device\Harddisk0\DR0\Partition2
20:30:56.0212 0236  ============================================================
20:30:56.0212 0236  Initialize success
20:30:56.0212 0236  ============================================================
20:31:19.0596 3952  ============================================================
20:31:19.0596 3952  Scan started
20:31:19.0596 3952  Mode: Manual; SigCheck; TDLFS; 
20:31:19.0596 3952  ============================================================
20:31:19.0830 3952  ================ Scan system memory ========================
20:31:19.0830 3952  System memory - ok
20:31:19.0830 3952  ================ Scan services =============================
20:31:20.0002 3952  [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI            C:\Windows\system32\drivers\acpi.sys
20:31:20.0173 3952  ACPI - ok
20:31:20.0251 3952  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:31:20.0267 3952  adp94xx - ok
20:31:20.0298 3952  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:31:20.0314 3952  adpahci - ok
20:31:20.0329 3952  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
20:31:20.0345 3952  adpu160m - ok
20:31:20.0360 3952  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:31:20.0376 3952  adpu320 - ok
20:31:20.0423 3952  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:31:20.0485 3952  AeLookupSvc - ok
20:31:20.0532 3952  [ 48EB99503533C27AC6135648E5474457 ] AFD             C:\Windows\system32\drivers\afd.sys
20:31:20.0563 3952  AFD - ok
20:31:20.0626 3952  [ 5D97943C128ED756D1B0A08302C1B1F8 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
20:31:20.0735 3952  AgereSoftModem - ok
20:31:20.0782 3952  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:31:20.0797 3952  agp440 - ok
20:31:20.0828 3952  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
20:31:20.0828 3952  aic78xx - ok
20:31:20.0860 3952  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
20:31:20.0891 3952  ALG - ok
20:31:20.0922 3952  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:31:20.0922 3952  aliide - ok
20:31:20.0953 3952  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:31:20.0969 3952  amdagp - ok
20:31:20.0984 3952  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:31:21.0000 3952  amdide - ok
20:31:21.0016 3952  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
20:31:21.0047 3952  AmdK7 - ok
20:31:21.0078 3952  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:31:21.0140 3952  AmdK8 - ok
20:31:21.0187 3952  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
20:31:21.0234 3952  Appinfo - ok
20:31:21.0281 3952  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
20:31:21.0296 3952  arc - ok
20:31:21.0312 3952  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:31:21.0328 3952  arcsas - ok
20:31:21.0359 3952  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:31:21.0406 3952  AsyncMac - ok
20:31:21.0437 3952  [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:31:21.0437 3952  atapi - ok
20:31:21.0515 3952  [ 09A644DA1F4C144DF1C9FE3CD75E22ED ] athr            C:\Windows\system32\DRIVERS\athr.sys
20:31:21.0718 3952  athr - ok
20:31:21.0764 3952  [ C49972BB5DC0AD5BF11074CD8F5B3265 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:31:21.0796 3952  AudioEndpointBuilder - ok
20:31:21.0858 3952  [ C49972BB5DC0AD5BF11074CD8F5B3265 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:31:21.0874 3952  Audiosrv - ok
20:31:21.0936 3952  [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp        C:\Windows\system32\DRIVERS\bcm4sbxp.sys
20:31:21.0998 3952  bcm4sbxp - ok
20:31:22.0186 3952  [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
20:31:22.0201 3952  BcmSqlStartupSvc - ok
20:31:22.0232 3952  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:31:22.0279 3952  Beep - ok
20:31:22.0342 3952  [ 8582E233C346AEFE759833E8A30DD697 ] BFE             C:\Windows\System32\bfe.dll
20:31:22.0388 3952  BFE - ok
20:31:22.0451 3952  [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS            C:\Windows\system32\qmgr.dll
20:31:22.0529 3952  BITS - ok
20:31:22.0576 3952  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
20:31:22.0607 3952  blbdrive - ok
20:31:22.0638 3952  [ 8153396D5551276227FA146900F734E6 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:31:22.0669 3952  bowser - ok
20:31:22.0700 3952  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
20:31:22.0716 3952  BrFiltLo - ok
20:31:22.0732 3952  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
20:31:22.0763 3952  BrFiltUp - ok
20:31:22.0810 3952  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
20:31:22.0825 3952  Browser - ok
20:31:22.0856 3952  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
20:31:22.0903 3952  Brserid - ok
20:31:22.0919 3952  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
20:31:22.0966 3952  BrSerWdm - ok
20:31:22.0981 3952  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
20:31:23.0028 3952  BrUsbMdm - ok
20:31:23.0044 3952  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
20:31:23.0122 3952  BrUsbSer - ok
20:31:23.0137 3952  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:31:23.0200 3952  BTHMODEM - ok
20:31:23.0246 3952  catchme - ok
20:31:23.0246 3952  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:31:23.0293 3952  cdfs - ok
20:31:23.0324 3952  [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:31:23.0356 3952  cdrom - ok
20:31:23.0402 3952  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc     C:\Windows\System32\certprop.dll
20:31:23.0434 3952  CertPropSvc - ok
20:31:23.0496 3952  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
20:31:23.0527 3952  circlass - ok
20:31:23.0558 3952  [ 465745561C832B29F7C48B488AAB3842 ] CLFS            C:\Windows\system32\CLFS.sys
