| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avira findet ständig TR/ATRAPS.Gen2 TR/Sirefef.AG.35Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
20.06.2012, 23:39
| #1 |
| |  Avira findet ständig TR/ATRAPS.Gen2 TR/Sirefef.AG.35 Hallo! Wie es ausschaut, habe ich mir zum ersten Mal ein paar Trojaner eingefangen  . Ich bitte um eure Unterstützung! Ich hoffe, ihr könnt mir da weiterhelfen, ohne dass ich den Rechner neu aufsetzten muss.Ich habe bisher lediglich versucht das Zeug mit Avira zu löschen (hat natürlich nicht funktioniert und die Meldung kommt immer wieder) und dann alle Scans gemacht, die ich lt. dieser Seite als Hilfesuchende laufen lassen soll. Hier sind die log Ausgaben... Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.20.05 Windows Vista x86 NTFS Internet Explorer 8.0.6001.18904 Yyy :: Xxx-Yyy [Administrator] Schutz: Aktiviert 20.06.2012 20:59:06 mbam-log-2012-06-20 (20-59-06).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 222363 Laufzeit: 7 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Yyy\AppData\Local\{5688662e-4c7d-ace4-7703-2c3917704c0a}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\n (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\U\00000001.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\U\80000000.@ (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 20.06.2012 22:01:49 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Yyy\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,26% Memory free 6,19 Gb Paging File | 5,14 Gb Available in Paging File | 82,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,10 Gb Total Space | 45,79 Gb Free Space | 30,92% Space Free | Partition Type: NTFS Drive D: | 73,07 Gb Total Space | 44,10 Gb Free Space | 60,36% Space Free | Partition Type: NTFS Computer Name: Xxx-Yyy | User Name: Yyy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.20 21:49:02 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Yyy\Desktop\OTL.exe PRC - [2012.05.08 21:16:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 21:16:28 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.08 21:16:28 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 21:16:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 21:16:28 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.09.08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2011.07.29 11:30:30 | 000,994,360 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.07.27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe PRC - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe ========== Modules (No Company Name) ========== MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex) SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - [2012.06.19 15:02:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.14 09:03:30 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.08 21:16:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 21:16:28 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.08 21:16:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2011.07.29 11:30:30 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2010.10.02 20:31:14 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2010.07.27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.09.03 17:01:50 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Programme\C&E\OSD\OsdService\OsdService.exe -- (OsdService) SRV - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe -- (FSCLBaseUpdaterService) SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.05.08 21:16:29 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 21:16:29 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.05.03 15:42:30 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2011.01.30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.22 10:06:42 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.03.03 01:20:18 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2008.05.13 22:42:50 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv07.sys -- (acedrv07) DRV - [2008.05.13 22:42:50 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv06.sys -- (acedrv06) DRV - [2008.05.13 22:42:50 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv05.sys -- (acedrv05) DRV - [2008.05.13 22:42:50 | 000,097,280 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv04.sys -- (acedrv04) DRV - [2008.05.13 22:42:50 | 000,097,280 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv03.sys -- (acedrv03) DRV - [2008.05.13 22:42:50 | 000,097,280 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv02.sys -- (acedrv02) DRV - [2008.05.13 22:42:50 | 000,093,696 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv01.sys -- (acedrv01) DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007.09.04 16:20:00 | 000,005,120 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Programme\C&E\OSD\OsdService\cebuffer.sys -- (CEBFilter) DRV - [2007.08.31 16:18:06 | 000,004,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Programme\C&E\OSD\OsdService\ceio.sys -- (CEIO) DRV - [2007.08.31 14:22:26 | 000,007,168 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Programme\C&E\OSD\OsdService\kbfiltr.sys -- (cKBFilter) DRV - [2007.08.13 04:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2007.07.19 01:31:00 | 007,599,776 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2007.06.01 17:10:38 | 000,753,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D) DRV - [2007.04.30 13:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.04.04 05:57:00 | 000,046,592 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2007.04.03 14:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) DRV - [2007.04.03 14:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex) DRV - [2007.04.03 14:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) DRV - [2007.04.03 14:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) DRV - [2007.04.03 14:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm) DRV - [2007.04.03 14:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl) DRV - [2007.04.03 14:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM) DRV - [2007.02.25 06:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.01.30 09:31:52 | 000,210,224 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531) DRV - [2006.11.30 16:14:14 | 000,086,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45obex.sys -- (se45obex) DRV - [2006.11.30 16:14:10 | 000,088,624 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45mgmt.sys -- (se45mgmt) Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM) DRV - [2006.11.30 16:14:04 | 000,097,088 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45mdm.sys -- (se45mdm) DRV - [2006.11.30 16:14:04 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45mdfl.sys -- (se45mdfl) DRV - [2006.11.30 16:13:56 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45bus.sys -- (se45bus) Sony Ericsson Device 069 driver (WDM) DRV - [2006.11.22 18:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.10.18 13:20:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil) DRV - [2004.11.01 10:21:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter) DRV - [2003.07.19 02:44:24 | 000,018,848 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto | Stopped] -- C:\Windows\System32\MLPTDR_N.SYS -- (MLPTDR_N) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\..\SearchScopes\{0C3EE466-DEDE-48CE-8642-871CC13285C1}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms} IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC_deAT274 IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.21 00:49:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.06.04 16:56:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012.06.04 16:56:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.19 15:02:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.19 22:29:46 | 000,000,000 | ---D | M] [2009.03.18 18:59:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yyy\AppData\Roaming\mozilla\Extensions [2012.06.20 20:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yyy\AppData\Roaming\mozilla\Firefox\Profiles\dnzu70z5.default\extensions [2010.07.12 21:00:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Yyy\AppData\Roaming\mozilla\Firefox\Profiles\dnzu70z5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.20 20:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yyy\AppData\Roaming\mozilla\Firefox\Profiles\dnzu70z5.default\extensions\staged [2012.06.19 22:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.04 19:09:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2009.07.13 14:41:31 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} [2012.06.19 22:29:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2009.07.13 14:41:31 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com [2012.06.19 15:02:45 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.04 11:41:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.04 11:41:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.04 11:41:01 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.04 11:41:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.04 11:41:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.04 11:41:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Yyy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Yyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: DealPly = C:\Users\Yyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: Skype Click to Call = C:\Users\Yyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Yyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2010.08.08 22:49:08 | 000,416,711 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 14387 more lines... O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found. O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found. O3 - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3297879213-1466515357-504000937-1001..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKU\S-1-5-21-3297879213-1466515357-504000937-1001..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKU\S-1-5-21-3297879213-1466515357-504000937-1001..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-21-3297879213-1466515357-504000937-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Yyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} Reg Error: Value error. (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F9BFDFE-AB51-4AB8-A3C3-7450B4DC52EB}: NameServer = 194.48.139.254 194.48.124.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33B07121-57B2-451B-837B-967DDE722538}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62DC27A-EEEE-48F2-9E08-316F68CE0912}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1307a9f0-1b95-11dd-804c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1307a9f0-1b95-11dd-804c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe O33 - MountPoints2\{546d1e01-4a2e-11de-ba50-00030d8964ea}\Shell - "" = AutoRun O33 - MountPoints2\{546d1e01-4a2e-11de-ba50-00030d8964ea}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{855f44d4-dd03-11dd-a813-00030d8964ea}\Shell - "" = AutoRun O33 - MountPoints2\{855f44d4-dd03-11dd-a813-00030d8964ea}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{b61f8bd5-da69-11dd-ade5-00030d8964ea}\Shell - "" = AutoRun O33 - MountPoints2\{b61f8bd5-da69-11dd-ade5-00030d8964ea}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{bc853a65-1b9e-11dd-9b88-00030d8964ea}\Shell - "" = AutoRun O33 - MountPoints2\{bc853a65-1b9e-11dd-9b88-00030d8964ea}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{bc853a7d-1b9e-11dd-9b88-00030d8964ea}\Shell - "" = AutoRun O33 - MountPoints2\{bc853a7d-1b9e-11dd-9b88-00030d8964ea}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e9154fcc-da68-11dd-aadd-00030d8964ea}\Shell - "" = AutoRun O33 - MountPoints2\{e9154fcc-da68-11dd-aadd-00030d8964ea}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{ef3dfb8d-2bfc-11e1-a279-00030d8964ea}\Shell - "" = AutoRun O33 - MountPoints2\{ef3dfb8d-2bfc-11e1-a279-00030d8964ea}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.20 21:49:01 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Yyy\Desktop\OTL.exe [2012.06.20 20:56:19 | 000,000,000 | ---D | C] -- C:\Users\Yyy\AppData\Roaming\Malwarebytes [2012.06.20 20:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.20 20:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.20 20:56:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.20 20:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.20 20:44:33 | 000,000,000 | ---D | C] -- C:\Users\Yyy\AppData\Roaming\SUPERAntiSpyware.com [2012.06.20 20:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.06.20 20:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.06.20 20:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.06.20 20:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2012.06.20 20:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com [2012.06.14 09:06:57 | 000,000,000 | ---D | C] -- C:\Users\Yyy\AppData\Local\Macromedia [2012.06.09 13:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\mquadr.at [2012.06.09 13:35:34 | 000,114,688 | ---- | C] (ZTE Corporation) -- C:\Windows\System32\drivers\ZTEusbnet.sys [2012.06.09 13:35:34 | 000,105,856 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys [2012.06.09 13:35:34 | 000,105,856 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys [2012.06.09 13:35:34 | 000,105,856 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys [2012.06.09 13:35:34 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\Windows\System32\drivers\massfilter.sys [2012.06.09 13:34:56 | 000,235,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys [2012.06.09 13:34:56 | 000,194,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys [2012.06.09 13:34:56 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys [2012.06.09 13:34:56 | 000,090,368 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys [2012.06.09 13:34:56 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys [2012.06.09 13:34:56 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys [2012.06.09 13:34:56 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys [2012.06.09 13:34:56 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys [2012.06.09 13:34:56 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys [2012.06.09 13:34:56 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys [2012.06.09 13:34:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7DECD834-973E-4B75-9B37-79105C3EA3B6} [2012.06.09 13:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\bob internet [2012.06.09 13:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bob [2012.06.09 13:33:51 | 000,000,000 | ---D | C] -- C:\Users\Yyy\AppData\Local\PackageAware [2012.06.04 16:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2012.06.04 16:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar [2012.06.04 16:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.06.04 16:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.06.04 16:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer [2012.06.04 16:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations [2012.06.04 16:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations [2012.06.04 16:55:23 | 000,000,000 | ---D | C] -- C:\Users\Yyy\AppData\Roaming\HpUpdate [2012.06.04 16:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012.06.04 16:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2012.06.04 16:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012.06.04 16:53:06 | 000,000,000 | ---D | C] -- C:\Users\Yyy\AppData\Local\HP ========== Files - Modified Within 30 Days ========== [2012.06.20 21:57:08 | 000,041,320 | ---- | M] () -- C:\Users\Yyy\AppData\Roaming\nvModes.001 [2012.06.20 21:56:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.20 21:52:56 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.20 21:52:56 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.20 21:52:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.20 21:49:02 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Yyy\Desktop\OTL.exe [2012.06.20 21:36:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.20 21:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.20 21:15:21 | 000,000,000 | ---- | M] () -- C:\Users\Yyy\defogger_reenable [2012.06.20 20:41:52 | 000,000,905 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012.06.20 17:04:09 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN1691P3Z005QV.job [2012.06.19 22:31:37 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{47C141B7-ACFC-4E6A-A205-73B88EBB6936}.job [2012.06.19 18:01:26 | 000,041,320 | ---- | M] () -- C:\Users\Yyy\AppData\Roaming\nvModes.dat [2012.06.19 14:44:38 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.19 14:44:38 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.19 14:44:38 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.19 14:44:38 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.16 14:11:51 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012.06.12 08:30:07 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.06.09 13:35:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2012.06.09 13:35:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2012.06.09 13:34:11 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\bob internet.lnk [2012.06.04 16:55:29 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk [2012.06.04 16:54:54 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk [2012.06.04 16:54:54 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Deskjet 2050 J510 series.lnk [2012.06.04 16:54:54 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 2050 J510 series Scan.lnk ========== Files Created - No Company Name ========== [2012.06.20 21:57:40 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\U\800000cb.