| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.06.2012, 17:42
| #16 |
 |  GVU Trojaner Hallo Arne, der OTL-log lautet wie folgt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.06.2012 18:21:43 - Run 1 OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Frank\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,90 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 54,11% Memory free 6,04 Gb Paging File | 4,84 Gb Available in Paging File | 80,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,42 Gb Total Space | 45,33 Gb Free Space | 20,38% Space Free | Partition Type: NTFS Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS Computer Name: FRANK-LAPTOP | User Name: Frank | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.06 18:19:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe PRC - [2012.05.25 15:21:44 | 000,992,648 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2012.04.09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2009.11.13 13:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2009.02.28 17:05:05 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.20 10:39:12 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2009.01.20 10:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe PRC - [2009.01.20 10:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe PRC - [2008.12.23 17:18:20 | 000,365,952 | ---- | M] () -- C:\Programme\SMINST\BLService.exe PRC - [2005.04.20 09:57:18 | 000,847,872 | ---- | M] (Time Information Services Ltd.) -- C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe PRC - [2005.03.31 09:30:52 | 001,106,944 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe PRC - [2005.03.22 12:29:14 | 000,468,992 | ---- | M] (Nokia Corporation) -- C:\Programme\Common Files\Nokia\MPAPI\MPAPI3s.exe PRC - [2005.03.22 12:27:16 | 000,097,792 | ---- | M] (Nokia.) -- C:\Programme\Common Files\PCSuite\Services\ServiceLayer.exe PRC - [2005.03.22 09:39:34 | 000,167,936 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe ========== Modules (No Company Name) ========== MOD - [2011.06.16 16:22:42 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll MOD - [2011.06.16 16:21:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2011.06.16 16:21:05 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll MOD - [2011.06.16 16:21:05 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll MOD - [2011.06.16 16:21:05 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.Wrapper.dll MOD - [2011.06.16 16:20:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll MOD - [2011.06.16 15:40:27 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011.06.16 15:40:09 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011.06.16 15:40:00 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011.06.16 15:39:45 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll MOD - [2011.06.16 15:39:34 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll MOD - [2011.06.16 15:39:33 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll MOD - [2011.06.16 15:39:10 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll MOD - [2011.06.16 15:38:55 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll MOD - [2011.06.16 15:38:42 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011.06.16 15:37:37 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2010.09.22 21:12:20 | 000,016,832 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll MOD - [2008.11.18 12:03:14 | 000,032,768 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll MOD - [2008.11.18 11:57:08 | 000,007,168 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2008.11.18 11:57:06 | 000,057,344 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2008.11.18 11:56:58 | 000,118,784 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\ECLibrary.dll MOD - [2008.11.18 11:56:56 | 000,010,240 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2008.11.18 11:56:40 | 000,040,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2008.11.18 11:56:40 | 000,028,672 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2008.11.18 11:56:40 | 000,005,632 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2008.09.23 17:21:22 | 000,066,856 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll MOD - [2008.07.27 20:22:54 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll MOD - [2008.07.27 20:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2008.07.27 20:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.27 20:03:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2008.07.04 04:03:00 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2008.07.04 04:03:00 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2008.01.21 04:24:29 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll MOD - [2007.08.14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll MOD - [2005.03.08 21:10:08 | 000,016,384 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 6\Lang\LaunchApplication_ger.NLR ========== Win32 Services (SafeList) ========== SRV - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2009.01.20 10:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe -- (STacSV) SRV - [2009.01.20 10:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe -- (AESTFilters) SRV - [2008.12.23 17:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.07.27 20:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.06.20 03:14:31 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:25:11 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc) SRV - [2008.01.21 04:24:20 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess) SRV - [2008.01.21 04:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.01.19 13:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSN Messenger\usnsvc.exe -- (usnjsvc) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010.01.21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.12.30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.12.30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.01.20 10:39:16 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.12.23 13:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.12.20 00:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008.09.22 07:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV - [2008.01.23 10:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11) DRV - [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl) DRV - [2008.01.21 04:23:51 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKLM\..\SearchScopes\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{FB44AB68-5D74-45C7-B381-40F8A01904D5}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes,DefaultScope = {FB44AB68-5D74-45C7-B381-40F8A01904D5} IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{006A2DB5-E94A-4797-AAFB-260563B021B4}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms} IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{0233393A-1A68-46FF-8D0E-11A7FCE3624A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=5610aea9-c891-4438-a2c5-5dfe15d57b71&apn_sauid=89A1255E-E002-4582-A641-B832C9994B1B IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{537638E9-7D11-4F2D-B0BF-2206C3008E23}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{FB44AB68-5D74-45C7-B381-40F8A01904D5}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/?l=dis&o=1586&gct=hp" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&ilc=12&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2012.01.17 15:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions [2012.01.17 15:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.02.06 16:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions [2011.07.20 22:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.09.06 11:49:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.07.20 22:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\staged-xpis [2012.04.20 16:29:50 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com [2012.04.20 16:29:49 | 000,002,335 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\askcom.xml [2011.07.20 22:21:56 | 000,002,342 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icq-search.xml [2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icqplugin.gif [2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icqplugin.src File not found (No name found) -- C:\USERS\FRANK\DESKTOP\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} File not found (No name found) -- C:\USERS\FRANK\DESKTOP\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\FRANK\DESKTOP\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ========== Chrome ========== CHR - default_search_provider: AOL Suche () CHR - default_search_provider: search_url = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de CHR - default_search_provider: suggest_url = O1 HOSTS File: ([2012.05.30 18:01:35 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Frank\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Frank\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [9txXqR9p2lPiFxH] C:\Users\Frank\AppData\Roaming\Diablo_III.exe File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [DataLayer] C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O8 - Extra context menu item: Free YouTube Download - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..Trusted Ranges: Range1 ([http] in Lokales Intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{259FA58F-84B4-4533-92E0-EC6F4664C188}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{591F74AA-EF59-4548-9380-26E5E01ABDE4}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll () O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Users\Frank\AppData\Roaming\Diablo_III.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000 Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {Gusfa7ep-lUCJ-Ed2r-Yvs8-fYwL6tnW7CxX} - ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.06 18:19:18 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe [2012.06.06 13:11:49 | 000,000,000 | ---D | C] -- C:\Users\Frank\Documents\MAXQDA10 [2012.06.06 13:11:49 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\MAXQDA10 [2012.06.06 13:03:56 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXQDA 10 [2012.06.06 13:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MAXQDA10 [2012.06.06 13:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\MAXQDA10 [2012.05.31 12:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.05.31 10:19:24 | 000,000,000 | R--D | C] -- C:\Users\Frank\Music [2012.05.30 18:34:38 | 000,000,000 | ---D | C] -- C:\_OTL [2012.05.30 15:19:42 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Malwarebytes [2012.05.30 15:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.30 15:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.30 15:19:27 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.05.30 15:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.05.30 12:56:34 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Frank\Desktop\unhide.exe [2012.05.28 16:04:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.05.26 12:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot [2012.05.26 12:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar [2012.05.26 12:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2012.05.18 00:06:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2 C:\Users\Frank\Documents\*.tmp files -> C:\Users\Frank\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.06 18:19:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe [2012.06.06 18:10:41 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.06 18:10:41 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.06 18:10:41 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.06 18:10:41 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.06 17:43:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.06 16:34:14 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini [2012.06.06 16:33:44 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.06 16:32:05 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.06 16:32:05 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.06 16:31:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.06 16:31:51 | 3119,435,776 | -HS- | M] () -- C:\hiberfil.sys [2012.06.06 13:03:56 | 000,000,804 | ---- | M] () -- C:\Users\Frank\Desktop\MAXQDA 10.lnk [2012.06.05 21:54:04 | 000,006,080 | ---- | M] () -- C:\Users\Frank\AppData\Local\d3d9caps.dat [2012.06.05 16:42:51 | 000,002,665 | ---- | M] () -- C:\Users\Frank\Desktop\Microsoft Office Excel 2003.lnk [2012.06.05 16:12:09 | 000,002,637 | ---- | M] () -- C:\Users\Frank\Desktop\Microsoft Office Word 2003.lnk [2012.06.01 12:37:03 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForFrank.job [2012.05.30 12:53:12 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Frank\Desktop\unhide.exe [2 C:\Users\Frank\Documents\*.tmp files -> C:\Users\Frank\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.06 13:03:56 | 000,000,804 | ---- | C] () -- C:\Users\Frank\Desktop\MAXQDA 10.lnk [2012.06.01 11:19:09 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForFrank.job [2012.05.30 12:46:21 | 3119,435,776 | -HS- | C] () -- C:\hiberfil.sys [2011.11.03 14:43:55 | 000,032,768 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\fin.zup [2011.06.22 17:37:50 | 000,000,052 | ---- | C] () -- C:\Windows\akShowRTF.INI [2010.07.11 12:38:53 | 000,006,080 | ---- | C] () -- C:\Users\Frank\AppData\Local\d3d9caps.dat ========== LOP Check ========== [2011.07.19 18:45:45 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Dropbox [2012.02.06 16:53:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoft [2011.09.06 11:49:44 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.27 11:48:03 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\elsterformular [2010.02.10 16:17:57 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Gutscheinmieze [2012.05.18 10:19:43 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\ICQ [2012.06.06 13:13:54 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\MAXQDA10 [2009.08.24 13:10:13 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\muvee Technologies [2010.06.06 20:17:51 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia [2011.01.23 22:54:53 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia Multimedia Player [2009.12.08 14:11:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Oracle [2010.06.06 19:54:49 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PC Suite [2009.10.22 18:10:23 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\temp [2009.11.02 01:03:29 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Template [2012.01.17 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TomTom [2010.06.06 21:17:14 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Uniblue [2009.08.20 20:30:11 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\WildTangent [2012.06.06 15:45:51 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.01.22 10:54:37 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Adobe [2010.07.11 09:31:14 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Ahead [2010.04.12 18:00:04 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\CyberLink [2011.07.19 18:45:45 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Dropbox [2012.02.06 16:53:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoft [2011.09.06 11:49:44 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.27 11:48:03 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\elsterformular [2010.08.14 21:42:42 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Google [2010.02.10 16:17:57 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Gutscheinmieze [2010.12.03 12:20:31 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\hewlett-packard [2009.08.17 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\HP TCS [2012.05.18 10:19:43 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\ICQ [2009.08.17 13:41:46 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Identities [2009.08.17 17:29:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Macromedia [2012.05.30 15:19:42 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Malwarebytes [2012.06.06 13:13:54 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\MAXQDA10 [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Media Center Programs [2012.05.30 13:57:26 | 000,000,000 | --SD | M] -- C:\Users\Frank\AppData\Roaming\Microsoft [2011.07.20 22:21:34 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Mozilla [2009.08.24 13:10:13 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\muvee Technologies [2010.06.06 20:17:51 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia [2011.01.23 22:54:53 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia Multimedia Player [2009.12.08 14:11:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Oracle [2010.06.06 19:54:49 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PC Suite [2009.08.19 20:52:48 | 000,000,000 | R--D | M] -- C:\Users\Frank\AppData\Roaming\SecuROM [2009.10.22 18:10:23 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\temp [2009.11.02 01:03:29 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Template [2012.01.17 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TomTom [2010.06.06 21:17:14 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Uniblue [2009.08.20 20:30:11 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\WildTangent < %APPDATA%\*.exe /s > [2010.01.18 16:35:26 | 000,827,392 | ---- | M] (Synatix GmbH) -- C:\Users\Frank\AppData\Roaming\Gutscheinmieze\foxstart.exe [2010.01.18 16:35:26 | 000,827,392 | ---- | M] (Synatix GmbH) -- C:\Users\Frank\AppData\Roaming\Gutscheinmieze\uninstall.exe [2010.01.22 10:54:19 | 000,038,784 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.12.02 15:41:54 | 003,800,224 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Frank\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2009.12.08 23:01:25 | 000,134,494 | R--- | M] () -- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{6C507DED-0FFF-45AC-AF13-FAD35A0FECD8}\ARPPRODUCTICON.exe [2009.12.08 23:01:25 | 000,065,536 | R--- | M] (Macrovision Corporation) -- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{6C507DED-0FFF-45AC-AF13-FAD35A0FECD8}\NewShortcut1_8F266050CB7649059B61E68BB3036950.exe [2009.12.08 23:01:25 | 000,134,494 | R--- | M] () -- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{6C507DED-0FFF-45AC-AF13-FAD35A0FECD8}\NewShortcut21_F0244523DD484845ADC3AA0A9FB72941.exe [2009.12.08 23:01:25 | 000,176,128 | R--- | M] (Macrovision Corporation) -- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{6C507DED-0FFF-45AC-AF13-FAD35A0FECD8}\NewShortcut2_8F266050CB7649059B61E68BB3036950.exe [2012.01.17 15:21:44 | 020,398,464 | ---- | M] (TomTom International B.V.) -- C:\Users\Frank\AppData\Roaming\TomTom\HOME\Profiles\55y9q5ly.default\Updates\v2_8_2_2264_win.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\drivers\atapi.sys [2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys [2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys [2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys [2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < Schliesse bitte nun alle Programme. (Wichtig) > < Klicke nun bitte auf den Quick Scan Button. > < End of report > gruß Gustav86 |
|
07.06.2012, 11:24
| #17 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU TrojanerZitat:
__________________ |
|
07.06.2012, 14:02
| #18 |
| | GVU Trojaner Hallo Arne,
