| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google Links führen zu dubiosen Seiten...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.07.2012, 23:29
| #1 |
| |  Google Links führen zu dubiosen Seiten... Hi, ich hab seit heute das problem das wenn ich auf einen google link klicke, ich auf irgendwelche komischen seiten verlinkt werde. Hab AVG internet security drauf und spybot...beide hatten auch gewarnt vor bedrohung und angeblich diese verhindert bzw in quarantäne geschoben. Hab mich jetzt auch schon ein wenig eingelesen in das thema, bin ja scheinbar nicht der erste. Aber die anweisungen die die leute dort immer bekommen haben, haben mich veranlasst mich hier kurz anzumelden und nachzufragen. Hab Win Vista SP2 drauf und die beiden oben beschriebenen tools zur bekämpfung von bedrohnungen. Kann mir einer evtl bei der beseitigung meines problems helfen und mir genau sagen was zu tun ist um dem scheiss ein ende zu bereiten??? Würd mich mega freuen!!! Beste Grüße, Henning Keiner bereit mir ein wenig unter die arme zu greifen??? Würds ja auch selber versuchen, aber hab hier jetzt schon mehrfach gelesen das davon abgeraten wird wenn man nicht all zu viel ahnung von der materie hat....  |
|
10.07.2012, 10:33
| #2 |
| /// Malware-holic   | Google Links führen zu dubiosen Seiten... hi
__________________was soll das,lies bitte die foren regeln, ne antwort kann bis zu 3 tagen dauern. du bist nicht der einzige hier, und bekommst hilfe kostenlos. wenn es dir nicht schnell genug geht, schlage ich vor, in ein pc geschäft zu gehen, und dann für die arbeit dort zu zahlen. der zweite punkt sind die nicht grade üppigen infos die du gibst, was soll ein "außenstehener" damit anfang, avg und spybot haben irgendwo irgendwas gefunden. diese meldungen brauchen wir schon, um uns überhaupt mal einen überblick zu verschaffen :-) danach bitte folgendes: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
10.07.2012, 11:18
| #3 |
| | Google Links führen zu dubiosen Seiten... Ahhh herrlich und erstmal tausend mal sorry. Kenn es halt nur aus anderen foren, das wenn ein beitrag auf seite 2 rutscht, man nicht mehr all zu viel chance auf ne antwort hat. Schön das es hier anders läuft!!!! Und noch viel schöner das es sowas wie euch hier gibt, wenns nachher wieder alles läuft bin ich der letzte der vor ner kleinen paypalspende oder ähnliche wegrennt, kann man ja nur unterstzützen eure arbeit hier!!!!!!!!
__________________Allllso nun wieder zu meinem problem, ich würd dir sehr gerne genau sagen was AVG und spybot mir erzählt haben, aber ich bekomms net hin die fehlermeldung bzw warnmeldung nochmal anzuzeigen. Hab jetzt aufjedenfall gerade mal das OTL durchlaufen lassen, raus kam das hier... OTL.Txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.07.2012 11:42:26 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\qwame\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 64,39% Memory free 6,73 Gb Paging File | 5,45 Gb Available in Paging File | 80,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 127,67 Gb Total Space | 44,03 Gb Free Space | 34,49% Space Free | Partition Type: NTFS Drive F: | 103,05 Gb Total Space | 19,24 Gb Free Space | 18,67% Space Free | Partition Type: NTFS Drive G: | 200,04 Gb Total Space | 78,61 Gb Free Space | 39,30% Space Free | Partition Type: NTFS Drive H: | 35,00 Gb Total Space | 3,36 Gb Free Space | 9,60% Space Free | Partition Type: NTFS Computer Name: QWAME | User Name: qwame | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.10 00:59:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\qwame\Desktop\OTL.exe PRC - [2012.07.09 13:58:27 | 000,245,168 | ---- | M] (hxxp://yourfiledownloader.com) -- C:\Programme\YourFileDownloader\YourFileUpdater.exe PRC - [2012.05.24 15:23:28 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe PRC - [2012.01.26 20:58:58 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgtray.exe PRC - [2011.08.17 17:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe PRC - [2010.11.25 17:17:47 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgfws9.exe PRC - [2010.11.25 17:17:47 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgcsrvx.exe PRC - [2010.09.20 14:51:55 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgnsx.exe PRC - [2010.08.28 06:16:38 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgrsx.exe PRC - [2010.08.28 06:16:35 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgwdsvc.exe PRC - [2010.08.28 06:16:32 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2010.08.28 06:16:32 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2010.08.28 06:16:28 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgemc.exe PRC - [2010.08.28 06:16:27 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgchsvx.exe PRC - [2010.08.28 06:16:26 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgam.exe PRC - [2010.05.28 08:25:04 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2009.12.08 20:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe PRC - [2009.07.20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2009.07.10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009.04.11 00:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.11.26 11:25:36 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe PRC - [2008.10.31 09:20:12 | 000,032,768 | ---- | M] () -- C:\Programme\3DSP\BluetoothWLAN_usb\Utilities\USBMS.exe PRC - [2008.05.13 15:12:56 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\RALINK\Common\RalinkRegistryWriter.exe PRC - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 00:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.12.27 15:39:30 | 000,166,520 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe PRC - [2007.12.27 15:39:20 | 000,051,816 | ---- | M] () -- C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe PRC - [2007.12.17 21:02:00 | 004,718,592 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe PRC - [2006.10.23 02:48:38 | 000,345,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe ========== Modules (No Company Name) ========== MOD - [2010.08.28 06:03:42 | 000,077,824 | ---- | M] () -- C:\Programme\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll MOD - [2010.08.28 06:03:42 | 000,057,344 | ---- | M] () -- C:\Programme\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll MOD - [2009.07.20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll MOD - [2009.04.11 00:28:24 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll MOD - [2009.04.11 00:28:24 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll MOD - [2009.01.09 18:10:52 | 000,139,264 | ---- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll MOD - [2008.09.29 15:48:42 | 000,094,720 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2007.09.20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2006.10.23 02:50:44 | 002,924,544 | ---- | M] () -- c:\Programme\Adobe\Reader 8.0\Reader\RdLang32.DEU MOD - [2006.10.23 02:35:06 | 000,053,248 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Weblink.DEU MOD - [2006.10.23 02:34:44 | 000,005,120 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\updater.DEU MOD - [2006.10.23 02:34:26 | 000,036,864 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Spelling.DEU MOD - [2006.10.23 02:33:42 | 000,026,112 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SendMail.deu MOD - [2006.10.23 02:33:38 | 000,970,752 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\PPKLITE.DEU MOD - [2006.10.23 02:33:38 | 000,012,288 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search5.DEU MOD - [2006.10.23 02:33:28 | 000,053,248 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search.DEU MOD - [2006.10.23 02:33:12 | 000,028,672 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.DEU MOD - [2006.10.23 02:33:02 | 000,008,192 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\reflow.DEU MOD - [2006.10.23 02:32:54 | 000,013,312 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.DEU MOD - [2006.10.23 02:32:30 | 000,011,264 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\pddom.DEU MOD - [2006.10.23 02:32:26 | 000,159,744 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.DEU MOD - [2006.10.23 02:32:16 | 001,224,704 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Annots.DEU MOD - [2006.10.23 02:32:02 | 000,086,016 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\makeaccessible.DEU MOD - [2006.10.23 02:31:30 | 000,013,312 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Hls.deu MOD - [2006.10.23 02:31:10 | 000,006,656 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\EWH32.DEU MOD - [2006.10.23 02:31:00 | 000,098,304 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Escript.deu MOD - [2006.10.23 02:30:42 | 000,225,280 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\DigSig.DEU MOD - [2006.10.23 02:30:32 | 000,028,672 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\eBook.DEU MOD - [2006.10.23 02:29:58 | 000,798,720 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Acroform.DEU MOD - [2006.10.23 02:29:56 | 000,192,512 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Checkers.DEU MOD - [2006.10.23 02:29:24 | 000,077,824 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\accessibility.DEU ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - File not found [Auto | Stopped] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc) SRV - [2012.05.24 15:23:28 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2011.08.17 17:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () [Auto | Start_Pending] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql) SRV - [2010.11.25 17:17:47 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG9\avgfws9.exe -- (avgfws9) SRV - [2010.08.28 06:16:35 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010.08.28 06:16:32 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2010.08.28 06:16:28 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010.05.28 08:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010.02.06 20:07:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.12.08 20:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2009.11.19 22:05:59 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.10.31 09:20:12 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files\3DSP\BluetoothWLAN_usb\Utilities\USBMS.exe -- (3DSP Corporation Monitor Service) SRV - [2008.10.17 13:22:34 | 000,090,112 | ---- | M] (3DSP Corporation) [On_Demand | Stopped] -- C:\Programme\3DSP\BluetoothWLAN_usb\Utilities\UsbCS.exe -- (UsbCS) SRV - [2008.05.13 15:12:56 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Programme\RALINK\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter) SRV - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.12.27 15:39:30 | 000,166,520 | ---- | M] () [Auto | Running] -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service) SRV - [2007.12.27 15:39:20 | 000,051,816 | ---- | M] () [Auto | Running] -- C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RSC4USB.sys -- (RSC4_A02) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nmserial.sys -- (nmserial) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nmpar.sys -- (NmPar) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\cpuz.sys -- (cpuz) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a449t2mk) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a08okga9) DRV - [2011.09.13 19:23:25 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2011.05.06 09:24:45 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010.12.01 06:42:14 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2010.08.28 06:16:33 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Programme\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys -- (AVGIDSDrivervtx) DRV - [2010.08.28 06:16:33 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Programme\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys -- (AVGIDSFiltervtx) DRV - [2010.08.28 06:16:33 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Programme\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys -- (AVGIDSShimvtx) DRV - [2010.08.28 06:16:33 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSvx.sys -- (AVGIDSErHrvtx) DRV - [2010.08.28 06:16:28 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010.08.28 06:16:26 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (AvgRkx86) DRV - [2010.08.28 06:03:33 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd) DRV - [2010.07.26 15:15:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.07.15 09:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2010.07.15 09:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2009.09.20 01:45:43 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.09.20 01:45:43 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.06.17 18:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2009.06.17 18:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2009.06.17 18:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2009.05.11 11:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.16 19:04:44 | 000,371,200 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rldjif2u.sys -- (RL_DJIFIE2_USB) DRV - [2009.04.16 19:04:42 | 000,033,792 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rldjif2a.sys -- (RL_DJIFIE2_WDM) DRV - [2009.04.16 18:08:30 | 000,025,088 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rldjif2m.sys -- (RL_DJIFIE2_MIDI) DRV - [2009.03.04 17:17:26 | 000,122,880 | ---- | M] (3DSP Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wlusb51.sys -- (WLAN3DSPUSBXP) DRV - [2009.03.04 17:17:18 | 000,217,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BtUsbCard.sys -- (BTUSBCARD) DRV - [2008.09.26 10:53:00 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.09.26 10:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.06.10 21:57:54 | 000,620,032 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2008.03.24 13:24:38 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv) DRV - [2008.03.06 18:48:05 | 000,226,496 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2008.03.06 15:24:18 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2007.12.21 14:55:06 | 003,478,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.12.11 18:06:00 | 008,238,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.06.24 21:56:40 | 000,027,656 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007.06.24 21:56:34 | 000,034,312 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007.04.30 17:42:00 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.04.12 10:18:34 | 000,048,000 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2007.03.05 20:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT) DRV - [2007.03.05 20:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidMgr.sys -- (BTHidMgr) DRV - [2007.03.05 20:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum) DRV - [2007.03.05 20:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr) DRV - [2007.03.05 20:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm) DRV - [2006.11.10 15:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool) DRV - [2006.10.30 17:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2006.10.18 23:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2006.02.08 05:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\JGOGO.sys -- (JGOGO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112558&tt=010712_2&babsrc=SP_ss&mntrId=a0563f90000000000000001583170670 IE - HKCU\..