| |
| |||||||
Log-Analyse und Auswertung: Malware - Avira abgeschaltetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
14.08.2012, 13:51
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Malware - Avira abgeschaltet Diesen WebGuard braucht man nicht! Der ist eh abhängig von so einer mülligen Toolbar von Ask, die man bestimmt nicht haben will! Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.08.2012, 21:56
| #17 |
 | Malware - Avira abgeschaltetCode:
ATTFilter OTL logfile created on: 14.08.2012 22:10:13 - Run 2 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 65,73% Memory free 6,18 Gb Paging File | 5,14 Gb Available in Paging File | 83,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 66,86 Gb Free Space | 46,40% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 132,11 Gb Free Space | 91,75% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.14 22:06:50 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.07.12 20:52:22 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe PRC - [2012.02.22 04:03:35 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ielowutil.exe PRC - [2011.06.29 15:39:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.27 13:09:54 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.11.04 15:11:52 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2008.10.08 02:19:12 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2008.10.06 11:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2008.08.26 09:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2008.08.07 04:55:38 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2008.07.10 13:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.07.10 13:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.12 06:19:52 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2008.02.12 06:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.16 10:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe ========== Modules (No Company Name) ========== MOD - [2010.06.03 02:51:08 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2006.08.12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012.08.14 22:06:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.03 22:45:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011.06.29 15:39:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.27 13:09:54 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2008.07.10 13:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.07.10 13:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.05.13 01:47:20 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 10:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv) SRV - [2006.10.26 07:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2011.06.29 15:39:55 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.29 15:39:55 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.13 14:31:50 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.12.17 17:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.11.07 02:19:36 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2008.08.05 20:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.07.26 21:24:00 | 007,548,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.05.08 11:51:18 | 000,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor) DRV - [2008.03.28 12:19:54 | 001,363,088 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4052529140-588982613-92189222-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKU\S-1-5-21-4052529140-588982613-92189222-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-4052529140-588982613-92189222-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4052529140-588982613-92189222-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-4052529140-588982613-92189222-1003\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKU\S-1-5-21-4052529140-588982613-92189222-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4052529140-588982613-92189222-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-4052529140-588982613-92189222-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.03 22:45:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.01 20:49:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.03 22:45:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.01 20:49:36 | 000,000,000 | ---D | M] [2010.06.13 14:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.08.13 20:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions [2010.09.03 14:54:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.08.03 10:18:45 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.15 15:22:12 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.13 20:48:07 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-1.xml [2011.08.19 16:05:32 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-10.xml [2011.11.09 20:22:36 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-11.xml [2011.11.21 18:44:46 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-12.xml [2010.12.16 10:39:47 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-2.xml [2011.03.04 14:59:51 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-3.xml [2011.03.08 15:30:27 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-4.xml [2011.03.25 15:26:21 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-5.xml [2011.04.30 18:42:36 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-6.xml [2011.05.06 14:27:08 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-7.xml [2011.05.13 14:05:39 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-8.xml [2011.06.25 10:56:21 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-9.xml [2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin.xml [2012.02.21 20:42:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.05.31 20:04:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.08.03 22:45:18 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.15 16:10:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.15 16:10:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.15 16:10:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.15 16:10:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.15 16:10:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.15 16:10:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-4052529140-588982613-92189222-1003..\Run: [Facebook Update] C:\Users\Teresa Sonntag\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-4052529140-588982613-92189222-1003..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-4052529140-588982613-92189222-1003..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKU\S-1-5-21-4052529140-588982613-92189222-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E823EC7-DD26-4E07-9242-9376925A4DD7}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3a23b1f3-76e8-11df-8fa1-00234eeb1283}\Shell - "" = AutoRun O33 - MountPoints2\{3a23b1f3-76e8-11df-8fa1-00234eeb1283}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{3a23b1f3-76e8-11df-8fa1-00234eeb1283}\Shell\configure\command - "" = G:\SETUP.EXE O33 - MountPoints2\{3a23b1f3-76e8-11df-8fa1-00234eeb1283}\Shell\install\command - "" = G:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.I420 - MSh263.drv File not found Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.08.14 22:06:45 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.08.09 16:22:08 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu(1).exe [2012.08.08 18:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.08.04 14:40:28 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner Board [2012.08.04 04:40:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.08.04 04:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.04 04:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.04 04:40:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.04 04:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.03 18:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.08.03 18:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.08.03 18:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.08.03 10:55:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira ========== Files - Modified Within 30 Days ========== [2012.08.14 22:14:52 | 000,001,152 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4052529140-588982613-92189222-1003Core.job [2012.08.14 22:08:31 | 000,174,086 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.08.14 22:08:11 | 000,174,086 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.08.14 22:06:50 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.08.14 22:06:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.14 22:05:42 | 000,001,174 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4052529140-588982613-92189222-1003UA.job [2012.08.14 22:05:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.13 20:41:14 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.13 