@ [2012.06.20 21:57:40 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\U\80000000.@ [2012.06.20 21:57:39 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\U\00000001.@ [2012.06.20 21:15:21 | 000,000,000 | ---- | C] () -- C:\Users\Yyy\defogger_reenable [2012.06.20 20:41:52 | 000,000,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012.06.20 20:41:52 | 000,000,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2012.06.20 20:40:04 | 000,001,790 | ---- | C] () -- C:\Users\Yyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk [2012.06.09 13:35:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2012.06.09 13:35:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2012.06.09 13:35:06 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf [2012.06.09 13:34:56 | 000,012,997 | ---- | C] () -- C:\Windows\System32\drivers\mod7700.inf [2012.06.09 13:34:11 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\bob internet.lnk [2012.06.04 16:58:44 | 000,000,976 | ---- | C] () -- C:\Windows\tasks\hpwebreg_CN1691P3Z005QV.job [2012.06.04 16:56:37 | 000,001,247 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk [2012.06.04 16:55:29 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk [2012.06.04 16:54:54 | 000,002,145 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk [2012.06.04 16:54:54 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Deskjet 2050 J510 series.lnk [2012.06.04 16:54:54 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 2050 J510 series Scan.lnk [2011.05.10 02:06:27 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2011.05.10 01:55:19 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.06.22 21:56:02 | 000,000,680 | ---- | C] () -- C:\Users\Yyy\AppData\Local\d3d9caps.dat [2006.11.02 10:31:23 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\@ [2006.11.02 10:31:23 | 000,002,048 | -HS- | C] () -- C:\Users\Yyy\AppData\Local\{5688662e-4c7d-ace4-7703-2c3917704c0a}\@ ========== LOP Check ========== [2009.01.06 23:45:05 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\3DataManager [2010.10.02 23:01:48 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\Autodesk [2009.01.04 16:14:31 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\Bytemobile [2008.11.21 14:50:20 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\Canon [2010.07.22 20:34:38 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\DirektFotoSystem3 [2008.11.19 17:20:32 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\GARMIN [2010.07.30 14:29:34 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\HappyFoto [2010.08.12 19:39:13 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\OpenOffice.org [2011.12.21 22:35:56 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\Sony [2009.06.28 22:08:17 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\Teleca [2009.07.27 20:04:58 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Autodesk [2009.01.04 20:03:17 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Bytemobile [2011.05.10 02:06:41 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\CAD-KAS [2011.08.01 22:09:42 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Canon [2010.07.27 21:39:57 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DirektFotoSystem3 [2011.05.10 10:02:43 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\gtk-2.0 [2011.02.21 13:51:27 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\HappyFoto [2010.07.26 14:42:19 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\OpenOffice.org [2009.07.28 23:12:31 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Teleca [2009.07.02 16:49:55 | 000,000,460 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2012.06.20 21:51:52 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.06.19 22:31:37 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{47C141B7-ACFC-4E6A-A205-73B88EBB6936}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 744 bytes -> C:\Users\Yyy\Documents\Unfall in Freistadt.eml:OECustomProperty @Alternate Data Stream - 680 bytes -> C:\Users\Yyy\Documents\Unfallfotos.eml:OECustomProperty < End of report > Code:
ATTFilter OTL Extras logfile created on: 20.06.2012 22:01:49 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Yyy\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,26% Memory free
6,19 Gb Paging File | 5,14 Gb Available in Paging File | 82,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 45,79 Gb Free Space | 30,92% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 44,10 Gb Free Space | 60,36% Space Free | Partition Type: NTFS
Computer Name: Xxx-Yyy | User Name: Yyy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-3297879213-1466515357-504000937-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Media Markt Bilderservice] -- "C:\Program Files\Media Markt\Media Markt Bilderservice\Media Markt Bilderservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07B22FB1-6A1E-41E7-8323-A9CA716026ED}" = bob internet
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{10010089-120F-4B71-A245-261A11D234FF}" = Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1E105942-593C-4C48-AB3D-BEC2124F5FCE}" = Garmin City Navigator Europe NT 2008
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25DE52ED-9E51-4C50-AE16-E258836ADF83}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{3A7BF905-F37D-4DFB-8308-EC3AA4617B36}" = Garmin Communicator Plugin
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = WebCam
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-0101-0407-0002-0060B0CE6BBA}" = AutoCAD 2002 - Deutsch
"{5783F2D7-7001-0407-0002-0060B0CE6BBA}" = AutoCAD 2009 - Deutsch
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{99D328E0-51DE-465E-9307-B85CA9511031}" = Nero 7 Essentials
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{EB863CFD-6889-47B0-9D79-492DE0D07EE7}" = OSDInstall
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"3D Traumhaus Designer Comfort 8_is1" = DATA BECKER 3D Traumhaus Designer Comfort 8
"446832_R1" = DATA BECKER 3D TraumhausDesigner 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AutoCAD 2009 - Deutsch" = AutoCAD 2009 - Deutsch
"Avira AntiVir Desktop" = Avira Free Antivirus
"bob internet" = bob internet
"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2
"CCleaner" = CCleaner (remove only)
"Clickster1633" = Clickster
"DealPly" = DealPly
"Direktfotosystem2_is1" = Direkt Foto System 3.x
"DivX Setup" = DivX Setup
"EOS USB WIA Driver" = EOS USB WIA Driver
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESC86 Softwarehandbuch" = ESC86 Softwarehandbuch
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GSview 4.9" = GSview 4.9
"HF_Bestellassistent" = HappyFoto Bestellassistent (nur entfernen)
"HP Photo Creations" = HP Photo Creations
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"KONICA MINOLTA PagePro 1300W" = KONICA MINOLTA PagePro 1300W
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Media Markt Bilderservice" = Media Markt Bilderservice
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"Secunia PSI" = Secunia PSI (2.0.0.4002)
"SMSERIAL" = Motorola SM56 Data Fax Modem
"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.01 (Greengrass)
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinRAR archiver" = WinRAR
"WunschhausPlus.Exe" = WunschhausPlus
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3297879213-1466515357-504000937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"sc10-ORF_MAIN" = ORF-Ski Challenge 2010
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.06.2012 10:46:07 | Computer Name = Xxx-Yyy | Source = WerSvc | ID = 5007
Description =
Error - 19.06.2012 08:40:39 | Computer Name = Xxx-Yyy | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 19.06.2012 08:44:37 | Computer Name = Xxx-Yyy | Source = WerSvc | ID = 5007
Description =
Error - 20.06.2012 02:48:05 | Computer Name = Xxx-Yyy | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.06.2012 03:01:08 | Computer Name = Xxx-Yyy | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.06.2012 06:33:25 | Computer Name = Xxx-Yyy | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.06.2012 06:37:51 | Computer Name = Xxx-Yyy | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.06.2012 07:30:54 | Computer Name = Xxx-Yyy | Source = WerSvc | ID = 5007
Description =
Error - 20.06.2012 15:55:26 | Computer Name = Xxx-Yyy | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.06.2012 15:56:47 | Computer Name = Xxx-Yyy | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Media Center Events ]
Error - 31.01.2010 14:58:43 | Computer Name = Xxx-Yyy | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 20.06.2012 15:54:22 | Computer Name = Xxx-Yyy | Source = Service Control Manager | ID = 7002
Description =
Error - 20.06.2012 15:54:22 | Computer Name = Xxx-Yyy | Source = Service Control Manager | ID = 7023
Description =
Error - 20.06.2012 15:54:22 | Computer Name = Xxx-Yyy | Source = Service Control Manager | ID = 7000
Description =
Error - 20.06.2012 15:54:22 | Computer Name = Xxx-Yyy | Source = Service Control Manager | ID = 7003
Description =
Error - 20.06.2012 15:54:22 | Computer Name = Xxx-Yyy | Source = Service Control Manager | ID = 7003
Description =
Error - 20.06.2012 15:54:22 | Computer Name = Xxx-Yyy | Source = Service Control Manager | ID = 7001
Description =
Error - 20.06.2012 15:54:22 | Computer Name = Xxx-Yyy | Source = Service Control Manager | ID = 7034
Description =
Error - 20.06.2012 15:54:22 | Computer Name = Xxx-Yyy | Source = Service Control Manager | ID = 7026
Description =
Error - 20.06.2012 15:55:26 | Computer Name = Xxx-Yyy | Source = WMPNetworkSvc | ID = 866293
Description =
Error - 20.06.2012 15:56:47 | Computer Name = Xxx-Yyy | Source = WMPNetworkSvc | ID = 866293
Description =
< End of report >
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:15 on 20/06/2012 (Yyy)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-20 23:39:56
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: wter6vr5.exe; Driver: C:\Users\Yyy\AppData\Local\Temp\pgrdapod.sys
---- System - GMER 1.0.15 ----
SSDT 8F61D06C ZwClose
SSDT 8F61D076 ZwCreateSection
SSDT 8F61D067 ZwDuplicateObject
SSDT 8F61D008 ZwOpenProcess
SSDT 8F61D00D ZwOpenThread
SSDT 8F61D080 ZwRequestWaitReplyPort
SSDT 8F61D07B ZwSetContextThread
SSDT 8F61D085 ZwSetSecurityObject
SSDT 8F61D08A ZwSystemDebugControl
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x903C7640]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 5B0 82481034 2 Bytes [08, D0] {OR AL, DL}
.text ntkrnlpa.exe!ZwCallbackReturn + 5CC 82481050 2 Bytes [0D, D0]
.text ntkrnlpa.exe!ZwCallbackReturn + 73C 824811C0 2 Bytes [7B, D0] {JNP 0xffffffffffffffd2}
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EEC0380, 0x3559E2, 0xE8000020]
.reloc C:\Windows\system32\drivers\acehlp10.sys section is executable [0x8EC13B80, 0x37FC7, 0xE0000060]
.text C:\Windows\system32\drivers\acedrv01.sys section is writeable [0x81570000, 0x2E0F4, 0xE8000020]
.pklstb C:\Windows\system32\drivers\acedrv01.sys entry point in ".pklstb" section [0x815AF000]
.relo2 C:\Windows\system32\drivers\acedrv01.sys unknown last section [0x815C9000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\acedrv02.sys section is writeable [0x81511000, 0x303A4, 0xE8000020]
.pklstb C:\Windows\system32\drivers\acedrv02.sys entry point in ".pklstb" section [0x81553000]
.relo2 C:\Windows\system32\drivers\acedrv02.sys unknown last section [0x8156E000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\acedrv03.sys section is writeable [0x814B2000, 0x303A4, 0xE8000020]
.pklstb C:\Windows\system32\drivers\acedrv03.sys entry point in ".pklstb" section [0x814F4000]
.relo2 C:\Windows\system32\drivers\acedrv03.sys unknown last section [0x8150F000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\acedrv04.sys section is writeable [0x81453000, 0x303A4, 0xE8000020]
.pklstb C:\Windows\system32\drivers\acedrv04.sys entry point in ".pklstb" section [0x81495000]
.relo2 C:\Windows\system32\drivers\acedrv04.sys unknown last section [0x814B0000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\acedrv05.sys section is writeable [0x9C222000, 0x30A4A, 0xE8000020]
.pklstb C:\Windows\system32\drivers\acedrv05.sys entry point in ".pklstb" section [0x9C264000]
.relo2 C:\Windows\system32\drivers\acedrv05.sys unknown last section [0x9C27F000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\acedrv06.sys section is writeable [0x9C671000, 0x319AA, 0xE8000020]
.pklstb C:\Windows\system32\drivers\acedrv06.sys entry point in ".pklstb" section [0x9C6B4000]
.relo2 C:\Windows\system32\drivers\acedrv06.sys unknown last section [0x9C6CF000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\acedrv07.sys section is writeable [0x9C60F000, 0x328BA, 0xE8000020]
.pklstb C:\Windows\system32\drivers\acedrv07.sys entry point in ".pklstb" section [0x9C653000]
.relo2 C:\Windows\system32\drivers\acedrv07.sys unknown last section [0x9C66F000, 0x8E, 0x42000040]
.reloc C:\Windows\system32\drivers\acedrv10.sys section is executable [0xA1B29000, 0x459C1, 0xE0000060]
---- User code sections - GMER 1.0.15 ----
? C:\Windows\system32\services.exe[664] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 kbfiltr.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d07c1a
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d14562
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d14562@001b59516349 0x7E 0x55 0xAF 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d14562@0016202e4662 0x1A 0xDA 0xD6 0xC8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d07c1a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d14562 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d14562@001b59516349 0x7E 0x55 0xAF 0x84 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d14562@0016202e4662 0x1A 0xDA 0xD6 0xC8 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogName C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy252.gthr
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogNumber 252
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@CheckPointSignature 8915be16-cc9e-42a7-8a53-c48a9c3019e7
---- EOF - GMER 1.0.15 ----
Schöne Grüße, Xanadu |
|
21.06.2012, 06:34
| #2 |
  | Avira findet ständig TR/ATRAPS.Gen2 TR/Sirefef.AG.35 Hi,
__________________Fix für OTL:
 Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2012.06.20 21:57:40 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\U\800000cb.@
[2012.06.20 21:57:40 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\U\80000000.@
[2012.06.20 21:57:39 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\U\00000001.@
[2006.11.02 10:31:23 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\@
[2006.11.02 10:31:23 | 000,002,048 | -HS- | C] () -- C:\Users\Yyy\AppData\Local\{5688662e-4c7d-ace4-7703-2c3917704c0a}\@
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = dword:0x01
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = dword:0x00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = dword:0x00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = dword:0x00
:Commands
[emptytemp]
[Reboot]
Ein Treiber wird verseucht sein, ich hoffe das er nicht schnell genug die Teile wiederherstellt... Zum Finden des Treibers nutzen wir den Killer, im zweiten Lauf werden wir ihn dann ersetzen lassen (bitte nichts selbst was zum beseitigen auswählen, sonst läuft die Kiste ev. nichtmehr!)... TDSS-Killer Download und Anweisung unter: http://www.trojaner-board.de/82358-t...tml#post640150 Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein:  Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten... chris
__________________ Geändert von Chris4You (21.06.2012 um 06:44 Uhr) |
|
21.06.2012, 23:16
| #3 |
| | Avira findet ständig TR/ATRAPS.Gen2 TR/Sirefef.AG.35 Liebe(r) Chris!