20:31:23.0574 3952  CLFS - ok
20:31:23.0870 3952  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:31:23.0917 3952  clr_optimization_v2.0.50727_32 - ok
20:31:23.0995 3952  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:31:24.0011 3952  clr_optimization_v4.0.30319_32 - ok
20:31:24.0073 3952  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:31:24.0120 3952  CmBatt - ok
20:31:24.0136 3952  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:31:24.0136 3952  cmdide - ok
20:31:24.0167 3952  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:31:24.0167 3952  Compbatt - ok
20:31:24.0182 3952  COMSysApp - ok
20:31:24.0182 3952  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:31:24.0198 3952  crcdisk - ok
20:31:24.0229 3952  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
20:31:24.0260 3952  Crusoe - ok
20:31:24.0307 3952  [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:31:24.0323 3952  CryptSvc - ok
20:31:24.0385 3952  [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:31:24.0432 3952  DcomLaunch - ok
20:31:24.0463 3952  [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:31:24.0541 3952  DfsC - ok
20:31:24.0697 3952  [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR            C:\Windows\system32\DFSR.exe
20:31:24.0978 3952  DFSR - ok
20:31:25.0040 3952  [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
20:31:25.0103 3952  Dhcp - ok
20:31:25.0150 3952  [ 64109E623ABD6955C8FB110B592E68B7 ] disk            C:\Windows\system32\drivers\disk.sys
20:31:25.0165 3952  disk - ok
20:31:25.0228 3952  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:31:25.0274 3952  Dnscache - ok
20:31:25.0399 3952  [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:31:25.0430 3952  dot3svc - ok
20:31:25.0477 3952  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
20:31:25.0508 3952  DPS - ok
20:31:25.0555 3952  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:31:25.0602 3952  drmkaud - ok
20:31:25.0633 3952  [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:31:25.0727 3952  DXGKrnl - ok
20:31:25.0742 3952  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
20:31:25.0789 3952  E1G60 - ok
20:31:25.0836 3952  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
20:31:25.0867 3952  EapHost - ok
20:31:25.0898 3952  [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache          C:\Windows\system32\drivers\ecache.sys
20:31:25.0914 3952  Ecache - ok
20:31:25.0961 3952  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:31:26.0023 3952  ehRecvr - ok
20:31:26.0039 3952  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
20:31:26.0070 3952  ehSched - ok
20:31:26.0086 3952  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
20:31:26.0101 3952  ehstart - ok
20:31:26.0164 3952  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:31:26.0195 3952  elxstor - ok
20:31:26.0242 3952  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
20:31:26.0320 3952  EMDMgmt - ok
20:31:26.0351 3952  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:31:26.0382 3952  ErrDev - ok
20:31:26.0444 3952  [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem     C:\Windows\system32\es.dll
20:31:26.0476 3952  EventSystem - ok
20:31:26.0538 3952  [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat           C:\Windows\system32\drivers\exfat.sys
20:31:26.0585 3952  exfat - ok
20:31:26.0616 3952  [ 3C489390C2E2064563727752AF8EAB9E ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:31:26.0663 3952  fastfat - ok
20:31:26.0710 3952  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:31:26.0741 3952  fdc - ok
20:31:26.0772 3952  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:31:26.0819 3952  fdPHost - ok
20:31:26.0834 3952  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:31:26.0881 3952  FDResPub - ok
20:31:26.0912 3952  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:31:26.0928 3952  FileInfo - ok
20:31:26.0944 3952  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:31:26.0975 3952  Filetrace - ok
20:31:27.0006 3952  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:31:27.0037 3952  flpydisk - ok
20:31:27.0037 3952  [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:31:27.0053 3952  FltMgr - ok
20:31:27.0162 3952  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:31:27.0162 3952  FontCache3.0.0.0 - ok
20:31:27.0209 3952  [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:31:27.0240 3952  Fs_Rec - ok
20:31:27.0287 3952  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:31:27.0302 3952  gagp30kx - ok
20:31:27.0349 3952  [ D9F1113D9401185245573350712F92FC ] gpsvc           C:\Windows\System32\gpsvc.dll
20:31:27.0412 3952  gpsvc - ok
20:31:27.0474 3952  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
20:31:27.0490 3952  gupdate - ok
20:31:27.0521 3952  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:31:27.0536 3952  gupdatem - ok
20:31:27.0583 3952  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:31:27.0599 3952  gusvc - ok
20:31:27.0630 3952  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:31:27.0724 3952  HdAudAddService - ok
20:31:27.0755 3952  [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:31:27.0802 3952  HDAudBus - ok
20:31:27.0817 3952  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:31:27.0880 3952  HidBth - ok
20:31:27.0895 3952  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:31:27.0942 3952  HidIr - ok
20:31:27.0973 3952  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv         C:\Windows\System32\hidserv.dll
20:31:28.0020 3952  hidserv - ok
20:31:28.0067 3952  [ 854CA287AB7FAF949617A788306D967E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:31:28.0129 3952  HidUsb - ok
20:31:28.0176 3952  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:31:28.0238 3952  hkmsvc - ok