__________________sorry für die falsche Eingabe. Hier der neue Otl-log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.06.2012 14:38:13 - Run 2 OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Frank\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,90 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 66,75% Memory free 6,04 Gb Paging File | 4,91 Gb Available in Paging File | 81,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,42 Gb Total Space | 43,21 Gb Free Space | 19,43% Space Free | Partition Type: NTFS Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS Computer Name: FRANK-LAPTOP | User Name: Frank | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.06 18:19:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe PRC - [2012.05.25 15:21:44 | 000,992,648 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2012.04.09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2009.11.13 13:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2009.02.28 17:05:05 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.20 10:39:12 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2009.01.20 10:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe PRC - [2009.01.20 10:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe PRC - [2008.12.23 17:18:20 | 000,365,952 | ---- | M] () -- C:\Programme\SMINST\BLService.exe PRC - [2005.04.20 09:57:18 | 000,847,872 | ---- | M] (Time Information Services Ltd.) -- C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe PRC - [2005.03.31 09:30:52 | 001,106,944 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe PRC - [2005.03.22 12:29:14 | 000,468,992 | ---- | M] (Nokia Corporation) -- C:\Programme\Common Files\Nokia\MPAPI\MPAPI3s.exe PRC - [2005.03.22 12:27:16 | 000,097,792 | ---- | M] (Nokia.) -- C:\Programme\Common Files\PCSuite\Services\ServiceLayer.exe PRC - [2005.03.22 09:39:34 | 000,167,936 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe ========== Modules (No Company Name) ========== MOD - [2011.06.16 16:22:42 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll MOD - [2011.06.16 16:21:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2011.06.16 16:21:05 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll MOD - [2011.06.16 16:21:05 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll MOD - [2011.06.16 16:21:05 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.Wrapper.dll MOD - [2011.06.16 16:20:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll MOD - [2011.06.16 15:40:27 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011.06.16 15:40:09 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011.06.16 15:40:00 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011.06.16 15:39:45 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll MOD - [2011.06.16 15:39:34 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll MOD - [2011.06.16 15:39:33 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll MOD - [2011.06.16 15:39:10 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll MOD - [2011.06.16 15:38:55 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll MOD - [2011.06.16 15:38:42 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011.06.16 15:37:37 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2008.11.18 12:03:14 | 000,032,768 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll MOD - [2008.11.18 11:57:08 | 000,007,168 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2008.11.18 11:57:06 | 000,057,344 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2008.11.18 11:56:58 | 000,118,784 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\ECLibrary.dll MOD - [2008.11.18 11:56:56 | 000,010,240 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2008.11.18 11:56:40 | 000,040,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2008.11.18 11:56:40 | 000,028,672 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2008.11.18 11:56:40 | 000,005,632 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2008.09.23 17:21:22 | 000,066,856 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll MOD - [2008.07.27 20:22:54 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll MOD - [2008.07.27 20:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2008.07.27 20:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.27 20:03:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2008.07.04 04:03:00 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2008.07.04 04:03:00 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2008.01.21 04:24:29 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll MOD - [2007.08.14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll MOD - [2005.03.08 21:10:08 | 000,016,384 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 6\Lang\LaunchApplication_ger.NLR ========== Win32 Services (SafeList) ========== SRV - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2009.01.20 10:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe -- (STacSV) SRV - [2009.01.20 10:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe -- (AESTFilters) SRV - [2008.12.23 17:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.07.27 20:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.06.20 03:14:31 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:25:11 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc) SRV - [2008.01.21 04:24:20 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess) SRV - [2008.01.21 04:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.01.19 13:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSN Messenger\usnsvc.exe -- (usnjsvc) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.06.07 11:35:08 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6FF42715-4E66-4B82-A803-4BE91B3331F0}\MpKsl83efc660.sys -- (MpKsl83efc660) DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010.01.21 14:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.12.30 11:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.12.30 11:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.01.20 10:39:16 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.12.23 13:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.12.20 00:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008.09.22 07:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV - [2008.01.23 10:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11) DRV - [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl) DRV - [2008.01.21 04:23:51 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKLM\..\SearchScopes\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{FB44AB68-5D74-45C7-B381-40F8A01904D5}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes,DefaultScope = {FB44AB68-5D74-45C7-B381-40F8A01904D5} IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{006A2DB5-E94A-4797-AAFB-260563B021B4}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms} IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{0233393A-1A68-46FF-8D0E-11A7FCE3624A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=5610aea9-c891-4438-a2c5-5dfe15d57b71&apn_sauid=89A1255E-E002-4582-A641-B832C9994B1B IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{537638E9-7D11-4F2D-B0BF-2206C3008E23}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{FB44AB68-5D74-45C7-B381-40F8A01904D5}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/?l=dis&o=1586&gct=hp" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&ilc=12&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2012.01.17 15:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions [2012.01.17 15:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.02.06 16:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions [2011.07.20 22:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.09.06 11:49:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.07.20 22:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\staged-xpis [2012.04.20 16:29:50 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com [2012.04.20 16:29:49 | 000,002,335 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\askcom.xml [2011.07.20 22:21:56 | 000,002,342 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icq-search.xml [2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icqplugin.gif [2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icqplugin.src File not found (No name found) -- C:\USERS\FRANK\DESKTOP\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} File not found (No name found) -- C:\USERS\FRANK\DESKTOP\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\FRANK\DESKTOP\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ========== Chrome ========== CHR - default_search_provider: AOL Suche () CHR - default_search_provider: search_url = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de CHR - default_search_provider: suggest_url = O1 HOSTS File: ([2012.05.30 18:01:35 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Frank\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Frank\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [9txXqR9p2lPiFxH] C:\Users\Frank\AppData\Roaming\Diablo_III.exe File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [DataLayer] C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O8 - Extra context menu item: Free YouTube Download - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..Trusted Ranges: Range1 ([http] in Lokales Intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{259FA58F-84B4-4533-92E0-EC6F4664C188}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{591F74AA-EF59-4548-9380-26E5E01ABDE4}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll () O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Users\Frank\AppData\Roaming\Diablo_III.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000 Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {Gusfa7ep-lUCJ-Ed2r-Yvs8-fYwL6tnW7CxX} - ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.06 18:19:18 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe [2012.06.06 13:11:49 | 000,000,000 | ---D | C] -- C:\Users\Frank\Documents\MAXQDA10 [2012.06.06 13:11:49 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\MAXQDA10 [2012.06.06 13:03:56 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXQDA 10 [2012.06.06 13:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MAXQDA10 [2012.06.06 13:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\MAXQDA10 [2012.05.31 12:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.05.31 10:19:24 | 000,000,000 | R--D | C] -- C:\Users\Frank\Music [2012.05.30 18:34:38 | 000,000,000 | ---D | C] -- C:\_OTL [2012.05.30 15:19:42 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Malwarebytes [2012.05.30 15:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.30 15:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.30 15:19:27 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.05.30 15:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.05.30 12:56:34 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Frank\Desktop\unhide.exe [2012.05.28 16:04:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.05.26 12:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot [2012.05.26 12:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar [2012.05.26 12:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2012.05.18 00:06:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2 C:\Users\Frank\Documents\*.tmp files -> C:\Users\Frank\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.07 14:43:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.07 14:33:28 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.07 14:33:28 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.07 14:33:28 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.07 14:33:28 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.07 13:35:02 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.07 13:35:02 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.07 11:38:06 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini [2012.06.07 11:37:21 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.07 11:34:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.07 11:34:48 | 3119,435,776 | -HS- | M] () -- C:\hiberfil.sys [2012.06.06 18:19:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Frank\Desktop\OTL.exe [2012.06.06 13:03:56 | 000,000,804 | ---- | M] () -- C:\Users\Frank\Desktop\MAXQDA 10.lnk [2012.06.05 21:54:04 | 000,006,080 | ---- | M] () -- C:\Users\Frank\AppData\Local\d3d9caps.dat [2012.06.05 16:42:51 | 000,002,665 | ---- | M] () -- C:\Users\Frank\Desktop\Microsoft Office Excel 2003.lnk [2012.06.05 16:12:09 | 000,002,637 | ---- | M] () -- C:\Users\Frank\Desktop\Microsoft Office Word 2003.lnk [2012.06.01 12:37:03 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForFrank.job [2012.05.30 12:53:12 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Frank\Desktop\unhide.exe [2 C:\Users\Frank\Documents\*.tmp files -> C:\Users\Frank\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.06 13:03:56 | 000,000,804 | ---- | C] () -- C:\Users\Frank\Desktop\MAXQDA 10.lnk [2012.06.01 11:19:09 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForFrank.job [2012.05.30 12:46:21 | 3119,435,776 | -HS- | C] () -- C:\hiberfil.sys [2011.11.03 14:43:55 | 000,032,768 | ---- | C] () -- C:\Users\Frank\AppData\Roaming\fin.zup [2011.06.22 17:37:50 | 000,000,052 | ---- | C] () -- C:\Windows\akShowRTF.INI [2010.07.11 12:38:53 | 000,006,080 | ---- | C] () -- C:\Users\Frank\AppData\Local\d3d9caps.dat ========== LOP Check ========== [2011.07.19 18:45:45 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Dropbox [2012.02.06 16:53:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoft [2011.09.06 11:49:44 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.27 11:48:03 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\elsterformular [2010.02.10 16:17:57 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Gutscheinmieze [2012.05.18 10:19:43 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\ICQ [2012.06.06 13:13:54 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\MAXQDA10 [2009.08.24 13:10:13 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\muvee Technologies [2010.06.06 20:17:51 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia [2011.01.23 22:54:53 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia Multimedia Player [2009.12.08 14:11:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Oracle [2010.06.06 19:54:49 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PC Suite [2009.10.22 18:10:23 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\temp [2009.11.02 01:03:29 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Template [2012.01.17 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TomTom [2010.06.06 21:17:14 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Uniblue [2009.08.20 20:30:11 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\WildTangent [2012.06.06 22:29:28 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.01.22 10:54:37 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Adobe [2010.07.11 09:31:14 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Ahead [2010.04.12 18:00:04 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\CyberLink [2011.07.19 18:45:45 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Dropbox [2012.02.06 16:53:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoft [2011.09.06 11:49:44 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.27 11:48:03 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\elsterformular [2010.08.14 21:42:42 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Google [2010.02.10 16:17:57 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Gutscheinmieze [2010.12.03 12:20:31 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\hewlett-packard [2009.08.17 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\HP TCS [2012.05.18 10:19:43 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\ICQ [2009.08.17 13:41:46 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Identities [2009.08.17 17:29:17 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Macromedia [2012.05.30 15:19:42 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Malwarebytes [2012.06.06 13:13:54 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\MAXQDA10 [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Media Center Programs [2012.05.30 13:57:26 | 000,000,000 | --SD | M] -- C:\Users\Frank\AppData\Roaming\Microsoft [2011.07.20 22:21:34 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Mozilla [2009.08.24 13:10:13 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\muvee Technologies [2010.06.06 20:17:51 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia [2011.01.23 22:54:53 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Nokia Multimedia Player [2009.12.08 14:11:58 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Oracle [2010.06.06 19:54:49 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\PC Suite [2009.08.19 20:52:48 | 000,000,000 | R--D | M] -- C:\Users\Frank\AppData\Roaming\SecuROM [2009.10.22 18:10:23 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\temp [2009.11.02 01:03:29 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Template [2012.01.17 15:18:46 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\TomTom [2010.06.06 21:17:14 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\Uniblue [2009.08.20 20:30:11 | 000,000,000 | ---D | M] -- C:\Users\Frank\AppData\Roaming\WildTangent < %APPDATA%\*.exe /s > [2010.01.18 16:35:26 | 000,827,392 | ---- | M] (Synatix GmbH) -- C:\Users\Frank\AppData\Roaming\Gutscheinmieze\foxstart.exe [2010.01.18 16:35:26 | 000,827,392 | ---- | M] (Synatix GmbH) -- C:\Users\Frank\AppData\Roaming\Gutscheinmieze\uninstall.exe [2010.01.22 10:54:19 | 000,038,784 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.12.02 15:41:54 | 003,800,224 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Frank\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2009.12.08 23:01:25 | 000,134,494 | R--- | M] () -- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{6C507DED-0FFF-45AC-AF13-FAD35A0FECD8}\ARPPRODUCTICON.exe [2009.12.08 23:01:25 | 000,065,536 | R--- | M] (Macrovision Corporation) -- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{6C507DED-0FFF-45AC-AF13-FAD35A0FECD8}\NewShortcut1_8F266050CB7649059B61E68BB3036950.exe [2009.12.08 23:01:25 | 000,134,494 | R--- | M] () -- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{6C507DED-0FFF-45AC-AF13-FAD35A0FECD8}\NewShortcut21_F0244523DD484845ADC3AA0A9FB72941.exe [2009.12.08 23:01:25 | 000,176,128 | R--- | M] (Macrovision Corporation) -- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{6C507DED-0FFF-45AC-AF13-FAD35A0FECD8}\NewShortcut2_8F266050CB7649059B61E68BB3036950.exe [2012.01.17 15:21:44 | 020,398,464 | ---- | M] (TomTom International B.V.) -- C:\Users\Frank\AppData\Roaming\TomTom\HOME\Profiles\55y9q5ly.default\Updates\v2_8_2_2264_win.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\drivers\atapi.sys [2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys [2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys [2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys [2009.02.28 16:52:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > Gruß Gustav |
|
07.06.2012, 15:41
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
SRV - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{FB44AB68-5D74-45C7-B381-40F8A01904D5}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes,DefaultScope = {FB44AB68-5D74-45C7-B381-40F8A01904D5}
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{006A2DB5-E94A-4797-AAFB-260563B021B4}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{0233393A-1A68-46FF-8D0E-11A7FCE3624A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=5610aea9-c891-4438-a2c5-5dfe15d57b71&apn_sauid=89A1255E-E002-4582-A641-B832C9994B1B
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{537638E9-7D11-4F2D-B0BF-2206C3008E23}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\SearchScopes\{FB44AB68-5D74-45C7-B381-40F8A01904D5}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://de.ask.com/?l=dis&o=1586&gct=hp"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&ilc=12&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - user.js - File not found
[2012.04.20 16:29:50 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com
[2012.04.20 16:29:49 | 000,002,335 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\askcom.xml
[2011.07.20 22:21:56 | 000,002,342 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icq-search.xml
[2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icqplugin.gif
[2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icqplugin.src
CHR - default_search_provider: AOL Suche ()
CHR - default_search_provider: search_url = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
CHR - default_search_provider: suggest_url =
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Frank\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Frank\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [9txXqR9p2lPiFxH] C:\Users\Frank\AppData\Roaming\Diablo_III.exe File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
:Files
C:\Users\Frank\AppData\Roaming\Gutscheinmieze
C:\Programme\Ask.com
C:\Programme\ICQ6Toolbar
C:\Programme\Common Files\Spigot
C:\Programme\Application Updater
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.06.2012, 17:26
| #20 |
| | GVU Trojaner Hallo Arne, anbei der Text aus dem log-File: Code:
ATTFilter All processes killed
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Programme\Application Updater\ApplicationUpdater.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
C:\Programme\DVDVideoSoft\tbDVDV.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB44AB68-5D74-45C7-B381-40F8A01904D5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB44AB68-5D74-45C7-B381-40F8A01904D5}\ not found.
HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3814763510-1578603517-3037745957-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Programme\DVDVideoSoft\tbDVDV.dll not found.
HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006A2DB5-E94A-4797-AAFB-260563B021B4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006A2DB5-E94A-4797-AAFB-260563B021B4}\ not found.
Registry key HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0233393A-1A68-46FF-8D0E-11A7FCE3624A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0233393A-1A68-46FF-8D0E-11A7FCE3624A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3961A7BF-2E7C-4AD3-99E5-6757411222BB}\ not found.
Registry key HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\{537638E9-7D11-4F2D-B0BF-2206C3008E23}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{537638E9-7D11-4F2D-B0BF-2206C3008E23}\ not found.
Registry key HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B34FFE7E-3C76-45D5-A211-9A7A5BE3C4C5}\ not found.
Registry key HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FB44AB68-5D74-45C7-B381-40F8A01904D5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB44AB68-5D74-45C7-B381-40F8A01904D5}\ not found.
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://de.ask.com/?l=dis&o=1586&gct=hp" removed from browser.startup.homepage
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: 0 removed from network.proxy.type
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "Yahoo" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=302398&ilc=12&p=" removed from keyword.URL
Prefs.js: "chr-greentree_ff&type=302398&ilc=12" removed from browser.search.param.yahoo-fr
C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Frank\AppData\Roaming\mozilla\Firefox\Profiles\m70k60o5.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\askcom.xml moved successfully.