\SearchScopes\{7FB031A5-8083-4440-B04B-47867CD18D8B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.5 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.6.2 FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10 FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.8 FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb161/?loc=IB_DS&a=6PQzDIbeLp&&i=26&search=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\qwame\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.09.14 15:32:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.06.06 11:50:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.10 22:16:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.10 00:49:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.18 23:32:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.11.18 14:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\qwame\AppData\Roaming\mozilla\Extensions [2010.11.18 14:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\qwame\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.09 21:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\qwame\AppData\Roaming\mozilla\Firefox\Profiles\tipo7uhn.default\extensions [2011.03.19 14:14:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\qwame\AppData\Roaming\mozilla\Firefox\Profiles\tipo7uhn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.15 09:51:56 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\qwame\AppData\Roaming\mozilla\Firefox\Profiles\tipo7uhn.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2011.10.05 09:55:35 | 000,000,000 | ---D | M] (MeasureIt) -- C:\Users\qwame\AppData\Roaming\mozilla\Firefox\Profiles\tipo7uhn.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0} [2010.07.09 19:00:12 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\qwame\AppData\Roaming\mozilla\Firefox\Profiles\tipo7uhn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.06 11:50:15 | 000,002,203 | ---- | M] () -- C:\Users\qwame\AppData\Roaming\Mozilla\Firefox\Profiles\tipo7uhn.default\searchplugins\MyStart Search.xml [2012.07.09 13:58:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.02.18 17:47:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.07.09 13:58:51 | 000,000,000 | ---D | M] (Babylon) -- C:\Programme\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2012.05.17 23:54:28 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\QWAME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TIPO7UHN.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2011.09.29 09:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.09 13:58:38 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = O1 HOSTS File: ([2010.08.08 14:52:16 | 000,000,792 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LiveZilla] C:\Program Files\LiveZilla\LiveZilla.exe (LiveZilla GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite1\daemon.exe" -autorun File not found O4 - HKCU..\Run: [IBP] File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [SpybotSnD] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10v_Plugin.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\qwame\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\System32\winrnr.dll File not found O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F46D2CD-21C7-4ADC-9E35-9DE9E2668988}: DhcpNameServer = 192.168.1.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BD3929D-0D45-4AD3-8B67-7230D0793859}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Programme\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation) O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Programme\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock) O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Programme\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock) O24 - Desktop WallPaper: C:\Users\qwame\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\qwame\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{53b46445-f509-11dc-bc13-001e8c8691a9}\Shell - "" = AutoRun O33 - MountPoints2\{53b46445-f509-11dc-bc13-001e8c8691a9}\Shell\AutoRun\command - "" = E:\AutoPlay.exe -auto O33 - MountPoints2\{6cc8f729-d418-11dd-926d-001e8c8691a9}\Shell - "" = AutoRun O33 - MountPoints2\{6cc8f729-d418-11dd-926d-001e8c8691a9}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{6cc8f72c-d418-11dd-926d-001e8c8691a9}\Shell - "" = AutoRun O33 - MountPoints2\{6cc8f72c-d418-11dd-926d-001e8c8691a9}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{707ec628-f799-11dd-bee1-001e8c8691a9}\Shell - "" = AutoRun O33 - MountPoints2\{707ec628-f799-11dd-bee1-001e8c8691a9}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{707ec629-f799-11dd-bee1-001e8c8691a9}\Shell - "" = AutoRun O33 - MountPoints2\{707ec629-f799-11dd-bee1-001e8c8691a9}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{707ec62b-f799-11dd-bee1-001e8c8691a9}\Shell - "" = AutoRun O33 - MountPoints2\{707ec62b-f799-11dd-bee1-001e8c8691a9}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{707ec62c-f799-11dd-bee1-001e8c8691a9}\Shell - "" = AutoRun O33 - MountPoints2\{707ec62c-f799-11dd-bee1-001e8c8691a9}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{7f3802d2-eb81-11dc-9ae9-001e8c8691a9}\Shell - "" = AutoRun O33 - MountPoints2\{7f3802d2-eb81-11dc-9ae9-001e8c8691a9}\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\{9389f610-ac7f-11df-a69a-001e8c8691a9}\Shell - "" = Autorun O33 - MountPoints2\{9389f610-ac7f-11df-a69a-001e8c8691a9}\Shell\AutoRun\command - "" = I:\Install_Nokia_Ovi_Suite.exe O33 - MountPoints2\{9b118a4d-d505-11de-bfd0-001e8c8691a9}\Shell - "" = AutoRun O33 - MountPoints2\{9b118a4d-d505-11de-bfd0-001e8c8691a9}\Shell\AutoRun\command - "" = J:\Autorun.exe O33 - MountPoints2\{f7c2ce06-c5b2-11e0-9dee-001583170670}\Shell\AutoRun\command - "" = videos\player\winopen "\XXX the Movie.exe" O33 - MountPoints2\{fba9a708-f493-11dd-b834-001e8c8691a9}\Shell - "" = AutoRun O33 - MountPoints2\{fba9a708-f493-11dd-b834-001e8c8691a9}\Shell\AutoRun\command - "" = J:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2B6B6F3B-B0CA-8D1F-4E30-D35954C83548} - Internet Explorer ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B227D72E-F737-E1C0-1612-B4D44CE9474A} - Microsoft Windows Media Player ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {D4746ADD-C4DF-4E40-BBEB-51F5F4B4B299} - Microsoft Windows Media Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Sharedaccess - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe - (Adobe Systems Incorporated) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe - () MsConfig - StartUpFolder: C:^Users^qwame^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk - C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.) MsConfig - StartUpFolder: C:^Users^qwame^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - C:\Programme\Common Files\Logishrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech) MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - File not found MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - File not found MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: Nokia FastStart - hkey= - key= - File not found MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - File not found MsConfig - StartUpReg: RouterControl - hkey= - key= - File not found MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: Steam - hkey= - key= - File not found MsConfig - StartUpReg: USBMaLoader.exe - hkey= - key= - C:\Programme\3DSP\BluetoothWLAN_usb\Utilities\USBMaLoader.exe () MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.10 09:47:04 | 000,000,000 | ---D | C] -- C:\Users\qwame\Desktop\Anti Mal-Spyware Krams [2012.07.10 00:59:46 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\qwame\Desktop\OTL.exe [2012.07.10 00:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.07.10 00:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.07.10 00:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.07.10 00:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.07.10 00:12:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.07.09 15:58:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\{4E1B117F-A681-406A-88B5-AF868CF9CB04} [2012.07.09 15:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments [2012.07.09 15:57:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\{4E70D107-00B1-4793-A17B-C6B6D7EF3151} [2012.07.09 15:57:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2} [2012.07.09 15:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments [2012.07.09 15:56:57 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments [2012.07.09 13:58:26 | 000,000,000 | ---D | C] -- C:\Users\qwame\AppData\Roaming\YourFileDownloader [2012.07.09 13:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\YourFileDownloader [2012.07.04 11:20:34 | 000,000,000 | ---D | C] -- C:\Users\qwame\Desktop\z [2012.06.28 10:07:09 | 000,000,000 | ---D | C] -- C:\Users\qwame\Documents\Native Instruments [2012.06.28 10:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments [2012.06.28 09:43:06 | 000,000,000 | ---D | C] -- C:\Windows\usb-audio.deRLDJIF2 [2012.06.28 09:33:49 | 000,371,200 | ---- | C] (Ploytec GmbH) -- C:\Windows\System32\drivers\rldjif2u.sys [2012.06.28 09:33:49 | 000,033,792 | ---- | C] (Ploytec GmbH) -- C:\Windows\System32\drivers\rldjif2a.sys [2012.06.28 09:33:49 | 000,025,088 | ---- | C] (Ploytec GmbH) -- C:\Windows\System32\drivers\rldjif2m.sys [2012.06.26 21:50:45 | 000,000,000 | ---D | C] -- C:\Users\qwame\Desktop\pioneer djm 500 [2012.06.25 11:16:19 | 000,000,000 | ---D | C] -- C:\Users\qwame\Desktop\Mukke Programme usw [2012.06.17 20:14:01 | 000,000,000 | ---D | C] -- C:\Users\qwame\Desktop\MARLIS Innenleben [2012.06.13 17:01:32 | 000,000,000 | ---D | C] -- C:\Users\qwame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain [2012.06.13 17:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain [2012.06.13 17:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain [2012.06.12 23:01:03 | 000,000,000 | ---D | C] -- C:\Users\qwame\AppData\Roaming\Audacity [2012.06.12 23:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity [2012.06.12 22:43:37 | 000,000,000 | ---D | C] -- C:\Users\qwame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ [2012.06.12 22:43:32 | 000,000,000 | ---D | C] -- C:\Users\qwame\Documents\VirtualDJ [2012.06.12 22:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ [2012.06.11 23:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.06.11 23:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.06.11 23:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.06.11 22:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools [2012.06.11 22:27:34 | 000,203,088 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys [2012.06.11 22:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2012.06.11 22:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.06.11 22:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012.06.11 22:27:12 | 000,000,000 | ---D | C] -- C:\Users\qwame\AppData\Roaming\TestApp [2008.10.06 02:02:23 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\qwame\AppData\Roaming\pcouffin.sys [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.10 11:29:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.10 11:29:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.10 10:56:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.10 09:56:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.10 09:37:20 | 000,637,538 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.10 09:37:20 | 000,621,704 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.10 09:37:20 | 000,132,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.10 09:37:20 | 000,114,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.10 