20:31:28.0254 3952  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
20:31:28.0270 3952  HpCISSs - ok
20:31:28.0332 3952  [ 96E241624C71211A79C84F50A8E71CAB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:31:28.0410 3952  HTTP - ok
20:31:28.0441 3952  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
20:31:28.0457 3952  i2omp - ok
20:31:28.0535 3952  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:31:28.0566 3952  i8042prt - ok
20:31:28.0816 3952  [ 8266AE06DF974E5BA047B3E9E9E70B3F ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
20:31:29.0970 3952  ialm - ok
20:31:30.0048 3952  [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:31:30.0142 3952  iaStor - ok
20:31:30.0188 3952  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
20:31:30.0204 3952  iaStorV - ok
20:31:30.0266 3952  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:31:30.0376 3952  idsvc - ok
20:31:30.0625 3952  [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
20:31:30.0922 3952  igfx - ok
20:31:31.0031 3952  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:31:31.0031 3952  iirsp - ok
20:31:31.0093 3952  [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT          C:\Windows\System32\ikeext.dll
20:31:31.0156 3952  IKEEXT - ok
20:31:31.0265 3952  [ 64F2EF1749A977917C40F546E72182B3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:31:31.0374 3952  IntcAzAudAddService - ok
20:31:31.0421 3952  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:31:31.0421 3952  intelide - ok
20:31:31.0483 3952  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:31:31.0546 3952  intelppm - ok
20:31:31.0577 3952  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:31:31.0608 3952  IPBusEnum - ok
20:31:31.0655 3952  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:31:31.0686 3952  IpFilterDriver - ok
20:31:31.0717 3952  [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:31:31.0764 3952  iphlpsvc - ok
20:31:31.0764 3952  IpInIp - ok
20:31:31.0780 3952  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
20:31:31.0826 3952  IPMIDRV - ok
20:31:31.0858 3952  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
20:31:31.0920 3952  IPNAT - ok
20:31:31.0936 3952  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:31:31.0982 3952  IRENUM - ok
20:31:31.0998 3952  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:31:32.0014 3952  isapnp - ok
20:31:32.0045 3952  [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:31:32.0060 3952  iScsiPrt - ok
20:31:32.0076 3952  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
20:31:32.0092 3952  iteatapi - ok
20:31:32.0107 3952  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
20:31:32.0107 3952  iteraid - ok
20:31:32.0123 3952  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:31:32.0138 3952  kbdclass - ok
20:31:32.0154 3952  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:31:32.0185 3952  kbdhid - ok
20:31:32.0216 3952  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso          C:\Windows\system32\lsass.exe
20:31:32.0232 3952  KeyIso - ok
20:31:32.0263 3952  [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO       C:\Windows\system32\DRIVERS\kmdfmemio.sys
20:31:32.0310 3952  KMDFMEMIO - ok
20:31:32.0326 3952  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:31:32.0357 3952  KSecDD - ok
20:31:32.0404 3952  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:31:32.0450 3952  KtmRm - ok
20:31:32.0497 3952  [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer    C:\Windows\System32\srvsvc.dll
20:31:32.0528 3952  LanmanServer - ok
20:31:32.0591 3952  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:31:32.0638 3952  LanmanWorkstation - ok
20:31:32.0684 3952  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:31:32.0747 3952  lltdio - ok
20:31:32.0794 3952  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:31:32.0840 3952  lltdsvc - ok
20:31:32.0872 3952  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:31:32.0934 3952  lmhosts - ok
20:31:32.0950 3952  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:31:32.0965 3952  LSI_FC - ok
20:31:32.0981 3952  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:31:32.0996 3952  LSI_SAS - ok
20:31:33.0012 3952  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:31:33.0028 3952  LSI_SCSI - ok
20:31:33.0043 3952  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
20:31:33.0074 3952  luafv - ok
20:31:33.0106 3952  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:31:33.0121 3952  MBAMProtector - ok
20:31:33.0184 3952  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:31:33.0199 3952  MBAMScheduler - ok
20:31:33.0277 3952  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:31:33.0355 3952  MBAMService - ok
20:31:33.0355 3952  McShield - ok
20:31:33.0371 3952  McSysmon - ok
20:31:33.0433 3952  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:31:33.0464 3952  Mcx2Svc - ok
20:31:33.0542 3952  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:31:33.0558 3952  megasas - ok
20:31:33.0574 3952  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
20:31:33.0620 3952  MegaSR - ok
20:31:33.0667 3952  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
20:31:33.0698 3952  MMCSS - ok
20:31:33.0730 3952  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
20:31:33.0761 3952  Modem - ok
20:31:33.0823 3952  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:31:33.0854 3952  monitor - ok
20:31:33.0901 3952  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:31:33.0917 3952  mouclass - ok
20:31:33.0948 3952  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:31:33.0964 3952  mouhid - ok
20:31:33.0979 3952  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
20:31:33.0995 3952  MountMgr - ok