C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icq-search.xml moved successfully.
C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\m70k60o5.default\searchplugins\icqplugin.src moved successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
C:\Programme\vShare\vshare_toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Programme\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Programme\vShare\vshare_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ deleted successfully.
C:\Users\Frank\AppData\Roaming\Gutscheinmieze\toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Programme\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Programme\vShare\vshare_toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
File C:\Users\Frank\AppData\Roaming\Gutscheinmieze\toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}\ not found.
File C:\Programme\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\9txXqR9p2lPiFxH deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
========== FILES ==========
C:\Users\Frank\AppData\Roaming\Gutscheinmieze folder moved successfully.
File\Folder C:\Programme\Ask.com not found.
File\Folder C:\Programme\ICQ6Toolbar not found.
C:\Programme\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Programme\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Programme\Common Files\Spigot\Search Settings folder moved successfully.
C:\Programme\Common Files\Spigot folder moved successfully.
File\Folder C:\Programme\Application Updater not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Frank
->Temp folder emptied: 3496530660 bytes
->Temporary Internet Files folder emptied: 2049939059 bytes
->Java cache emptied: 8740581 bytes
->FireFox cache emptied: 4466602 bytes
->Flash cache emptied: 3846175 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 345316770 bytes
RecycleBin emptied: 2292912090 bytes
Total Files Cleaned = 7.822,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Frank
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.46.1 log created on 06072012_181317
Files\Folders moved on Reboot...
C:\Users\Frank\AppData\Local\Temp\ehmsas.txt moved successfully.
Registry entries deleted on Reboot...
|
|
07.06.2012, 20:52
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> GVU Trojaner |
|
08.06.2012, 12:32
| #22 |
| | GVU Trojaner Hallo Arne, hier ist der Report: Code:
ATTFilter
13:22:41.0732 4272 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
13:22:41.0966 4272 ============================================================
13:22:41.0966 4272 Current date / time: 2012/06/08 13:22:41.0966
13:22:41.0966 4272 SystemInfo:
13:22:41.0966 4272
13:22:41.0966 4272 OS Version: 6.0.6001 ServicePack: 1.0
13:22:41.0966 4272 Product type: Workstation
13:22:41.0966 4272 ComputerName: FRANK-LAPTOP
13:22:41.0966 4272 UserName: Frank
13:22:41.0966 4272 Windows directory: C:\Windows
13:22:41.0966 4272 System windows directory: C:\Windows
13:22:41.0966 4272 Processor architecture: Intel x86
13:22:41.0966 4272 Number of processors: 2
13:22:41.0966 4272 Page size: 0x1000
13:22:41.0966 4272 Boot type: Normal boot
13:22:41.0966 4272 ============================================================
13:22:43.0463 4272 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:22:43.0541 4272 ============================================================
13:22:43.0541 4272 \Device\Harddisk0\DR0:
13:22:43.0541 4272 MBR partitions:
13:22:43.0541 4272 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BCD4800
13:22:43.0541 4272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BCD5000, BlocksNum 0x14EF000
13:22:43.0541 4272 ============================================================
13:22:43.0650 4272 C: <-> \Device\Harddisk0\DR0\Partition0
13:22:43.0713 4272 D: <-> \Device\Harddisk0\DR0\Partition1
13:22:43.0713 4272 ============================================================
13:22:43.0713 4272 Initialize success
13:22:43.0713 4272 ============================================================
13:23:38.0438 6076 ============================================================
13:23:38.0438 6076 Scan started
13:23:38.0438 6076 Mode: Manual; SigCheck; TDLFS;
13:23:38.0438 6076 ============================================================
13:23:40.0684 6076 acedrv11 (66dc3740111238c91b875d8a0021834d) C:\Windows\system32\drivers\acedrv11.sys
13:23:40.0840 6076 acedrv11 - ok
13:23:41.0152 6076 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
13:23:41.0168 6076 ACPI - ok
13:23:41.0277 6076 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:23:41.0324 6076 adp94xx - ok
13:23:41.0370 6076 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:23:41.0402 6076 adpahci - ok
13:23:41.0417 6076 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:23:41.0433 6076 adpu160m - ok
13:23:41.0448 6076 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:23:41.0464 6076 adpu320 - ok
13:23:41.0495 6076 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:23:41.0714 6076 AeLookupSvc - ok
13:23:42.0026 6076 AESTFilters (087b04ca45e2f059a55709b0b8f95ea9) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe
13:23:42.0119 6076 AESTFilters - ok
13:23:42.0291 6076 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
13:23:42.0416 6076 AFD - ok
13:23:42.0478 6076 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:23:42.0494 6076 agp440 - ok
13:23:42.0525 6076 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:23:42.0556 6076 aic78xx - ok
13:23:42.0743 6076 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:23:42.0821 6076 ALG - ok
13:23:42.0915 6076 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
13:23:42.0930 6076 aliide - ok
13:23:42.0993 6076 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:23:43.0008 6076 amdagp - ok
13:23:43.0040 6076 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
13:23:43.0055 6076 amdide - ok
13:23:43.0086 6076 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:23:43.0149 6076 AmdK7 - ok
13:23:43.0289 6076 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:23:43.0352 6076 AmdK8 - ok
13:23:43.0430 6076 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:23:43.0523 6076 Appinfo - ok
13:23:43.0570 6076 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:23:43.0586 6076 arc - ok
13:23:43.0601 6076 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:23:43.0617 6076 arcsas - ok
13:23:43.0648 6076 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:23:43.0710 6076 AsyncMac - ok
13:23:43.0851 6076 atapi (9c0e70031905adbf94edb9ea14af943b) C:\Windows\system32\drivers\atapi.sys
13:23:43.0866 6076 atapi - ok
13:23:44.0381 6076 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys
13:23:44.0506 6076 athr - ok
13:23:44.0615 6076 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
13:23:44.0709 6076 AudioEndpointBuilder - ok
13:23:44.0709 6076 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
13:23:44.0756 6076 Audiosrv - ok
13:23:44.0849 6076 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:23:44.0912 6076 Beep - ok
13:23:45.0083 6076 BFE (d3e6d78285529962349a7f1617035938) C:\Windows\System32\bfe.dll
13:23:45.0161 6076 BFE - ok
13:23:45.0458 6076 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
13:23:45.0551 6076 BITS - ok
13:23:45.0629 6076 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:23:45.0676 6076 blbdrive - ok
13:23:45.0770 6076 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
13:23:45.0832 6076 bowser - ok
13:23:45.0879 6076 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:23:45.0910 6076 BrFiltLo - ok
13:23:45.0957 6076 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:23:46.0019 6076 BrFiltUp - ok
13:23:46.0050 6076 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:23:46.0128 6076 Browser - ok
13:23:46.0191 6076 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:23:46.0425 6076 Brserid - ok
13:23:46.0487 6076 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:23:46.0565 6076 BrSerWdm - ok
13:23:46.0596 6076 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:23:46.0674 6076 BrUsbMdm - ok
13:23:46.0752 6076 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:23:46.0846 6076 BrUsbSer - ok
13:23:46.0893 6076 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:23:46.0971 6076 BTHMODEM - ok
13:23:47.0002 6076 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:23:47.0064 6076 cdfs - ok
13:23:47.0096 6076 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
13:23:47.0158 6076 cdrom - ok
13:23:47.0205 6076 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
13:23:47.0252 6076 CertPropSvc - ok
13:23:47.0283 6076 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:23:47.0298 6076 circlass - ok
13:23:47.0345 6076 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
13:23:47.0361 6076 CLFS - ok
13:23:47.0423 6076 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:23:47.0439 6076 clr_optimization_v2.0.50727_32 - ok
13:23:47.0579 6076 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:23:47.0610 6076 clr_optimization_v4.0.30319_32 - ok
13:23:47.0626 6076 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:23:47.0673 6076 CmBatt - ok
13:23:47.0704 6076 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
13:23:47.0720 6076 cmdide - ok
13:23:48.0406 6076 Com4QLBEx (2f27104f5d6ed63fdac38cacb9d19dfd) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
13:23:48.0437 6076 Com4QLBEx - ok
13:23:48.0531 6076 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:23:48.0562 6076 Compbatt - ok
13:23:48.0578 6076 COMSysApp - ok
13:23:48.0578 6076 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:23:48.0593 6076 crcdisk - ok
13:23:48.0624 6076 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:23:48.0702 6076 Crusoe - ok
13:23:48.0765 6076 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
13:23:48.0843 6076 CryptSvc - ok
13:23:49.0451 6076 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
13:23:49.0592 6076 DcomLaunch - ok
13:23:49.0685 6076 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
13:23:49.0748 6076 DfsC - ok
13:23:52.0228 6076 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
13:23:52.0431 6076 DFSR - ok
13:23:53.0882 6076 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
13:23:53.0960 6076 Dhcp - ok
13:23:54.0162 6076 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
13:23:54.0194 6076 disk - ok
13:23:54.0474 6076 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
13:23:54.0568 6076 Dnscache - ok
13:23:55.0223 6076 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
13:23:55.0332 6076 dot3svc - ok
13:23:55.0442 6076 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
13:23:55.0535 6076 Dot4 - ok
13:23:55.0598 6076 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:23:55.0660 6076 Dot4Print - ok
13:23:55.0800 6076 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
13:23:55.0878 6076 dot4usb - ok
13:23:55.0925 6076 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:23:55.0988 6076 DPS - ok
13:23:56.0034 6076 drmkaud (a261867e0862be565bc1f86d387c0805) C:\Windows\system32\drivers\drmkaud.sys
13:23:56.0097 6076 drmkaud - ok
13:23:56.0565 6076 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
13:23:56.0674 6076 DXGKrnl - ok
13:23:56.0736 6076 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:23:56.0814 6076 E1G60 - ok
13:23:57.0033 6076 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:23:57.0111 6076 EapHost - ok
13:23:57.0189 6076 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
13:23:57.0236 6076 Ecache - ok
13:23:57.0594 6076 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:23:57.0641 6076 ehRecvr - ok
13:23:57.0672 6076 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:23:57.0782 6076 ehSched - ok
13:23:57.0797 6076 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:23:57.0844 6076 ehstart - ok
13:23:57.0906 6076 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:23:57.0953 6076 elxstor - ok
13:23:58.0593 6076 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
13:23:58.0842 6076 EMDMgmt - ok
13:23:58.0874 6076 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:23:58.0936 6076 ErrDev - ok
13:23:59.0591 6076 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
13:23:59.0669 6076 EventSystem - ok
13:23:59.0747 6076 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
13:23:59.0810 6076 exfat - ok
13:24:00.0262 6076 ezSharedSvc (42f721c52eef2d6df9372a53813a83ef) C:\Windows\System32\ezsvc7.dll
13:24:00.0340 6076 ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
13:24:00.0340 6076 ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
13:24:00.0621 6076 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
13:24:00.0699 6076 fastfat - ok
13:24:00.0730 6076 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:24:00.0777 6076 fdc - ok
13:24:00.0824 6076 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:24:00.0870 6076 fdPHost - ok
13:24:00.0902 6076 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:24:00.0995 6076 FDResPub - ok
13:24:01.0198 6076 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:24:01.0214 6076 FileInfo - ok
13:24:01.0245 6076 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:24:01.0292 6076 Filetrace - ok
13:24:01.0385 6076 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:24:01.0448 6076 flpydisk - ok
13:24:01.0619 6076 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
13:24:01.0635 6076 FltMgr - ok
13:24:01.0931 6076 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:24:01.0962 6076 FontCache3.0.0.0 - ok
13:24:01.0994 6076 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:24:02.0056 6076 Fs_Rec - ok
13:24:02.0212 6076 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:24:02.0259 6076 gagp30kx - ok
13:24:02.0633 6076 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
13:24:02.0696 6076 GameConsoleService - ok
13:24:03.0632 6076 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
13:24:03.0725 6076 gpsvc - ok
13:24:04.0287 6076 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
13:24:04.0334 6076 gupdate - ok
13:24:04.0349 6076 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
13:24:04.0349 6076 gupdatem - ok
13:24:04.0630 6076 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:24:04.0661 6076 gusvc - ok
13:24:04.0926 6076 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:24:05.0051 6076 HdAudAddService - ok
13:24:05.0160 6076 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:24:05.0285 6076 HDAudBus - ok
13:24:05.0426 6076 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:24:05.0550 6076 HidBth - ok
13:24:05.0644 6076 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:24:05.0722 6076 HidIr - ok
13:24:05.0847 6076 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
13:24:05.0956 6076 hidserv - ok
13:24:06.0050 6076 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
13:24:06.0143 6076 HidUsb - ok
13:24:06.0174 6076 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:24:06.0237 6076 hkmsvc - ok
13:24:06.0674 6076 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
13:24:06.0705 6076 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
13:24:06.0705 6076 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
13:24:06.0752 6076 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:24:06.0767 6076 HpCISSs - ok
13:24:06.0861 6076 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
13:24:06.0923 6076 HpqKbFiltr - ok
13:24:07.0110 6076 hpqwmiex (188ff0adf66768d53ad94f43972e1e9a) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
13:24:07.0188 6076 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
13:24:07.0188 6076 hpqwmiex - detected UnsignedFile.Multi.Generic (1)
13:24:07.0672 6076 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
13:24:07.0781 6076 HTTP - ok
13:24:07.0922 6076 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:24:07.0968 6076 i2omp - ok
13:24:08.0046 6076 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:24:08.0093 6076 i8042prt - ok
13:24:08.0702 6076 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:24:08.0733 6076 iaStorV - ok
13:24:09.0513 6076 ICQ Service (7a95a3ad931b97fec5067e40636ce37f) C:\Program Files\ICQ6Toolbar\ICQ Service.exe
13:24:09.0560 6076 ICQ Service - ok
13:24:10.0964 6076 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:24:11.0042 6076 idsvc - ok
13:24:14.0817 6076 igfx (0391268713612372e4e0eceaadad41d5) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:24:15.0004 6076 igfx - ok
13:24:16.0065 6076 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:24:16.0080 6076 iirsp - ok
13:24:16.0892 6076 IKEEXT (68e8c415e102e5d79fd7e4a765b8cba4) C:\Windows\System32\ikeext.dll
13:24:16.0970 6076 IKEEXT - ok
13:24:17.0032 6076 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
13:24:17.0063 6076 IntcHdmiAddService - ok
13:24:17.0157 6076 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
13:24:17.0219 6076 intelide - ok
13:24:17.0282 6076 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:24:17.0344 6076 intelppm - ok
13:24:17.0843 6076 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:24:17.0921 6076 IPBusEnum - ok
13:24:18.0046 6076 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:24:18.0124 6076 IpFilterDriver - ok
13:24:18.0842 6076 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
13:24:18.0920 6076 iphlpsvc - ok
13:24:18.0920 6076 IpInIp - ok
13:24:19.0107 6076 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:24:19.0185 6076 IPMIDRV - ok
13:24:19.0512 6076 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:24:19.0575 6076 IPNAT - ok
13:24:19.0684 6076 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:24:19.0731 6076 IRENUM - ok
13:24:19.0856 6076 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:24:19.0871 6076 isapnp - ok
13:24:19.0918 6076 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
13:24:19.0934 6076 iScsiPrt - ok
13:24:19.0949 6076 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:24:19.0965 6076 iteatapi - ok
13:24:19.0965 6076 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:24:19.0980 6076 iteraid - ok