09:29:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.10 00:59:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\qwame\Desktop\OTL.exe [2012.07.10 00:12:17 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.09 23:59:23 | 101,316,896 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2012.07.09 21:28:24 | 000,000,896 | ---- | M] () -- C:\Users\qwame\Desktop\Traktor.lnk [2012.07.09 13:58:53 | 000,000,697 | ---- | M] () -- C:\user.js [2012.07.06 19:14:45 | 000,062,305 | ---- | M] () -- C:\Users\qwame\Documents\lebenslauf.pdf [2012.06.27 14:34:36 | 000,013,257 | ---- | M] () -- C:\Users\qwame\.recently-used.xbel [2012.06.13 10:04:39 | 002,373,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.12 22:21:58 | 000,163,840 | ---- | M] () -- C:\Users\qwame\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.11 23:55:48 | 000,000,121 | ---- | M] () -- C:\Windows\wininit.ini [2012.06.11 22:28:12 | 001,535,611 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.10 00:12:17 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.09 21:28:24 | 000,000,896 | ---- | C] () -- C:\Users\qwame\Desktop\Traktor.lnk [2012.07.06 19:14:45 | 000,062,305 | ---- | C] () -- C:\Users\qwame\Documents\lebenslauf.pdf [2012.06.27 14:34:36 | 000,013,257 | ---- | C] () -- C:\Users\qwame\.recently-used.xbel [2012.06.12 23:00:57 | 000,000,823 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2012.06.11 23:55:48 | 000,000,121 | ---- | C] () -- C:\Windows\wininit.ini [2012.06.11 22:27:40 | 001,535,611 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2012.03.02 09:50:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.03.15 01:44:45 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.02.17 22:53:01 | 000,000,082 | ---- | C] () -- C:\Windows\odbc_merge.INI [2010.12.15 04:46:51 | 001,774,720 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2010.12.15 04:46:51 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2010.12.15 04:46:51 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2010.12.15 04:46:51 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2010.12.15 04:46:51 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2010.12.09 12:15:23 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.11.28 19:56:15 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.09.11 17:24:58 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.09.11 17:24:58 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.08.31 17:05:08 | 000,438,272 | ---- | C] () -- C:\Windows\System32\RaCoInst.dll [2010.08.31 17:05:08 | 000,011,783 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2010.08.31 17:05:08 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\rt2870.bin [2010.08.30 21:01:45 | 000,000,873 | ---- | C] () -- C:\Users\qwame\AppData\Local\RT3070_{7B9EDF4F-99A5-4CD3-B47E-D9EA8B1ECFCC}_sta [2010.08.30 21:01:24 | 000,000,847 | ---- | C] () -- C:\Users\qwame\AppData\Local\RT3070_{7B9EDF4F-99A5-4CD3-B47E-D9EA8B1ECFCC}_prof [2010.01.28 00:25:50 | 000,000,039 | ---- | C] () -- C:\Users\qwame\.htpasswd [2009.11.18 14:30:56 | 000,000,680 | RHS- | C] () -- C:\Users\qwame\ntuser.pol [2009.11.17 22:15:13 | 000,000,760 | ---- | C] () -- C:\Users\qwame\AppData\Roaming\setup_ldm.iss [2008.10.06 02:02:49 | 000,000,668 | ---- | C] () -- C:\Users\qwame\AppData\Roaming\vso_ts_preview.xml [2008.10.06 02:02:23 | 000,087,608 | ---- | C] () -- C:\Users\qwame\AppData\Roaming\inst.exe [2008.10.06 02:02:23 | 000,007,887 | ---- | C] () -- C:\Users\qwame\AppData\Roaming\pcouffin.cat [2008.10.06 02:02:23 | 000,001,144 | ---- | C] () -- C:\Users\qwame\AppData\Roaming\pcouffin.inf [2008.03.26 16:43:58 | 000,022,328 | ---- | C] () -- C:\Users\qwame\AppData\Roaming\PnkBstrK.sys [2008.03.26 16:40:05 | 000,103,736 | ---- | C] () -- C:\Users\qwame\AppData\Roaming\PnkBstrB.exe [2008.03.23 20:05:13 | 000,000,468 | -H-- | C] () -- C:\Users\qwame\AppData\Roaming\vispa.ini [2008.03.18 23:16:01 | 000,025,590 | ---- | C] () -- C:\Users\qwame\AppData\Roaming\UserTile.png [2008.03.06 22:01:37 | 000,000,680 | ---- | C] () -- C:\Users\qwame\AppData\Local\d3d9caps.dat [2008.03.06 14:42:31 | 000,163,840 | ---- | C] () -- C:\Users\qwame\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.05 19:34:07 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html ========== LOP Check ========== [2009.03.28 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Ashampoo [2012.06.12 23:28:01 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Audacity [2010.08.30 09:36:50 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\AVG9 [2009.12.04 23:13:13 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\BlackBean [2009.12.04 22:30:27 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Capcom [2008.03.06 19:46:28 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2009.11.22 00:16:17 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\CoreCodec [2009.09.20 01:33:07 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\DAEMON Tools [2008.03.18 20:27:04 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\DAEMON Tools Pro [2010.10.10 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Desktopicon [2011.07.22 19:34:36 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\DVDVideoSoft [2011.05.05 22:58:50 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.10 23:30:23 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\elsterformular [2011.06.08 22:49:33 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\FFP [2012.07.10 00:16:40 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\FileZilla [2009.03.27 00:59:42 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\FlashFXP [2011.07.20 15:32:15 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\FreeFLVConverter [2012.01.15 18:28:09 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Garmin [2009.11.20 01:46:19 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\GetRight [2012.06.26 22:19:09 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\gtk-2.0 [2011.03.05 22:37:51 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\IBP [2010.10.28 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\ICQ [2011.09.06 21:50:36 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Image-Line [2009.11.17 22:15:20 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Leadertech [2008.10.05 13:31:19 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Neo-Modus.com [2009.03.19 21:57:55 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Nokia [2012.06.17 16:35:31 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\NoNameScript [2010.07.27 11:59:02 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\OpenCandy [2011.09.26 19:05:10 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Opera [2009.03.26 00:02:30 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Participatory Culture Foundation [2009.03.20 13:48:57 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\PC Suite [2009.03.26 00:05:41 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\PCF-VLC [2008.03.18 23:16:00 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\PeerNetworking [2008.03.24 13:32:34 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Pegasys Inc [2010.08.18 00:50:38 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Plane9 [2008.12.28 20:28:54 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\QIP [2011.06.04 17:47:05 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Samsung [2011.10.05 20:43:49 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Scooter Software [2010.08.18 00:14:24 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\SoundSpectrum [2009.08.10 02:32:25 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Stardock [2010.12.14 19:50:46 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\TeamViewer [2012.06.11 22:27:12 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\TestApp [2008.05.29 15:31:21 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Thinstall [2010.11.18 14:58:10 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Thunderbird [2009.01.11 22:32:52 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Toolbars [2008.06.29 13:22:52 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Trillian [2009.11.24 18:05:52 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\TrueCrypt [2011.02.16 18:34:41 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\TZ-EasyBuch [2011.12.12 18:46:50 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Ubisoft [2009.11.20 02:36:06 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\uTorrent [2012.07.10 00:16:40 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\Vso [2008.07.09 11:26:52 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\WebCompiler3 [2012.07.09 13:58:26 | 000,000,000 | ---D | M] -- C:\Users\qwame\AppData\Roaming\YourFileDownloader [2012.07.10 01:08:26 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2008.03.24 16:59:33 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A4E4152E-7C73-41F1-BA92-FE629AA28ECD}.job [2010.12.09 12:13:36 | 000,000,204 | ---- | M] () -- C:\Windows\Tasks\{E85BDB8D-2DCF-4874-A427-BF2C89D96DCA}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.08.28 06:33:45 | 000,000,000 | -H-D | M] -- C:\$AVG [2009.11.18 14:46:10 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2008.02.01 14:38:52 | 000,000,000 | ---D | M] -- C:\ATI [2009.11.27 02:46:25 | 000,000,000 | -HSD | M] -- C:\Boot [2008.02.01 20:29:30 | 000,000,000 | ---D | M] -- C:\bundlesw [2008.03.05 19:11:28 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.11.20 01:44:50 | 000,000,000 | ---D | M] -- C:\Downloads [2011.12.18 16:24:41 | 000,000,000 | -HSD | M] -- C:\found.000 [2008.02.01 15:00:33 | 000,000,000 | ---D | M] -- C:\MBDOC [2008.10.08 21:47:32 | 000,000,000 | ---D | M] -- C:\NVIDIA [2008.12.13 03:22:43 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.07.10 00:50:14 | 000,000,000 | R--D | M] -- C:\Program Files [2012.07.10 00:51:09 | 000,000,000 | ---D | M] -- C:\ProgramData [2008.03.05 19:11:28 | 000,000,000 | -HSD | M] -- C:\Programme [2006.03.24 15:16:48 | 000,000,000 | -HSD | M] -- C:\Recycled [2008.02.01 11:51:39 | 000,000,000 | ---D | M] -- C:\sources [2012.07.10 11:45:23 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.05.03 15:11:50 | 000,000,000 | ---D | M] -- C:\Temp [2010.12.16 06:00:47 | 000,000,000 | R--D | M] -- C:\Users [2010.02.10 21:37:25 | 000,000,000 | ---D | M] -- C:\VueScan [2012.07.10 00:16:34 | 000,000,000 | ---D | M] -- C:\Windows [2012.06.06 13:55:22 | 000,000,000 | ---D | M] -- C:\xampp < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: AHCIX86S.SYS > [2006.12.29 01:51:56 | 000,110,592 | ---- | M] (ATI Technologies Inc.) MD5=67740F91B47434CC6173A35667A4BA66 -- C:\ATI\SUPPORT\8-1_vista32-64_sb_57724\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.03.05 20:21:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.03.05 20:21:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.03.05 20:21:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.02.01 12:45:37 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.02.01 12:45:37 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 00:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.02.01 11:54:50 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2008.02.01 11:54:51 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.03.06 15:24:18 | 000,716,272 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys [1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2008.02.01 20:39:34 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.02.01 20:39:32 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.02.01 20:39:34 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2008.02.01 20:39:44 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2008.02.01 20:39:45 | 006,090,752 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2008.01.19 00:34:10 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2008.01.19 00:34:10 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll < %USERPROFILE%\*.* > [2010.01.28 00:25:51 | 000,000,039 | ---- | M] () -- C:\Users\qwame\.htpasswd [2012.06.27 14:34:36 | 000,013,257 | ---- | M] () -- C:\Users\qwame\.recently-used.xbel [2012.07.10 11:49:17 | 004,456,448 | -HS- | M] () -- C:\Users\qwame\NTUSER.DAT [2012.07.10 11:49:17 | 000,262,144 | -H-- | M] () -- C:\Users\qwame\ntuser.dat.LOG1 [2009.11.19 14:15:53 | 000,218,624 | -H-- | M] () -- C:\Users\qwame\ntuser.dat.LOG2 [2012.07.10 01:08:14 | 000,065,536 | -HS- | M] () -- C:\Users\qwame\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011.04.08 21:03:35 | 000,524,288 | -HS- | M] () -- C:\Users\qwame\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012.07.10 01:08:14 | 000,524,288 | -HS- | M] () -- C:\Users\qwame\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2008.03.05 19:14:59 | 000,000,020 | -HS- | M] () -- C:\Users\qwame\ntuser.ini [2009.11.18 14:37:59 | 000,000,680 | RHS- | M] () -- C:\Users\qwame\ntuser.pol < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB30910$] -> Error: Cannot create file handle -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Extras.Txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.07.2012 11:42:26 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\qwame\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 64,39% Memory free
6,73 Gb Paging File | 5,45 Gb Available in Paging File | 80,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 127,67 Gb Total Space | 44,03 Gb Free Space | 34,49% Space Free | Partition Type: NTFS
Drive F: | 103,05 Gb Total Space | 19,24 Gb Free Space | 18,67% Space Free | Partition Type: NTFS