20:31:34.0057 3952  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:31:34.0073 3952  MozillaMaintenance - ok
20:31:34.0104 3952  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:31:34.0104 3952  mpio - ok
20:31:34.0151 3952  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:31:34.0182 3952  mpsdrv - ok
20:31:34.0213 3952  [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:31:34.0276 3952  MpsSvc - ok
20:31:34.0322 3952  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
20:31:34.0338 3952  Mraid35x - ok
20:31:34.0369 3952  [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:31:34.0416 3952  MRxDAV - ok
20:31:34.0447 3952  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:31:34.0478 3952  mrxsmb - ok
20:31:34.0510 3952  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:31:34.0525 3952  mrxsmb10 - ok
20:31:34.0525 3952  [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:31:34.0556 3952  mrxsmb20 - ok
20:31:34.0572 3952  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
20:31:34.0588 3952  msahci - ok
20:31:34.0619 3952  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:31:34.0619 3952  msdsm - ok
20:31:34.0666 3952  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
20:31:34.0697 3952  MSDTC - ok
20:31:34.0712 3952  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:31:34.0759 3952  Msfs - ok
20:31:34.0790 3952  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:31:34.0790 3952  msisadrv - ok
20:31:34.0822 3952  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:31:34.0837 3952  MSiSCSI - ok
20:31:34.0853 3952  msiserver - ok
20:31:34.0884 3952  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:31:34.0915 3952  MSKSSRV - ok
20:31:34.0946 3952  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:31:34.0978 3952  MSPCLOCK - ok
20:31:35.0009 3952  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:31:35.0024 3952  MSPQM - ok
20:31:35.0040 3952  [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:31:35.0056 3952  MsRPC - ok
20:31:35.0087 3952  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:31:35.0087 3952  mssmbios - ok
20:31:35.0165 3952  MSSQL$MSSMLBIZ - ok
20:31:35.0227 3952  [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
20:31:35.0227 3952  MSSQLServerADHelper - ok
20:31:35.0274 3952  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:31:35.0305 3952  MSTEE - ok
20:31:35.0336 3952  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup             C:\Windows\system32\Drivers\mup.sys
20:31:35.0336 3952  Mup - ok
20:31:35.0383 3952  [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent        C:\Windows\system32\qagentRT.dll
20:31:35.0414 3952  napagent - ok
20:31:35.0461 3952  [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:31:35.0508 3952  NativeWifiP - ok
20:31:35.0539 3952  [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:31:35.0555 3952  NDIS - ok
20:31:35.0570 3952  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:31:35.0586 3952  NdisTapi - ok
20:31:35.0617 3952  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:31:35.0648 3952  Ndisuio - ok
20:31:35.0680 3952  [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:31:35.0711 3952  NdisWan - ok
20:31:35.0711 3952  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:31:35.0742 3952  NDProxy - ok
20:31:35.0742 3952  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:31:35.0773 3952  NetBIOS - ok
20:31:35.0789 3952  [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
20:31:35.0851 3952  netbt - ok
20:31:35.0867 3952  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon        C:\Windows\system32\lsass.exe
20:31:35.0882 3952  Netlogon - ok
20:31:35.0914 3952  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
20:31:35.0945 3952  Netman - ok
20:31:35.0976 3952  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
20:31:36.0023 3952  netprofm - ok
20:31:36.0054 3952  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:31:36.0070 3952  NetTcpPortSharing - ok
20:31:36.0148 3952  [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
20:31:36.0382 3952  NETw3v32 - ok
20:31:36.0428 3952  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:31:36.0444 3952  nfrd960 - ok
20:31:36.0491 3952  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:31:36.0538 3952  NlaSvc - ok
20:31:36.0569 3952  [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:31:36.0600 3952  Npfs - ok
20:31:36.0662 3952  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
20:31:36.0709 3952  nsi - ok
20:31:36.0709 3952  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:31:36.0740 3952  nsiproxy - ok
20:31:36.0787 3952  [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:31:36.0881 3952  Ntfs - ok
20:31:36.0912 3952  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
20:31:36.0974 3952  ntrigdigi - ok
20:31:37.0006 3952  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
20:31:37.0021 3952  Null - ok
20:31:37.0037 3952  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:31:37.0052 3952  nvraid - ok
20:31:37.0068 3952  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:31:37.0084 3952  nvstor - ok
20:31:37.0099 3952  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:31:37.0115 3952  nv_agp - ok
20:31:37.0115 3952  NwlnkFlt - ok
20:31:37.0115 3952  NwlnkFwd - ok
20:31:37.0240 3952  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:31:37.0255 3952  odserv - ok
20:31:37.0286 3952  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
20:31:37.0318 3952  ohci1394 - ok
20:31:37.0427 3952  [ CCAF7108859B6B1698A4223E2760B578 ] OpenVPNService  C:\Program Files\OpenVPN\bin\openvpnserv.exe
20:31:37.0442 3952  OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
20:31:37.0442 3952  OpenVPNService - detected UnsignedFile.Multi.Generic (1)