13:24:19.0996 6076 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:24:19.0996 6076 kbdclass - ok
13:24:20.0012 6076 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
13:24:20.0058 6076 kbdhid - ok
13:24:20.0105 6076 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
13:24:20.0199 6076 KeyIso - ok
13:24:20.0246 6076 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
13:24:20.0308 6076 KMWDFILTER - ok
13:24:20.0885 6076 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
13:24:20.0948 6076 KSecDD - ok
13:24:21.0244 6076 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:24:21.0338 6076 KtmRm - ok
13:24:21.0696 6076 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll
13:24:21.0759 6076 LanmanServer - ok
13:24:21.0806 6076 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
13:24:21.0884 6076 LanmanWorkstation - ok
13:24:22.0274 6076 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:24:22.0320 6076 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
13:24:22.0320 6076 LightScribeService - detected UnsignedFile.Multi.Generic (1)
13:24:22.0352 6076 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:24:22.0414 6076 lltdio - ok
13:24:22.0882 6076 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:24:22.0944 6076 lltdsvc - ok
13:24:22.0960 6076 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:24:23.0022 6076 lmhosts - ok
13:24:23.0038 6076 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:24:23.0054 6076 LSI_FC - ok
13:24:23.0085 6076 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:24:23.0085 6076 LSI_SAS - ok
13:24:23.0116 6076 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:24:23.0132 6076 LSI_SCSI - ok
13:24:23.0147 6076 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:24:23.0178 6076 luafv - ok
13:24:23.0459 6076 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:24:23.0522 6076 Mcx2Svc - ok
13:24:23.0631 6076 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:24:23.0678 6076 megasas - ok
13:24:23.0927 6076 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:24:23.0974 6076 MegaSR - ok
13:24:24.0161 6076 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:24:24.0239 6076 MMCSS - ok
13:24:24.0333 6076 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:24:24.0411 6076 Modem - ok
13:24:24.0614 6076 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:24:24.0676 6076 monitor - ok
13:24:24.0707 6076 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:24:24.0723 6076 mouclass - ok
13:24:24.0738 6076 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:24:24.0801 6076 mouhid - ok
13:24:24.0926 6076 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:24:24.0941 6076 MountMgr - ok
13:24:25.0160 6076 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
13:24:25.0222 6076 MpFilter - ok
13:24:25.0253 6076 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:24:25.0300 6076 mpio - ok
13:24:25.0518 6076 MpKsl726ea188 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{778743D6-A7AD-4773-BEF6-429099EB4DD0}\MpKsl726ea188.sys
13:24:25.0534 6076 MpKsl726ea188 - ok
13:24:25.0799 6076 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:24:25.0877 6076 mpsdrv - ok
13:24:25.0955 6076 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
13:24:26.0096 6076 MpsSvc - ok
13:24:26.0174 6076 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:24:26.0189 6076 Mraid35x - ok
13:24:26.0205 6076 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
13:24:26.0283 6076 MRxDAV - ok
13:24:26.0610 6076 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:24:26.0735 6076 mrxsmb - ok
13:24:26.0954 6076 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:24:27.0032 6076 mrxsmb10 - ok
13:24:27.0078 6076 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:24:27.0125 6076 mrxsmb20 - ok
13:24:27.0188 6076 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
13:24:27.0203 6076 msahci - ok
13:24:27.0219 6076 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:24:27.0234 6076 msdsm - ok
13:24:27.0390 6076 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:24:27.0484 6076 MSDTC - ok
13:24:27.0624 6076 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:24:27.0687 6076 Msfs - ok
13:24:27.0734 6076 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:24:27.0734 6076 msisadrv - ok
13:24:27.0765 6076 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:24:27.0874 6076 MSiSCSI - ok
13:24:27.0874 6076 msiserver - ok
13:24:27.0936 6076 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:24:27.0999 6076 MSKSSRV - ok
13:24:28.0124 6076 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:24:28.0139 6076 MsMpSvc - ok
13:24:28.0170 6076 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:24:28.0217 6076 MSPCLOCK - ok
13:24:28.0311 6076 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:24:28.0389 6076 MSPQM - ok
13:24:28.0904 6076 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
13:24:28.0966 6076 MsRPC - ok
13:24:28.0982 6076 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:24:28.0997 6076 mssmbios - ok
13:24:29.0013 6076 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:24:29.0060 6076 MSTEE - ok
13:24:29.0216 6076 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
13:24:29.0247 6076 Mup - ok
13:24:29.0996 6076 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
13:24:30.0074 6076 napagent - ok
13:24:30.0136 6076 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
13:24:30.0183 6076 NativeWifiP - ok
13:24:30.0245 6076 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
13:24:30.0292 6076 NDIS - ok
13:24:30.0401 6076 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:24:30.0464 6076 NdisTapi - ok
13:24:30.0495 6076 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:24:30.0526 6076 Ndisuio - ok
13:24:30.0573 6076 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
13:24:30.0620 6076 NdisWan - ok
13:24:30.0807 6076 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:24:30.0854 6076 NDProxy - ok
13:24:30.0978 6076 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:24:31.0056 6076 NetBIOS - ok
13:24:31.0696 6076 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
13:24:31.0774 6076 netbt - ok
13:24:31.0883 6076 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
13:24:31.0899 6076 Netlogon - ok
13:24:32.0024 6076 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:24:32.0086 6076 Netman - ok
13:24:32.0850 6076 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:24:32.0944 6076 netprofm - ok
13:24:33.0069 6076 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:24:33.0100 6076 NetTcpPortSharing - ok
13:24:35.0066 6076 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
13:24:35.0237 6076 NETw3v32 - ok
13:24:35.0752 6076 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:24:35.0768 6076 nfrd960 - ok
13:24:35.0799 6076 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:24:35.0814 6076 NisDrv - ok
13:24:35.0970 6076 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
13:24:35.0986 6076 NisSrv - ok
13:24:36.0033 6076 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:24:36.0095 6076 NlaSvc - ok
13:24:36.0158 6076 nmwcd (28e36e677849174c910faaead3e60e9e) C:\Windows\system32\drivers\ccdcmb.sys
13:24:36.0236 6076 nmwcd - ok
13:24:36.0267 6076 nmwcdc (3823deb17f9f6775de0187a98fa0536d) C:\Windows\system32\drivers\ccdcmbo.sys
13:24:36.0298 6076 nmwcdc - ok
13:24:36.0314 6076 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
13:24:36.0376 6076 Npfs - ok
13:24:36.0548 6076 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:24:36.0641 6076 nsi - ok
13:24:36.0719 6076 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:24:36.0797 6076 nsiproxy - ok
13:24:38.0186 6076 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
13:24:38.0264 6076 Ntfs - ok
13:24:38.0357 6076 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:24:38.0451 6076 ntrigdigi - ok
13:24:38.0513 6076 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:24:38.0576 6076 Null - ok
13:24:38.0856 6076 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:24:38.0872 6076 nvraid - ok
13:24:39.0044 6076 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:24:39.0059 6076 nvstor - ok
13:24:39.0106 6076 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:24:39.0122 6076 nv_agp - ok
13:24:39.0122 6076 NwlnkFlt - ok
13:24:39.0137 6076 NwlnkFwd - ok
13:24:39.0200 6076 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
13:24:39.0246 6076 ohci1394 - ok
13:24:40.0089 6076 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:24:40.0136 6076 ose - ok
13:24:40.0931 6076 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:24:41.0056 6076 p2pimsvc - ok
13:24:41.0072 6076 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:24:41.0103 6076 p2psvc - ok
13:24:41.0165 6076 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:24:41.0259 6076 Parport - ok
13:24:41.0493 6076 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
13:24:41.0540 6076 partmgr - ok
13:24:41.0571 6076 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:24:41.0664 6076 Parvdm - ok
13:24:41.0867 6076 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:24:41.0930 6076 PcaSvc - ok
13:24:42.0148 6076 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
13:24:42.0179 6076 pci - ok
13:24:42.0242 6076 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
13:24:42.0273 6076 pciide - ok
13:24:42.0304 6076 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:24:42.0335 6076 pcmcia - ok
13:24:42.0429 6076 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:24:42.0538 6076 PEAUTH - ok
13:24:45.0237 6076 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:24:45.0408 6076 pla - ok
13:24:47.0452 6076 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
13:24:47.0530 6076 PlugPlay - ok
13:24:48.0294 6076 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:24:48.0326 6076 PNRPAutoReg - ok
13:24:48.0341 6076 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
13:24:48.0372 6076 PNRPsvc - ok
13:24:48.0513 6076 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
13:24:48.0606 6076 PolicyAgent - ok
13:24:48.0762 6076 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:24:48.0872 6076 PptpMiniport - ok
13:24:48.0981 6076 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:24:49.0059 6076 Processor - ok
13:24:49.0106 6076 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
13:24:49.0168 6076 ProfSvc - ok
13:24:49.0246 6076 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
13:24:49.0277 6076 ProtectedStorage - ok
13:24:49.0355 6076 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
13:24:49.0433 6076 PSched - ok
13:24:50.0291 6076 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:24:50.0369 6076 ql2300 - ok
13:24:50.0494 6076 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:24:50.0525 6076 ql40xx - ok
13:24:51.0102 6076 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:24:51.0165 6076 QWAVE - ok
13:24:51.0243 6076 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:24:51.0274 6076 QWAVEdrv - ok
13:24:51.0305 6076 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:24:51.0383 6076 RasAcd - ok
13:24:51.0586 6076 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:24:51.0680 6076 RasAuto - ok
13:24:51.0836 6076 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:24:51.0929 6076 Rasl2tp - ok
13:24:52.0304 6076 RasMan (afb474438762f0418060653f7294d92c) C:\Windows\System32\rasmans.dll
13:24:52.0366 6076 RasMan - ok
13:24:52.0397 6076 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
13:24:52.0428 6076 RasPppoe - ok
13:24:52.0553 6076 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
13:24:52.0584 6076 RasSstp - ok
13:24:52.0600 6076 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
13:24:52.0647 6076 rdbss - ok
13:24:52.0647 6076 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:24:52.0694 6076 RDPCDD - ok
13:24:53.0208 6076 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
13:24:53.0271 6076 rdpdr - ok
13:24:53.0318 6076 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:24:53.0380 6076 RDPENCDD - ok
13:24:53.0739 6076 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
13:24:53.0832 6076 RDPWD - ok
13:24:54.0347 6076 Recovery Service for Windows (2063d6b51fd874e67502b31a9fdba685) C:\Program Files\SMINST\BLService.exe
13:24:54.0394 6076 Recovery Service for Windows - ok
13:24:54.0441 6076 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:24:54.0488 6076 RemoteAccess - ok
13:24:54.0768 6076 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
13:24:54.0862 6076 RemoteRegistry - ok
13:24:55.0346 6076 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files\CyberLink\Shared files\RichVideo.exe
13:24:55.0392 6076 RichVideo - ok
13:24:55.0408 6076 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:24:55.0455 6076 RpcLocator - ok
13:24:55.0642 6076 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
13:24:55.0689 6076 RpcSs - ok
13:24:56.0016 6076 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:24:56.0048 6076 rspndr - ok
13:24:56.0110 6076 RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
13:24:56.0172 6076 RTL8169 - ok
13:24:56.0219 6076 RTSTOR (2b7da5a2d2c4aae01098d910007edac5) C:\Windows\system32\drivers\RTSTOR.SYS
13:24:56.0282 6076 RTSTOR - ok
13:24:56.0328 6076 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
13:24:56.0328 6076 SamSs - ok
13:24:56.0360 6076 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:24:56.0375 6076 sbp2port - ok
13:24:56.0422 6076 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
13:24:56.0484 6076 SCardSvr - ok
13:24:57.0389 6076 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
13:24:57.0467 6076 Schedule - ok
13:24:57.0514 6076 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
13:24:57.0545 6076 SCPolicySvc - ok
13:24:57.0842 6076 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
13:24:57.0904 6076 sdbus - ok
13:24:58.0185 6076 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:24:58.0278 6076 SDRSVC - ok
13:24:58.0294 6076 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:24:58.0388 6076 secdrv - ok
13:24:58.0419 6076 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:24:58.0466 6076 seclogon - ok
13:24:58.0481 6076 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
13:24:58.0544 6076 SENS - ok
13:24:58.0606 6076 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:24:58.0700 6076 Serenum - ok
13:24:58.0980 6076 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:24:59.0121 6076 Serial - ok
13:24:59.0199 6076 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:24:59.0246 6076 sermouse - ok
13:24:59.0417 6076 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:24:59.0464 6076 SessionEnv - ok
13:24:59.0573 6076 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:24:59.0604 6076 sffdisk - ok
13:24:59.0682 6076 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:24:59.0745 6076 sffp_mmc - ok
13:24:59.0807 6076 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:24:59.0870 6076 sffp_sd - ok
13:24:59.0901 6076 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:24:59.0994 6076 sfloppy - ok
13:25:00.0431 6076 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:25:00.0509 6076 SharedAccess - ok
13:25:01.0008 6076 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
13:25:01.0086 6076 ShellHWDetection - ok
13:25:01.0118 6076 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:25:01.0133 6076 sisagp - ok
13:25:01.0258 6076 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:25:01.0305 6076 SiSRaid2 - ok
13:25:01.0336 6076 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:25:01.0367 6076 SiSRaid4 - ok
13:25:03.0520 6076 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
13:25:03.0723 6076 slsvc - ok
13:25:04.0706 6076 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
13:25:04.0768 6076 SLUINotify - ok
13:25:05.0252 6076 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
13:25:05.0345 6076 Smb - ok
13:25:05.0454 6076 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:25:05.0486 6076 SNMPTRAP - ok
13:25:05.0517 6076 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:25:05.0532 6076 spldr - ok
13:25:05.0938 6076 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
13:25:06.0000 6076 Spooler - ok
13:25:06.0500 6076 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
13:25:06.0562 6076 srv - ok
13:25:06.0952 6076 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
13:25:07.0046 6076 srv2 - ok
13:25:07.0389 6076 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
13:25:07.0467 6076 srvnet - ok
13:25:07.0529 6076 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:25:07.0592 6076 SSDPSRV - ok
13:25:07.0654 6076 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:25:07.0716 6076 SstpSvc - ok
13:25:08.0512 6076 STacSV (b56ee2666f0b6019b6206fb3664baf03) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe
13:25:08.0574 6076 STacSV - ok
13:25:08.0652 6076 STHDA (5d09e4934bc269c93ebe7c96e34aa8ee) C:\Windows\system32\DRIVERS\stwrt.sys
13:25:08.0715 6076 STHDA - ok
13:25:09.0557 6076 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
13:25:09.0604 6076 stisvc - ok
13:25:09.0635 6076 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:25:09.0666 6076 swenum - ok
13:25:10.0556 6076 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
13:25:10.0602 6076 swprv - ok
13:25:10.0618 6076 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:25:10.0634 6076 Symc8xx - ok
13:25:10.0712 6076 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:25:10.0743 6076 Sym_hi - ok
13:25:10.0774 6076 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:25:10.0790 6076 Sym_u3 - ok
13:25:11.0414 6076 SynTP (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
13:25:11.0460 6076 SynTP - ok
13:25:11.0679 6076 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
13:25:11.0788 6076 SysMain - ok
13:25:11.0850 6076 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:25:11.0897 6076 TabletInputService - ok
13:25:11.0928 6076 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
13:25:12.0022 6076 TapiSrv - ok