Drive G: | 200,04 Gb Total Space | 78,61 Gb Free Space | 39,30% Space Free | Partition Type: NTFS
Drive H: | 35,00 Gb Total Space | 3,36 Gb Free Space | 9,60% Space Free | Partition Type: NTFS
Computer Name: QWAME | User Name: qwame | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [compress] -- C:\Program Files\KGB Archiver\kgb_arch_compress.exe "%1\"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2530334165-4292757262-1757508037-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink Wireless LAN
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3317F7C9-9EBB-1C42-864D-11979D61E2E4}" = ATI Catalyst Install Manager
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.445
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" =
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4749B16F-3059-4720-85D9-622305034D0A}" = Muon Tau Pro VSTi demo
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.0
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}" = Bluesoleil2.7.0.13 VoIP Release 071227
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C4C91E02-D4E2-481E-BCBA-7D90CC8D43E1}" = LiveZilla
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DD858FAE-AEC5-4DA9-B573-DE248CD18A07}" = usbBlueW
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0
"AVG9Uninstall" = AVG 9.0
"BeyondCompare3_is1" = Beyond Compare Version 3.3.2
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DivX Setup.divx.com" = DivX-Setup
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.1.1 Home Edition
"ElsterFormular für Privatanwender und Unternehmer 12.0.0.5880k" = ElsterFormular
"ffdshow_is1" = ffdshow
"FileZilla Client" = FileZilla Client 3.1.3.1
"FL Studio 10" = FL Studio 10
"Foxit PDF Editor" = Foxit PDF Editor
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free FLV Converter_is1" = Free FLV Converter V 6.98.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"G-Force" = G-Force
"IBP11_is1" = IBP 11.7.8
"IrfanView" = IrfanView (remove only)
"JTL-Wawi_is1" = JTL-Wawi
"LiveZilla" = LiveZilla
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"mIRC" = mIRC
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.64.1403" = Opera 11.64
"Security Task Manager" = Security Task Manager 1.7h
"Steam" = Steam
"TeamViewer 6" = TeamViewer 6
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"USB_AUDIO_DEusb-audio.deRLDJIF2" = Digital Jockey - IE2
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"NoNameScript" = NNScript
"YourFileDownloader" = YourFileDownloader
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.07.2012 03:34:10 | Computer Name = QWAME | Source = Windows Search Service | ID = 3013
Description =
Error - 10.07.2012 03:34:10 | Computer Name = QWAME | Source = Windows Search Service | ID = 3013
Description =
Error - 10.07.2012 03:34:10 | Computer Name = QWAME | Source = Windows Search Service | ID = 3013
Description =
Error - 10.07.2012 03:34:11 | Computer Name = QWAME | Source = Windows Search Service | ID = 3013
Description =
Error - 10.07.2012 03:34:11 | Computer Name = QWAME | Source = Windows Search Service | ID = 3013
Description =
Error - 10.07.2012 03:34:11 | Computer Name = QWAME | Source = Windows Search Service | ID = 3013
Description =
Error - 10.07.2012 03:34:11 | Computer Name = QWAME | Source = Windows Search Service | ID = 3013
Description =
Error - 10.07.2012 03:34:11 | Computer Name = QWAME | Source = Windows Search Service | ID = 3013
Description =
Error - 10.07.2012 03:34:11 | Computer Name = QWAME | Source = Windows Search Service | ID = 3013
Description =
Error - 10.07.2012 05:45:19 | Computer Name = QWAME | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
[ System Events ]
Error - 10.07.2012 03:29:33 | Computer Name = QWAME | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =
Error - 10.07.2012 03:29:34 | Computer Name = QWAME | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 10.07.2012 03:31:11 | Computer Name = QWAME | Source = Service Control Manager | ID = 7023
Description =
Error - 10.07.2012 03:31:11 | Computer Name = QWAME | Source = Service Control Manager | ID = 7000
Description =
Error - 10.07.2012 03:31:11 | Computer Name = QWAME | Source = Service Control Manager | ID = 7000
Description =
Error - 10.07.2012 03:31:11 | Computer Name = QWAME | Source = Service Control Manager | ID = 7003
Description =
Error - 10.07.2012 03:31:11 | Computer Name = QWAME | Source = Service Control Manager | ID = 7003
Description =
Error - 10.07.2012 03:31:46 | Computer Name = QWAME | Source = Service Control Manager | ID = 7022
Description =
Error - 10.07.2012 03:31:46 | Computer Name = QWAME | Source = Service Control Manager | ID = 7026
Description =
Error - 10.07.2012 05:39:05 | Computer Name = QWAME | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
< End of report >
|
|
12.07.2012, 17:53
| #4 |
| /// Malware-holic | Google Links führen zu dubiosen Seiten... na nu bist auf seite 19 und wir finden dich trotzdem wieder. wie gesagt, sorry, aber man kommt kaum nach. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.07.2012, 15:51
| #5 |
| | Google Links führen zu dubiosen Seiten... Oh man ja das glaub ich, ist ja garnicht zu fassen. Ist das erste mal seit den anfängen meiner internetzeit (14K modem) das ich von sunner scheisse befallen bin. Vor 10 jahren war das noch deutlich einfacher die scheisse aus dem system wieder raus zu bekommen. Also das tdsskill teil hat folgendes zu tage befördert... 16:46:17.0283 6616 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11 16:46:17.0536 6616 ============================================================ 16:46:17.0536 6616 Current date / time: 2012/07/22 16:46:17.0536 16:46:17.0537 6616 SystemInfo: 16:46:17.0537 6616 16:46:17.0537 6616 OS Version: 6.0.6002 ServicePack: 2.0 16:46:17.0537 6616 Product type: Workstation 16:46:17.0537 6616 ComputerName: QWAME 16:46:17.0537 6616 UserName: qwame 16:46:17.0537 6616 Windows directory: C:\Windows 16:46:17.0537 6616 System windows directory: C:\Windows 16:46:17.0537 6616 Processor architecture: Intel x86 16:46:17.0537 6616 Number of processors: 4 16:46:17.0537 6616 Page size: 0x1000 16:46:17.0537 6616 Boot type: Normal boot 16:46:17.0537 6616 ============================================================ 16:46:17.0756 6616 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:46:17.0839 6616 ============================================================ 16:46:17.0839 6616 \Device\Harddisk0\DR0: 16:46:17.0839 6616 MBR partitions: 16:46:17.0839 6616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0xFF5605A 16:46:17.0855 6616 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFF560D9, BlocksNum 0xCE1854D 16:46:17.0866 6616 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1CD6E665, BlocksNum 0x460025A 16:46:17.0880 6616 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2136E8FE, BlocksNum 0x19016343 16:46:17.0880 6616 ============================================================ 16:46:17.0883 6616 G: <-> \Device\Harddisk0\DR0\Partition3 16:46:17.0918 6616 H: <-> \Device\Harddisk0\DR0\Partition2 16:46:17.0938 6616 F: <-> \Device\Harddisk0\DR0\Partition1 16:46:17.0956 6616 C: <-> \Device\Harddisk0\DR0\Partition0 16:46:17.0956 6616 ============================================================ 16:46:17.0956 6616 Initialize success 16:46:17.0956 6616 ============================================================ 16:46:38.0584 5052 ============================================================ 16:46:38.0584 5052 Scan started 16:46:38.0584 5052 Mode: Manual; SigCheck; TDLFS; 16:46:38.0584 5052 ============================================================ 16:46:38.0963 5052 17193545 (58169ffb207940d4d84b4e85db02cc1e) C:\Windows\system32\drivers\15227613.sys 16:46:39.0020 5052 3DSP Corporation Monitor Service - ok 16:46:39.0059 5052 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 16:46:39.0158 5052 ACPI - ok 16:46:39.0162 5052 AcronisOSSReinstallSvc - ok 16:46:39.0191 5052 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 16:46:39.0215 5052 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning 16:46:39.0215 5052 Adobe LM Service - detected UnsignedFile.Multi.Generic (1) 16:46:39.0268 5052 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 16:46:39.0300 5052 adp94xx - ok 16:46:39.0340 5052 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 16:46:39.0353 5052 adpahci - ok 16:46:39.0373 5052 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 16:46:39.0384 5052 adpu160m - ok 16:46:39.0410 5052 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 16:46:39.0420 5052 adpu320 - ok 16:46:39.0439 5052 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 16:46:39.0476 5052 AeLookupSvc - ok 16:46:39.0513 5052 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 16:46:39.0540 5052 AFD - ok 16:46:39.0555 5052 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 16:46:39.0565 5052 agp440 - ok 16:46:39.0579 5052 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 16:46:39.0590 5052 aic78xx - ok 16:46:39.0611 5052 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 16:46:39.0649 5052 ALG - ok 16:46:39.0663 5052 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 16:46:39.0671 5052 aliide - ok 16:46:39.0695 5052 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 16:46:39.0704 5052 amdagp - ok 16:46:39.0711 5052 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 16:46:39.0720 5052 amdide - ok 16:46:39.0735 5052 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 16:46:39.0882 5052 AmdK7 - ok 16:46:39.0896 5052 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys 16:46:39.0954 5052 AmdK8 - ok 16:46:39.0994 5052 Apache2.2 - ok 16:46:40.0021 5052 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 16:46:40.0104 5052 Appinfo - ok 16:46:40.0126 5052 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 16:46:40.0135 5052 arc - ok 16:46:40.0149 5052 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 16:46:40.0158 5052 arcsas - ok 16:46:40.0178 5052 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 16:46:40.0215 5052 AsyncMac - ok 16:46:40.0245 5052 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 16:46:40.0255 5052 atapi - ok 16:46:40.0313 5052 Ati External Event Utility (bf5786873688cffc01faf89c1284c24b) C:\Windows\system32\Ati2evxx.exe 16:46:40.0416 5052 Ati External Event Utility - ok 16:46:40.0656 5052 atikmdag (380ed8aa40cd70798e2add9906c76798) C:\Windows\system32\DRIVERS\atikmdag.sys 16:46:40.0785 5052 atikmdag - ok 16:46:40.0893 5052 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys 16:46:40.0917 5052 AtiPcie - ok 16:46:40.0933 5052 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\Windows\system32\DRIVERS\ATITool.sys 16:46:40.0951 5052 ATITool ( UnsignedFile.Multi.Generic ) - warning 16:46:40.0951 5052 ATITool - detected UnsignedFile.Multi.Generic (1) 16:46:40.0985 5052 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys 16:46:41.0015 5052 atksgt - ok 16:46:41.0053 5052 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 16:46:41.0082 5052 AudioEndpointBuilder - ok 16:46:41.0089 5052 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 16:46:41.0113 5052 Audiosrv - ok 16:46:41.0215 5052 avg9emc (aa054cd537357f03d5ba6aba7562b35f) C:\Program Files\AVG\AVG9\avgemc.exe 16:46:41.0253 5052 avg9emc - ok 16:46:41.0291 5052 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe 16:46:41.0304 5052 avg9wd - ok 16:46:41.0440 5052 Avgfwfd (26a4640a8f16f8ce39b93329c83bb15a) C:\Windows\system32\DRIVERS\avgfwd6x.sys 16:46:41.0448 5052 Avgfwfd - ok 16:46:41.0593 5052 avgfws9 (0f38e92d794df187ba060939c552484f) C:\Program Files\AVG\AVG9\avgfws9.exe 16:46:41.0668 5052 avgfws9 - ok 16:46:41.0994 5052 AVGIDSAgent (abc81401a433f90414168e027aa6cc48) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe 16:46:42.0173 5052 AVGIDSAgent - ok 16:46:42.0250 5052 AVGIDSDrivervtx (1bf5706111544aefe29f64783c22d8fb) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys 16:46:42.0260 5052 AVGIDSDrivervtx - ok 16:46:42.0363 5052 AVGIDSErHrvtx (3efc8f7eae54b780d1e0730da23dad25) C:\Windows\system32\Drivers\AVGIDSvx.sys 16:46:42.0371 5052 AVGIDSErHrvtx - ok 16:46:42.0391 5052 AVGIDSFiltervtx (a19902063d7368864cc5708f4d1b1c97) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys 16:46:42.0400 5052 AVGIDSFiltervtx - ok 16:46:42.0426 5052 AVGIDSShimvtx (034df5434a092e3bb963d1febff7aabf) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys 16:46:42.0434 5052 AVGIDSShimvtx - ok 16:46:42.0477 5052 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys 16:46:42.0488 5052 AvgLdx86 - ok 16:46:42.0511 5052 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\Windows\System32\Drivers\avgmfx86.sys 16:46:42.0519 5052 AvgMfx86 - ok 16:46:42.0545 5052 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys 16:46:42.0553 5052 AvgRkx86 - ok 16:46:42.0632 5052 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\System32\Drivers\avgtdix.sys 16:46:42.0645 5052 AvgTdiX - ok 16:46:42.0669 5052 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 16:46:42.0707 5052 Beep - ok 16:46:42.0774 5052 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll 16:46:42.0825 5052 BITS - ok 16:46:42.0831 5052 blbdrive - ok 16:46:42.0850 5052 BlueletAudio (5ff9a3f3476d726ae62da82d5da94c36) C:\Windows\system32\DRIVERS\blueletaudio.sys 16:46:42.0858 5052 BlueletAudio - ok 16:46:42.0869 5052 BlueletSCOAudio (bd91afc523fd59f881e1763c38fb772f) C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys 16:46:42.0878 5052 BlueletSCOAudio - ok 16:46:42.0943 5052 BlueSoleil Hid Service (2072720f0848312c40e01c2aec8ed439) C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe 16:46:42.0953 5052 BlueSoleil Hid Service - ok 16:46:42.0980 5052 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 16:46:43.0012 5052 bowser - ok 16:46:43.0035 5052 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 16:46:43.0065 5052 BrFiltLo - ok 16:46:43.0079 5052 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 16:46:43.0111 5052 BrFiltUp - ok 16:46:43.0137 5052 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 16:46:43.0172 5052 Browser - ok 16:46:43.0192 5052 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 16:46:43.0261 5052 Brserid - ok 16:46:43.0282 5052 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 16:46:43.0326 5052 BrSerWdm - ok 16:46:43.0342 5052 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 16:46:43.0392 5052 BrUsbMdm - ok 16:46:43.0408 5052 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 16:46:43.0463 5052 BrUsbSer - ok 16:46:43.0484 5052 BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\Windows\system32\DRIVERS\btnetdrv.sys 16:46:43.0492 5052 BT - ok 16:46:43.0501 5052 BTHidEnum (ce643d0918123d76a5caab008fca9663) C:\Windows\system32\Drivers\vbtenum.sys 16:46:43.0509 5052 BTHidEnum - ok 16:46:43.0519 5052 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) C:\Windows\system32\Drivers\BTHidMgr.sys 16:46:43.0528 5052 BTHidMgr - ok 16:46:43.0540 5052 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 16:46:43.0585 5052 BTHMODEM - ok 16:46:43.0622 5052 BTUSBCARD (74d374ac76bf2bfcba47f04a9fe3089c) C:\Windows\system32\DRIVERS\BtUsbCard.sys 16:46:43.0663 5052 BTUSBCARD - ok 16:46:43.0689 5052 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 16:46:43.0715 5052 cdfs - ok 16:46:43.0733 5052 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys 16:46:43.0745 5052 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning 16:46:43.0745 5052 cdrbsdrv - detected UnsignedFile.Multi.Generic (1) 16:46:43.0761 5052 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 16:46:43.0793 5052 cdrom - ok 16:46:43.0844 5052 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 16:46:43.0876 5052 CertPropSvc - ok 16:46:43.0901 5052 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 16:46:43.0949 5052 circlass - ok 16:46:43.0978 5052 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 16:46:43.0993 5052 CLFS - ok 16:46:44.0047 5052 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:46:44.0057 5052 clr_optimization_v2.0.50727_32 - ok 16:46:44.0089 5052 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 16:46:44.0098 5052 cmdide - ok 16:46:44.0107 5052 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 16:46:44.0116 5052 Compbatt - ok 16:46:44.0121 5052 COMSysApp - ok 16:46:44.0136 5052 cpuz - ok 16:46:44.0145 5052 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 16:46:44.0154 5052 crcdisk - ok 16:46:44.0167 5052 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 16:46:44.0221 5052 Crusoe - ok 16:46:44.0260 5052 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll 16:46:44.0280 5052 CryptSvc - ok 16:46:44.0337 5052 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 16:46:44.0391 5052 DcomLaunch - ok 16:46:44.0429 5052 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 16:46:44.0448 5052 DfsC - ok 16:46:44.0575 5052 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 16:46:44.0737 5052 DFSR - ok 16:46:44.0834 5052 dgderdrv - ok 16:46:44.0865 5052 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 16:46:44.0937 5052 Dhcp - ok 16:46:44.0973 5052 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 16:46:44.0983 5052 disk - ok 16:46:45.0009 5052 Dnscache (30a08728740e71947ae1e073b5ce69b4) C:\Windows\System32\dnsrslvr.dll 16:46:45.0036 5052 Dnscache - ok 16:46:45.0060 5052 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 16:46:45.0081 5052 dot3svc - ok 16:46:45.0105 5052 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 16:46:45.0145 5052 DPS - ok 16:46:45.0155 5052 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 16:46:45.0176 5052 drmkaud - ok 16:46:45.0231 5052 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys 16:46:45.0297 5052 DXGKrnl - ok 16:46:45.0334 5052 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 16:46:45.0401 5052 E1G60 - ok 16:46:45.0430 5052 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 16:46:45.0482 5052 EapHost - ok 16:46:45.0506 5052 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 16:46:45.0518 5052 Ecache - ok 16:46:45.0575 5052 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 16:46:45.0600 5052 ehRecvr - ok 16:46:45.0625 5052 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 16:46:45.0650 5052 ehSched - ok 16:46:45.0664 5052 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 16:46:45.0701 5052 ehstart - ok 16:46:45.0733 5052 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 16:46:45.0747 5052 elxstor - ok 16:46:45.0802 5052 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 16:46:45.0863 5052 EMDMgmt - ok 16:46:45.0879 5052 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.SYS 16:46:45.0886 5052 ENTECH - ok 16:46:45.0918 5052 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys 16:46:45.0962 5052 epmntdrv ( UnsignedFile.Multi.Generic ) - warning 16:46:45.0962 5052 epmntdrv - detected UnsignedFile.Multi.Generic (1) 16:46:45.0992 5052 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys 16:46:46.0009 5052 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning 16:46:46.0009 5052 EuGdiDrv - detected UnsignedFile.Multi.Generic (1) 16:46:46.0056 5052 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 16:46:46.0101 5052 EventSystem - ok 16:46:46.0120 5052 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 16:46:46.0151 5052 exfat - ok 16:46:46.0178 5052 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 16:46:46.0199 5052 fastfat - ok 16:46:46.0222 5052 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 16:46:46.0247 5052 fdc - ok 16:46:46.0268 5052 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 16:46:46.0315 5052 fdPHost - ok 16:46:46.0341 5052 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 16:46:46.0393 5052 FDResPub - ok 16:46:46.0400 5052 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 16:46:46.0410 5052 FileInfo - ok 16:46:46.0428 5052 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 16:46:46.0463 5052 Filetrace - ok 16:46:46.0538 5052 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 16:46:46.0560 5052 FLEXnet Licensing Service - ok 16:46:46.0585 5052 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 16:46:46.0622 5052 flpydisk - ok 16:46:46.0652 5052 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 16:46:46.0665 5052 FltMgr - ok 16:46:46.0711 5052 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 16:46:46.0721 5052 FontCache3.0.0.0 - ok 16:46:46.0775 5052 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS 16:46:46.0791 5052 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning 16:46:46.0791 5052 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1) 16:46:46.0826 5052 FsUsbExService (15ab846886c225fff0376f3cef21188f) C:\Windows\system32\FsUsbExService.Exe 16:46:46.0842 5052 FsUsbExService ( UnsignedFile.Multi.Generic ) - warning 16:46:46.0842 5052 FsUsbExService - detected UnsignedFile.Multi.Generic (1) 16:46:46.0861 5052 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 16:46:46.0895 5052 Fs_Rec - ok 16:46:46.0912 5052 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 16:46:46.0921 5052 gagp30kx - ok 16:46:46.0973 5052 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 16:46:47.0003 5052 gpsvc - ok 16:46:47.0073 5052 gupdate1cad5089942df99 (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 16:46:47.0082 5052 gupdate1cad5089942df99 - ok 16:46:47.0105 5052 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 16:46:47.0115 5052 gupdatem - ok 16:46:47.0145 5052 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 16:46:47.0207 5052 HdAudAddService - ok 16:46:47.0261 5052 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 16:46:47.0308 5052 HDAudBus - ok 16:46:47.0320 5052 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 16:46:47.0376 5052 HidBth - ok 16:46:47.0402 5052 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 16:46:47.0454 5052 HidIr - ok 16:46:47.0481 5052 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll 16:46:47.0523 5052 hidserv - ok 16:46:47.0548 5052 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 16:46:47.0567 5052 HidUsb - ok 16:46:47.0593 5052 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 16:46:47.0620 5052 hkmsvc - ok 16:46:47.0632 5052 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 16:46:47.0642 5052 HpCISSs - ok 16:46:47.0676 5052 HTTP (abbc72793f1c588b1a7db0cac69a4fe8) C:\Windows\system32\drivers\HTTP.sys 16:46:47.0702 5052 HTTP - ok 16:46:47.0709 5052 hwdatacard - ok 16:46:47.0731 5052 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 16:46:47.0740 5052 i2omp - ok 16:46:47.0762 5052 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 16:46:47.0789 5052 i8042prt - ok 16:46:47.0811 5052 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 16:46:47.0823 5052 iaStorV - ok 16:46:47.0919 5052 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 16:46:47.0957 5052 idsvc - ok 16:46:47.0976 5052 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 16:46:47.0985 5052 iirsp - ok 16:46:48.0035 5052 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 16:46:48.0082 5052 IKEEXT - ok 16:46:48.0235 5052 IntcAzAudAddService (a82c70cbaec7b10e4c9c1341d729640f) C:\Windows\system32\drivers\RTKVHDA.sys 16:46:48.0306 5052 IntcAzAudAddService - ok 16:46:48.0423 5052 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 16:46:48.0432 5052 intelide - ok 16:46:48.0446 5052 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 16:46:48.0490 5052 intelppm - ok 16:46:48.0513 5052 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 16:46:48.0546 5052 IPBusEnum - ok 16:46:48.0575 5052 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:46:48.0611 5052 IpFilterDriver - ok 16:46:48.0616 5052 IpInIp - ok 16:46:48.0638 5052 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 16:46:48.0693 5052 IPMIDRV - ok 16:46:48.0706 5052 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 16:46:48.0738 5052 IPNAT - ok 16:46:48.0751 5052 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 16:46:48.0776 5052 IRENUM - ok 16:46:48.0789 5052 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 16:46:48.0799 5052 isapnp - ok 16:46:48.0834 5052 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 16:46:48.0846 5052 iScsiPrt - ok 16:46:48.0865 5052 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 16:46:48.0874 5052 iteatapi - ok 16:46:48.0889 5052 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 16:46:48.0899 5052 iteraid - ok 16:46:48.0916 5052 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\Windows\system32\drivers\jgogo.sys 16:46:48.0942 5052 JGOGO - ok 16:46:48.0955 5052 JRAID (f5bf72eabc7e160bb6624168aad52dfe) C:\Windows\system32\drivers\jraid.sys 16:46:48.0975 5052 JRAID - ok 16:46:49.0004 5052 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 16:46:49.0013 5052 kbdclass - ok 16:46:49.0056 5052 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 16:46:49.0080 5052 kbdhid - ok 16:46:49.0108 5052 KeyIso (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe 16:46:49.0135 5052 KeyIso - ok 16:46:49.0172 5052 KSecDD (ea7f1d605518486269f45bd80fa00907) C:\Windows\system32\Drivers\ksecdd.sys 16:46:49.0197 5052 KSecDD - ok 16:46:49.0252 5052 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 16:46:49.0334 5052 KtmRm - ok 16:46:49.0367 5052 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\Windows\system32\DRIVERS\L8042Kbd.sys 16:46:49.0375 5052 L8042Kbd - ok 16:46:49.0407 5052 L8042mou (8a5993705add14352c9a279fa8338334) C:\Windows\system32\DRIVERS\L8042mou.Sys 16:46:49.0416 5052 L8042mou - ok 16:46:49.0456 5052 LanmanServer (43446f197c74ef2030f84b3a4f39d570) C:\Windows\system32\srvsvc.dll 16:46:49.0487 5052 LanmanServer - ok 16:46:49.0522 5052 LanmanWorkstation (dec1a338b86c5d582c25c40836dd76c3) C:\Windows\System32\wkssvc.dll 16:46:49.0562 5052 LanmanWorkstation - ok 16:46:49.0666 5052 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe 16:46:49.0675 5052 LBTServ - ok 16:46:49.0703 5052 LHidFilt (dd83dc92463fce6324fd30a13d17d0da) C:\Windows\system32\DRIVERS\LHidFilt.Sys 16:46:49.0711 5052 LHidFilt - ok 16:46:49.0727 5052 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys 16:46:49.0735 5052 lirsgt - ok 16:46:49.0760 5052 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 16:46:49.0808 5052 lltdio - ok 16:46:49.0844 5052 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 16:46:49.0881 5052 lltdsvc - ok 16:46:49.0900 5052 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 16:46:49.0959 5052 lmhosts - ok 16:46:49.0976 5052 LMouFilt (8fe0008e183ff0293a925b78a5581c5f) C:\Windows\system32\DRIVERS\LMouFilt.Sys 16:46:49.0984 5052 LMouFilt - ok 16:46:50.0007 5052 LMouKE (9837e55673818ecd8febb47f7f77521a) C:\Windows\system32\DRIVERS\LMouKE.Sys 16:46:50.0015 5052 LMouKE - ok 16:46:50.0044 5052 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 16:46:50.0053 5052 LSI_FC - ok 16:46:50.0067 5052 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 16:46:50.0077 5052 LSI_SAS - ok 16:46:50.0091 5052 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 16:46:50.0100 5052 LSI_SCSI - ok 16:46:50.0128 5052 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 16:46:50.0162 5052 luafv - ok 16:46:50.0195 5052 