20:41:14 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.13 20:40:55 | 3215,577,088 | -HS- | M] () -- C:\hiberfil.sys [2012.08.13 20:40:01 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.08.13 20:00:47 | 000,614,903 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.08.09 16:21:40 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu(1).exe [2012.08.08 16:59:59 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.04 15:05:29 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\2w6gcpwt.exe [2012.08.04 14:44:20 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.08.04 14:42:10 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.07.18 06:37:48 | 000,397,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.08.13 20:00:44 | 000,614,903 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.08.09 17:47:31 | 3215,577,088 | -HS- | C] () -- C:\hiberfil.sys [2012.08.08 16:59:59 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.04 15:05:27 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\2w6gcpwt.exe [2012.08.04 14:43:42 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.08.04 14:42:08 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.07.14 22:06:47 | 000,007,088 | ---- | C] () -- C:\Users\***\Opis Lied.odt [2012.04.30 17:32:21 | 000,000,164 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E} [2012.04.30 17:32:21 | 000,000,092 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51} [2012.04.21 11:55:09 | 000,031,007 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2012.01.07 15:43:52 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll [2012.01.07 15:22:47 | 000,000,012 | ---- | C] () -- C:\Windows\Ulead32.ini [2010.06.14 15:10:24 | 000,174,086 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.06.14 15:05:48 | 000,174,086 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.06.13 14:13:41 | 000,021,504 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2012.06.27 18:50:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2010.06.13 14:47:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.04.30 17:31:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Degener [2010.06.15 15:22:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.20 20:52:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2012.03.31 18:31:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ Search [2010.11.09 18:34:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\smiledaten [2012.01.07 15:46:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ulead Systems [2012.08.14 22:14:52 | 000,001,152 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4052529140-588982613-92189222-1003Core.job [2012.08.14 22:05:42 | 000,001,174 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4052529140-588982613-92189222-1003UA.job [2012.08.13 20:40:00 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.06.26 18:31:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2012.06.27 18:50:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2012.08.03 10:55:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira [2010.06.13 14:47:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.04.30 17:31:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Degener [2010.08.13 20:22:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX [2010.06.15 15:22:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.20 20:52:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2012.03.31 18:31:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ Search [2009.03.29 20:51:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2010.06.13 20:05:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield [2010.06.13 13:48:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2012.08.04 04:40:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2012.08.03 10:57:20 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2010.06.13 14:00:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2012.08.13 20:46:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype [2010.11.09 18:34:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\smiledaten [2010.06.13 20:31:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Corporation [2012.01.07 15:46:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ulead Systems [2012.05.05 13:49:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc < %APPDATA%\*.exe /s > [2010.06.13 20:10:41 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2008.07.22 08:33:26 | 000,396,312 | ---- | M] (Intel Corporation) MD5=5C62352AFF7F1FB36B2C19329F7C949D -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2008.07.22 08:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2008.07.22 08:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Windows\System32\drivers\iaStor.sys [2008.07.22 08:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_783fb8da\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2012.02.22 04:03:35 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2012.02.22 04:03:35 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll < > < End of report > |
|
15.08.2012, 19:29
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware - Avira abgeschaltet Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-4052529140-588982613-92189222-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-4052529140-588982613-92189222-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4052529140-588982613-92189222-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-4052529140-588982613-92189222-1003\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-4052529140-588982613-92189222-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="
FF - user.js - File not found
[2010.09.03 14:54:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.08.03 10:18:45 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.15 15:22:12 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.13 20:48:07 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-1.xml
[2011.08.19 16:05:32 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-10.xml
[2011.11.09 20:22:36 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-11.xml
[2011.11.21 18:44:46 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-12.xml
[2010.12.16 10:39:47 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-2.xml
[2011.03.04 14:59:51 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-3.xml
[2011.03.08 15:30:27 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-4.xml
[2011.03.25 15:26:21 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-5.xml
[2011.04.30 18:42:36 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-6.xml
[2011.05.06 14:27:08 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-7.xml
[2011.05.13 14:05:39 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-8.xml
[2011.06.25 10:56:21 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-9.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin.xml
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3a23b1f3-76e8-11df-8fa1-00234eeb1283}\Shell - "" = AutoRun
O33 - MountPoints2\{3a23b1f3-76e8-11df-8fa1-00234eeb1283}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{3a23b1f3-76e8-11df-8fa1-00234eeb1283}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{3a23b1f3-76e8-11df-8fa1-00234eeb1283}\Shell\install\command - "" = G:\SETUP.EXE
:Files
C:\user.js
C:\Users\***\AppData\Roaming\ICQ Search
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
15.08.2012, 20:21
| #19 |
| | Malware - Avira abgeschaltet Hier der Log vom Fix: Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-4052529140-588982613-92189222-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-4052529140-588982613-92189222-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4052529140-588982613-92189222-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-4052529140-588982613-92189222-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4052529140-588982613-92189222-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=" removed from keyword.URL
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5um2nqxm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\searchplugins\icqplugin.xml moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a23b1f3-76e8-11df-8fa1-00234eeb1283}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a23b1f3-76e8-11df-8fa1-00234eeb1283}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a23b1f3-76e8-11df-8fa1-00234eeb1283}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a23b1f3-76e8-11df-8fa1-00234eeb1283}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a23b1f3-76e8-11df-8fa1-00234eeb1283}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a23b1f3-76e8-11df-8fa1-00234eeb1283}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a23b1f3-76e8-11df-8fa1-00234eeb1283}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a23b1f3-76e8-11df-8fa1-00234eeb1283}\ not found.