__________________Vielen Dank, dass du mir hilfst und das so schnell! Hier das log vom OTL: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\U\800000cb.@ moved successfully.
C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\U\80000000.@ moved successfully.
C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\U\00000001.@ moved successfully.
C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\@ moved successfully.
File C:\Users\Yyy\AppData\Local\{5688662e-4c7d-ace4-7703-2c3917704c0a}\@ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"cval" | dword:0x01 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring" |dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring" |dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Yyy
->Temp folder emptied: 2719059 bytes
->Temporary Internet Files folder emptied: 1612341 bytes
->Java cache emptied: 35079918 bytes
->FireFox cache emptied: 507578105 bytes
->Google Chrome cache emptied: 6649848 bytes
->Flash cache emptied: 29553 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Xxx
->Temp folder emptied: 2219082718 bytes
->Temporary Internet Files folder emptied: 154973066 bytes
->Java cache emptied: 16425767 bytes
->FireFox cache emptied: 652606429 bytes
->Google Chrome cache emptied: 394430611 bytes
->Flash cache emptied: 86740 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13980740 bytes
RecycleBin emptied: 6802272919 bytes
Total Files Cleaned = 10.307,00 mb
OTL by OldTimer - Version 3.2.50.0 log created on 06212012_230209
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Code:
ATTFilter 23:56:35.0912 3280 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
23:56:35.0943 3280 ============================================================
23:56:35.0943 3280 Current date / time: 2012/06/21 23:56:35.0943
23:56:35.0943 3280 SystemInfo:
23:56:35.0943 3280
23:56:35.0943 3280 OS Version: 6.0.6000 ServicePack: 0.0
23:56:35.0943 3280 Product type: Workstation
23:56:35.0943 3280 ComputerName: Xxx-Yyy
23:56:35.0943 3280 UserName: Yyy
23:56:35.0943 3280 Windows directory: C:\Windows
23:56:35.0943 3280 System windows directory: C:\Windows
23:56:35.0943 3280 Processor architecture: Intel x86
23:56:35.0943 3280 Number of processors: 2
23:56:35.0943 3280 Page size: 0x1000
23:56:35.0943 3280 Boot type: Normal boot
23:56:35.0943 3280 ============================================================
23:56:36.0411 3280 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:56:36.0411 3280 ============================================================
23:56:36.0411 3280 \Device\Harddisk0\DR0:
23:56:36.0411 3280 MBR partitions:
23:56:36.0411 3280 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x12831000
23:56:36.0411 3280 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13FA1800, BlocksNum 0x9223800
23:56:36.0411 3280 ============================================================
23:56:36.0442 3280 C: <-> \Device\Harddisk0\DR0\Partition0
23:56:36.0489 3280 D: <-> \Device\Harddisk0\DR0\Partition1
23:56:36.0489 3280 ============================================================
23:56:36.0489 3280 Initialize success
23:56:36.0489 3280 ============================================================
23:57:56.0860 3064 ============================================================
23:57:56.0860 3064 Scan started
23:57:56.0860 3064 Mode: Manual; SigCheck; TDLFS;
23:57:56.0860 3064 ============================================================
23:57:57.0250 3064 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
23:57:57.0359 3064 !SASCORE - ok
23:57:57.0531 3064 acedrv01 (9ad3ac19f5a9968db4297c4319d7cddb) C:\Windows\system32\drivers\acedrv01.sys
23:57:57.0562 3064 acedrv01 ( UnsignedFile.Multi.Generic ) - warning
23:57:57.0562 3064 acedrv01 - detected UnsignedFile.Multi.Generic (1)
23:57:57.0609 3064 acedrv02 (e00a398c09a6515769a4bc39e91064eb) C:\Windows\system32\drivers\acedrv02.sys
23:57:57.0625 3064 acedrv02 ( UnsignedFile.Multi.Generic ) - warning
23:57:57.0625 3064 acedrv02 - detected UnsignedFile.Multi.Generic (1)
23:57:57.0671 3064 acedrv03 (903de75450a5cc4b26c3d33e3a64fc58) C:\Windows\system32\drivers\acedrv03.sys
23:57:57.0687 3064 acedrv03 ( UnsignedFile.Multi.Generic ) - warning
23:57:57.0687 3064 acedrv03 - detected UnsignedFile.Multi.Generic (1)
23:57:57.0718 3064 acedrv04 (2d838d7ce9b7cdafdec7ed43cc99fa1e) C:\Windows\system32\drivers\acedrv04.sys
23:57:57.0765 3064 acedrv04 ( UnsignedFile.Multi.Generic ) - warning
23:57:57.0765 3064 acedrv04 - detected UnsignedFile.Multi.Generic (1)
23:57:57.0796 3064 acedrv05 (0a1e97197609f92d2425b67da0bb0a7f) C:\Windows\system32\drivers\acedrv05.sys
23:57:57.0827 3064 acedrv05 ( UnsignedFile.Multi.Generic ) - warning
23:57:57.0827 3064 acedrv05 - detected UnsignedFile.Multi.Generic (1)
23:57:57.0859 3064 acedrv06 (44010948bde6ade50dd1386657c73e83) C:\Windows\system32\drivers\acedrv06.sys
23:57:57.0874 3064 acedrv06 ( UnsignedFile.Multi.Generic ) - warning
23:57:57.0874 3064 acedrv06 - detected UnsignedFile.Multi.Generic (1)
23:57:57.0921 3064 acedrv07 (4e5451dd0aec8504d7f8030dd2d4c416) C:\Windows\system32\drivers\acedrv07.sys
23:57:57.0952 3064 acedrv07 ( UnsignedFile.Multi.Generic ) - warning
23:57:57.0952 3064 acedrv07 - detected UnsignedFile.Multi.Generic (1)
23:57:58.0015 3064 acedrv10 (553ba53445795cbc0d4f9fa37eb855a6) C:\Windows\system32\drivers\acedrv10.sys
23:57:58.0280 3064 acedrv10 - ok
23:57:58.0342 3064 acehlp10 (8ce00b6a46962a1808b19cd1dae5170c) C:\Windows\system32\drivers\acehlp10.sys
23:57:58.0358 3064 acehlp10 - ok
23:57:58.0420 3064 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
23:57:58.0436 3064 ACPI - ok
23:57:58.0561 3064 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:57:58.0576 3064 AdobeFlashPlayerUpdateSvc - ok
23:57:58.0654 3064 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
23:57:58.0717 3064 adp94xx - ok
23:57:58.0779 3064 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
23:57:58.0795 3064 adpahci - ok
23:57:58.0857 3064 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
23:57:58.0873 3064 adpu160m - ok
23:57:58.0919 3064 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
23:57:58.0935 3064 adpu320 - ok
23:57:58.0982 3064 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
23:57:59.0060 3064 AeLookupSvc - ok
23:57:59.0107 3064 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
23:57:59.0169 3064 AFD - ok
23:57:59.0216 3064 agp440 (198636e76971ebc96404547ec0fd5e75) C:\Windows\system32\drivers\agp440.sys
23:57:59.0216 3064 agp440 - ok
23:57:59.0247 3064 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:57:59.0263 3064 aic78xx - ok
23:57:59.0294 3064 ALG (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe
23:57:59.0325 3064 ALG - ok
23:57:59.0372 3064 aliide (0b3b337a68d9a75cc8d787dc98b53d79) C:\Windows\system32\drivers\aliide.sys
23:57:59.0387 3064 aliide - ok
23:57:59.0403 3064 amdagp (2363abc8989a14fd7247ca6f4e89d397) C:\Windows\system32\drivers\amdagp.sys
23:57:59.0419 3064 amdagp - ok
23:57:59.0434 3064 amdide (468a204966d09f327a662c35f4b15dd3) C:\Windows\system32\drivers\amdide.sys
23:57:59.0450 3064 amdide - ok
23:57:59.0465 3064 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
23:57:59.0543 3064 AmdK7 - ok
23:57:59.0559 3064 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
23:57:59.0637 3064 AmdK8 - ok
23:57:59.0777 3064 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:57:59.0793 3064 AntiVirSchedulerService - ok
23:57:59.0855 3064 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:57:59.0871 3064 AntiVirService - ok
23:57:59.0933 3064 Appinfo (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll
23:58:00.0043 3064 Appinfo - ok
23:58:00.0074 3064 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
23:58:00.0089 3064 arc - ok
23:58:00.0152 3064 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
23:58:00.0167 3064 arcsas - ok
23:58:00.0214 3064 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
23:58:00.0277 3064 AsyncMac - ok
23:58:00.0323 3064 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
23:58:00.0339 3064 atapi - ok
23:58:00.0386 3064 AudioEndpointBuilder (0b5302314a77100a930249f0be9ab2d2) C:\Windows\System32\Audiosrv.dll
23:58:00.0433 3064 AudioEndpointBuilder - ok
23:58:00.0433 3064 Audiosrv (0b5302314a77100a930249f0be9ab2d2) C:\Windows\System32\Audiosrv.dll
23:58:00.0448 3064 Audiosrv - ok
23:58:00.0542 3064 Autodesk Licensing Service (ea2d28bbe98256654397cd1f6eaebdd8) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
23:58:00.0542 3064 Autodesk Licensing Service - ok
23:58:00.0635 3064 Automatisches LiveUpdate - Scheduler (b5d974c1fd078a68c7536c561b031d39) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
23:58:00.0667 3064 Automatisches LiveUpdate - Scheduler - ok
23:58:00.0745 3064 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
23:58:00.0760 3064 avgntflt - ok
23:58:00.0807 3064 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
23:58:00.0823 3064 avipbb - ok
23:58:00.0854 3064 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
23:58:00.0869 3064 avkmgr - ok
23:58:00.0916 3064 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
23:58:00.0979 3064 Beep - ok
23:58:01.0103 3064 BITS (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\System32\qmgr.dll
23:58:01.0150 3064 BITS - ok
23:58:01.0150 3064 blbdrive - ok
23:58:01.0197 3064 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
23:58:01.0275 3064 bowser - ok
23:58:01.0306 3064 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:58:01.0369 3064 BrFiltLo - ok
23:58:01.0400 3064 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:58:01.0447 3064 BrFiltUp - ok
23:58:01.0478 3064 Browser (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll
23:58:01.0540 3064 Browser - ok
23:58:01.0556 3064 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:58:01.0603 3064 Brserid - ok
23:58:01.0634 3064 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:58:01.0696 3064 BrSerWdm - ok
23:58:01.0712 3064 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:58:01.0759 3064 BrUsbMdm - ok
23:58:01.0774 3064 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:58:01.0821 3064 BrUsbSer - ok
23:58:01.0883 3064 BthEnum (34f5dacba252add884473bce3cd68c9b) C:\Windows\system32\DRIVERS\BthEnum.sys
23:58:01.0915 3064 BthEnum - ok
23:58:01.0930 3064 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys
23:58:01.0977 3064 BTHMODEM - ok
23:58:02.0024 3064 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
23:58:02.0086 3064 BthPan - ok
23:58:02.0133 3064 BTHPORT (57dfac97330e986f845b16b29314d21f) C:\Windows\system32\Drivers\BTHport.sys
23:58:02.0149 3064 BTHPORT - ok
23:58:02.0180 3064 BthServ (58ee7f5e68310bc8d4e7cebd8358c12e) C:\Windows\System32\bthserv.dll
23:58:02.0258 3064 BthServ - ok
23:58:02.0273 3064 BTHUSB (d5fed325d457afd6e6bc5e0253a86213) C:\Windows\system32\Drivers\BTHUSB.sys
23:58:02.0320 3064 BTHUSB - ok
23:58:02.0414 3064 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
23:58:02.0445 3064 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
23:58:02.0445 3064 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
23:58:02.0554 3064 Cam5603D (166eba385178229475b6aeb950e0a082) C:\Windows\system32\Drivers\BisonCam.sys
23:58:02.0570 3064 Cam5603D - ok
23:58:02.0617 3064 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
23:58:02.0679 3064 cdfs - ok
23:58:02.0710 3064 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
23:58:02.0773 3064 cdrom - ok
23:58:02.0819 3064 CEBFilter (039f27ea2344c541cb6a0ef288bc8996) C:\Program Files\C&E\OSD\OsdService\cebuffer.sys
23:58:02.0819 3064 CEBFilter ( UnsignedFile.Multi.Generic ) - warning
23:58:02.0819 3064 CEBFilter - detected UnsignedFile.Multi.Generic (1)
23:58:02.0819 3064 CEIO (147019abeb922507f2fa107032c480ce) C:\Program Files\C&E\OSD\OsdService\ceio.sys