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 16:46:50.0220 5052 Mcx2Svc - ok 16:46:50.0236 5052 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 16:46:50.0245 5052 megasas - ok 16:46:50.0282 5052 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 16:46:50.0318 5052 MMCSS - ok 16:46:50.0330 5052 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 16:46:50.0356 5052 Modem - ok 16:46:50.0401 5052 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 16:46:50.0438 5052 monitor - ok 16:46:50.0456 5052 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 16:46:50.0465 5052 mouclass - ok 16:46:50.0488 5052 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 16:46:50.0515 5052 mouhid - ok 16:46:50.0542 5052 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 16:46:50.0552 5052 MountMgr - ok 16:46:50.0583 5052 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 16:46:50.0593 5052 mpio - ok 16:46:50.0610 5052 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 16:46:50.0630 5052 mpsdrv - ok 16:46:50.0642 5052 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 16:46:50.0650 5052 Mraid35x - ok 16:46:50.0667 5052 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 16:46:50.0700 5052 MRxDAV - ok 16:46:50.0726 5052 mrxsmb (317eb668973951bad512ee8bebf9ed25) C:\Windows\system32\DRIVERS\mrxsmb.sys 16:46:50.0757 5052 mrxsmb - ok 16:46:50.0783 5052 mrxsmb10 (05716f0203b5c774a87384a1ff7b968f) C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:46:50.0804 5052 mrxsmb10 - ok 16:46:50.0812 5052 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:46:50.0867 5052 mrxsmb20 - ok 16:46:50.0887 5052 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 16:46:50.0895 5052 msahci - ok 16:46:50.0911 5052 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 16:46:50.0921 5052 msdsm - ok 16:46:50.0947 5052 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 16:46:50.0982 5052 MSDTC - ok 16:46:51.0004 5052 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 16:46:51.0030 5052 Msfs - ok 16:46:51.0059 5052 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 16:46:51.0068 5052 msisadrv - ok 16:46:51.0105 5052 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 16:46:51.0136 5052 MSiSCSI - ok 16:46:51.0140 5052 msiserver - ok 16:46:51.0170 5052 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 16:46:51.0195 5052 MSKSSRV - ok 16:46:51.0222 5052 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 16:46:51.0265 5052 MSPCLOCK - ok 16:46:51.0281 5052 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 16:46:51.0305 5052 MSPQM - ok 16:46:51.0339 5052 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 16:46:51.0350 5052 MsRPC - ok 16:46:51.0371 5052 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 16:46:51.0380 5052 mssmbios - ok 16:46:51.0413 5052 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 16:46:51.0459 5052 MSTEE - ok 16:46:51.0487 5052 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys 16:46:51.0521 5052 MTsensor - ok 16:46:51.0545 5052 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 16:46:51.0556 5052 Mup - ok 16:46:51.0591 5052 mysql - ok 16:46:51.0649 5052 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 16:46:51.0700 5052 napagent - ok 16:46:51.0721 5052 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 16:46:51.0742 5052 NativeWifiP - ok 16:46:51.0789 5052 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 16:46:51.0810 5052 NDIS - ok 16:46:51.0837 5052 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 16:46:51.0866 5052 NdisTapi - ok 16:46:51.0877 5052 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 16:46:51.0912 5052 Ndisuio - ok 16:46:51.0931 5052 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 16:46:51.0950 5052 NdisWan - ok 16:46:51.0956 5052 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 16:46:51.0975 5052 NDProxy - ok 16:46:51.0986 5052 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 16:46:52.0023 5052 NetBIOS - ok 16:46:52.0061 5052 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 16:46:52.0082 5052 netbt - ok 16:46:52.0095 5052 Netlogon (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe 16:46:52.0115 5052 Netlogon - ok 16:46:52.0155 5052 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 16:46:52.0200 5052 Netman - ok 16:46:52.0226 5052 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 16:46:52.0263 5052 netprofm - ok 16:46:52.0313 5052 netr28u (a366af513873b3dc7380ac29f1b43ad1) C:\Windows\system32\DRIVERS\netr28u.sys 16:46:52.0360 5052 netr28u ( UnsignedFile.Multi.Generic ) - warning 16:46:52.0360 5052 netr28u - detected UnsignedFile.Multi.Generic (1) 16:46:52.0409 5052 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:46:52.0420 5052 NetTcpPortSharing - ok 16:46:52.0455 5052 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 16:46:52.0464 5052 nfrd960 - ok 16:46:52.0717 5052 NIHardwareService (f035afd5c9f4ec4a7f9b503d3b5c609e) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe 16:46:52.0882 5052 NIHardwareService ( UnsignedFile.Multi.Generic ) - warning 16:46:52.0882 5052 NIHardwareService - detected UnsignedFile.Multi.Generic (1) 16:46:52.0988 5052 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 16:46:53.0040 5052 NlaSvc - ok 16:46:53.0082 5052 NMIndexingService - ok 16:46:53.0106 5052 NmPar - ok 16:46:53.0110 5052 nmserial - ok 16:46:53.0139 5052 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 16:46:53.0178 5052 Npfs - ok 16:46:53.0200 5052 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 16:46:53.0237 5052 nsi - ok 16:46:53.0251 5052 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 16:46:53.0289 5052 nsiproxy - ok 16:46:53.0374 5052 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 16:46:53.0425 5052 Ntfs - ok 16:46:53.0466 5052 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 16:46:53.0520 5052 ntrigdigi - ok 16:46:53.0524 5052 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 16:46:53.0550 5052 Null - ok 16:46:54.0053 5052 nvlddmkm (2088f34df31243c79df3e9f6f774a512) C:\Windows\system32\DRIVERS\nvlddmkm.sys 16:46:54.0332 5052 nvlddmkm - ok 16:46:54.0480 5052 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 16:46:54.0489 5052 nvraid - ok 16:46:54.0508 5052 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 16:46:54.0516 5052 nvstor - ok 16:46:54.0537 5052 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 16:46:54.0547 5052 nv_agp - ok 16:46:54.0551 5052 NwlnkFlt - ok 16:46:54.0556 5052 NwlnkFwd - ok 16:46:54.0586 5052 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 16:46:54.0631 5052 ohci1394 - ok 16:46:54.0680 5052 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:46:54.0689 5052 ose - ok 16:46:54.0739 5052 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 16:46:54.0792 5052 p2pimsvc - ok 16:46:54.0799 5052 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 16:46:54.0826 5052 p2psvc - ok 16:46:54.0875 5052 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys 16:46:54.0913 5052 Parport - ok 16:46:54.0941 5052 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 16:46:54.0951 5052 partmgr - ok 16:46:54.0959 5052 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys 16:46:54.0994 5052 Parvdm - ok 16:46:55.0030 5052 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 16:46:55.0067 5052 PcaSvc - ok 16:46:55.0098 5052 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys 16:46:55.0115 5052 pccsmcfd - ok 16:46:55.0141 5052 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 16:46:55.0153 5052 pci - ok 16:46:55.0168 5052 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 16:46:55.0177 5052 pciide - ok 16:46:55.0202 5052 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 16:46:55.0212 5052 pcmcia - ok 16:46:55.0240 5052 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys 16:46:55.0255 5052 pcouffin - ok 16:46:55.0315 5052 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 16:46:55.0390 5052 PEAUTH - ok 16:46:55.0493 5052 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 16:46:55.0579 5052 pla - ok 16:46:55.0683 5052 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 16:46:55.0706 5052 PlugPlay - ok 16:46:55.0838 5052 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 16:46:55.0876 5052 PNRPAutoReg - ok 16:46:55.0884 5052 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 16:46:55.0909 5052 PNRPsvc - ok 16:46:55.0957 5052 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 16:46:56.0000 5052 PolicyAgent - ok 16:46:56.0044 5052 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 16:46:56.0075 5052 PptpMiniport - ok 16:46:56.0101 5052 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys 16:46:56.0127 5052 Processor - ok 16:46:56.0161 5052 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 16:46:56.0194 5052 ProfSvc - ok 16:46:56.0219 5052 ProtectedStorage (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe 16:46:56.0239 5052 ProtectedStorage - ok 16:46:56.0269 5052 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 16:46:56.0289 5052 PSched - ok 16:46:56.0390 5052 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 16:46:56.0430 5052 ql2300 - ok 16:46:56.0447 5052 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 16:46:56.0457 5052 ql40xx - ok 16:46:56.0491 5052 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 16:46:56.0508 5052 QWAVE - ok 16:46:56.0528 5052 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 16:46:56.0550 5052 QWAVEdrv - ok 16:46:56.0592 5052 RalinkRegistryWriter (432f5b15e21a54b48072593f03570326) C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe 16:46:56.0609 5052 RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - warning 16:46:56.0609 5052 RalinkRegistryWriter - detected UnsignedFile.Multi.Generic (1) 16:46:56.0623 5052 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 16:46:56.0648 5052 RasAcd - ok 16:46:56.0666 5052 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 16:46:56.0694 5052 RasAuto - ok 16:46:56.0715 5052 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 16:46:56.0751 5052 Rasl2tp - ok 16:46:56.0794 5052 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 16:46:56.0828 5052 RasMan - ok 16:46:56.0850 5052 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 16:46:56.0879 5052 RasPppoe - ok 16:46:56.0894 5052 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 16:46:56.0918 5052 RasSstp - ok 16:46:56.0959 5052 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 16:46:56.0982 5052 rdbss - ok 16:46:57.0008 5052 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 16:46:57.0034 5052 RDPCDD - ok 16:46:57.0068 5052 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 16:46:57.0122 5052 rdpdr - ok 16:46:57.0138 5052 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 16:46:57.0163 5052 RDPENCDD - ok 16:46:57.0189 5052 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 16:46:57.0211 5052 RDPWD - ok 16:46:57.0251 5052 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 16:46:57.0276 5052 RemoteAccess - ok 16:46:57.0290 5052 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 16:46:57.0325 5052 RemoteRegistry - ok 16:46:57.0371 5052 RL_DJIFIE2_MIDI (10490e0f1c2351ab1299dc6ff5810087) C:\Windows\system32\drivers\rldjif2m.sys 16:46:57.0397 5052 RL_DJIFIE2_MIDI ( UnsignedFile.Multi.Generic ) - warning 16:46:57.0397 5052 RL_DJIFIE2_MIDI - detected UnsignedFile.Multi.Generic (1) 16:46:57.0447 5052 RL_DJIFIE2_USB (9fb0ce7f7fed0dfedc387a05da8c0fa9) C:\Windows\system32\Drivers\rldjif2u.sys 16:46:57.0474 5052 RL_DJIFIE2_USB ( UnsignedFile.Multi.Generic ) - warning 16:46:57.0474 5052 RL_DJIFIE2_USB - detected UnsignedFile.Multi.Generic (1) 16:46:57.0522 5052 RL_DJIFIE2_WDM (ce77b94b7dfcf79ea45f8dfff44b2612) C:\Windows\system32\drivers\rldjif2a.sys 16:46:57.0527 5052 RL_DJIFIE2_WDM ( UnsignedFile.Multi.Generic ) - warning 16:46:57.0527 5052 RL_DJIFIE2_WDM - detected UnsignedFile.Multi.Generic (1) 16:46:57.0546 5052 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys 16:46:57.0583 5052 ROOTMODEM - ok 16:46:57.0618 5052 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 16:46:57.0661 5052 RpcLocator - ok 16:46:57.0713 5052 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 16:46:57.0743 5052 RpcSs - ok 16:46:57.0747 5052 RSC4_A02 - ok 16:46:57.0764 5052 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 16:46:57.0802 5052 rspndr - ok 16:46:57.0830 5052 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys 16:46:57.0861 5052 RTL8169 - ok 16:46:57.0875 5052 SamSs (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe 16:46:57.0895 5052 SamSs - ok 16:46:57.0925 5052 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 16:46:57.0936 5052 sbp2port - ok 16:46:57.0972 5052 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 16:46:57.0995 5052 SCardSvr - ok 16:46:58.0048 5052 Schedule (323ae0bdfd2eb15b668dda50cc597329) C:\Windows\system32\schedsvc.dll 16:46:58.0081 5052 Schedule - ok 16:46:58.0110 5052 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 16:46:58.0129 5052 SCPolicySvc - ok 16:46:58.0163 5052 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 16:46:58.0205 5052 SDRSVC - ok 16:46:58.0221 5052 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 16:46:58.0265 5052 secdrv - ok 16:46:58.0279 5052 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 16:46:58.0315 5052 seclogon - ok 16:46:58.0348 5052 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll 16:46:58.0386 5052 SENS - ok 16:46:58.0419 5052 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 16:46:58.0456 5052 Serenum - ok 16:46:58.0474 5052 