13:25:12.0225 6076 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:25:12.0303 6076 TBS - ok
13:25:13.0598 6076 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
13:25:13.0676 6076 Tcpip - ok
13:25:13.0691 6076 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
13:25:13.0754 6076 Tcpip6 - ok
13:25:13.0800 6076 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
13:25:13.0878 6076 tcpipreg - ok
13:25:13.0910 6076 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:25:13.0972 6076 TDPIPE - ok
13:25:14.0081 6076 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:25:14.0159 6076 TDTCP - ok
13:25:14.0409 6076 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
13:25:14.0502 6076 tdx - ok
13:25:14.0596 6076 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
13:25:14.0612 6076 TermDD - ok
13:25:15.0626 6076 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
13:25:15.0704 6076 TermService - ok
13:25:15.0875 6076 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
13:25:15.0906 6076 Themes - ok
13:25:16.0109 6076 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:25:16.0140 6076 THREADORDER - ok
13:25:16.0546 6076 TomTomHOMEService (fbd16717fd68b206c4ce3bb3c9ee5cb3) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
13:25:16.0593 6076 TomTomHOMEService - ok
13:25:16.0640 6076 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:25:16.0702 6076 TrkWks - ok
13:25:16.0952 6076 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
13:25:17.0045 6076 TrustedInstaller - ok
13:25:17.0108 6076 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:25:17.0170 6076 tssecsrv - ok
13:25:17.0201 6076 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:25:17.0248 6076 tunmp - ok
13:25:17.0373 6076 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
13:25:17.0404 6076 tunnel - ok
13:25:17.0451 6076 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:25:17.0482 6076 uagp35 - ok
13:25:17.0638 6076 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
13:25:17.0700 6076 udfs - ok
13:25:17.0872 6076 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:25:17.0934 6076 UI0Detect - ok
13:25:18.0075 6076 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:25:18.0106 6076 uliagpkx - ok
13:25:18.0137 6076 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:25:18.0168 6076 uliahci - ok
13:25:18.0184 6076 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:25:18.0200 6076 UlSata - ok
13:25:18.0215 6076 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:25:18.0231 6076 ulsata2 - ok
13:25:18.0246 6076 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:25:18.0278 6076 umbus - ok
13:25:18.0668 6076 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:25:18.0730 6076 upnphost - ok
13:25:18.0761 6076 upperdev (b1b8bee26227dad9835019201552cb05) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
13:25:18.0824 6076 upperdev - ok
13:25:18.0933 6076 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:25:18.0948 6076 usbccgp - ok
13:25:19.0026 6076 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:25:19.0089 6076 usbcir - ok
13:25:19.0136 6076 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
13:25:19.0167 6076 usbehci - ok
13:25:19.0182 6076 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
13:25:19.0229 6076 usbhub - ok
13:25:19.0245 6076 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:25:19.0323 6076 usbohci - ok
13:25:19.0448 6076 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:25:19.0510 6076 usbprint - ok
13:25:19.0557 6076 usbser (a96191470581a7091420d25ecd444502) C:\Windows\system32\DRIVERS\usbser.sys
13:25:19.0588 6076 usbser - ok
13:25:19.0604 6076 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:25:19.0635 6076 USBSTOR - ok
13:25:19.0682 6076 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:25:19.0728 6076 usbuhci - ok
13:25:19.0791 6076 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
13:25:19.0853 6076 usbvideo - ok
13:25:20.0368 6076 usnjsvc (c5b70a6aa947667ce0e5fc84a05ec8b6) C:\Program Files\MSN Messenger\usnsvc.exe
13:25:20.0399 6076 usnjsvc - ok
13:25:20.0430 6076 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
13:25:20.0524 6076 UxSms - ok
13:25:20.0727 6076 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
13:25:20.0805 6076 vds - ok
13:25:20.0914 6076 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:25:20.0945 6076 vga - ok
13:25:21.0054 6076 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:25:21.0086 6076 VgaSave - ok
13:25:21.0242 6076 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:25:21.0273 6076 viaagp - ok
13:25:21.0304 6076 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:25:21.0351 6076 ViaC7 - ok
13:25:21.0429 6076 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
13:25:21.0444 6076 viaide - ok
13:25:21.0476 6076 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:25:21.0491 6076 volmgr - ok
13:25:21.0710 6076 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
13:25:21.0756 6076 volmgrx - ok
13:25:21.0788 6076 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
13:25:21.0803 6076 volsnap - ok
13:25:21.0819 6076 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:25:21.0834 6076 vsmraid - ok
13:25:22.0786 6076 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
13:25:22.0880 6076 VSS - ok
13:25:22.0989 6076 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
13:25:23.0067 6076 W32Time - ok
13:25:23.0441 6076 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:25:23.0519 6076 WacomPen - ok
13:25:23.0722 6076 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:25:23.0784 6076 Wanarp - ok
13:25:23.0784 6076 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:25:23.0816 6076 Wanarpv6 - ok
13:25:24.0767 6076 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
13:25:24.0830 6076 wcncsvc - ok
13:25:24.0923 6076 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:25:25.0001 6076 WcsPlugInService - ok
13:25:25.0126 6076 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:25:25.0173 6076 Wd - ok
13:25:25.0719 6076 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:25:25.0766 6076 Wdf01000 - ok
13:25:25.0968 6076 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:25:26.0062 6076 WdiServiceHost - ok
13:25:26.0062 6076 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:25:26.0109 6076 WdiSystemHost - ok
13:25:26.0764 6076 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
13:25:26.0842 6076 WebClient - ok
13:25:26.0873 6076 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:25:27.0014 6076 Wecsvc - ok
13:25:27.0170 6076 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:25:27.0216 6076 wercplsupport - ok
13:25:27.0482 6076 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
13:25:27.0528 6076 WerSvc - ok
13:25:27.0825 6076 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:25:27.0856 6076 WinDefend - ok
13:25:27.0856 6076 WinHttpAutoProxySvc - ok
13:25:28.0059 6076 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
13:25:28.0137 6076 Winmgmt - ok
13:25:29.0822 6076 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:25:29.0978 6076 WinRM - ok
13:25:30.0867 6076 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
13:25:30.0960 6076 Wlansvc - ok
13:25:31.0038 6076 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:25:31.0070 6076 WmiAcpi - ok
13:25:31.0631 6076 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
13:25:31.0725 6076 wmiApSrv - ok
13:25:32.0879 6076 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:25:32.0988 6076 WMPNetworkSvc - ok
13:25:33.0098 6076 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
13:25:33.0176 6076 WPCSvc - ok
13:25:33.0410 6076 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
13:25:33.0503 6076 WPDBusEnum - ok
13:25:33.0566 6076 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
13:25:33.0612 6076 WpdUsb - ok
13:25:34.0923 6076 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:25:34.0985 6076 WPFFontCache_v0400 - ok
13:25:35.0016 6076 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:25:35.0048 6076 ws2ifsl - ok
13:25:35.0328 6076 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
13:25:35.0344 6076 wscsvc - ok
13:25:35.0360 6076 WSearch - ok
13:25:37.0668 6076 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
13:25:37.0824 6076 wuauserv - ok
13:25:38.0183 6076 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:25:38.0246 6076 WUDFRd - ok
13:25:38.0355 6076 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:25:38.0417 6076 wudfsvc - ok
13:25:38.0480 6076 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
13:25:38.0558 6076 yukonwlh - ok
13:25:38.0589 6076 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
13:25:38.0792 6076 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:25:38.0792 6076 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:25:38.0792 6076 Boot (0x1200) (7fcb1ab01eae16051b5983495b041fd5) \Device\Harddisk0\DR0\Partition0
13:25:38.0823 6076 \Device\Harddisk0\DR0\Partition0 - ok
13:25:38.0823 6076 Boot (0x1200) (c33d94aff8896ebc856a1f9ddf84cafd) \Device\Harddisk0\DR0\Partition1
13:25:38.0838 6076 \Device\Harddisk0\DR0\Partition1 - ok
13:25:38.0838 6076 ============================================================
13:25:38.0838 6076 Scan finished
13:25:38.0838 6076 ============================================================
13:25:38.0854 2868 Detected object count: 5
13:25:38.0854 2868 Actual detected object count: 5
13:29:27.0622 2868 ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:27.0622 2868 ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:27.0622 2868 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:27.0622 2868 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:27.0637 2868 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:27.0637 2868 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:27.0637 2868 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
13:29:27.0637 2868 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:29:27.0637 2868 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:29:27.0637 2868 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
08.06.2012, 13:15
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU TrojanerZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.06.2012, 20:20
| #24 |
| | GVU Trojaner Hallo Arne, habe es gelöscht. Hier ist das neue log: Code:
ATTFilter 21:15:44.0669 2640 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:15:44.0903 2640 ============================================================
21:15:44.0903 2640 Current date / time: 2012/06/08 21:15:44.0903
21:15:44.0903 2640 SystemInfo:
21:15:44.0903 2640
21:15:44.0903 2640 OS Version: 6.0.6001 ServicePack: 1.0
21:15:44.0903 2640 Product type: Workstation
21:15:44.0903 2640 ComputerName: FRANK-LAPTOP
21:15:44.0903 2640 UserName: Frank
21:15:44.0903 2640 Windows directory: C:\Windows
21:15:44.0903 2640 System windows directory: C:\Windows
21:15:44.0903 2640 Processor architecture: Intel x86
21:15:44.0903 2640 Number of processors: 2
21:15:44.0903 2640 Page size: 0x1000
21:15:44.0903 2640 Boot type: Normal boot
21:15:44.0903 2640 ============================================================
21:15:47.0274 2640 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:15:47.0352 2640 ============================================================
21:15:47.0352 2640 \Device\Harddisk0\DR0:
21:15:47.0367 2640 MBR partitions:
21:15:47.0367 2640 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BCD4800
21:15:47.0367 2640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BCD5000, BlocksNum 0x14EF000
21:15:47.0367 2640 ============================================================
21:15:47.0414 2640 C: <-> \Device\Harddisk0\DR0\Partition0
21:15:47.0539 2640 D: <-> \Device\Harddisk0\DR0\Partition1
21:15:47.0539 2640 ============================================================
21:15:47.0539 2640 Initialize success
21:15:47.0539 2640 ============================================================
21:15:53.0919 2692 ============================================================
21:15:53.0919 2692 Scan started
21:15:53.0919 2692 Mode: Manual; SigCheck; TDLFS;
21:15:53.0919 2692 ============================================================
21:15:56.0712 2692 acedrv11 (66dc3740111238c91b875d8a0021834d) C:\Windows\system32\drivers\acedrv11.sys
21:15:56.0883 2692 acedrv11 - ok
21:15:57.0211 2692 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
21:15:57.0227 2692 ACPI - ok
21:15:57.0289 2692 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:15:57.0320 2692 adp94xx - ok
21:15:57.0351 2692 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:15:57.0367 2692 adpahci - ok
21:15:57.0383 2692 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:15:57.0398 2692 adpu160m - ok
21:15:57.0414 2692 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:15:57.0429 2692 adpu320 - ok
21:15:57.0492 2692 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:15:57.0851 2692 AeLookupSvc - ok
21:15:57.0991 2692 AESTFilters (087b04ca45e2f059a55709b0b8f95ea9) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe
21:15:58.0007 2692 AESTFilters - ok
21:15:58.0287 2692 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
21:15:58.0334 2692 AFD - ok
21:15:58.0365 2692 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:15:58.0365 2692 agp440 - ok
21:15:58.0397 2692 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:15:58.0412 2692 aic78xx - ok
21:15:58.0428 2692 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:15:58.0490 2692 ALG - ok
21:15:58.0568 2692 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
21:15:58.0568 2692 aliide - ok
21:15:58.0599 2692 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:15:58.0599 2692 amdagp - ok
21:15:58.0631 2692 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
21:15:58.0631 2692 amdide - ok
21:15:58.0662 2692 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:15:58.0693 2692 AmdK7 - ok
21:15:58.0927 2692 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:15:58.0974 2692 AmdK8 - ok
21:15:59.0021 2692 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:15:59.0052 2692 Appinfo - ok
21:15:59.0083 2692 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:15:59.0099 2692 arc - ok
21:15:59.0130 2692 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:15:59.0145 2692 arcsas - ok
21:15:59.0161 2692 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:15:59.0208 2692 AsyncMac - ok
21:15:59.0208 2692 atapi (9c0e70031905adbf94edb9ea14af943b) C:\Windows\system32\drivers\atapi.sys
21:15:59.0223 2692 atapi - ok
21:15:59.0801 2692 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys
21:15:59.0894 2692 athr - ok
21:15:59.0957 2692 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
21:16:00.0003 2692 AudioEndpointBuilder - ok
21:16:00.0003 2692 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
21:16:00.0050 2692 Audiosrv - ok
21:16:00.0175 2692 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:16:00.0237 2692 Beep - ok
21:16:00.0503 2692 BFE (d3e6d78285529962349a7f1617035938) C:\Windows\System32\bfe.dll
21:16:00.0581 2692 BFE - ok
21:16:00.0830 2692 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
21:16:00.0877 2692 BITS - ok
21:16:01.0017 2692 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:16:01.0095 2692 blbdrive - ok
21:16:01.0158 2692 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
21:16:01.0220 2692 bowser - ok
21:16:01.0267 2692 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:16:01.0298 2692 BrFiltLo - ok
21:16:01.0314 2692 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:16:01.0329 2692 BrFiltUp - ok
21:16:01.0704 2692 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:16:01.0751 2692 Browser - ok
21:16:01.0797 2692 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:16:01.0844 2692 Brserid - ok
21:16:02.0094 2692 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:16:02.0172 2692 BrSerWdm - ok
21:16:02.0187 2692 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:16:02.0312 2692 BrUsbMdm - ok
21:16:02.0359 2692 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:16:02.0453 2692 BrUsbSer - ok
21:16:02.0499 2692 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:16:02.0546 2692 BTHMODEM - ok
21:16:02.0562 2692 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:16:02.0593 2692 cdfs - ok
21:16:02.0609 2692 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
21:16:02.0640 2692 cdrom - ok
21:16:02.0671 2692 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
21:16:02.0702 2692 CertPropSvc - ok
21:16:02.0718 2692 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:16:02.0749 2692 circlass - ok
21:16:02.0858 2692 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
21:16:02.0889 2692 CLFS - ok
21:16:03.0342 2692 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:16:03.0373 2692 clr_optimization_v2.0.50727_32 - ok
21:16:04.0013 2692 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:16:04.0059 2692 clr_optimization_v4.0.30319_32 - ok
21:16:04.0106 2692 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:16:04.0137 2692 CmBatt - ok
21:16:04.0184 2692 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
21:16:04.0200 2692 cmdide - ok
21:16:04.0512 2692 Com4QLBEx (2f27104f5d6ed63fdac38cacb9d19dfd) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:16:04.0527 2692 Com4QLBEx - ok
21:16:04.0637 2692 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:16:04.0668 2692 Compbatt - ok
21:16:04.0668 2692 COMSysApp - ok
21:16:04.0730 2692 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:16:04.0746 2692 crcdisk - ok
21:16:04.0980 2692 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:16:05.0167 2692 Crusoe - ok
21:16:05.0229 2692 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
21:16:05.0276 2692 CryptSvc - ok
21:16:05.0432 2692 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
21:16:05.0463 2692 DcomLaunch - ok
21:16:05.0557 2692 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
21:16:05.0619 2692 DfsC - ok
21:16:06.0275 2692 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
21:16:06.0431 2692 DFSR - ok