23:58:02.0851 3064 CEIO ( UnsignedFile.Multi.Generic ) - warning
23:58:02.0851 3064 CEIO - detected UnsignedFile.Multi.Generic (1)
23:58:02.0897 3064 CertPropSvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
23:58:02.0960 3064 CertPropSvc - ok
23:58:02.0991 3064 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\DRIVERS\circlass.sys
23:58:03.0053 3064 circlass - ok
23:58:03.0069 3064 cKBFilter (cb11e608025aa6e601ff0c097e6009bd) C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys
23:58:03.0085 3064 cKBFilter ( UnsignedFile.Multi.Generic ) - warning
23:58:03.0085 3064 cKBFilter - detected UnsignedFile.Multi.Generic (1)
23:58:03.0131 3064 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
23:58:03.0178 3064 CLFS - ok
23:58:03.0272 3064 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:58:03.0287 3064 clr_optimization_v2.0.50727_32 - ok
23:58:03.0365 3064 CLTNetCnService - ok
23:58:03.0397 3064 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
23:58:03.0412 3064 CmBatt - ok
23:58:03.0443 3064 cmdide (2ac0c92b29ec21838f4cb46adb26bcc0) C:\Windows\system32\drivers\cmdide.sys
23:58:03.0459 3064 cmdide - ok
23:58:03.0459 3064 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
23:58:03.0475 3064 Compbatt - ok
23:58:03.0475 3064 COMSysApp - ok
23:58:03.0506 3064 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
23:58:03.0506 3064 crcdisk - ok
23:58:03.0537 3064 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
23:58:03.0615 3064 Crusoe - ok
23:58:03.0662 3064 CryptSvc (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll
23:58:03.0740 3064 CryptSvc - ok
23:58:03.0818 3064 DcomLaunch (b1bb45e24717a7f790b4411c4446ef5e) C:\Windows\system32\rpcss.dll
23:58:03.0927 3064 DcomLaunch - ok
23:58:03.0974 3064 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
23:58:04.0083 3064 DfsC - ok
23:58:04.0317 3064 DFSR (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe
23:58:04.0582 3064 DFSR - ok
23:58:04.0723 3064 DgiVecp - ok
23:58:04.0801 3064 Dhcp (dc45739bc22d528d2b3e50d3f6761750) C:\Windows\System32\dhcpcsvc.dll
23:58:04.0894 3064 Dhcp - ok
23:58:04.0941 3064 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
23:58:04.0957 3064 disk - ok
23:58:04.0988 3064 Dnscache (05d7e62fd2eabad579eb4d0c29245eec) C:\Windows\System32\dnsrslvr.dll
23:58:05.0066 3064 Dnscache - ok
23:58:05.0113 3064 dot3svc (32a15af277e287e5a3aaec67eddb258c) C:\Windows\System32\dot3svc.dll
23:58:05.0159 3064 dot3svc - ok
23:58:05.0222 3064 DPS (032c90ad677bf7b7a8013d6087c7a921) C:\Windows\system32\dps.dll
23:58:05.0269 3064 DPS - ok
23:58:05.0315 3064 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
23:58:05.0362 3064 drmkaud - ok
23:58:05.0425 3064 DXGKrnl (2d13d9e98caf6321f219b28921af214c) C:\Windows\System32\drivers\dxgkrnl.sys
23:58:05.0518 3064 DXGKrnl - ok
23:58:05.0565 3064 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:58:05.0627 3064 E1G60 - ok
23:58:05.0674 3064 EapHost (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll
23:58:05.0737 3064 EapHost - ok
23:58:05.0799 3064 Ecache (38573398f734b71b06cd2411494f234a) C:\Windows\system32\drivers\ecache.sys
23:58:05.0815 3064 Ecache - ok
23:58:05.0877 3064 ehRecvr (8ea277bda2730c9b34add67cdd593d64) C:\Windows\ehome\ehRecvr.exe
23:58:05.0893 3064 ehRecvr - ok
23:58:05.0939 3064 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
23:58:05.0971 3064 ehSched - ok
23:58:06.0002 3064 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
23:58:06.0049 3064 ehstart - ok
23:58:06.0127 3064 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
23:58:06.0142 3064 elxstor - ok
23:58:06.0345 3064 EMDMgmt (902cddd9cd94ad1b4688d96ff8f2edb8) C:\Windows\system32\emdmgmt.dll
23:58:06.0454 3064 EMDMgmt - ok
23:58:06.0517 3064 EventSystem (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll
23:58:06.0563 3064 EventSystem - ok
23:58:06.0641 3064 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
23:58:06.0735 3064 fastfat - ok
23:58:06.0766 3064 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
23:58:06.0844 3064 fdc - ok
23:58:06.0875 3064 fdPHost (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll
23:58:06.0985 3064 fdPHost - ok
23:58:07.0016 3064 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
23:58:07.0094 3064 FDResPub - ok
23:58:07.0125 3064 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
23:58:07.0141 3064 FileInfo - ok
23:58:07.0172 3064 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
23:58:07.0250 3064 Filetrace - ok
23:58:07.0281 3064 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
23:58:07.0343 3064 flpydisk - ok
23:58:07.0390 3064 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
23:58:07.0390 3064 FltMgr - ok
23:58:07.0468 3064 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:58:07.0468 3064 FontCache3.0.0.0 - ok
23:58:07.0546 3064 FSCLBaseUpdaterService (6a4125edbe6d5907d4b1e4514f1f5675) C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
23:58:07.0577 3064 FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - warning
23:58:07.0577 3064 FSCLBaseUpdaterService - detected UnsignedFile.Multi.Generic (1)
23:58:07.0609 3064 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
23:58:07.0655 3064 Fs_Rec - ok
23:58:07.0687 3064 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
23:58:07.0687 3064 gagp30kx - ok
23:58:07.0749 3064 GearAspiWDM (5dc17164f66380cbfefd895c18467773) C:\Windows\system32\drivers\GEARAspiWDM.sys
23:58:07.0749 3064 GearAspiWDM - ok
23:58:07.0796 3064 GoogleDesktopManager-061008-081103 (6542dc2e93bce4d4289fa70a4d367dc2) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
23:58:07.0796 3064 GoogleDesktopManager-061008-081103 - ok
23:58:07.0858 3064 gpsvc (ad0c777cd05a4ca30100000ab9b3e30b) C:\Windows\System32\gpsvc.dll
23:58:07.0889 3064 gpsvc - ok
23:58:07.0952 3064 gupdate1ca1ebcccc401bf (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
23:58:07.0952 3064 gupdate1ca1ebcccc401bf - ok
23:58:07.0999 3064 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
23:58:08.0014 3064 gupdatem - ok
23:58:08.0077 3064 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:58:08.0092 3064 gusvc - ok
23:58:08.0139 3064 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
23:58:08.0201 3064 HdAudAddService - ok
23:58:08.0233 3064 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:58:08.0264 3064 HDAudBus - ok
23:58:08.0311 3064 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\DRIVERS\hidbth.sys
23:58:08.0373 3064 HidBth - ok
23:58:08.0420 3064 HidIr (f24393c44fdfe2e5e9f416fd3bdf98e2) C:\Windows\system32\DRIVERS\hidir.sys
23:58:08.0451 3064 HidIr - ok
23:58:08.0482 3064 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
23:58:08.0545 3064 hidserv - ok
23:58:08.0576 3064 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
23:58:08.0591 3064 HidUsb - ok
23:58:08.0638 3064 hkmsvc (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll
23:58:08.0685 3064 hkmsvc - ok
23:58:08.0716 3064 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
23:58:08.0716 3064 HpCISSs - ok
23:58:08.0779 3064 HTTP (481b86e8939289f77fbcea1b24cec687) C:\Windows\system32\drivers\HTTP.sys
23:58:08.0903 3064 HTTP - ok
23:58:08.0935 3064 huawei_enumerator (f44461e66f1b7dd267957fe9baa63ed0) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
23:58:08.0981 3064 huawei_enumerator - ok
23:58:09.0028 3064 hwdatacard - ok
23:58:09.0075 3064 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
23:58:09.0091 3064 i2omp - ok
23:58:09.0153 3064 i8042prt (bea9838cd25d36beba3f94386a761d60) C:\Windows\system32\DRIVERS\i8042prt.sys
23:58:09.0153 3064 i8042prt - ok
23:58:09.0200 3064 iaStor (5df93509037399b53d3ecaa8a67b6c58) C:\Windows\system32\DRIVERS\iaStor.sys
23:58:09.0215 3064 iaStor - ok
23:58:09.0247 3064 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
23:58:09.0262 3064 iaStorV - ok
23:58:09.0356 3064 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
23:58:09.0371 3064 IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:58:09.0371 3064 IDriverT - detected UnsignedFile.Multi.Generic (1)
23:58:09.0496 3064 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:58:09.0559 3064 idsvc - ok
23:58:09.0590 3064 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:58:09.0605 3064 iirsp - ok
23:58:09.0683 3064 IKEEXT (4456e314e60177b03e5cbe64cd6a337e) C:\Windows\System32\ikeext.dll
23:58:09.0777 3064 IKEEXT - ok
23:58:09.0995 3064 IntcAzAudAddService (5d854cbac8b7b4b964406f9808c95fae) C:\Windows\system32\drivers\RTKVHDA.sys
23:58:10.0151 3064 IntcAzAudAddService - ok
23:58:10.0323 3064 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys
23:58:10.0339 3064 intelide - ok
23:58:10.0401 3064 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
23:58:10.0510 3064 intelppm - ok
23:58:10.0541 3064 IPBusEnum (a6d67306a3e9e526a8aefeb9680a90ea) C:\Windows\system32\ipbusenum.dll
23:58:10.0557 3064 IPBusEnum - ok
23:58:10.0573 3064 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:58:10.0635 3064 IpFilterDriver - ok
23:58:10.0635 3064 IpInIp - ok
23:58:10.0666 3064 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
23:58:10.0729 3064 IPMIDRV - ok
23:58:10.0744 3064 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
23:58:10.0807 3064 IPNAT - ok
23:58:10.0822 3064 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
23:58:10.0885 3064 IRENUM - ok
23:58:10.0931 3064 isapnp (ce2997a0c3b0049a3188c4f0c7a04bc9) C:\Windows\system32\drivers\isapnp.sys
23:58:10.0931 3064 isapnp - ok
23:58:10.0963 3064 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
23:58:10.0978 3064 iScsiPrt - ok
23:58:11.0009 3064 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:58:11.0025 3064 iteatapi - ok
23:58:11.0056 3064 itecir (e4b04a0d8b237ecf026d849439f1bcce) C:\Windows\system32\DRIVERS\itecir.sys
23:58:11.0072 3064 itecir - ok
23:58:11.0103 3064 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:58:11.0119 3064 iteraid - ok
23:58:11.0150 3064 JRAID (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys
23:58:11.0197 3064 JRAID - ok
23:58:11.0228 3064 kbdclass (c9b0cf786d5f151a43c7be8e243f2819) C:\Windows\system32\DRIVERS\kbdclass.sys
23:58:11.0228 3064 kbdclass - ok
23:58:11.0259 3064 kbdhid (97ab2fb84e8e77d93cee85550f4cf7f9) C:\Windows\system32\DRIVERS\kbdhid.sys
23:58:11.0275 3064 kbdhid - ok
23:58:11.0290 3064 KeyIso (d09a5da84b7c9ca9b02ebcd7fae41c8d) C:\Windows\system32\lsass.exe
23:58:11.0353 3064 KeyIso - ok
23:58:11.0415 3064 KSecDD (b6fac1ff7d4a05c06da9e53dbf5e9e7a) C:\Windows\system32\Drivers\ksecdd.sys
23:58:11.0431 3064 KSecDD - ok
23:58:11.0477 3064 KtmRm (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll
23:58:11.0555 3064 KtmRm - ok
23:58:11.0602 3064 LanmanServer (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\system32\srvsvc.dll
23:58:11.0649 3064 LanmanServer - ok
23:58:11.0696 3064 LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll
23:58:11.0711 3064 LanmanWorkstation - ok
23:58:11.0727 3064 Lbd - ok
23:58:12.0008 3064 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
23:58:12.0289 3064 LiveUpdate - ok
23:58:12.0398 3064 LiveUpdate Notice Ex - ok
23:58:12.0476 3064 LiveUpdate Notice Service (2d1389e05a807d956829f44bd4b60389) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
23:58:12.0585 3064 LiveUpdate Notice Service - ok
23:58:12.0757 3064 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
23:58:12.0850 3064 lltdio - ok
23:58:12.0897 3064 lltdsvc (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll
23:58:12.0991 3064 lltdsvc - ok
23:58:13.0022 3064 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
23:58:13.0100 3064 lmhosts - ok
23:58:13.0131 3064 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
23:58:13.0131 3064 LSI_FC - ok
23:58:13.0162 3064 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