20:31:37.0505 3952  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:31:37.0505 3952  ose - ok
20:31:37.0708 3952  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
20:31:37.0786 3952  p2pimsvc - ok
20:31:37.0801 3952  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:31:37.0832 3952  p2psvc - ok
20:31:37.0864 3952  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
20:31:37.0926 3952  Parport - ok
20:31:37.0957 3952  [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:31:37.0957 3952  partmgr - ok
20:31:38.0176 3952  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
20:31:38.0222 3952  Parvdm - ok
20:31:38.0706 3952  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:31:38.0722 3952  PcaSvc - ok
20:31:38.0768 3952  [ 01B94418DEB235DFF777CC80076354B4 ] pci             C:\Windows\system32\drivers\pci.sys
20:31:38.0784 3952  pci - ok
20:31:38.0800 3952  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
20:31:38.0815 3952  pciide - ok
20:31:38.0846 3952  [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:31:38.0862 3952  pcmcia - ok
20:31:38.0924 3952  [ 133576A9200E3750366EC7F6038B3C32 ] PDF Suite 2010 Service C:\Program Files\PDF Suite 2010\ConversionService.exe
20:31:38.0956 3952  PDF Suite 2010 Service - ok
20:31:39.0018 3952  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:31:39.0158 3952  PEAUTH - ok
20:31:39.0236 3952  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
20:31:39.0314 3952  pla - ok
20:31:39.0346 3952  [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:31:39.0392 3952  PlugPlay - ok
20:31:39.0424 3952  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
20:31:39.0439 3952  PNRPAutoReg - ok
20:31:39.0486 3952  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
20:31:39.0502 3952  PNRPsvc - ok
20:31:39.0533 3952  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:31:39.0580 3952  PolicyAgent - ok
20:31:39.0626 3952  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:31:39.0658 3952  PptpMiniport - ok
20:31:39.0673 3952  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
20:31:39.0704 3952  Processor - ok
20:31:39.0751 3952  [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:31:39.0782 3952  ProfSvc - ok
20:31:39.0798 3952  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:31:39.0814 3952  ProtectedStorage - ok
20:31:39.0892 3952  [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
20:31:39.0938 3952  PSched - ok
20:31:39.0985 3952  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:31:40.0094 3952  ql2300 - ok
20:31:40.0141 3952  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:31:40.0141 3952  ql40xx - ok
20:31:40.0718 3952  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
20:31:40.0781 3952  QWAVE - ok
20:31:40.0812 3952  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:31:40.0828 3952  QWAVEdrv - ok
20:31:40.0843 3952  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:31:40.0906 3952  RasAcd - ok
20:31:40.0937 3952  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
20:31:41.0015 3952  RasAuto - ok
20:31:41.0030 3952  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:31:41.0077 3952  Rasl2tp - ok
20:31:41.0108 3952  [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan          C:\Windows\System32\rasmans.dll
20:31:41.0155 3952  RasMan - ok
20:31:41.0186 3952  [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:31:41.0218 3952  RasPppoe - ok
20:31:41.0233 3952  [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:31:41.0264 3952  RasSstp - ok
20:31:41.0296 3952  [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:31:41.0342 3952  rdbss - ok
20:31:41.0374 3952  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:31:41.0405 3952  RDPCDD - ok
20:31:41.0436 3952  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
20:31:41.0467 3952  rdpdr - ok
20:31:41.0732 3952  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:31:41.0779 3952  RDPENCDD - ok
20:31:41.0810 3952  [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:31:41.0873 3952  RDPWD - ok
20:31:41.0904 3952  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:31:41.0951 3952  RemoteAccess - ok
20:31:41.0982 3952  [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:31:42.0044 3952  RemoteRegistry - ok
20:31:42.0076 3952  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
20:31:42.0122 3952  RpcLocator - ok
20:31:42.0154 3952  [ 301AE00E12408650BADDC04DBC832830 ] RpcSs           C:\Windows\system32\rpcss.dll
20:31:42.0185 3952  RpcSs - ok
20:31:42.0200 3952  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:31:42.0278 3952  rspndr - ok
20:31:42.0310 3952  [ 034033F5A921764D8C4BA6698800D95B ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
20:31:42.0372 3952  RTL8169 - ok
20:31:42.0388 3952  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs           C:\Windows\system32\lsass.exe
20:31:42.0403 3952  SamSs - ok
20:31:42.0419 3952  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:31:42.0434 3952  sbp2port - ok
20:31:42.0497 3952  [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:31:42.0544 3952  SCardSvr - ok
20:31:42.0590 3952  [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule        C:\Windows\system32\schedsvc.dll
20:31:42.0653 3952  Schedule - ok
20:31:42.0684 3952  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:31:42.0700 3952  SCPolicySvc - ok
20:31:42.0731 3952  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
20:31:42.0762 3952  sdbus - ok
20:31:42.0793 3952  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:31:42.0824 3952  SDRSVC - ok
20:31:42.0840 3952  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:31:42.0902 3952  secdrv - ok
20:31:42.0934 3952  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
20:31:42.0965 3952  seclogon - ok