21:16:06.0883 2692 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
21:16:06.0961 2692 Dhcp - ok
21:16:07.0164 2692 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
21:16:07.0195 2692 disk - ok
21:16:07.0523 2692 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
21:16:07.0601 2692 Dnscache - ok
21:16:07.0632 2692 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
21:16:07.0679 2692 dot3svc - ok
21:16:07.0757 2692 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
21:16:07.0803 2692 Dot4 - ok
21:16:07.0819 2692 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:16:07.0850 2692 Dot4Print - ok
21:16:07.0991 2692 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
21:16:08.0037 2692 dot4usb - ok
21:16:08.0069 2692 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:16:08.0131 2692 DPS - ok
21:16:08.0162 2692 drmkaud (a261867e0862be565bc1f86d387c0805) C:\Windows\system32\drivers\drmkaud.sys
21:16:08.0178 2692 drmkaud - ok
21:16:08.0396 2692 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
21:16:08.0490 2692 DXGKrnl - ok
21:16:08.0537 2692 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:16:08.0583 2692 E1G60 - ok
21:16:08.0771 2692 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:16:08.0864 2692 EapHost - ok
21:16:08.0927 2692 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
21:16:08.0958 2692 Ecache - ok
21:16:09.0426 2692 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
21:16:09.0457 2692 ehRecvr - ok
21:16:09.0504 2692 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
21:16:09.0535 2692 ehSched - ok
21:16:09.0551 2692 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
21:16:09.0566 2692 ehstart - ok
21:16:09.0613 2692 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:16:09.0644 2692 elxstor - ok
21:16:10.0908 2692 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
21:16:10.0955 2692 EMDMgmt - ok
21:16:11.0033 2692 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:16:11.0064 2692 ErrDev - ok
21:16:11.0345 2692 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
21:16:11.0391 2692 EventSystem - ok
21:16:11.0438 2692 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
21:16:11.0485 2692 exfat - ok
21:16:11.0501 2692 ezSharedSvc (42f721c52eef2d6df9372a53813a83ef) C:\Windows\System32\ezsvc7.dll
21:16:11.0532 2692 ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
21:16:11.0532 2692 ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
21:16:11.0563 2692 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
21:16:11.0610 2692 fastfat - ok
21:16:11.0641 2692 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:16:11.0688 2692 fdc - ok
21:16:11.0719 2692 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:16:11.0766 2692 fdPHost - ok
21:16:11.0797 2692 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:16:11.0875 2692 FDResPub - ok
21:16:11.0891 2692 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:16:11.0906 2692 FileInfo - ok
21:16:11.0922 2692 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:16:11.0953 2692 Filetrace - ok
21:16:12.0047 2692 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:16:12.0093 2692 flpydisk - ok
21:16:12.0312 2692 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
21:16:12.0359 2692 FltMgr - ok
21:16:12.0374 2692 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:16:12.0390 2692 FontCache3.0.0.0 - ok
21:16:12.0483 2692 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:16:12.0515 2692 Fs_Rec - ok
21:16:12.0546 2692 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:16:12.0561 2692 gagp30kx - ok
21:16:12.0858 2692 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
21:16:12.0905 2692 GameConsoleService - ok
21:16:13.0435 2692 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
21:16:13.0513 2692 gpsvc - ok
21:16:13.0607 2692 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:16:13.0638 2692 gupdate - ok
21:16:13.0653 2692 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:16:13.0669 2692 gupdatem - ok
21:16:13.0763 2692 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:16:13.0778 2692 gusvc - ok
21:16:13.0841 2692 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:16:13.0919 2692 HdAudAddService - ok
21:16:13.0934 2692 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:16:13.0965 2692 HDAudBus - ok
21:16:14.0059 2692 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:16:14.0121 2692 HidBth - ok
21:16:14.0168 2692 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:16:14.0215 2692 HidIr - ok
21:16:14.0262 2692 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
21:16:14.0324 2692 hidserv - ok
21:16:14.0371 2692 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
21:16:14.0402 2692 HidUsb - ok
21:16:14.0433 2692 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:16:14.0480 2692 hkmsvc - ok
21:16:14.0636 2692 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
21:16:14.0636 2692 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
21:16:14.0652 2692 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
21:16:14.0667 2692 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:16:14.0683 2692 HpCISSs - ok
21:16:14.0714 2692 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:16:14.0730 2692 HpqKbFiltr - ok
21:16:15.0011 2692 hpqwmiex (188ff0adf66768d53ad94f43972e1e9a) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:16:15.0042 2692 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
21:16:15.0042 2692 hpqwmiex - detected UnsignedFile.Multi.Generic (1)
21:16:15.0104 2692 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
21:16:15.0182 2692 HTTP - ok
21:16:15.0260 2692 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:16:15.0276 2692 i2omp - ok
21:16:15.0307 2692 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:16:15.0338 2692 i8042prt - ok
21:16:15.0728 2692 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:16:15.0791 2692 iaStorV - ok
21:16:15.0993 2692 ICQ Service (7a95a3ad931b97fec5067e40636ce37f) C:\Program Files\ICQ6Toolbar\ICQ Service.exe
21:16:16.0025 2692 ICQ Service - ok
21:16:17.0273 2692 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:16:17.0351 2692 idsvc - ok
21:16:19.0659 2692 igfx (0391268713612372e4e0eceaadad41d5) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:16:19.0815 2692 igfx - ok
21:16:20.0143 2692 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:16:20.0159 2692 iirsp - ok
21:16:20.0361 2692 IKEEXT (68e8c415e102e5d79fd7e4a765b8cba4) C:\Windows\System32\ikeext.dll
21:16:20.0424 2692 IKEEXT - ok
21:16:20.0471 2692 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
21:16:20.0486 2692 IntcHdmiAddService - ok
21:16:20.0502 2692 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
21:16:20.0517 2692 intelide - ok
21:16:20.0549 2692 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:16:20.0595 2692 intelppm - ok
21:16:20.0658 2692 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:16:20.0705 2692 IPBusEnum - ok
21:16:20.0783 2692 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:16:20.0814 2692 IpFilterDriver - ok
21:16:20.0923 2692 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
21:16:20.0939 2692 iphlpsvc - ok
21:16:20.0939 2692 IpInIp - ok
21:16:20.0970 2692 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:16:21.0017 2692 IPMIDRV - ok
21:16:21.0032 2692 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:16:21.0079 2692 IPNAT - ok
21:16:21.0126 2692 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:16:21.0173 2692 IRENUM - ok
21:16:21.0219 2692 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:16:21.0235 2692 isapnp - ok
21:16:21.0266 2692 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
21:16:21.0282 2692 iScsiPrt - ok
21:16:21.0297 2692 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:16:21.0313 2692 iteatapi - ok
21:16:21.0329 2692 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:16:21.0344 2692 iteraid - ok
21:16:21.0360 2692 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:16:21.0375 2692 kbdclass - ok
21:16:21.0391 2692 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
21:16:21.0422 2692 kbdhid - ok
21:16:21.0453 2692 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
21:16:21.0485 2692 KeyIso - ok
21:16:21.0516 2692 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
21:16:21.0547 2692 KMWDFILTER - ok
21:16:21.0703 2692 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
21:16:21.0734 2692 KSecDD - ok
21:16:21.0797 2692 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:16:21.0875 2692 KtmRm - ok
21:16:22.0015 2692 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll
21:16:22.0031 2692 LanmanServer - ok
21:16:22.0062 2692 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
21:16:22.0109 2692 LanmanWorkstation - ok
21:16:22.0202 2692 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:16:22.0202 2692 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:16:22.0202 2692 LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:16:22.0233 2692 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:16:22.0280 2692 lltdio - ok
21:16:22.0467 2692 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:16:22.0530 2692 lltdsvc - ok
21:16:22.0545 2692 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:16:22.0608 2692 lmhosts - ok
21:16:22.0639 2692 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:16:22.0655 2692 LSI_FC - ok
21:16:22.0670 2692 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:16:22.0686 2692 LSI_SAS - ok
21:16:22.0717 2692 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:16:22.0733 2692 LSI_SCSI - ok
21:16:22.0748 2692 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:16:22.0779 2692 luafv - ok
21:16:22.0842 2692 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
21:16:22.0857 2692 Mcx2Svc - ok
21:16:22.0873 2692 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:16:22.0889 2692 megasas - ok
21:16:23.0045 2692 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:16:23.0107 2692 MegaSR - ok
21:16:23.0138 2692 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:16:23.0185 2692 MMCSS - ok
21:16:23.0216 2692 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:16:23.0263 2692 Modem - ok
21:16:23.0341 2692 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:16:23.0388 2692 monitor - ok
21:16:23.0419 2692 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:16:23.0435 2692 mouclass - ok
21:16:23.0450 2692 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:16:23.0513 2692 mouhid - ok
21:16:23.0544 2692 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:16:23.0559 2692 MountMgr - ok
21:16:23.0669 2692 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
21:16:23.0700 2692 MpFilter - ok
21:16:23.0747 2692 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:16:23.0762 2692 mpio - ok
21:16:23.0778 2692 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:16:23.0825 2692 mpsdrv - ok
21:16:24.0027 2692 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
21:16:24.0105 2692 MpsSvc - ok
21:16:24.0152 2692 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:16:24.0168 2692 Mraid35x - ok
21:16:24.0199 2692 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
21:16:24.0215 2692 MRxDAV - ok
21:16:24.0339 2692 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:16:24.0371 2692 mrxsmb - ok
21:16:24.0449 2692 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:16:24.0480 2692 mrxsmb10 - ok
21:16:24.0589 2692 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:16:24.0605 2692 mrxsmb20 - ok
21:16:24.0651 2692 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
21:16:24.0667 2692 msahci - ok
21:16:24.0729 2692 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:16:24.0745 2692 msdsm - ok
21:16:24.0776 2692 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:16:24.0823 2692 MSDTC - ok
21:16:24.0885 2692 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:16:24.0932 2692 Msfs - ok
21:16:24.0979 2692 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:16:24.0995 2692 msisadrv - ok
21:16:25.0151 2692 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:16:25.0197 2692 MSiSCSI - ok
21:16:25.0213 2692 msiserver - ok
21:16:25.0244 2692 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:16:25.0275 2692 MSKSSRV - ok
21:16:25.0353 2692 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:16:25.0369 2692 MsMpSvc - ok
21:16:25.0416 2692 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:16:25.0463 2692 MSPCLOCK - ok
21:16:25.0509 2692 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:16:25.0541 2692 MSPQM - ok
21:16:25.0697 2692 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
21:16:25.0759 2692 MsRPC - ok
21:16:25.0790 2692 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:16:25.0806 2692 mssmbios - ok
21:16:25.0837 2692 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:16:25.0884 2692 MSTEE - ok
21:16:25.0946 2692 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
21:16:25.0962 2692 Mup - ok
21:16:26.0165 2692 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
21:16:26.0227 2692 napagent - ok
21:16:26.0274 2692 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
21:16:26.0305 2692 NativeWifiP - ok
21:16:26.0367 2692 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
21:16:26.0430 2692 NDIS - ok
21:16:26.0461 2692 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:16:26.0492 2692 NdisTapi - ok
21:16:26.0555 2692 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:16:26.0617 2692 Ndisuio - ok
21:16:26.0664 2692 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
21:16:26.0695 2692 NdisWan - ok
21:16:26.0757 2692 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:16:26.0789 2692 NDProxy - ok
21:16:26.0867 2692 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:16:26.0898 2692 NetBIOS - ok
21:16:27.0085 2692 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
21:16:27.0132 2692 netbt - ok
21:16:27.0210 2692 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
21:16:27.0225 2692 Netlogon - ok
21:16:27.0506 2692 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:16:27.0553 2692 Netman - ok
21:16:27.0818 2692 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:16:27.0865 2692 netprofm - ok
21:16:27.0927 2692 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:16:27.0943 2692 NetTcpPortSharing - ok
21:16:29.0394 2692 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
21:16:29.0565 2692 NETw3v32 - ok
21:16:31.0172 2692 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:16:31.0235 2692 nfrd960 - ok
21:16:31.0375 2692 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:16:31.0391 2692 NisDrv - ok
21:16:31.0921 2692 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
21:16:32.0015 2692 NisSrv - ok
21:16:32.0202 2692 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:16:32.0264 2692 NlaSvc - ok
21:16:32.0295 2692 nmwcd (28e36e677849174c910faaead3e60e9e) C:\Windows\system32\drivers\ccdcmb.sys
21:16:32.0342 2692 nmwcd - ok
21:16:32.0373 2692 nmwcdc (3823deb17f9f6775de0187a98fa0536d) C:\Windows\system32\drivers\ccdcmbo.sys
21:16:32.0405 2692 nmwcdc - ok
21:16:32.0420 2692 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
21:16:32.0451 2692 Npfs - ok
21:16:32.0483 2692 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:16:32.0514 2692 nsi - ok
21:16:32.0529 2692 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:16:32.0561 2692 nsiproxy - ok
21:16:33.0497 2692 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
21:16:33.0606 2692 Ntfs - ok
21:16:33.0684 2692 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:16:33.0746 2692 ntrigdigi - ok
21:16:33.0762 2692 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:16:33.0809 2692 Null - ok
21:16:33.0824 2692 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:16:33.0840 2692 nvraid - ok
21:16:33.0871 2692 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:16:33.0871 2692 nvstor - ok
21:16:33.0902 2692 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:16:33.0918 2692 nv_agp - ok
21:16:33.0918 2692 NwlnkFlt - ok
21:16:33.0918 2692 NwlnkFwd - ok
21:16:33.0949 2692 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
21:16:33.0996 2692 ohci1394 - ok
21:16:34.0355 2692 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:16:34.0401 2692 ose - ok
21:16:34.0495 2692 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
21:16:34.0573 2692 p2pimsvc - ok
21:16:34.0589 2692 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
21:16:34.0651 2692 p2psvc - ok
21:16:34.0760 2692 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:16:34.0869 2692 Parport - ok
21:16:34.0916 2692 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
21:16:34.0932 2692 partmgr - ok
21:16:34.0963 2692 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:16:35.0025 2692 Parvdm - ok
21:16:35.0057 2692 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:16:35.0072 2692 PcaSvc - ok
21:16:35.0103 2692 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
21:16:35.0119 2692 pci - ok
21:16:35.0135 2692 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
21:16:35.0150 2692 pciide - ok
21:16:35.0369 2692 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:16:35.0400 2692 pcmcia - ok
21:16:35.0493 2692 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:16:35.0618 2692 PEAUTH - ok
21:16:35.0961 2692 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:16:36.0071 2692 pla - ok
21:16:36.0461 2692 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
21:16:36.0507 2692 PlugPlay - ok
21:16:37.0085 2692 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
21:16:37.0116 2692 PNRPAutoReg - ok
21:16:37.0131 2692 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
21:16:37.0194 2692 PNRPsvc - ok
21:16:37.0771 2692 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
21:16:37.0849 2692 PolicyAgent - ok
21:16:38.0239 2692 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:16:38.0286 2692 PptpMiniport - ok
21:16:38.0317 2692 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:16:38.0333 2692 Processor - ok
21:16:38.0598 2692 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