23:58:13.0162 3064 LSI_SAS - ok
23:58:13.0209 3064 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
23:58:13.0225 3064 LSI_SCSI - ok
23:58:13.0256 3064 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
23:58:13.0318 3064 luafv - ok
23:58:13.0365 3064 massfilter (0b058116d3d4ecca7ded38f16e0581b2) C:\Windows\system32\drivers\massfilter.sys
23:58:13.0396 3064 massfilter - ok
23:58:13.0443 3064 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
23:58:13.0459 3064 MBAMProtector - ok
23:58:13.0537 3064 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:58:13.0568 3064 MBAMService - ok
23:58:13.0615 3064 Mcx2Svc (bf8426a8e3f3856389e26e94a8f1b588) C:\Windows\system32\Mcx2Svc.dll
23:58:13.0646 3064 Mcx2Svc - ok
23:58:13.0693 3064 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
23:58:13.0708 3064 megasas - ok
23:58:13.0755 3064 MLPTDR_N (856e7d0edea8c1b11949e69936533ca6) C:\Windows\system32\MLPTDR_N.sys
23:58:13.0786 3064 MLPTDR_N - ok
23:58:13.0833 3064 MMCSS (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
23:58:13.0895 3064 MMCSS - ok
23:58:13.0927 3064 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
23:58:13.0973 3064 Modem - ok
23:58:13.0989 3064 monitor (ee05f7a5e2cefb275b08f3e3fcc2a8eb) C:\Windows\system32\DRIVERS\monitor.sys
23:58:14.0036 3064 monitor - ok
23:58:14.0067 3064 mouclass (4a00b3cf90ad075193ca5aeece71154c) C:\Windows\system32\DRIVERS\mouclass.sys
23:58:14.0067 3064 mouclass - ok
23:58:14.0083 3064 mouhid (8d9b701d716843c39e93b3432cb721fc) C:\Windows\system32\DRIVERS\mouhid.sys
23:58:14.0083 3064 mouhid - ok
23:58:14.0114 3064 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
23:58:14.0114 3064 MountMgr - ok
23:58:14.0176 3064 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:58:14.0192 3064 MozillaMaintenance - ok
23:58:14.0207 3064 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
23:58:14.0223 3064 mpio - ok
23:58:14.0254 3064 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
23:58:14.0270 3064 mpsdrv - ok
23:58:14.0317 3064 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:58:14.0332 3064 Mraid35x - ok
23:58:14.0363 3064 MRxDAV (08f0c494a69cf3106ee7ffc48d8e5ac7) C:\Windows\system32\drivers\mrxdav.sys
23:58:14.0426 3064 MRxDAV - ok
23:58:14.0457 3064 mrxsmb (bbb0d31b477cff3b4f737ed0367f635f) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:58:14.0519 3064 mrxsmb - ok
23:58:14.0551 3064 mrxsmb10 (a6130566ac4178473b5dac8f8f74407d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:58:14.0597 3064 mrxsmb10 - ok
23:58:14.0613 3064 mrxsmb20 (3d475e770d3ab2d0c5e3e1386871f9da) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:58:14.0660 3064 mrxsmb20 - ok
23:58:14.0691 3064 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
23:58:14.0707 3064 msahci - ok
23:58:14.0722 3064 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
23:58:14.0738 3064 msdsm - ok
23:58:14.0785 3064 MSDTC (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe
23:58:14.0800 3064 MSDTC - ok
23:58:14.0831 3064 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
23:58:14.0909 3064 Msfs - ok
23:58:14.0956 3064 msisadrv (0a64168b63535520adfd6b959695404a) C:\Windows\system32\drivers\msisadrv.sys
23:58:14.0972 3064 msisadrv - ok
23:58:15.0019 3064 MSiSCSI (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll
23:58:15.0081 3064 MSiSCSI - ok
23:58:15.0081 3064 msiserver - ok
23:58:15.0097 3064 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
23:58:15.0175 3064 MSKSSRV - ok
23:58:15.0190 3064 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
23:58:15.0284 3064 MSPCLOCK - ok
23:58:15.0299 3064 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
23:58:15.0377 3064 MSPQM - ok
23:58:15.0409 3064 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
23:58:15.0424 3064 MsRPC - ok
23:58:15.0440 3064 mssmbios (e09cedb1bca303b7f6ae22f512e56969) C:\Windows\system32\DRIVERS\mssmbios.sys
23:58:15.0455 3064 mssmbios - ok
23:58:15.0471 3064 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
23:58:15.0518 3064 MSTEE - ok
23:58:15.0533 3064 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
23:58:15.0549 3064 Mup - ok
23:58:15.0596 3064 napagent (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll
23:58:15.0658 3064 napagent - ok
23:58:15.0721 3064 NativeWifiP (1d162e52fb691eb555a476b04b4bff3f) C:\Windows\system32\DRIVERS\nwifi.sys
23:58:15.0752 3064 NativeWifiP - ok
23:58:15.0877 3064 NBService (5e8edd6a52e897c19ec6e149fe6c7a8e) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
23:58:15.0923 3064 NBService - ok
23:58:15.0986 3064 NDIS (6e8dfface597629cef5df7d69217628f) C:\Windows\system32\drivers\ndis.sys
23:58:16.0033 3064 NDIS - ok
23:58:16.0111 3064 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
23:58:16.0126 3064 NdisTapi - ok
23:58:16.0157 3064 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
23:58:16.0220 3064 Ndisuio - ok
23:58:16.0251 3064 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
23:58:16.0298 3064 NdisWan - ok
23:58:16.0329 3064 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
23:58:16.0345 3064 NDProxy - ok
23:58:16.0360 3064 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
23:58:16.0407 3064 NetBIOS - ok
23:58:16.0423 3064 netbt (231f6ccfdb7a604221f18fb0852c8560) C:\Windows\system32\DRIVERS\netbt.sys
23:58:16.0485 3064 netbt - ok
23:58:16.0501 3064 Netlogon (d09a5da84b7c9ca9b02ebcd7fae41c8d) C:\Windows\system32\lsass.exe
23:58:16.0516 3064 Netlogon - ok
23:58:16.0579 3064 Netman (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll
23:58:16.0641 3064 Netman - ok
23:58:16.0672 3064 netprofm (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll
23:58:16.0735 3064 netprofm - ok
23:58:16.0797 3064 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:58:16.0813 3064 NetTcpPortSharing - ok
23:58:17.0000 3064 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
23:58:17.0218 3064 NETw4v32 - ok
23:58:17.0343 3064 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:58:17.0359 3064 nfrd960 - ok
23:58:17.0437 3064 NlaSvc (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll
23:58:17.0515 3064 NlaSvc - ok
23:58:17.0655 3064 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
23:58:17.0686 3064 NMIndexingService - ok
23:58:17.0717 3064 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
23:58:17.0827 3064 Npfs - ok
23:58:17.0858 3064 nsi (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll
23:58:17.0936 3064 nsi - ok
23:58:17.0951 3064 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
23:58:18.0029 3064 nsiproxy - ok
23:58:18.0139 3064 Ntfs (f08824715ca6076f5e73e005ab83b9c8) C:\Windows\system32\drivers\Ntfs.sys
23:58:18.0201 3064 Ntfs - ok
23:58:18.0232 3064 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:58:18.0295 3064 ntrigdigi - ok
23:58:18.0326 3064 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
23:58:18.0373 3064 Null - ok
23:58:19.0043 3064 nvlddmkm (fe6bebb8fc2a1e50426624025d7c30d6) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:58:19.0589 3064 nvlddmkm - ok
23:58:19.0745 3064 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
23:58:19.0761 3064 nvraid - ok
23:58:19.0808 3064 nvrd32 (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys
23:58:19.0823 3064 nvrd32 - ok
23:58:19.0855 3064 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
23:58:19.0870 3064 nvstor - ok
23:58:19.0917 3064 nvstor32 (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys
23:58:19.0933 3064 nvstor32 - ok
23:58:19.0964 3064 nv_agp (925eb9e53eca4473a2d156a02b7418e3) C:\Windows\system32\drivers\nv_agp.sys
23:58:19.0979 3064 nv_agp - ok
23:58:19.0979 3064 NwlnkFlt - ok
23:58:19.0995 3064 NwlnkFwd - ok
23:58:20.0042 3064 ohci1394 (8994cbfc215a9ef4495e6ae7992954fc) C:\Windows\system32\DRIVERS\ohci1394.sys
23:58:20.0057 3064 ohci1394 - ok
23:58:20.0120 3064 OsdService (fd8ce9dde60565d4158f9dd7c179e002) C:\Program Files\C&E\OSD\OsdService\OsdService.exe
23:58:20.0151 3064 OsdService ( UnsignedFile.Multi.Generic ) - warning
23:58:20.0151 3064 OsdService - detected UnsignedFile.Multi.Generic (1)
23:58:20.0229 3064 p2pimsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
23:58:20.0276 3064 p2pimsvc - ok
23:58:20.0291 3064 p2psvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
23:58:20.0354 3064 p2psvc - ok
23:58:20.0416 3064 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:58:20.0479 3064 Parport - ok
23:58:20.0525 3064 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
23:58:20.0525 3064 partmgr - ok
23:58:20.0557 3064 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:58:20.0603 3064 Parvdm - ok
23:58:20.0635 3064 PcaSvc (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll
23:58:20.0681 3064 PcaSvc - ok
23:58:20.0728 3064 pci (a48c4d0acc933f7a37e52ab0761811ad) C:\Windows\system32\drivers\pci.sys
23:58:20.0744 3064 pci - ok
23:58:20.0759 3064 pciide (353968946bcb766f6c5c01717686b382) C:\Windows\system32\drivers\pciide.sys
23:58:20.0775 3064 pciide - ok
23:58:20.0806 3064 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:58:20.0822 3064 pcmcia - ok
23:58:20.0900 3064 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:58:21.0025 3064 PEAUTH - ok
23:58:21.0181 3064 pla (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll
23:58:21.0305 3064 pla - ok
23:58:21.0368 3064 PlugPlay (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll
23:58:21.0399 3064 PlugPlay - ok
23:58:21.0477 3064 PNRPAutoReg (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
23:58:21.0508 3064 PNRPAutoReg - ok
23:58:21.0524 3064 PNRPsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
23:58:21.0571 3064 PNRPsvc - ok
23:58:21.0633 3064 PolicyAgent (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll
23:58:21.0758 3064 PolicyAgent - ok
23:58:21.0820 3064 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
23:58:21.0883 3064 PptpMiniport - ok
23:58:21.0914 3064 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
23:58:21.0976 3064 Processor - ok
23:58:22.0023 3064 ProfSvc (8b8e8f4734c5c576e3b910db73756cf1) C:\Windows\system32\profsvc.dll
23:58:22.0039 3064 ProfSvc - ok
23:58:22.0054 3064 ProtectedStorage (d09a5da84b7c9ca9b02ebcd7fae41c8d) C:\Windows\system32\lsass.exe
23:58:22.0070 3064 ProtectedStorage - ok
23:58:22.0101 3064 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
23:58:22.0132 3064 PSched - ok
23:58:22.0163 3064 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
23:58:22.0179 3064 PSI - ok
23:58:22.0210 3064 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
23:58:22.0210 3064 PxHelp20 - ok
23:58:22.0304 3064 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
23:58:22.0366 3064 ql2300 - ok
23:58:22.0397 3064 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:58:22.0413 3064 ql40xx - ok
23:58:22.0460 3064 QWAVE (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll
23:58:22.0491 3064 QWAVE - ok
23:58:22.0522 3064 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
23:58:22.0553 3064 QWAVEdrv - ok
23:58:22.0600 3064 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
23:58:22.0647 3064 RasAcd - ok
23:58:22.0663 3064 RasAuto (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll
23:58:22.0741 3064 RasAuto - ok
23:58:22.0787 3064 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:58:22.0819 3064 Rasl2tp - ok
23:58:22.0850 3064 RasMan (6a43a313b384ca0b1accba47ee504764) C:\Windows\System32\rasmans.dll
23:58:22.0881 3064 RasMan - ok
23:58:22.0928 3064 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
23:58:23.0006 3064 RasPppoe - ok
23:58:23.0021 3064 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
23:58:23.0099 3064 rdbss - ok
23:58:23.0131 3064 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:58:23.0193 3064 RDPCDD - ok
23:58:23.0240 3064 rdpdr (87ee019fe9fbff071d76ccf9ec794646) C:\Windows\system32\drivers\rdpdr.sys