20:31:42.0980 3952  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
20:31:42.0996 3952  SENS - ok
20:31:43.0012 3952  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:31:43.0058 3952  Serenum - ok
20:31:43.0074 3952  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
20:31:43.0136 3952  Serial - ok
20:31:43.0152 3952  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:31:43.0168 3952  sermouse - ok
20:31:43.0199 3952  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:31:43.0230 3952  SessionEnv - ok
20:31:43.0246 3952  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:31:43.0261 3952  sffdisk - ok
20:31:43.0292 3952  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:31:43.0324 3952  sffp_mmc - ok
20:31:43.0339 3952  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:31:43.0370 3952  sffp_sd - ok
20:31:43.0402 3952  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:31:43.0433 3952  sfloppy - ok
20:31:43.0495 3952  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:31:43.0542 3952  SharedAccess - ok
20:31:43.0558 3952  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:31:43.0604 3952  ShellHWDetection - ok
20:31:43.0636 3952  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:31:43.0651 3952  sisagp - ok
20:31:43.0667 3952  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
20:31:43.0667 3952  SiSRaid2 - ok
20:31:43.0698 3952  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:31:43.0714 3952  SiSRaid4 - ok
20:31:43.0823 3952  [ 0BA91E1358AD25236863039BB2609A2E ] slsvc           C:\Windows\system32\SLsvc.exe
20:31:44.0010 3952  slsvc - ok
20:31:44.0026 3952  [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
20:31:44.0072 3952  SLUINotify - ok
20:31:44.0104 3952  [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:31:44.0135 3952  Smb - ok
20:31:44.0166 3952  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:31:44.0166 3952  SNMPTRAP - ok
20:31:44.0790 3952  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
20:31:44.0806 3952  spldr - ok
20:31:44.0868 3952  [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler         C:\Windows\System32\spoolsv.exe
20:31:44.0930 3952  Spooler - ok
20:31:44.0977 3952  [ 5673E79BBB62A4C35B10D821FF1B4ACA ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:31:44.0993 3952  SQLBrowser - ok
20:31:45.0024 3952  [ 9263C8898732E2B890F7E954E7729AB7 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:31:45.0040 3952  SQLWriter - ok
20:31:45.0071 3952  [ 2252AEF839B1093D16761189F45AF885 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:31:45.0118 3952  srv - ok
20:31:45.0164 3952  [ B7FF59408034119476B00A81BB53D5D1 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:31:45.0211 3952  srv2 - ok
20:31:45.0242 3952  [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:31:45.0289 3952  srvnet - ok
20:31:45.0320 3952  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:31:45.0367 3952  SSDPSRV - ok
20:31:45.0398 3952  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:31:45.0445 3952  SstpSvc - ok
20:31:45.0508 3952  [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc          C:\Windows\System32\wiaservc.dll
20:31:45.0570 3952  stisvc - ok
20:31:45.0601 3952  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:31:45.0617 3952  swenum - ok
20:31:45.0648 3952  [ B36C7CDB86F7F7A8E884479219766950 ] swprv           C:\Windows\System32\swprv.dll
20:31:45.0695 3952  swprv - ok
20:31:45.0710 3952  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
20:31:45.0726 3952  Symc8xx - ok
20:31:45.0742 3952  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
20:31:45.0757 3952  Sym_hi - ok
20:31:45.0788 3952  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
20:31:45.0804 3952  Sym_u3 - ok
20:31:45.0866 3952  [ 71837FBCE3FD8143953444B3FF7938DC ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:31:45.0882 3952  SynTP - ok
20:31:46.0506 3952  [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain         C:\Windows\system32\sysmain.dll
20:31:46.0584 3952  SysMain - ok
20:31:46.0849 3952  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:31:46.0896 3952  TabletInputService - ok
20:31:46.0927 3952  [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:31:46.0974 3952  TapiSrv - ok
20:31:47.0036 3952  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
20:31:47.0083 3952  TBS - ok
20:31:47.0286 3952  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:31:47.0364 3952  Tcpip - ok
20:31:47.0395 3952  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
20:31:47.0458 3952  Tcpip6 - ok
20:31:47.0504 3952  [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:31:47.0551 3952  tcpipreg - ok
20:31:47.0567 3952  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:31:47.0614 3952  TDPIPE - ok
20:31:47.0645 3952  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:31:47.0676 3952  TDTCP - ok
20:31:47.0707 3952  [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:31:47.0738 3952  tdx - ok
20:31:47.0770 3952  [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:31:47.0785 3952  TermDD - ok
20:31:47.0816 3952  [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService     C:\Windows\System32\termsrv.dll
20:31:47.0926 3952  TermService - ok
20:31:47.0957 3952  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes          C:\Windows\system32\shsvcs.dll
20:31:47.0972 3952  Themes - ok
20:31:47.0988 3952  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
20:31:48.0004 3952  THREADORDER - ok
20:31:48.0035 3952  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
20:31:48.0082 3952  TrkWks - ok
20:31:48.0238 3952  [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:31:48.0284 3952  TrustedInstaller - ok
20:31:48.0394 3952  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:31:48.0409 3952  tssecsrv - ok