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 16:46:58.0514 5052 Serial - ok 16:46:58.0540 5052 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 16:46:58.0566 5052 sermouse - ok 16:46:58.0593 5052 ServiceLayer - ok 16:46:58.0614 5052 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 16:46:58.0652 5052 SessionEnv - ok 16:46:58.0684 5052 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 16:46:58.0734 5052 sffdisk - ok 16:46:58.0750 5052 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 16:46:58.0793 5052 sffp_mmc - ok 16:46:58.0807 5052 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 16:46:58.0860 5052 sffp_sd - ok 16:46:58.0873 5052 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 16:46:58.0933 5052 sfloppy - ok 16:46:58.0973 5052 ShellHWDetection (c818c44c201898399bf999bb6b35d4e3) C:\Windows\System32\shsvcs.dll 16:46:59.0007 5052 ShellHWDetection - ok 16:46:59.0037 5052 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 16:46:59.0047 5052 sisagp - ok 16:46:59.0065 5052 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 16:46:59.0073 5052 SiSRaid2 - ok 16:46:59.0092 5052 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 16:46:59.0101 5052 SiSRaid4 - ok 16:46:59.0299 5052 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 16:46:59.0420 5052 slsvc - ok 16:46:59.0529 5052 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 16:46:59.0549 5052 SLUINotify - ok 16:46:59.0576 5052 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 16:46:59.0596 5052 Smb - ok 16:46:59.0615 5052 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 16:46:59.0628 5052 SNMPTRAP - ok 16:46:59.0647 5052 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 16:46:59.0656 5052 spldr - ok 16:46:59.0685 5052 Spooler (524bfbea40e6e404737ccbc754647a2e) C:\Windows\System32\spoolsv.exe 16:46:59.0726 5052 Spooler - ok 16:46:59.0784 5052 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\Windows\system32\Drivers\sptd.sys 16:46:59.0785 5052 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593 16:46:59.0787 5052 sptd ( LockedFile.Multi.Generic ) - warning 16:46:59.0787 5052 sptd - detected LockedFile.Multi.Generic (1) 16:46:59.0822 5052 srv (baa6018a27857b5ff0c03ce756b4a7a2) C:\Windows\system32\DRIVERS\srv.sys 16:46:59.0853 5052 srv - ok 16:46:59.0864 5052 srv2 (d69b44e3b000c2ff583f10c65489b4fb) C:\Windows\system32\DRIVERS\srv2.sys 16:46:59.0884 5052 srv2 - ok 16:46:59.0912 5052 srvnet (2d10de9022822772adaa120b15a9bd03) C:\Windows\system32\DRIVERS\srvnet.sys 16:46:59.0951 5052 srvnet - ok 16:46:59.0982 5052 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 16:47:00.0010 5052 SSDPSRV - ok 16:47:00.0045 5052 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys 16:47:00.0052 5052 ssmdrv - ok 16:47:00.0073 5052 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 16:47:00.0098 5052 SstpSvc - ok 16:47:00.0185 5052 Start BT in service (329ebfce6ba46c29ea1b8624e7823cad) C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe 16:47:00.0193 5052 Start BT in service - ok 16:47:00.0234 5052 Steam Client Service - ok 16:47:00.0358 5052 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 16:47:00.0394 5052 stisvc - ok 16:47:00.0425 5052 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 16:47:00.0436 5052 swenum - ok 16:47:00.0500 5052 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 16:47:00.0543 5052 swprv - ok 16:47:00.0585 5052 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 16:47:00.0595 5052 Symc8xx - ok 16:47:00.0609 5052 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 16:47:00.0618 5052 Sym_hi - ok 16:47:00.0632 5052 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 16:47:00.0641 5052 Sym_u3 - ok 16:47:00.0678 5052 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 16:47:00.0726 5052 SysMain - ok 16:47:00.0746 5052 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 16:47:00.0779 5052 TabletInputService - ok 16:47:00.0840 5052 tap0901 (11d34fc869f5bda29949fe3858380894) C:\Windows\system32\DRIVERS\tap0901.sys 16:47:00.0861 5052 tap0901 - ok 16:47:00.0894 5052 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 16:47:00.0920 5052 TapiSrv - ok 16:47:00.0948 5052 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 16:47:00.0975 5052 TBS - ok 16:47:01.0036 5052 Tcpip (0e6b0885c3d5e4643ed2d043de3433d8) C:\Windows\system32\drivers\tcpip.sys 16:47:01.0066 5052 Tcpip - ok 16:47:01.0089 5052 Tcpip6 (0e6b0885c3d5e4643ed2d043de3433d8) C:\Windows\system32\DRIVERS\tcpip.sys 16:47:01.0150 5052 Tcpip6 - ok 16:47:01.0165 5052 tcpipreg (b085a1c98f96ba7882a27b001becf5ac) C:\Windows\system32\drivers\tcpipreg.sys 16:47:01.0193 5052 tcpipreg - ok 16:47:01.0214 5052 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 16:47:01.0243 5052 TDPIPE - ok 16:47:01.0258 5052 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 16:47:01.0282 5052 TDTCP - ok 16:47:01.0304 5052 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 16:47:01.0331 5052 tdx - ok 16:47:01.0526 5052 TeamViewer6 (b357451a6958e2b7b506fb1d08271be6) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe 16:47:01.0604 5052 TeamViewer6 - ok 16:47:01.0722 5052 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 16:47:01.0732 5052 TermDD - ok 16:47:01.0793 5052 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 16:47:01.0819 5052 TermService - ok 16:47:01.0852 5052 Themes (c818c44c201898399bf999bb6b35d4e3) C:\Windows\system32\shsvcs.dll 16:47:01.0876 5052 Themes - ok 16:47:01.0900 5052 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 16:47:01.0929 5052 THREADORDER - ok 16:47:01.0958 5052 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 16:47:01.0986 5052 TrkWks - ok 16:47:02.0049 5052 truecrypt (8eede0f49f09d710d8b7b499dd6ee57e) C:\Windows\system32\drivers\tsk6ADA.tmp 16:47:02.0050 5052 Suspicious file (NoAccess): C:\Windows\system32\drivers\tsk6ADA.tmp. md5: 8eede0f49f09d710d8b7b499dd6ee57e 16:47:02.0105 5052 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 16:47:02.0137 5052 TrustedInstaller - ok 16:47:02.0171 5052 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 16:47:02.0206 5052 tssecsrv - ok 16:47:02.0228 5052 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 16:47:02.0258 5052 tunmp - ok 16:47:02.0283 5052 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys 16:47:02.0301 5052 tunnel - ok 16:47:02.0341 5052 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 16:47:02.0350 5052 uagp35 - ok 16:47:02.0389 5052 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 16:47:02.0431 5052 udfs - ok 16:47:02.0454 5052 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 16:47:02.0481 5052 UI0Detect - ok 16:47:02.0501 5052 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 16:47:02.0511 5052 uliagpkx - ok 16:47:02.0535 5052 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 16:47:02.0547 5052 uliahci - ok 16:47:02.0572 5052 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 16:47:02.0583 5052 UlSata - ok 16:47:02.0600 5052 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 16:47:02.0610 5052 ulsata2 - ok 16:47:02.0635 5052 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 16:47:02.0669 5052 umbus - ok 16:47:02.0690 5052 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys 16:47:02.0714 5052 UMPass - ok 16:47:02.0751 5052 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 16:47:02.0781 5052 upnphost - ok 16:47:02.0812 5052 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 16:47:02.0844 5052 usbaudio - ok 16:47:02.0871 5052 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 16:47:02.0906 5052 usbccgp - ok 16:47:02.0946 5052 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 16:47:02.0990 5052 usbcir - ok 16:47:03.0051 5052 UsbCS (e39e0ea041dc6c33c5f206ad8f7b069b) C:\Program Files\3DSP\BluetoothWLAN_usb\Utilities\usbcs.exe 16:47:03.0058 5052 UsbCS ( UnsignedFile.Multi.Generic ) - warning 16:47:03.0058 5052 UsbCS - detected UnsignedFile.Multi.Generic (1) 16:47:03.0082 5052 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 16:47:03.0107 5052 usbehci - ok 16:47:03.0139 5052 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 16:47:03.0160 5052 usbhub - ok 16:47:03.0173 5052 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 16:47:03.0196 5052 usbohci - ok 16:47:03.0220 5052 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 16:47:03.0253 5052 usbprint - ok 16:47:03.0276 5052 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 16:47:03.0305 5052 usbscan - ok 16:47:03.0335 5052 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:47:03.0380 5052 USBSTOR - ok 16:47:03.0399 5052 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 16:47:03.0448 5052 usbuhci - ok 16:47:03.0488 5052 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys 16:47:03.0516 5052 usb_rndisx - ok 16:47:03.0554 5052 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 16:47:03.0590 5052 UxSms - ok 16:47:03.0624 5052 VComm (51750b0539986186c6931fc40d171521) C:\Windows\system32\DRIVERS\VComm.sys 16:47:03.0631 5052 VComm - ok 16:47:03.0663 5052 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) C:\Windows\system32\Drivers\VcommMgr.sys 16:47:03.0672 5052 VcommMgr - ok 16:47:03.0770 5052 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 16:47:03.0823 5052 vds - ok 16:47:03.0869 5052 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 16:47:03.0914 5052 vga - ok 16:47:03.0942 5052 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 16:47:03.0980 5052 VgaSave - ok 16:47:04.0025 5052 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 16:47:04.0038 5052 viaagp - ok 16:47:04.0122 5052 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 16:47:04.0170 5052 ViaC7 - ok 16:47:04.0209 5052 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 16:47:04.0220 5052 viaide - ok 16:47:04.0270 5052 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 16:47:04.0283 5052 volmgr - ok 16:47:04.0333 5052 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 16:47:04.0369 5052 volmgrx - ok 16:47:04.0445 5052 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 16:47:04.0458 5052 volsnap - ok 16:47:04.0672 5052 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 16:47:04.0682 5052 vsmraid - ok 16:47:04.0848 5052 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 16:47:04.0957 5052 VSS - ok 16:47:05.0010 5052 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 16:47:05.0062 5052 W32Time - ok 16:47:05.0103 5052 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 16:47:05.0154 5052 WacomPen - ok 16:47:05.0181 5052 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 16:47:05.0204 5052 Wanarp - ok 16:47:05.0208 5052 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 16:47:05.0228 5052 Wanarpv6 - ok 16:47:05.0274 5052 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 16:47:05.0313 5052 wcncsvc - ok 16:47:05.0343 5052 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 16:47:05.0375 5052 WcsPlugInService - ok 16:47:05.0395 5052 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 16:47:05.0405 5052 Wd - ok 16:47:05.0474 5052 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 16:47:05.0511 5052 Wdf01000 - ok 16:47:05.0569 5052 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 16:47:05.0597 5052 WdiServiceHost - ok 16:47:05.0601 5052 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 16:47:05.0628 5052 WdiSystemHost - ok 16:47:05.0723 5052 Web Assistant Updater (cc86d2867eb393f1360beb6e7e1bf9dc) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe 16:47:05.0732 5052 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - warning 16:47:05.0732 5052 Web Assistant Updater - detected UnsignedFile.Multi.Generic (1) 16:47:05.0767 5052 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 16:47:05.0801 5052 WebClient - ok 16:47:05.0826 5052 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll 16:47:05.0874 5052 Wecsvc - ok 16:47:05.0898 5052 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 16:47:05.0922 5052 wercplsupport - ok 16:47:05.0963 5052 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 16:47:05.0994 5052 WerSvc - ok 16:47:06.0000 5052 WinHttpAutoProxySvc - ok 16:47:06.0056 5052 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 16:47:06.0085 5052 Winmgmt - ok 16:47:06.0135 5052 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll 16:47:06.0234 5052 WinRM - ok 16:47:06.0294 5052 WLAN3DSPUSBXP (44946243f58264564dd1192ccef1c02f) C:\Windows\system32\DRIVERS\wlusb51.sys 16:47:06.0345 5052 WLAN3DSPUSBXP - ok 16:47:06.0384 5052 Wlansvc (766fdcf7e9aed0d0bef8a36c27d0ef91) C:\Windows\System32\wlansvc.dll 16:47:06.0443 5052 Wlansvc - ok 16:47:06.0472 5052 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 16:47:06.0531 5052 WmiAcpi - ok 16:47:06.0593 5052 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 16:47:06.0632 5052 wmiApSrv - ok 16:47:06.0777 5052 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 16:47:06.0851 5052 WMPNetworkSvc - ok 16:47:06.0870 5052 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 16:47:06.0918 5052 WPCSvc - ok 16:47:06.0949 5052 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll 16:47:06.0997 5052 WPDBusEnum - ok 16:47:07.0037 5052 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys 16:47:07.0064 5052 WpdUsb - ok 16:47:07.0073 5052 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 16:47:07.0100 5052 ws2ifsl - ok 16:47:07.0105 5052 WSearch - ok 16:47:07.0233 5052 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll 16:47:07.0334 5052 wuauserv - ok 16:47:07.0469 5052 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 16:47:07.0499 5052 WUDFRd - ok 