23:58:23.0271 3064 rdpdr - ok
23:58:23.0271 3064 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
23:58:23.0333 3064 RDPENCDD - ok
23:58:23.0396 3064 RDPWD (e2afac98fc6ca2ad2d09f2de1bc71ad9) C:\Windows\system32\drivers\RDPWD.sys
23:58:23.0443 3064 RDPWD - ok
23:58:23.0489 3064 RemoteAccess (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll
23:58:23.0583 3064 RemoteAccess - ok
23:58:23.0614 3064 RemoteRegistry (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll
23:58:23.0692 3064 RemoteRegistry - ok
23:58:23.0739 3064 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
23:58:23.0786 3064 RFCOMM - ok
23:58:23.0864 3064 RichVideo (c1c132455200ad4704142442c89d0fa4) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
23:58:23.0879 3064 RichVideo ( UnsignedFile.Multi.Generic ) - warning
23:58:23.0879 3064 RichVideo - detected UnsignedFile.Multi.Generic (1)
23:58:23.0911 3064 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
23:58:23.0926 3064 RpcLocator - ok
23:58:24.0004 3064 RpcSs (b1bb45e24717a7f790b4411c4446ef5e) C:\Windows\system32\rpcss.dll
23:58:24.0051 3064 RpcSs - ok
23:58:24.0129 3064 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
23:58:24.0176 3064 rspndr - ok
23:58:24.0207 3064 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
23:58:24.0269 3064 RTL8169 - ok
23:58:24.0332 3064 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys
23:58:24.0347 3064 s0016bus - ok
23:58:24.0379 3064 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys
23:58:24.0379 3064 s0016mdfl - ok
23:58:24.0410 3064 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys
23:58:24.0425 3064 s0016mdm - ok
23:58:24.0503 3064 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys
23:58:24.0503 3064 s0016mgmt - ok
23:58:24.0535 3064 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys
23:58:24.0535 3064 s0016nd5 - ok
23:58:24.0581 3064 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys
23:58:24.0597 3064 s0016obex - ok
23:58:24.0628 3064 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys
23:58:24.0644 3064 s0016unic - ok
23:58:24.0691 3064 s116bus (815445f4676cc96bc9aeec303c727e19) C:\Windows\system32\DRIVERS\s116bus.sys
23:58:24.0706 3064 s116bus - ok
23:58:24.0753 3064 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\Windows\system32\DRIVERS\s116mdfl.sys
23:58:24.0753 3064 s116mdfl - ok
23:58:24.0784 3064 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\Windows\system32\DRIVERS\s116mdm.sys
23:58:24.0800 3064 s116mdm - ok
23:58:24.0847 3064 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\Windows\system32\DRIVERS\s116mgmt.sys
23:58:24.0862 3064 s116mgmt - ok
23:58:24.0893 3064 s116nd5 (306f85733671fe507470f0273025e768) C:\Windows\system32\DRIVERS\s116nd5.sys
23:58:24.0909 3064 s116nd5 - ok
23:58:24.0925 3064 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\Windows\system32\DRIVERS\s116obex.sys
23:58:24.0940 3064 s116obex - ok
23:58:25.0003 3064 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\Windows\system32\DRIVERS\s116unic.sys
23:58:25.0003 3064 s116unic - ok
23:58:25.0034 3064 SamSs (d09a5da84b7c9ca9b02ebcd7fae41c8d) C:\Windows\system32\lsass.exe
23:58:25.0049 3064 SamSs - ok
23:58:25.0096 3064 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:58:25.0112 3064 SASDIFSV - ok
23:58:25.0127 3064 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:58:25.0143 3064 SASKUTIL - ok
23:58:25.0174 3064 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:58:25.0190 3064 sbp2port - ok
23:58:25.0237 3064 SCardSvr (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll
23:58:25.0299 3064 SCardSvr - ok
23:58:25.0393 3064 Schedule (bf17da9f25a4f84c2577ac13ee126cb7) C:\Windows\system32\schedsvc.dll
23:58:25.0439 3064 Schedule - ok
23:58:25.0486 3064 SCPolicySvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
23:58:25.0549 3064 SCPolicySvc - ok
23:58:25.0595 3064 SDRSVC (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll
23:58:25.0627 3064 SDRSVC - ok
23:58:25.0673 3064 se45bus (531ebc57db331c8500c042d9f8a6aef2) C:\Windows\system32\DRIVERS\se45bus.sys
23:58:25.0689 3064 se45bus - ok
23:58:25.0720 3064 se45mdfl (148e7e813681d3a0a05f09826080cc2b) C:\Windows\system32\DRIVERS\se45mdfl.sys
23:58:25.0736 3064 se45mdfl - ok
23:58:25.0783 3064 se45mdm (b4ce022564d0d3fd7b0e5459aa12aa72) C:\Windows\system32\DRIVERS\se45mdm.sys
23:58:25.0798 3064 se45mdm - ok
23:58:25.0829 3064 se45mgmt (6d04ea9c049ebd78d64ade447de3f7eb) C:\Windows\system32\DRIVERS\se45mgmt.sys
23:58:25.0845 3064 se45mgmt - ok
23:58:25.0876 3064 se45obex (5e003693822460d37516d9a262de9e11) C:\Windows\system32\DRIVERS\se45obex.sys
23:58:25.0892 3064 se45obex - ok
23:58:25.0939 3064 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:58:26.0001 3064 secdrv - ok
23:58:26.0032 3064 seclogon (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll
23:58:26.0110 3064 seclogon - ok
23:58:26.0282 3064 Secunia PSI Agent (fc4842cecaf2a938be13a6c534034088) C:\Program Files\Secunia\PSI\PSIA.exe
23:58:26.0375 3064 Secunia PSI Agent - ok
23:58:26.0469 3064 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
23:58:26.0485 3064 seehcri - ok
23:58:26.0531 3064 SENS (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\System32\sens.dll
23:58:26.0609 3064 SENS - ok
23:58:26.0641 3064 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:58:26.0719 3064 Serenum - ok
23:58:26.0734 3064 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:58:26.0781 3064 Serial - ok
23:58:26.0812 3064 sermouse (2baf2abc0da0d50ebe8289c720977052) C:\Windows\system32\drivers\sermouse.sys
23:58:26.0843 3064 sermouse - ok
23:58:26.0875 3064 SessionEnv (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll
23:58:26.0921 3064 SessionEnv - ok
23:58:26.0953 3064 sffdisk (55b145d4248012d306da8e92fa9fdc20) C:\Windows\system32\drivers\sffdisk.sys
23:58:26.0953 3064 sffdisk - ok
23:58:26.0999 3064 sffp_mmc (b86dfcd55294a0495571a27b861e6ef3) C:\Windows\system32\drivers\sffp_mmc.sys
23:58:27.0031 3064 sffp_mmc - ok
23:58:27.0062 3064 sffp_sd (5b327b59fae2b01c34690d91ed03786e) C:\Windows\system32\drivers\sffp_sd.sys
23:58:27.0093 3064 sffp_sd - ok
23:58:27.0124 3064 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:58:27.0187 3064 sfloppy - ok
23:58:27.0233 3064 ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll
23:58:27.0327 3064 ShellHWDetection - ok
23:58:27.0374 3064 Si3531 (8613e8fe6c190f377240a3989fad5d5e) C:\Windows\system32\DRIVERS\Si3531.sys
23:58:27.0389 3064 Si3531 - ok
23:58:27.0405 3064 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\Windows\system32\DRIVERS\SiWinAcc.sys
23:58:27.0452 3064 SiFilter - ok
23:58:27.0483 3064 SiRemFil (41a59f484188be629087ba391ff60d74) C:\Windows\system32\DRIVERS\SiRemFil.sys
23:58:27.0499 3064 SiRemFil - ok
23:58:27.0545 3064 sisagp (e5773c4cff310d00a59db01ef4074135) C:\Windows\system32\drivers\sisagp.sys
23:58:27.0545 3064 sisagp - ok
23:58:27.0577 3064 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
23:58:27.0592 3064 SiSRaid2 - ok
23:58:27.0608 3064 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
23:58:27.0623 3064 SiSRaid4 - ok
23:58:27.0857 3064 slsvc (a1dcd30534835cb67733ad00175125a6) C:\Windows\system32\SLsvc.exe
23:58:28.0029 3064 slsvc - ok
23:58:28.0154 3064 SLUINotify (56da296e7b376a727e7bdc5ac7fbee02) C:\Windows\system32\SLUINotify.dll
23:58:28.0185 3064 SLUINotify - ok
23:58:28.0232 3064 Smb (46baf398809a0f3b2d3300a1760e4b91) C:\Windows\system32\DRIVERS\smb.sys
23:58:28.0294 3064 Smb - ok
23:58:28.0388 3064 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
23:58:28.0481 3064 smserial - ok
23:58:28.0544 3064 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
23:58:28.0575 3064 SNMPTRAP - ok
23:58:28.0731 3064 Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
23:58:28.0731 3064 Sony Ericsson PCCompanion - ok
23:58:28.0778 3064 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
23:58:28.0778 3064 spldr - ok
23:58:28.0809 3064 Spooler (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe
23:58:28.0825 3064 Spooler - ok
23:58:28.0887 3064 srv (081be0d7a95af38d2aa238afcfc103aa) C:\Windows\system32\DRIVERS\srv.sys
23:58:28.0934 3064 srv - ok
23:58:28.0965 3064 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
23:58:29.0012 3064 srv2 - ok
23:58:29.0043 3064 srvnet (3d2ca9f958fb6e28447da61f65b9deba) C:\Windows\system32\DRIVERS\srvnet.sys
23:58:29.0043 3064 srvnet - ok
23:58:29.0074 3064 SSDPSRV (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll
23:58:29.0152 3064 SSDPSRV - ok
23:58:29.0199 3064 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
23:58:29.0199 3064 ssmdrv - ok
23:58:29.0230 3064 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
23:58:29.0261 3064 SSPORT ( UnsignedFile.Multi.Generic ) - warning
23:58:29.0261 3064 SSPORT - detected UnsignedFile.Multi.Generic (1)
23:58:29.0308 3064 StillCam (7a95b5deb594616f1693486b8161411e) C:\Windows\system32\DRIVERS\serscan.sys
23:58:29.0355 3064 StillCam - ok
23:58:29.0402 3064 stisvc (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll
23:58:29.0464 3064 stisvc - ok
23:58:29.0511 3064 swenum (9c539aaffb0b6d7bce984c74317ff29f) C:\Windows\system32\DRIVERS\swenum.sys
23:58:29.0527 3064 swenum - ok
23:58:29.0558 3064 swprv (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll
23:58:29.0636 3064 swprv - ok
23:58:29.0683 3064 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:58:29.0698 3064 Symc8xx - ok
23:58:29.0729 3064 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:58:29.0729 3064 Sym_hi - ok
23:58:29.0761 3064 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:58:29.0761 3064 Sym_u3 - ok
23:58:29.0823 3064 SysMain (8f2b5fede18bd3c4c926cbf88e6f1264) C:\Windows\system32\sysmain.dll
23:58:29.0870 3064 SysMain - ok
23:58:29.0917 3064 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
23:58:29.0932 3064 TabletInputService - ok
23:58:29.0979 3064 TapiSrv (9c574f1879936f5761f5322a5962e4f1) C:\Windows\System32\tapisrv.dll
23:58:29.0995 3064 TapiSrv - ok
23:58:30.0010 3064 TBS (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll
23:58:30.0057 3064 TBS - ok
23:58:30.0135 3064 Tcpip (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\drivers\tcpip.sys
23:58:30.0229 3064 Tcpip - ok
23:58:30.0244 3064 Tcpip6 (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\DRIVERS\tcpip.sys
23:58:30.0322 3064 Tcpip6 - ok
23:58:30.0369 3064 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
23:58:30.0431 3064 tcpipreg - ok
23:58:30.0447 3064 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
23:58:30.0509 3064 TDPIPE - ok
23:58:30.0525 3064 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
23:58:30.0603 3064 TDTCP - ok
23:58:30.0650 3064 tdx (7973f7239486800cd79e4fdbab6a07df) C:\Windows\system32\DRIVERS\tdx.sys
23:58:30.0681 3064 tdx - ok
23:58:30.0697 3064 TermDD (cfe870506361bac80a549749116ad870) C:\Windows\system32\DRIVERS\termdd.sys
23:58:30.0712 3064 TermDD - ok
23:58:30.0759 3064 TermService (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll
23:58:30.0899 3064 TermService - ok
23:58:30.0977 3064 TestHandler (8c80a73a5d77b2208ca91e4fa269981d) C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
23:58:30.0993 3064 TestHandler ( UnsignedFile.Multi.Generic ) - warning
23:58:30.0993 3064 TestHandler - detected UnsignedFile.Multi.Generic (1)
23:58:31.0040 3064 Themes (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll
23:58:31.0071 3064 Themes - ok
23:58:31.0102 3064 THREADORDER (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
23:58:31.0196 3064 THREADORDER - ok
23:58:31.0211 3064 TrkWks (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll
23:58:31.0321 3064 TrkWks - ok
23:58:31.0367 3064 TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe
23:58:31.0399 3064 TrustedInstaller - ok