20:31:48.0487 3952  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
20:31:48.0581 3952  tunmp - ok
20:31:48.0628 3952  [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:31:48.0643 3952  tunnel - ok
20:31:48.0721 3952  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:31:48.0737 3952  uagp35 - ok
20:31:48.0768 3952  [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:31:48.0799 3952  udfs - ok
20:31:48.0846 3952  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:31:48.0877 3952  UI0Detect - ok
20:31:48.0893 3952  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:31:48.0908 3952  uliagpkx - ok
20:31:48.0924 3952  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
20:31:48.0940 3952  uliahci - ok
20:31:48.0986 3952  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
20:31:49.0002 3952  UlSata - ok
20:31:49.0033 3952  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
20:31:49.0049 3952  ulsata2 - ok
20:31:49.0174 3952  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:31:49.0189 3952  umbus - ok
20:31:49.0236 3952  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
20:31:49.0298 3952  upnphost - ok
20:31:49.0330 3952  upperdev - ok
20:31:49.0376 3952  [ AFB10A231254A1920C3BB4A0D02E1CA6 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:31:49.0408 3952  usbccgp - ok
20:31:49.0470 3952  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:31:49.0626 3952  usbcir - ok
20:31:49.0735 3952  [ 44245742C4ED2EAFD69020583424455B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:31:49.0735 3952  usbehci - ok
20:31:49.0798 3952  [ DB39B3F83AF77BCA019D7DF6AADDBDAE ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:31:49.0829 3952  usbhub - ok
20:31:50.0203 3952  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:31:50.0281 3952  usbohci - ok
20:31:50.0858 3952  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:31:50.0952 3952  usbprint - ok
20:31:51.0046 3952  [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:31:51.0092 3952  USBSTOR - ok
20:31:51.0170 3952  [ 587809974E43CFAD0CA0EF6E1D940CA9 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:31:51.0186 3952  usbuhci - ok
20:31:51.0233 3952  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:31:51.0358 3952  usbvideo - ok
20:31:51.0482 3952  [ 032A0ACC3909AE7215D524E29D536797 ] UxSms           C:\Windows\System32\uxsms.dll
20:31:51.0576 3952  UxSms - ok
20:31:51.0670 3952  [ B13BC395B9D6116628F5AF47E0802AC4 ] vds             C:\Windows\System32\vds.exe
20:31:51.0779 3952  vds - ok
20:31:51.0841 3952  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:31:51.0888 3952  vga - ok
20:31:51.0997 3952  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:31:52.0122 3952  VgaSave - ok
20:31:52.0169 3952  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:31:52.0184 3952  viaagp - ok
20:31:52.0216 3952  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
20:31:52.0231 3952  ViaC7 - ok
20:31:52.0262 3952  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
20:31:52.0278 3952  viaide - ok
20:31:52.0340 3952  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:31:52.0340 3952  volmgr - ok
20:31:52.0434 3952  [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:31:52.0450 3952  volmgrx - ok
20:31:52.0496 3952  [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:31:52.0512 3952  volsnap - ok
20:31:52.0590 3952  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:31:52.0606 3952  vsmraid - ok
20:31:52.0668 3952  [ D5FB73D19C46ADE183F968E13F186B23 ] VSS             C:\Windows\system32\vssvc.exe
20:31:52.0762 3952  VSS - ok
20:31:52.0902 3952  [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time         C:\Windows\system32\w32time.dll
20:31:52.0949 3952  W32Time - ok
20:31:52.0980 3952  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:31:53.0261 3952  WacomPen - ok
20:31:53.0292 3952  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
20:31:53.0323 3952  Wanarp - ok
20:31:53.0323 3952  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:31:53.0354 3952  Wanarpv6 - ok
20:31:53.0448 3952  [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:31:53.0573 3952  wcncsvc - ok
20:31:53.0635 3952  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:31:53.0651 3952  WcsPlugInService - ok
20:31:53.0744 3952  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
20:31:53.0760 3952  Wd - ok
20:31:53.0916 3952  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:31:53.0947 3952  Wdf01000 - ok
20:31:53.0994 3952  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:31:54.0072 3952  WdiServiceHost - ok
20:31:54.0088 3952  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:31:54.0103 3952  WdiSystemHost - ok
20:31:54.0337 3952  [ CF9A5F41789B642DB967021DE06A2713 ] WebClient       C:\Windows\System32\webclnt.dll
20:31:54.0368 3952  WebClient - ok
20:31:54.0431 3952  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:31:54.0462 3952  Wecsvc - ok
20:31:54.0556 3952  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:31:54.0712 3952  wercplsupport - ok
20:31:54.0821 3952  [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:31:54.0868 3952  WerSvc - ok
20:31:54.0914 3952  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:31:54.0930 3952  WinDefend - ok
20:31:54.0946 3952  WinHttpAutoProxySvc - ok
20:31:55.0164 3952  [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:31:55.0211 3952  Winmgmt - ok
20:31:55.0382 3952  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:31:55.0445 3952  WinRM - ok
20:31:55.0492 3952  [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:31:56.0038 3952  Wlansvc - ok
20:31:56.0225 3952  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:31:56.0240 3952  WmiAcpi - ok