21:16:38.0629 2692 ProfSvc - ok
21:16:38.0691 2692 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
21:16:38.0707 2692 ProtectedStorage - ok
21:16:38.0832 2692 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
21:16:38.0847 2692 PSched - ok
21:16:39.0144 2692 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:16:39.0206 2692 ql2300 - ok
21:16:39.0393 2692 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:16:39.0440 2692 ql40xx - ok
21:16:39.0487 2692 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:16:39.0534 2692 QWAVE - ok
21:16:39.0549 2692 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:16:39.0565 2692 QWAVEdrv - ok
21:16:39.0581 2692 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:16:39.0612 2692 RasAcd - ok
21:16:39.0627 2692 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:16:39.0674 2692 RasAuto - ok
21:16:39.0721 2692 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:16:39.0752 2692 Rasl2tp - ok
21:16:39.0955 2692 RasMan (afb474438762f0418060653f7294d92c) C:\Windows\System32\rasmans.dll
21:16:40.0002 2692 RasMan - ok
21:16:40.0033 2692 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
21:16:40.0049 2692 RasPppoe - ok
21:16:40.0127 2692 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
21:16:40.0158 2692 RasSstp - ok
21:16:40.0298 2692 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
21:16:40.0345 2692 rdbss - ok
21:16:40.0361 2692 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:16:40.0392 2692 RDPCDD - ok
21:16:40.0563 2692 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:16:40.0626 2692 rdpdr - ok
21:16:40.0657 2692 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:16:40.0673 2692 RDPENCDD - ok
21:16:40.0719 2692 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
21:16:40.0751 2692 RDPWD - ok
21:16:41.0125 2692 Recovery Service for Windows (2063d6b51fd874e67502b31a9fdba685) C:\Program Files\SMINST\BLService.exe
21:16:41.0203 2692 Recovery Service for Windows - ok
21:16:41.0250 2692 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:16:41.0297 2692 RemoteAccess - ok
21:16:41.0375 2692 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
21:16:41.0437 2692 RemoteRegistry - ok
21:16:41.0624 2692 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files\CyberLink\Shared files\RichVideo.exe
21:16:41.0655 2692 RichVideo - ok
21:16:41.0687 2692 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:16:41.0702 2692 RpcLocator - ok
21:16:42.0030 2692 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
21:16:42.0077 2692 RpcSs - ok
21:16:42.0139 2692 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:16:42.0170 2692 rspndr - ok
21:16:42.0233 2692 RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:16:42.0279 2692 RTL8169 - ok
21:16:42.0326 2692 RTSTOR (2b7da5a2d2c4aae01098d910007edac5) C:\Windows\system32\drivers\RTSTOR.SYS
21:16:42.0357 2692 RTSTOR - ok
21:16:42.0373 2692 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
21:16:42.0389 2692 SamSs - ok
21:16:42.0451 2692 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:16:42.0467 2692 sbp2port - ok
21:16:42.0498 2692 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
21:16:42.0529 2692 SCardSvr - ok
21:16:42.0997 2692 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
21:16:43.0075 2692 Schedule - ok
21:16:43.0091 2692 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
21:16:43.0122 2692 SCPolicySvc - ok
21:16:43.0231 2692 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
21:16:43.0262 2692 sdbus - ok
21:16:43.0434 2692 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:16:43.0512 2692 SDRSVC - ok
21:16:43.0527 2692 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:16:43.0590 2692 secdrv - ok
21:16:43.0683 2692 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:16:43.0715 2692 seclogon - ok
21:16:43.0855 2692 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
21:16:43.0902 2692 SENS - ok
21:16:43.0917 2692 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:16:44.0011 2692 Serenum - ok
21:16:44.0229 2692 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:16:44.0339 2692 Serial - ok
21:16:44.0417 2692 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:16:44.0463 2692 sermouse - ok
21:16:44.0869 2692 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:16:44.0931 2692 SessionEnv - ok
21:16:45.0041 2692 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:16:45.0072 2692 sffdisk - ok
21:16:45.0119 2692 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:16:45.0165 2692 sffp_mmc - ok
21:16:45.0212 2692 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:16:45.0259 2692 sffp_sd - ok
21:16:45.0321 2692 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:16:45.0384 2692 sfloppy - ok
21:16:46.0148 2692 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
21:16:46.0211 2692 SharedAccess - ok
21:16:46.0382 2692 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
21:16:46.0445 2692 ShellHWDetection - ok
21:16:46.0460 2692 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:16:46.0476 2692 sisagp - ok
21:16:46.0569 2692 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:16:46.0616 2692 SiSRaid2 - ok
21:16:46.0632 2692 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:16:46.0647 2692 SiSRaid4 - ok
21:16:48.0972 2692 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
21:16:49.0143 2692 slsvc - ok
21:16:49.0377 2692 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
21:16:49.0440 2692 SLUINotify - ok
21:16:49.0549 2692 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
21:16:49.0580 2692 Smb - ok
21:16:49.0643 2692 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:16:49.0689 2692 SNMPTRAP - ok
21:16:49.0705 2692 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:16:49.0721 2692 spldr - ok
21:16:49.0908 2692 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
21:16:49.0970 2692 Spooler - ok
21:16:50.0267 2692 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
21:16:50.0313 2692 srv - ok
21:16:50.0516 2692 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
21:16:50.0547 2692 srv2 - ok
21:16:50.0719 2692 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
21:16:50.0750 2692 srvnet - ok
21:16:50.0781 2692 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:16:50.0828 2692 SSDPSRV - ok
21:16:50.0875 2692 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:16:50.0906 2692 SstpSvc - ok
21:16:51.0374 2692 STacSV (b56ee2666f0b6019b6206fb3664baf03) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe
21:16:51.0405 2692 STacSV - ok
21:16:51.0483 2692 STHDA (5d09e4934bc269c93ebe7c96e34aa8ee) C:\Windows\system32\DRIVERS\stwrt.sys
21:16:51.0515 2692 STHDA - ok
21:16:51.0951 2692 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
21:16:52.0029 2692 stisvc - ok
21:16:52.0076 2692 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:16:52.0092 2692 swenum - ok
21:16:52.0529 2692 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
21:16:52.0716 2692 swprv - ok
21:16:52.0825 2692 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:16:52.0825 2692 Symc8xx - ok
21:16:52.0934 2692 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:16:52.0950 2692 Sym_hi - ok
21:16:53.0028 2692 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:16:53.0043 2692 Sym_u3 - ok
21:16:53.0309 2692 SynTP (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
21:16:53.0324 2692 SynTP - ok
21:16:53.0574 2692 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
21:16:53.0636 2692 SysMain - ok
21:16:53.0667 2692 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:16:53.0699 2692 TabletInputService - ok
21:16:53.0995 2692 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
21:16:54.0073 2692 TapiSrv - ok
21:16:54.0213 2692 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:16:54.0276 2692 TBS - ok
21:16:58.0082 2692 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
21:16:58.0613 2692 Tcpip - ok
21:16:58.0628 2692 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
21:16:58.0722 2692 Tcpip6 - ok
21:16:58.0753 2692 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
21:16:58.0784 2692 tcpipreg - ok
21:16:58.0847 2692 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:16:58.0893 2692 TDPIPE - ok
21:16:58.0909 2692 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:16:58.0956 2692 TDTCP - ok
21:16:59.0205 2692 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
21:16:59.0252 2692 tdx - ok
21:16:59.0361 2692 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
21:16:59.0361 2692 TermDD - ok
21:16:59.0814 2692 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
21:16:59.0907 2692 TermService - ok
21:16:59.0970 2692 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
21:16:59.0985 2692 Themes - ok
21:17:00.0063 2692 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:17:00.0095 2692 THREADORDER - ok
21:17:00.0204 2692 TomTomHOMEService (fbd16717fd68b206c4ce3bb3c9ee5cb3) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
21:17:00.0219 2692 TomTomHOMEService - ok
21:17:00.0251 2692 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:17:00.0297 2692 TrkWks - ok
21:17:00.0344 2692 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
21:17:00.0375 2692 TrustedInstaller - ok
21:17:00.0407 2692 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:17:00.0438 2692 tssecsrv - ok
21:17:00.0453 2692 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:17:00.0485 2692 tunmp - ok
21:17:00.0531 2692 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
21:17:00.0547 2692 tunnel - ok
21:17:00.0578 2692 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:17:00.0594 2692 uagp35 - ok
21:17:00.0625 2692 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
21:17:00.0672 2692 udfs - ok
21:17:00.0719 2692 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:17:00.0765 2692 UI0Detect - ok
21:17:00.0781 2692 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:17:00.0797 2692 uliagpkx - ok
21:17:00.0843 2692 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:17:00.0859 2692 uliahci - ok
21:17:00.0875 2692 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:17:00.0890 2692 UlSata - ok
21:17:00.0906 2692 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:17:00.0921 2692 ulsata2 - ok
21:17:00.0921 2692 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:17:00.0953 2692 umbus - ok
21:17:00.0999 2692 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:17:01.0031 2692 upnphost - ok
21:17:01.0062 2692 upperdev (b1b8bee26227dad9835019201552cb05) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
21:17:01.0093 2692 upperdev - ok
21:17:01.0124 2692 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:17:01.0155 2692 usbccgp - ok
21:17:01.0187 2692 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:17:01.0233 2692 usbcir - ok
21:17:01.0265 2692 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
21:17:01.0280 2692 usbehci - ok
21:17:01.0311 2692 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
21:17:01.0343 2692 usbhub - ok
21:17:01.0358 2692 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:17:01.0405 2692 usbohci - ok
21:17:01.0483 2692 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:17:01.0514 2692 usbprint - ok
21:17:01.0592 2692 usbser (a96191470581a7091420d25ecd444502) C:\Windows\system32\DRIVERS\usbser.sys
21:17:01.0608 2692 usbser - ok
21:17:01.0639 2692 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:17:01.0670 2692 USBSTOR - ok
21:17:01.0733 2692 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:17:01.0764 2692 usbuhci - ok
21:17:01.0795 2692 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:17:01.0842 2692 usbvideo - ok
21:17:02.0045 2692 usnjsvc (c5b70a6aa947667ce0e5fc84a05ec8b6) C:\Program Files\MSN Messenger\usnsvc.exe
21:17:02.0076 2692 usnjsvc - ok
21:17:02.0091 2692 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
21:17:02.0138 2692 UxSms - ok
21:17:02.0185 2692 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
21:17:02.0247 2692 vds - ok
21:17:02.0372 2692 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:17:02.0419 2692 vga - ok
21:17:02.0435 2692 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:17:02.0466 2692 VgaSave - ok
21:17:02.0559 2692 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:17:02.0591 2692 viaagp - ok
21:17:02.0637 2692 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:17:02.0669 2692 ViaC7 - ok
21:17:02.0731 2692 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
21:17:02.0747 2692 viaide - ok
21:17:02.0762 2692 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:17:02.0778 2692 volmgr - ok
21:17:02.0918 2692 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
21:17:02.0949 2692 volmgrx - ok
21:17:02.0996 2692 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
21:17:03.0027 2692 volsnap - ok
21:17:03.0043 2692 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:17:03.0059 2692 vsmraid - ok
21:17:07.0317 2692 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
21:17:07.0458 2692 VSS - ok
21:17:07.0692 2692 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
21:17:07.0739 2692 W32Time - ok
21:17:08.0378 2692 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:17:08.0487 2692 WacomPen - ok
21:17:08.0628 2692 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:17:08.0659 2692 Wanarp - ok
21:17:08.0675 2692 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:17:08.0706 2692 Wanarpv6 - ok
21:17:08.0831 2692 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
21:17:08.0877 2692 wcncsvc - ok
21:17:09.0018 2692 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:17:09.0080 2692 WcsPlugInService - ok
21:17:09.0111 2692 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:17:09.0127 2692 Wd - ok
21:17:11.0779 2692 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:17:11.0857 2692 Wdf01000 - ok
21:17:11.0888 2692 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:17:11.0935 2692 WdiServiceHost - ok
21:17:11.0935 2692 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:17:11.0966 2692 WdiSystemHost - ok
21:17:12.0777 2692 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
21:17:12.0809 2692 WebClient - ok
21:17:12.0918 2692 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
21:17:12.0980 2692 Wecsvc - ok
21:17:13.0011 2692 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:17:13.0043 2692 wercplsupport - ok
21:17:14.0103 2692 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
21:17:14.0166 2692 WerSvc - ok
21:17:15.0773 2692 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
21:17:15.0804 2692 WinDefend - ok
21:17:15.0819 2692 WinHttpAutoProxySvc - ok
21:17:16.0771 2692 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
21:17:16.0833 2692 Winmgmt - ok
21:17:18.0815 2692 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
21:17:18.0924 2692 WinRM - ok
21:17:19.0844 2692 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
21:17:19.0891 2692 Wlansvc - ok
21:17:19.0953 2692 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:17:19.0985 2692 WmiAcpi - ok
21:17:20.0609 2692 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
21:17:20.0687 2692 wmiApSrv - ok
21:17:20.0983 2692 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:17:21.0233 2692 WMPNetworkSvc - ok
21:17:21.0685 2692 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
21:17:21.0747 2692 WPCSvc - ok
21:17:21.0779 2692 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
21:17:21.0825 2692 WPDBusEnum - ok
21:17:21.0903 2692 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
21:17:21.0935 2692 WpdUsb - ok
21:17:22.0949 2692 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:17:22.0995 2692 WPFFontCache_v0400 - ok
21:17:23.0058 2692 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:17:23.0151 2692 ws2ifsl - ok
21:17:23.0292 2692 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
21:17:23.0339 2692 wscsvc - ok
21:17:23.0339 2692 WSearch - ok
21:17:24.0961 2692 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
21:17:25.0070 2692 wuauserv - ok
21:17:26.0022 2692 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:17:26.0069 2692 WUDFRd - ok
21:17:26.0334 2692 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:17:26.0459 2692 wudfsvc - ok
21:17:26.0927 2692 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
21:17:27.0005 2692 yukonwlh - ok
21:17:27.0051 2692 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
21:17:29.0001 2692 \Device\Harddisk0\DR0 - ok
21:17:29.0017 2692 Boot (0x1200) (7fcb1ab01eae16051b5983495b041fd5) \Device\Harddisk0\DR0\Partition0
21:17:29.0017 2692 \Device\Harddisk0\DR0\Partition0 - ok
21:17:29.0033 2692 Boot (0x1200) (c33d94aff8896ebc856a1f9ddf84cafd) \Device\Harddisk0\DR0\Partition1
21:17:29.0048 2692 \Device\Harddisk0\DR0\Partition1 - ok
21:17:29.0048 2692 ============================================================
21:17:29.0048 2692 Scan finished
21:17:29.0048 2692 ============================================================
21:17:29.0064 1416 Detected object count: 4
21:17:29.0064 1416 Actual detected object count: 4
21:17:36.0489 1416 ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:17:36.0489 1416 ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:17:36.0489 1416 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:17:36.0489 1416 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:17:36.0489 1416 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
21:17:36.0489 1416 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:17:36.0489 1416 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:17:36.0489 1416 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
08.06.2012, 20:37
| #25 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.06.2012, 15:57
| #26 |
| | GVU Trojaner Hallo Arne, die txt-datei hat folgenden Inhalt: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-06-09.01 - Frank 09.06.2012 16:28:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2974.1946 [GMT 2:00]
ausgeführt von:: c:\users\Frank\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-09 bis 2012-06-09 ))))))))))))))))))))))))))))))
.