16:47:07.0525 5052 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 16:47:07.0563 5052 wudfsvc - ok 16:47:07.0587 5052 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 16:47:07.0877 5052 \Device\Harddisk0\DR0 - ok 16:47:07.0879 5052 Boot (0x1200) (83ff9000a10597bdd7f9ce2ac5f1f3bf) \Device\Harddisk0\DR0\Partition0 16:47:07.0881 5052 \Device\Harddisk0\DR0\Partition0 - ok 16:47:07.0902 5052 Boot (0x1200) (9a94f607f1b310fd8aaa6c3a09a2491c) \Device\Harddisk0\DR0\Partition1 16:47:07.0904 5052 \Device\Harddisk0\DR0\Partition1 - ok 16:47:07.0921 5052 Boot (0x1200) (e106786ccaf38cbd84e57a2987d96001) \Device\Harddisk0\DR0\Partition2 16:47:07.0923 5052 \Device\Harddisk0\DR0\Partition2 - ok 16:47:07.0934 5052 Boot (0x1200) (41517ae1ac866765b68d47a89268a60e) \Device\Harddisk0\DR0\Partition3 16:47:07.0936 5052 \Device\Harddisk0\DR0\Partition3 - ok 16:47:07.0937 5052 ============================================================ 16:47:07.0937 5052 Scan finished 16:47:07.0937 5052 ============================================================ 16:47:07.0942 7588 Detected object count: 16 16:47:07.0942 7588 Actual detected object count: 16 16:47:24.0752 7588 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user 16:47:24.0753 7588 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:47:24.0753 7588 ATITool ( UnsignedFile.Multi.Generic ) - skipped by user 16:47:24.0753 7588 ATITool ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:47:24.0753 7588 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user 16:47:24.0753 7588 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:47:24.0754 7588 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user 16:47:24.0754 7588 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:47:24.0754 7588 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user 16:47:24.0754 7588 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:47:24.0755 7588 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user 16:47:24.0755 7588 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:47:24.0755 7588 FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user 16:47:24.0755 7588 FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:47:24.0756 7588 netr28u ( UnsignedFile.Multi.Generic ) - skipped by user 16:47:24.0756 7588 netr28u ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:47:24.0756 7588 NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user 16:47:24.0756 7588 NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:47:24.0757 7588 RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - skipped by user 16:47:24.0757 7588 RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:47:24.0757 7588 RL_DJIFIE2_MIDI ( UnsignedFile.Multi.Generic ) - skipped by user 16:47:24.0757 7588 RL_DJIFIE2_MIDI ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:47:24.0758 7588 RL_DJIFIE2_USB ( UnsignedFile.Multi.Generic ) - skipped by user 16:47:24.0758 7588 RL_DJIFIE2_USB ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:47:24.0758 7588 RL_DJIFIE2_WDM ( UnsignedFile.Multi.Generic ) - skipped by user 16:47:24.0758 7588 RL_DJIFIE2_WDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:47:24.0759 7588 sptd ( LockedFile.Multi.Generic ) - skipped by user 16:47:24.0759 7588 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 16:47:24.0759 7588 UsbCS ( UnsignedFile.Multi.Generic ) - skipped by user 16:47:24.0759 7588 UsbCS ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:47:24.0760 7588 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - skipped by user 16:47:24.0760 7588 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
25.07.2012, 17:39
| #6 | |
| /// Malware-holic | Google Links führen zu dubiosen Seiten...Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Google Links führen zu dubiosen Seiten... |
|
25.07.2012, 22:35
| #7 |
| | Google Links führen zu dubiosen Seiten... Sooo, was ein akt...also combofix ausgeführt und hat jetzt auch alles gepasst. Aber dafür musste ich erstmal AVG komplett deinstallieren, danach ging es dann. Hab jetzt die chance gleich genutzt und umgerüstet auf bit defender, hatte irgendwie kein bock mehr auf den AVG rotz. Also combofix hat folgendes ausgespuckt... Combofix Logfile: Code:
ATTFilter ComboFix 12-07-26.03 - qwame 25.07.2012 22:32:22.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3326.2222 [GMT 2:00]
ausgeführt von:: c:\users\qwame\Desktop\ComboFix.exe
AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Web Assistant\ExTEnsion32.dll
c:\users\qwame\AppData\Roaming\Desktopicon
c:\users\qwame\AppData\Roaming\inst.exe
c:\users\qwame\AppData\Roaming\mIRC\logs\status.log
c:\users\qwame\AppData\Roaming\PnkBstrB.exe
c:\users\qwame\AppData\Roaming\vso_ts_preview.xml
c:\windows\$NtUninstallKB30910$
c:\windows\$NtUninstallKB30910$\3902443556\L\00000004.@
c:\windows\$NtUninstallKB30910$\3902443556\L\201d3dde
c:\windows\$NtUninstallKB30910$\3902443556\L\qnbwvoto
c:\windows\iun6002.exe
c:\windows\system32\drivers\~GLH0014.TMP
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\muzapp.exe
c:\windows\system32\system
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-25 bis 2012-07-25 ))))))))))))))))))))))))))))))
.
.
2012-07-25 20:13 . 2012-07-25 20:13 -------- d-----w- C:\AVGTemp
2012-07-22 14:46 . 2012-07-22 14:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-09 22:51 . 2012-07-09 22:51 -------- d-----w- c:\program files\Common Files\Java
2012-07-09 22:50 . 2012-07-09 22:50 -------- d-----w- c:\program files\Oracle
2012-07-09 22:49 . 2012-05-04 17:29 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-09 22:49 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-09 22:12 . 2012-07-09 22:12 -------- d-----w- c:\program files\CCleaner
2012-07-09 19:30 . 2012-07-09 19:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-09 13:58 . 2012-07-09 13:58 -------- dc-h--w- c:\programdata\{4E1B117F-A681-406A-88B5-AF868CF9CB04}
2012-07-09 13:57 . 2012-07-09 13:57 -------- d-----w- c:\programdata\Native Instruments
2012-07-09 13:57 . 2012-07-09 13:57 -------- dc-h--w- c:\programdata\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}
2012-07-09 13:57 . 2012-07-09 13:57 -------- dc-h--w- c:\programdata\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2012-07-09 13:56 . 2012-07-09 13:57 -------- d-----w- c:\program files\Native Instruments
2012-07-09 11:58 . 2012-07-09 11:58 -------- d-----w- c:\program files\YourFileDownloader
2012-07-09 11:58 . 2012-07-09 11:58 -------- d-----w- c:\users\qwame\AppData\Roaming\YourFileDownloader
2012-06-28 08:01 . 2012-07-09 13:57 -------- d-----w- c:\program files\Common Files\Native Instruments
2012-06-28 07:43 . 2012-06-28 07:43 -------- d-----w- c:\windows\usb-audio.deRLDJIF2
2012-06-28 07:33 . 2009-04-16 17:04 371200 ----a-w- c:\windows\system32\drivers\rldjif2u.sys
2012-06-28 07:33 . 2009-04-16 17:04 33792 ----a-w- c:\windows\system32\drivers\rldjif2a.sys
2012-06-28 07:33 . 2009-04-16 16:08 25088 ----a-w- c:\windows\system32\drivers\rldjif2m.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-23 08:03 . 2008-03-06 16:48 226496 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-07-09 19:30 . 2011-08-10 17:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-11 09:14 . 2012-06-11 20:27 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-09-29 07:09 . 2011-10-10 20:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-17 4718592]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-11 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-11 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-11 81920]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAVABXADMAVwAtAFkAUQBMAFEAMwAtAEsAVQBLADgAQQAtAFIANwBUAE4AWgAtAE8ARQBNAEIAUgA&inst=NwA2AC0ANQAxADAAMAAzADMAOQA5ADYALQBYAE8AMwA2ACsAMQAtAEQAMwA4ADEATAArADUALQBOADEARAArADEALQBQAEwAKwA5AC0ARABEAFQAKwA1ADIANQA2ADkALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0ARgBVAEkAKwAyAA&prod=54&ver=9.0.894" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-17 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader - Schnellstart.lnk
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^qwame^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\qwame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^qwame^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]
path=c:\users\qwame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
backup=c:\windows\pss\Logitech . Produktregistrierung.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-01-19 07:37 1150976 ----a-r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2009-01-09 14:53 114688 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveZilla]
2011-02-18 09:08 7029760 ----a-w- c:\program files\LiveZilla\LiveZilla.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2010-12-14 15:44 216456 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-09-26 07:49 17353352 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBMaLoader.exe]
2008-06-23 18:03 20480 ----a-w- c:\program files\3DSP\BluetoothWLAN_usb\Utilities\USBMaLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-06-29 04:00 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-18 22:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2530334165-4292757262-1757508037-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 3DSP Corporation Monitor Service;3DSP Corporation Monitor Service;c:\program files\3DSP\BluetoothWLAN_usb\Utilities\USBMS.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 20:15]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 20:15]
.
2008-03-24 c:\windows\Tasks\User_Feed_Synchronization-{A4E4152E-7C73-41F1-BA92-FE629AA28ECD}.job
- c:\windows\system32\msfeedssync.exe [2008-12-13 22:33]
.
2010-12-09 c:\windows\Tasks\{E85BDB8D-2DCF-4874-A427-BF2C89D96DCA}.job
- c:\program files\Skype\Phone\Skype.exe [2011-09-26 07:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\qwame\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\qwame\AppData\Roaming\Mozilla\Firefox\Profiles\tipo7uhn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb161/?loc=IB_DS&a=6PQzDIbeLp&&i=26&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQzDIbeLp&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - a0563f90000000000000001583170670
FF - user.js: extensions.incredibar_i.instlDay - 15497
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:50
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQzDIbeLp
FF - user.js: extensions.incredibar_i.upn2n - 92543013012196859
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-IBP - (no file)
HKLM-Run-NWEReboot - (no file)
SafeBoot-17193545.sys
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol 120\axcmd.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite1\daemon.exe
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6.5\ICQ.exe
MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\/\KiesTrayAgent.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE
MSConfigStartUp-RouterControl - c:\progra~1\ROUTER~1\ROUTERCONTROL.EXE
MSConfigStartUp-Steam - f:\spiele\Steam\Steam.exe
AddRemove-Combined Community Codec Pack_is1 - c:\program files\Combined Community Codec Pack\unins000.exe
AddRemove-Steam - f:\spiele\Steam\UNWISE.EXE
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{87f97f90-b4b1-42c0-a43d-7b290fbea402}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d020054
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ccc1606e-d428-4139-8a93-62ba8f1e7c2e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001e8c
"Dhcpv6State"=dword:00000000
"NameServer"=""
"Domain"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3336)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
c:\program files\Stardock\Object Desktop\DeskScapes\deskscape.dll
c:\program files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
c:\program files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Spybot - Search & Destroy\SDHelper.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\windows\system32\FsUsbExService.Exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
c:\program files\RALINK\Common\RalinkRegistryWriter.exe
c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
c:\program files\TeamViewer\Version6\TeamViewer_Service.exe
c:\program files\Web Assistant\ExtensionUpdaterService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\YourFileDownloader\YourFileUpdater.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-25 22:47:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-25 20:47
.
Vor Suchlauf: 17 Verzeichnis(se), 47.366.115.328 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 47.294.763.008 Bytes frei
.
- - End Of File - - 6E714EC6DD0F9A404A91AB4484A964A8
|
|
26.07.2012, 18:01
| #8 |
| /// Malware-holic | Google Links führen zu dubiosen Seiten... hast du irgendwas in die tdss killer quarantäne kopiert?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.08.2012, 10:35
| #9 |
| | Google Links führen zu dubiosen Seiten... Hmm nicht das ich wüsste, also kam zumindest keine meldung soweit ich mich erinnern kann. Irgendwie ist das symptom mit dem falsch verlinken bei google links auch weg seit ich combofix ausgeführt hab...und auch sonst ist mein rechner wieder ein ganzes stück schneller geworden....vorher hat er für alles übelst lange gebraucht und auch wenn ich garnichts gemacht habe hat er gerattert ohne ende.  |
|
| Themen zu Google Links führen zu dubiosen Seiten... |
| angeblich, avg, beseitigung, google, google links, heute, interne, internet, klicke, komische, leute, link, links, problem, quarantäne, scheiss, security, seite, seiten, sp2, thema, tools, verhindert, vista, win |
Linear-Darstellung