23:58:31.0430 3064 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:58:31.0492 3064 tssecsrv - ok
23:58:31.0523 3064 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
23:58:31.0539 3064 tunmp - ok
23:58:31.0586 3064 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
23:58:31.0617 3064 tunnel - ok
23:58:31.0648 3064 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
23:58:31.0664 3064 uagp35 - ok
23:58:31.0711 3064 udfs (deea398a92952ccc421ba5b39662cabe) C:\Windows\system32\DRIVERS\udfs.sys
23:58:31.0742 3064 udfs - ok
23:58:31.0804 3064 UI0Detect (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe
23:58:31.0820 3064 UI0Detect - ok
23:58:31.0851 3064 uliagpkx (5895ef4d0f1424392ee6439250e25677) C:\Windows\system32\drivers\uliagpkx.sys
23:58:31.0867 3064 uliagpkx - ok
23:58:31.0898 3064 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
23:58:31.0929 3064 uliahci - ok
23:58:31.0945 3064 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:58:31.0960 3064 UlSata - ok
23:58:31.0991 3064 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:58:31.0991 3064 ulsata2 - ok
23:58:32.0023 3064 umbus (dc8828971d997de009647fce59e0ce8f) C:\Windows\system32\DRIVERS\umbus.sys
23:58:32.0038 3064 umbus - ok
23:58:32.0069 3064 upnphost (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll
23:58:32.0132 3064 upnphost - ok
23:58:32.0179 3064 usbccgp (3f795d59734259a00d385fbd65191bf4) C:\Windows\system32\DRIVERS\usbccgp.sys
23:58:32.0210 3064 usbccgp - ok
23:58:32.0241 3064 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:58:32.0288 3064 usbcir - ok
23:58:32.0319 3064 usbehci (5555f6df13a1a1c327d67e9da7b99aee) C:\Windows\system32\DRIVERS\usbehci.sys
23:58:32.0350 3064 usbehci - ok
23:58:32.0397 3064 usbhub (8dabb8cb47e0736930cf6492aed361a6) C:\Windows\system32\DRIVERS\usbhub.sys
23:58:32.0413 3064 usbhub - ok
23:58:32.0444 3064 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
23:58:32.0491 3064 usbohci - ok
23:58:32.0522 3064 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
23:58:32.0553 3064 usbprint - ok
23:58:32.0615 3064 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
23:58:32.0662 3064 usbscan - ok
23:58:32.0693 3064 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:58:32.0709 3064 USBSTOR - ok
23:58:32.0725 3064 usbuhci (718fdf0b0f16e1d3b992f95eadf1af75) C:\Windows\system32\DRIVERS\usbuhci.sys
23:58:32.0756 3064 usbuhci - ok
23:58:32.0787 3064 UxSms (ef1db5ed65199a8a75d06f965df25f32) C:\Windows\System32\uxsms.dll
23:58:32.0803 3064 UxSms - ok
23:58:32.0865 3064 vds (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe
23:58:32.0881 3064 vds - ok
23:58:32.0912 3064 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
23:58:32.0959 3064 vga - ok
23:58:32.0974 3064 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
23:58:33.0021 3064 VgaSave - ok
23:58:33.0052 3064 viaagp (66e64d5cbeb047c90e65f0962483a5b2) C:\Windows\system32\drivers\viaagp.sys
23:58:33.0068 3064 viaagp - ok
23:58:33.0083 3064 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
23:58:33.0161 3064 ViaC7 - ok
23:58:33.0193 3064 viaide (7100b56688c5d6d7695d18fd001f0cd6) C:\Windows\system32\drivers\viaide.sys
23:58:33.0208 3064 viaide - ok
23:58:33.0239 3064 viamraid (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys
23:58:33.0271 3064 viamraid - ok
23:58:33.0271 3064 volmgr (cc8a64a532fd2844ee68f4061ed8a7fd) C:\Windows\system32\drivers\volmgr.sys
23:58:33.0286 3064 volmgr - ok
23:58:33.0333 3064 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
23:58:33.0349 3064 volmgrx - ok
23:58:33.0380 3064 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
23:58:33.0395 3064 volsnap - ok
23:58:33.0427 3064 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
23:58:33.0442 3064 vsmraid - ok
23:58:33.0536 3064 VSS (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe
23:58:33.0661 3064 VSS - ok
23:58:33.0707 3064 W32Time (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll
23:58:33.0817 3064 W32Time - ok
23:58:33.0832 3064 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:58:33.0910 3064 WacomPen - ok
23:58:33.0957 3064 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
23:58:33.0973 3064 Wanarp - ok
23:58:33.0973 3064 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
23:58:33.0988 3064 Wanarpv6 - ok
23:58:34.0035 3064 wcncsvc (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll
23:58:34.0082 3064 wcncsvc - ok
23:58:34.0097 3064 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
23:58:34.0160 3064 WcsPlugInService - ok
23:58:34.0191 3064 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
23:58:34.0207 3064 Wd - ok
23:58:34.0269 3064 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:58:34.0285 3064 Wdf01000 - ok
23:58:34.0300 3064 WdiServiceHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
23:58:34.0347 3064 WdiServiceHost - ok
23:58:34.0347 3064 WdiSystemHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
23:58:34.0363 3064 WdiSystemHost - ok
23:58:34.0409 3064 WebClient (e6d41c3809fee6473090f3200df95680) C:\Windows\System32\webclnt.dll
23:58:34.0456 3064 WebClient - ok
23:58:34.0487 3064 Wecsvc (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll
23:58:34.0534 3064 Wecsvc - ok
23:58:34.0565 3064 wercplsupport (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll
23:58:34.0628 3064 wercplsupport - ok
23:58:34.0659 3064 WerSvc (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll
23:58:34.0737 3064 WerSvc - ok
23:58:34.0737 3064 WinHttpAutoProxySvc - ok
23:58:34.0815 3064 Winmgmt (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll
23:58:34.0862 3064 Winmgmt - ok
23:58:34.0893 3064 WinRM (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll
23:58:35.0002 3064 WinRM - ok
23:58:35.0080 3064 Wlansvc (b410476a00961bf3fc368a346d8ea6a7) C:\Windows\System32\wlansvc.dll
23:58:35.0158 3064 Wlansvc - ok
23:58:35.0236 3064 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:58:35.0252 3064 WmiAcpi - ok
23:58:35.0283 3064 wmiApSrv (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe
23:58:35.0299 3064 wmiApSrv - ok
23:58:35.0423 3064 WMPNetworkSvc (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:58:35.0533 3064 WMPNetworkSvc - ok
23:58:35.0595 3064 WPCSvc (3d3b3b80c12abe506f56930c46422c28) C:\Windows\System32\wpcsvc.dll
23:58:35.0626 3064 WPCSvc - ok
23:58:35.0689 3064 WPDBusEnum (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll
23:58:35.0735 3064 WPDBusEnum - ok
23:58:35.0767 3064 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
23:58:35.0860 3064 ws2ifsl - ok
23:58:35.0876 3064 WSearch - ok
23:58:36.0079 3064 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
23:58:36.0281 3064 wuauserv - ok
23:58:36.0531 3064 WUDFRd (ee0974d4042da9cf4c569ac4eca8c9c0) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:58:36.0562 3064 WUDFRd - ok
23:58:36.0578 3064 wudfsvc (bcbf4873ecc317a6fc950e36383fc082) C:\Windows\System32\WUDFSvc.dll
23:58:36.0625 3064 wudfsvc - ok
23:58:36.0703 3064 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:58:37.0030 3064 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:58:37.0030 3064 \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:58:37.0030 3064 Boot (0x1200) (3b94fb4bab3d6b2e8a6c131c3ed5c0ca) \Device\Harddisk0\DR0\Partition0
23:58:37.0030 3064 \Device\Harddisk0\DR0\Partition0 - ok
23:58:37.0061 3064 Boot (0x1200) (7191345dd4ad4554d8e30560d63f0f35) \Device\Harddisk0\DR0\Partition1
23:58:37.0061 3064 \Device\Harddisk0\DR0\Partition1 - ok
23:58:37.0061 3064 ============================================================
23:58:37.0061 3064 Scan finished
23:58:37.0061 3064 ============================================================
23:58:37.0077 2736 Detected object count: 18
23:58:37.0077 2736 Actual detected object count: 18
00:00:30.0105 2736 acedrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:30.0105 2736 acedrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:30.0105 2736 acedrv02 ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:30.0105 2736 acedrv02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:30.0121 2736 acedrv03 ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:30.0121 2736 acedrv03 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:30.0121 2736 acedrv04 ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:30.0121 2736 acedrv04 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:30.0121 2736 acedrv05 ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:30.0121 2736 acedrv05 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:30.0121 2736 acedrv06 ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:30.0121 2736 acedrv06 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:30.0121 2736 acedrv07 ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:30.0121 2736 acedrv07 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:30.0137 2736 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:30.0137 2736 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:30.0137 2736 CEBFilter ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:30.0137 2736 CEBFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:30.0137 2736 CEIO ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:30.0137 2736 CEIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:30.0137 2736 cKBFilter ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:30.0137 2736 cKBFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:30.0137 2736 FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:30.0137 2736 FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:30.0152 2736 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:30.0152 2736 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:30.0152 2736 OsdService ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:30.0152 2736 OsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:30.0152 2736 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:30.0152 2736 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:30.0152 2736 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:30.0152 2736 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:30.0152 2736 TestHandler ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:30.0152 2736 TestHandler ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:30.0152 2736 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
00:00:30.0152 2736 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
22.06.2012, 10:11
| #4 |
| | Avira findet ständig TR/ATRAPS.Gen2 TR/Sirefef.AG.35 Hi, ok, TDSS-Filesystem erkannt (d.g. Rootkit ist vorhanden), Rootkit-Treiber wurde aber nicht erkannt... Das Rootkit sollte aber "angeschossen" sein, wir haben ihm ein paar Teile unter Hintern "wegeschossen"  )...Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
22.06.2012, 18:40
| #5 |
| | Avira findet ständig TR/ATRAPS.Gen2 TR/Sirefef.AG.35 Hallo Chris, Hier das log vom ComboFix: Combofix Logfile: Code:
ATTFilter ComboFix 12-06-21.03 - Yyy 22.06.2012 18:55:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.43.1031.18.3070.2102 [GMT 2:00]
ausgeführt von:: c:\users\Yyy\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\CLICKS~1\CLICks~2.exe
c:\program files\DealPly
c:\program files\DealPly\DealPly.crx
c:\program files\DealPly\DealPlyIE.dll
c:\program files\DealPly\icon.ico
c:\program files\DealPly\uninst.exe
c:\program files\pdfforge Toolbar\pdFForgetoolbarie.dll
c:\programdata\hpeA40B.dll
c:\users\Yyy\AppData\Local\{5688662e-4c7d-ace4-7703-2c3917704c0a}
c:\users\Yyy\AppData\Local\{5688662e-4c7d-ace4-7703-2c3917704c0a}\@
c:\users\Yyy\AppData\Local\{5688662e-4c7d-ace4-7703-2c3917704c0a}\n
c:\users\Yyy\AppData\Roaming\Microsoft\Windows\Recent\Arbeitsmarktservice Österreich.url
c:\users\Yyy\Desktop\Internet Explorer.lnk
c:\windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-22 bis 2012-06-22 ))))))))))))))))))))))))))))))
.