20:31:56.0396 3952  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:31:56.0412 3952  wmiApSrv - ok
20:31:56.0786 3952  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:31:56.0958 3952  WMPNetworkSvc - ok
20:31:57.0005 3952  [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:31:57.0083 3952  WPCSvc - ok
20:31:57.0145 3952  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:31:57.0176 3952  WPDBusEnum - ok
20:31:57.0254 3952  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
20:31:57.0286 3952  WpdUsb - ok
20:31:57.0660 3952  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:31:57.0894 3952  WPFFontCache_v0400 - ok
20:31:57.0988 3952  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:31:58.0019 3952  ws2ifsl - ok
20:31:58.0159 3952  [ 683DD16B590372F2C9661D277F35E49C ] wscsvc          C:\Windows\system32\wscsvc.dll
20:31:58.0175 3952  wscsvc - ok
20:31:58.0190 3952  WSearch - ok
20:31:58.0502 3952  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:31:59.0220 3952  wuauserv - ok
20:31:59.0813 3952  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:31:59.0891 3952  WUDFRd - ok
20:32:00.0187 3952  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:32:00.0234 3952  wudfsvc - ok
20:32:01.0201 3952  ================ Scan global ===============================
20:32:01.0248 3952  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
20:32:01.0295 3952  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
20:32:01.0576 3952  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
20:32:01.0607 3952  [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
20:32:01.0607 3952  [Global] - ok
20:32:01.0607 3952  ================ Scan MBR ==================================
20:32:01.0638 3952  [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0
20:32:03.0292 3952  \Device\Harddisk0\DR0 - ok
20:32:03.0307 3952  ================ Scan VBR ==================================
20:32:03.0338 3952  [ 381A1447B024CD78B738B7E668085ACB ] \Device\Harddisk0\DR0\Partition1
20:32:03.0354 3952  \Device\Harddisk0\DR0\Partition1 - ok
20:32:03.0385 3952  [ 521794FD240FE53A3EC559A8FC4E2B53 ] \Device\Harddisk0\DR0\Partition2
20:32:03.0385 3952  \Device\Harddisk0\DR0\Partition2 - ok
20:32:03.0385 3952  ============================================================
20:32:03.0385 3952  Scan finished
20:32:03.0385 3952  ============================================================
20:32:03.0416 3664  Detected object count: 1
20:32:03.0416 3664  Actual detected object count: 1
20:32:24.0757 3664  OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
20:32:24.0757 3664  OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
lg!

Alt 16.11.2012, 14:20   #14
markusg
/// Malware-holic
 
GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt - Standard

GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt



hi
alle driver geupdatet? Mainboard, graka etc
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt
autorun, bandoo, beseitigung, bho, converter, defender, error, firefox, flash player, format, frage, helper, home, install.exe, microsoft office 2003, mozilla, office 2007, realtek, registry, rundll, scan, security, senden, software, trojaner, udp, vista, wlan, wma



Ähnliche Themen: GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt


  1. WINDOWS 7 - Defogger erstellt keine ''defogger_disable.txt''
    Plagegeister aller Art und deren Bekämpfung - 03.03.2014 (13)
  2. Logfiles(Programme OTL,defogger und gmer)
    Log-Analyse und Auswertung - 05.01.2014 (1)
  3. Weiser Bildschirm und Logfiles erstellt
    Log-Analyse und Auswertung - 30.09.2013 (10)
  4. GVU Trojaner, OTL Logfiles bereits erstellt
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (1)
  5. Trojaner TR/sirefef.A.78 & Defogger.exe, OTL.exe, Gmer.exe lassen sich nicht ausführen
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (15)
  6. Gvu-trojaner mit webcam / gmer hängt gerade
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (11)
  7. WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt
    Log-Analyse und Auswertung - 29.12.2012 (35)
  8. Upgrade.exe Virus + Log-Dateien (Gmer, Defogger, OLT, Maleware...)
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (10)
  9. alter Trojaner schädlich? Habe ein paar Logfiles bereits erstellt
    Log-Analyse und Auswertung - 06.10.2012 (53)
  10. GVU-Trojaner, Rechner gesperrt, mit OTL schon Logfiles erstellt
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (8)
  11. Nach Verschlüsselungstrojaner Malewarebytes-/defogger-/otlpenet-/gmer-scan durchgeführt
    Log-Analyse und Auswertung - 21.08.2012 (27)
  12. Windows 7 BKA 2.07 Logfiles erstellt Malware laufen lassen
    Log-Analyse und Auswertung - 02.08.2012 (8)
  13. GUV 2.07 auf Win 7 64-Bit. Logfiles erstellt, was nun?
    Log-Analyse und Auswertung - 30.07.2012 (15)
  14. Verschlüsselungstrojaner logfiles erstellt
    Log-Analyse und Auswertung - 03.05.2012 (1)
  15. Weder malwarebytes, noch defogger lassen sich öffnen um logfiles zu erstellen
    Plagegeister aller Art und deren Bekämpfung - 01.11.2011 (3)
  16. BKA Virus :( OTL logfiles erstellt
    Log-Analyse und Auswertung - 13.06.2011 (18)
  17. SpyEyes Trojaner gefunden, Logfiles erstellt
    Plagegeister aller Art und deren Bekämpfung - 01.03.2011 (15)

Zum Thema GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt - Hallo werter Hilfestellungleistender, nach Abarbeitung der Anleitung: http://www.trojaner-board.de/69886-a...-beachten.html hoffen wir auf Hilfe bei der Beseitigung des Störenfriedes. Es ist der hier (wie wir gelesen haben) wohlbekannte GVU Trojaner. Hier die - GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt...
Archiv
Du betrachtest: GVU Trojaner mit webcam - Logfiles (defogger/otl/gmer) erstellt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.