.
2012-06-08 19:26 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D184237-6487-4001-BE3C-F6E726904A64}\mpengine.dll
2012-06-08 19:12 . 2012-06-08 19:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-07 17:05 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-06 11:11 . 2012-06-06 11:13 -------- d-----w- c:\users\Frank\AppData\Roaming\MAXQDA10
2012-06-06 11:03 . 2012-06-06 11:03 -------- d-----w- c:\programdata\MAXQDA10
2012-06-06 11:03 . 2012-06-06 11:03 -------- d-----w- c:\program files\MAXQDA10
2012-05-31 10:52 . 2012-05-31 10:52 -------- d-----w- c:\program files\ESET
2012-05-30 16:34 . 2012-05-31 10:38 -------- d-----w- C:\_OTL
2012-05-30 13:19 . 2012-05-30 13:19 -------- d-----w- c:\users\Frank\AppData\Roaming\Malwarebytes
2012-05-30 13:19 . 2012-05-30 13:19 -------- d-----w- c:\programdata\Malwarebytes
2012-05-30 13:19 . 2012-05-30 13:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-30 13:19 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-26 10:38 . 2012-06-07 16:13 -------- d-----w- c:\program files\Application Updater
2012-05-26 10:38 . 2012-05-26 10:38 -------- d-----w- c:\program files\pdfforge Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 18:44 . 2011-04-27 13:25 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2011-04-18 11:18 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 847872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-14 39408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-20 483420]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-23 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-12-24 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 167936]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1106944]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe [2009-01-20 81920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-14 07:40]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-14 07:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube Download - c:\users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to DVD Converter - c:\users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm
IE: Free YouTube to Mp3 Converter - c:\users\Frank\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-EA Download Manager - c:\program files\Electronic Arts\EADM\EADMUninstall.exe
AddRemove-Gutscheinmieze - Toolbar - c:\users\Frank\AppData\Roaming\Gutscheinmieze\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-09 16:42
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:d8,1a,76,ee,e2,31,21,6c,35,4e,ff,fd,53,e9,28,b7,d1,2e,4b,82,e5,fd,ee,
1d,ea,e9,5e,c4,2b,e7,8c,18,d7,07,e4,b0,6a,d3,a9,5f,cd,39,6a,c8,25,32,64,4f,\
"??"=hex:b0,a5,f7,a4,21,cc,57,3b,74,d1,94,eb,73,e6,5e,ae
.
[HKEY_USERS\S-1-5-21-3814763510-1578603517-3037745957-1000\Software\SecuROM\License information*]
"datasecu"=hex:fa,85,c6,57,22,5e,be,1f,11,a5,b7,88,46,1c,7a,59,a8,1e,de,78,a3,
a0,26,30,45,03,cc,af,95,4b,85,40,ef,a4,97,fd,7d,9a,68,47,21,f1,61,ae,b5,db,\
"rkeysecu"=hex:49,79,dc,09,f4,93,83,77,c5,0d,8c,39,21,4c,17,05
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\SMINST\BLService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\ehome\mcupdate.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-09 16:50:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-09 14:50
.
Vor Suchlauf: 12 Verzeichnis(se), 94.349.778.944 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 93.853.327.360 Bytes frei
.
- - End Of File - - 44174251ED5A67BC9642D7421200639B
Gruß Gustav |
|
10.06.2012, 00:17
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.06.2012, 20:39
| #28 |
| | GVU Trojaner Hallo Arne, dies ist das log von GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-11 19:32:47
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MJA2250BH_G2 rev.8919
Running: mkp7dqod.exe; Driver: C:\Users\Frank\AppData\Local\Temp\uglyypoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0xABF32480, 0x306DD, 0xE0000060]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- Files - GMER 1.0.15 ----
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\partner_revolvermaenner.png 4569 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\banner_de_download.jpg 80132 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\default.css 5984 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\logo-bertelsmann.png 6396 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\logo-bild.png 1341 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\logo-bildung.png 23031 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\logo-huerriyet.png 2800 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\logo-roland-berger.png 4476 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\partner-vz.jpg 3252 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\partner_gmx.png 2097 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\partner_meinestadtde.png 3400 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\partner_shareifyoulike.png 2694 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\partner_tns.png 1780 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\partner_web-de.png 4013 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\piwik.gif 43 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\reset.css 3864 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\social_facebook.png 2978 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\social_twitter.png 3227 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\social_vz.png 1118 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\social_youtube.png 3961 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-familie-de.png 3480 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-flirt-fever.jpg 3057 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-leo.png 1017 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-lsr.png 2847 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-pauldirekt.png 2914 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-preuss.png 3635 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-spin.png 2307 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-unicum.png 1999 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-wggesucht.jpg 11844 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\Stereotype Lehrererwartungen als Ursache für den geringeren Bildungserfolg von Kindern mit Migrationshintergrund\Quellen\Bildung2011\Deutschland will's wissen - die grosse Bürgerbefragung zum Thema Bildung-Dateien\supporter-yopi.png 2541 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\LLF-Seminararbeit\Determinanten des mathematischen Vorwissens Jugendlicher\Internetquellen\Statistisches Bundesamt2011b\Statistisches Bundesamt Deutschland - Anhaltend hohes Bildungsniveau der Bevölkerung-Dateien\decorations_internet.css 17632 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\LLF-Seminararbeit\Determinanten des mathematischen Vorwissens Jugendlicher\Internetquellen\Statistisches Bundesamt2011b\Statistisches Bundesamt Deutschland - Anhaltend hohes Bildungsniveau der Bevölkerung-Dateien\destatis-logo.gif 1405 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\LLF-Seminararbeit\Determinanten des mathematischen Vorwissens Jugendlicher\Internetquellen\Statistisches Bundesamt2011b\Statistisches Bundesamt Deutschland - Anhaltend hohes Bildungsniveau der Bevölkerung-Dateien\destatis-wortmarke.gif 816 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\LLF-Seminararbeit\Determinanten des mathematischen Vorwissens Jugendlicher\Internetquellen\Statistisches Bundesamt2011b\Statistisches Bundesamt Deutschland - Anhaltend hohes Bildungsniveau der Bevölkerung-Dateien\print.css 1757 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\LLF-Seminararbeit\Determinanten des mathematischen Vorwissens Jugendlicher\Internetquellen\Statistisches Bundesamt2011b\Statistisches Bundesamt Deutschland - Anhaltend hohes Bildungsniveau der Bevölkerung-Dateien\run_search_internet.gif 190 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\LLF-Seminararbeit\Determinanten des mathematischen Vorwissens Jugendlicher\Internetquellen\Statistisches Bundesamt2011b\Statistisches Bundesamt Deutschland - Anhaltend hohes Bildungsniveau der Bevölkerung-Dateien\screen_internet.css 6370 bytes
File C:\Users\Frank\Documents\Uni Bamberg\Master\LLF-Seminararbeit\Determinanten des mathematischen Vorwissens Jugendlicher\Internetquellen\Statistisches Bundesamt2011b\Statistisches Bundesamt Deutschland - Anhaltend hohes Bildungsniveau der Bevölkerung-Dateien\styles_internet.css 58086 bytes
---- EOF - GMER 1.0.15 ----
Das log von OSAM lautet wie folgt: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:37:13 on 11.06.2012 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "ModemOptions" - "Nokia" - C:\Program Files\Nokia\Nokia Modem Options\ModemOptions.cpl "NokiaConnectionManager" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 6\ConnectionManager.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "uglyypoc" (uglyypoc) - ? - C:\Users\Frank\AppData\Local\Temp\uglyypoc.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} "vsharechrome" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MICROS~4\shellext.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Program Files\Sminst\ShellvRTF.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {9C23D886-43CB-43DE-B2DB-112A68D7E10A} "MySpace Uploader Control" - "MySpace" - C:\Windows\Downloaded Program Files\MySpaceUploader2.ocx / hxxp://lads.myspace.com/upload/MySpaceUploader2.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Plugin Control" - "Apple Inc." - C:\Program Files\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash11e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "HPAdvisor" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN "LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden "PcSync" - "Time Information Services Ltd." - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "TomTomHOME.exe" - "TomTom" - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "DataLayer" - "Nokia Mobile Phones Ltd." - C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe "HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe "HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe "MSC" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "NeroFilterCheck" - "Ahead Software Gmbh" - C:\Windows\system32\NeroCheck.exe "PCSuiteTrayApplication" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray "QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start "QPService" - "CyberLink Corp." - "C:\Program Files\HP\QuickPlay\QPService.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" "UpdateLBPShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" "UpdateP2GoShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" "UpdatePDIRShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" "UpdatePSTShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" "WirelessAssistant" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "PCL hpz3l4v2" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l4v2.dll "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\NisSrv.exe "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe "Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll "GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe "ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\MsMpEng.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Recovery Service for Windows" (Recovery Service for Windows) - ? - C:\Program Files\SMINST\BLService.exe "TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] Und die aswMBR.txt-Datei: Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-11 19:39:06
-----------------------------
19:39:06.736 OS Version: Windows 6.0.6001 Service Pack 1
19:39:06.736 Number of processors: 2 586 0x170A
19:39:06.736 ComputerName: FRANK-LAPTOP UserName: Frank
19:39:08.764 Initialize success
19:40:39.795 AVAST engine defs: 12061100
19:40:57.080 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:40:57.111 Disk 0 Vendor: FUJITSU_MJA2250BH_G2 8919 Size: 238475MB BusType: 3
19:40:57.423 Disk 0 MBR read successfully
19:40:57.439 Disk 0 MBR scan
19:40:57.439 Disk 0 unknown MBR code
19:40:57.485 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 227753 MB offset 2048
19:40:57.579 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10718 MB offset 466440192
19:40:57.704 Disk 0 scanning sectors +488390656
19:40:58.312 Disk 0 scanning C:\Windows\system32\drivers
19:42:58.120 Service scanning
19:43:31.957 Modules scanning
19:45:25.681 Disk 0 trace - called modules:
19:45:25.759 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
19:45:26.273 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cb72e8]
19:45:26.273 3 CLASSPNP.SYS[82605745] -> nt!IofCallDriver -> [0x85aae918]
19:45:26.273 5 acpi.sys[806986a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85a99ba0]
19:45:27.521 AVAST engine scan C:\Windows
19:46:05.929 AVAST engine scan C:\Windows\system32
19:56:44.780 AVAST engine scan C:\Windows\system32\drivers
19:59:58.438 AVAST engine scan C:\Users\Frank
20:34:33.160 AVAST engine scan C:\ProgramData
21:22:04.138 Scan finished successfully
21:34:43.967 Disk 0 MBR has been saved successfully to "C:\Users\Frank\Desktop\MBR.dat"
21:34:43.967 The log file has been saved successfully to "C:\Users\Frank\Desktop\aswMBR.txt"
Gustav |
|
11.06.2012, 21:35
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.06.2012, 10:17
| #30 |
| | GVU Trojaner Hallo Arne, habe MBR gefixt. Hier ist das neue Log: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-12 09:54:24
-----------------------------
09:54:24.148 OS Version: Windows 6.0.6001 Service Pack 1
09:54:24.148 Number of processors: 2 586 0x170A
09:54:24.148 ComputerName: FRANK-LAPTOP UserName: Frank
09:54:25.911 Initialize success
09:54:31.012 AVAST engine defs: 12061100
09:54:33.867 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:54:33.867 Disk 0 Vendor: FUJITSU_MJA2250BH_G2 8919 Size: 238475MB BusType: 3
09:54:33.898 Disk 0 MBR read successfully
09:54:33.898 Disk 0 MBR scan
09:54:33.914 Disk 0 Windows VISTA default MBR code
09:54:33.914 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 227753 MB offset 2048
09:54:33.961 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10718 MB offset 466440192
09:54:33.976 Disk 0 scanning sectors +488390656
09:54:34.039 Disk 0 scanning C:\Windows\system32\drivers
09:54:52.353 Service scanning
09:55:28.310 Modules scanning
09:56:03.005 Disk 0 trace - called modules:
09:56:03.036 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
09:56:03.551 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cdb930]
09:56:03.551 3 CLASSPNP.SYS[805ce745] -> nt!IofCallDriver -> [0x85ab0918]
09:56:03.551 5 acpi.sys[806936a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85aaaba0]
09:56:04.986 AVAST engine scan C:\Windows
09:56:21.428 AVAST engine scan C:\Windows\system32
10:02:16.391 AVAST engine scan C:\Windows\system32\drivers
10:03:04.361 AVAST engine scan C:\Users\Frank
10:14:41.306 AVAST engine scan C:\ProgramData
10:21:09.372 Scan finished successfully
11:08:40.632 Disk 0 MBR has been saved successfully to "C:\Users\Frank\Desktop\MBR.dat"
11:08:40.647 The log file has been saved successfully to "C:\Users\Frank\Desktop\aswMBR.txt"
|
|
| Themen zu GVU Trojaner |
| 7-zip, autorun, bho, converter, desktop, disabletaskmgr, error, firefox, flash player, format, google, gvu trojaner, home, install.exe, installation, launch, logfile, microsoft office word, microsoft security, mp3, object, pdfforge toolbar, plug-in, realtek, registry, rundll, scan, security, software, sttray.exe, trojane, trojaner, updates, usb, usb 2.0, vista, visual studio, wscript.exe |
Linear-Darstellung