.
2012-06-22 17:03 . 2012-06-22 17:05 -------- d-----w- c:\users\Yyy\AppData\Local\temp
2012-06-22 17:03 . 2012-06-22 17:03 -------- d-----w- c:\users\Xxx\AppData\Local\temp
2012-06-22 17:03 . 2012-06-22 17:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 21:02 . 2012-06-21 21:02 -------- d-----w- C:\_OTL
2012-06-20 20:28 . 2012-06-20 20:28 -------- d-----w- c:\program files\7-Zip
2012-06-20 18:56 . 2012-06-20 18:56 -------- d-----w- c:\users\Yyy\AppData\Roaming\Malwarebytes
2012-06-20 18:56 . 2012-06-20 18:56 -------- d-----w- c:\programdata\Malwarebytes
2012-06-20 18:56 . 2012-06-20 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-20 18:56 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 18:44 . 2012-06-20 18:44 -------- d-----w- c:\users\Yyy\AppData\Roaming\SUPERAntiSpyware.com
2012-06-20 18:44 . 2012-06-20 22:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-20 18:44 . 2012-06-20 18:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-20 18:41 . 2012-06-20 18:41 -------- d-----w- c:\program files\Secunia
2012-06-20 18:40 . 2012-06-20 18:40 -------- d-----w- c:\program files\FileHippo.com
2012-06-20 18:30 . 2012-06-21 22:17 -------- d-----w- c:\users\Xxx\TrojanerTemp
2012-06-19 20:29 . 2012-06-19 20:29 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-19 12:47 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{35379C1C-8ADF-4C7D-8405-F3EAA79BFA8F}\mpengine.dll
2012-06-17 23:23 . 2012-06-17 23:23 -------- d-----w- c:\users\Xxx\AppData\Local\Macromedia
2012-06-14 07:06 . 2012-06-14 07:06 -------- d-----w- c:\users\Yyy\AppData\Local\Macromedia
2012-06-09 11:36 . 2012-06-09 11:36 -------- d-----w- c:\programdata\mquadr.at
2012-06-09 11:35 . 2010-03-02 12:54 105856 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2012-06-09 11:35 . 2010-03-02 12:54 105856 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2012-06-09 11:35 . 2010-03-02 12:54 105856 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-06-09 11:35 . 2010-02-22 08:06 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2012-06-09 11:35 . 2009-12-28 13:05 114688 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2012-06-09 11:35 . 2008-03-21 22:41 503864 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-06-09 11:35 . 2008-03-21 22:41 35896 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-06-09 11:34 . 2011-02-25 16:02 90368 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-06-09 11:34 . 2011-01-30 16:19 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-06-09 11:34 . 2011-01-30 16:19 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-06-09 11:34 . 2011-01-30 16:19 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-06-09 11:34 . 2010-09-26 16:09 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-06-09 11:34 . 2010-07-27 07:52 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-06-09 11:34 . 2010-03-20 10:06 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-06-09 11:34 . 2008-03-27 14:49 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-06-09 11:34 . 2008-03-27 14:49 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-06-09 11:34 . 2012-06-09 11:36 -------- dc-h--w- c:\programdata\{7DECD834-973E-4B75-9B37-79105C3EA3B6}
2012-06-09 11:34 . 2012-06-09 11:34 -------- d-----w- c:\program files\bob internet
2012-06-09 11:33 . 2012-06-09 11:33 -------- d-----w- c:\users\Yyy\AppData\Local\PackageAware
2012-06-09 11:12 . 2012-06-09 11:12 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-09 11:12 . 2012-06-09 11:12 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-04 14:56 . 2012-06-20 21:52 -------- d-----w- c:\program files\Microsoft
2012-06-04 14:55 . 2012-06-04 14:55 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-04 14:55 . 2012-06-04 14:59 -------- d-----w- c:\programdata\HP Photo Creations
2012-06-04 14:55 . 2012-06-04 14:55 -------- d-----w- c:\program files\HP Photo Creations
2012-06-04 14:55 . 2012-06-04 14:55 -------- d-----w- c:\users\Yyy\AppData\Roaming\HpUpdate
2012-06-04 14:53 . 2012-06-04 14:53 -------- d-----w- c:\programdata\HP
2012-06-04 14:53 . 2012-06-04 14:55 -------- d-----w- c:\program files\HP
2012-06-04 14:53 . 2012-06-04 14:59 -------- d-----w- c:\users\Yyy\AppData\Local\HP
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 20:29 . 2010-04-17 14:42 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-14 07:03 . 2012-04-01 22:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 07:03 . 2011-05-18 18:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 19:16 . 2011-10-15 13:26 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 19:16 . 2011-10-15 13:26 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-19 13:02 . 2011-05-07 08:46 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
1998-12-13 22:00 57344 --sha-w- c:\windows\System32\mfc42loc.dll
1995-09-20 14:16 35088 --sha-w- c:\windows\System32\msjint32.dll
1995-09-20 14:13 977680 --sha-w- c:\windows\System32\msjt3032.dll
1995-09-20 14:16 23824 --sha-w- c:\windows\System32\msjter32.dll
1995-09-24 09:02 243472 --sha-w- c:\windows\System32\vbar2232.dll
1998-05-18 01:06 368912 --sha-w- c:\windows\System32\vbar332.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-10 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-20 3905408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-18 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-18 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-18 8466432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 155648]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
.
c:\users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\users\Yyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-7-29 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Yyy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\Yyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Yyy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Medien-Prüfung.lnk]
path=c:\users\Yyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk
backup=c:\windows\pss\Picture Motion Browser Medien-Prüfung.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 08:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-10-12 06:44 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 12:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSD]
2007-09-20 14:32 561152 ----a-w- c:\program files\C&E\OSD\osd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-06 19:38 155648 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\recinfo542]
2007-10-23 12:52 2764800 ----a-w- c:\recinfo\RecInfo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-05-10 15:10 4468736 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-22 16:31 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-06 09:23 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257224]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 acedrv01;acedrv01;c:\windows\system32\drivers\acedrv01.sys [2008-05-13 93696]
S2 acedrv02;acedrv02;c:\windows\system32\drivers\acedrv02.sys [2008-05-13 97280]
S2 acedrv03;acedrv03;c:\windows\system32\drivers\acedrv03.sys [2008-05-13 97280]
S2 acedrv04;acedrv04;c:\windows\system32\drivers\acedrv04.sys [2008-05-13 97280]
S2 acedrv06;acedrv06;c:\windows\system32\drivers\acedrv06.sys [2008-05-13 99840]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-27 330144]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-27 251680]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 07:03]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 21:58]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 21:58]
.
2012-06-20 c:\windows\Tasks\hpwebreg_CN1691P3Z005QV.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\hpwebreg.exe [2010-11-16 19:16]
.
2012-06-22 c:\windows\Tasks\User_Feed_Synchronization-{47C141B7-ACFC-4E6A-A205-73B88EBB6936}.job
- c:\windows\system32\msfeedssync.exe [2010-04-01 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{1F9BFDFE-AB51-4AB8-A3C3-7450B4DC52EB}: NameServer = 194.48.139.254 194.48.124.200
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Yyy\AppData\Roaming\Mozilla\Firefox\Profiles\dnzu70z5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-SearchSettings - c:\program files\pdfforge Toolbar\SearchSettings.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
AddRemove-446832_R1 - c:\windows\IsUn0407.exe
AddRemove-DealPly - c:\program files\DealPly\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-22 19:04
Windows 6.0.6000 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(228)
c:\program files\HappyFoto\Bestellassistent\FotoSync.dll
c:\program files\HappyFoto\Bestellassistent\xerc2701.dll
c:\program files\HappyFoto\Bestellassistent\fotosynr.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Secunia\PSI\PSIA.exe
c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-22 19:13:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-22 17:13
.
Vor Suchlauf: 20 Verzeichnis(se), 56.361.168.896 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 57.001.410.560 Bytes frei
.
- - End Of File - - 6EAF63CD241756412EEF7ECFD5DF2E72
Ich bin zwar Parzifistin, aber da hab ich nichts gegen Waffengebrauch  Ist das Rootkit jetzt weggeschossen?lg, Xanadu |
|
22.06.2012, 18:58
| #6 |
| | Avira findet ständig TR/ATRAPS.Gen2 TR/Sirefef.AG.35 Hi, ja, CF hat den infizierten Treiber gefunden und "neutralisiert"... (durch einen "korrekten" ersetzt)... Allerdings ist es bedenklich, das der Killer ihn nicht erkannt hat, das scheint eine neu Version des Rootkits zu sein... Bitte MAM updaten und nochmal einen Fullscan machen, Log posten... chris
__________________ --> Avira findet ständig TR/ATRAPS.Gen2 TR/Sirefef.AG.35 |
|
| Themen zu Avira findet ständig TR/ATRAPS.Gen2 TR/Sirefef.AG.35 |
| 80000000.@, 800000cb.@, acedrv05.sys, ad-aware, alternate, antivir, avg, avira, becker, bho, dateisystem, dealply, downloader, entfernen, error, failed, firefox, firefox 13.0.1, flash player, format, google earth, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, intranet, kommt immer wieder, logfile, mozilla, pdfforge toolbar, plug-in, realtek, registry, rundll, safer networking, searchscopes, secunia psi, security, services.exe, software, symantec, trojaner, vista |
Hybrid-Darstellung