File G:\SETUP.EXE not found.
========== FILES ==========
File\Folder C:\user.js not found.
C:\Users\***\AppData\Roaming\ICQ Search folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: ***
->Temp folder emptied: 104926947 bytes
->Temporary Internet Files folder emptied: 114111856 bytes
->FireFox cache emptied: 64448771 bytes
->Flash cache emptied: 104124 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 146009383 bytes
RecycleBin emptied: 20588486 bytes
Total Files Cleaned = 429,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: ***
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.57.0 log created on 08152012_210643
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Geändert von Flomo (15.08.2012 um 20:26 Uhr) |
|
16.08.2012, 09:10
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware - Avira abgeschaltet Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 11:08
| #21 |
| | Malware - Avira abgeschaltetCode:
ATTFilter 11:54:17.0933 5580 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
11:54:18.0027 5580 ============================================================
11:54:18.0027 5580 Current date / time: 2012/08/16 11:54:18.0027
11:54:18.0027 5580 SystemInfo:
11:54:18.0027 5580
11:54:18.0027 5580 OS Version: 6.0.6002 ServicePack: 2.0
11:54:18.0027 5580 Product type: Workstation
11:54:18.0027 5580 ComputerName: ***
11:54:18.0027 5580 UserName: ***
11:54:18.0027 5580 Windows directory: C:\Windows
11:54:18.0027 5580 System windows directory: C:\Windows
11:54:18.0027 5580 Processor architecture: Intel x86
11:54:18.0027 5580 Number of processors: 2
11:54:18.0027 5580 Page size: 0x1000
11:54:18.0027 5580 Boot type: Normal boot
11:54:18.0027 5580 ============================================================
11:54:19.0041 5580 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:54:19.0041 5580 ============================================================
11:54:19.0041 5580 \Device\Harddisk0\DR0:
11:54:19.0103 5580 MBR partitions:
11:54:19.0103 5580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x1202E000
11:54:19.0103 5580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1342E800, BlocksNum 0x11FFF800
11:54:19.0103 5580 ============================================================
11:54:19.0228 5580 C: <-> \Device\Harddisk0\DR0\Partition1
11:54:19.0384 5580 D: <-> \Device\Harddisk0\DR0\Partition2
11:54:19.0384 5580 ============================================================
11:54:19.0384 5580 Initialize success
11:54:19.0384 5580 ============================================================
12:01:38.0070 4620 ============================================================
12:01:38.0070 4620 Scan started
12:01:38.0070 4620 Mode: Manual; SigCheck; TDLFS;
12:01:38.0070 4620 ============================================================
12:01:38.0554 4620 ================ Scan services =============================
12:01:38.0866 4620 [ 82b296ae1892fe3dbee00c9cf92f8ac7 ] ACPI C:\Windows\system32\drivers\acpi.sys
12:01:39.0022 4620 ACPI - ok
12:01:39.0193 4620 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:01:39.0225 4620 AdobeFlashPlayerUpdateSvc - ok
12:01:39.0365 4620 [ 04f0fcac69c7c71a3ac4eb97fafc8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:01:39.0412 4620 adp94xx - ok
12:01:39.0661 4620 [ 60505e0041f7751bdbb80f88bf45c2ce ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:01:39.0693 4620 adpahci - ok
12:01:39.0708 4620 [ 8a42779b02aec986eab64ecfc98f8bd7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
12:01:39.0724 4620 adpu160m - ok
12:01:39.0895 4620 [ 241c9e37f8ce45ef51c3de27515ca4e5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:01:39.0911 4620 adpu320 - ok
12:01:40.0083 4620 [ 9d1fda9e086ba64e3c93c9de32461bcf ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:01:40.0176 4620 AeLookupSvc - ok
12:01:40.0363 4620 [ 3911b972b55fea0478476b2e777b29fa ] AFD C:\Windows\system32\drivers\afd.sys
12:01:40.0566 4620 AFD - ok
12:01:40.0707 4620 [ ce91b158fa490cf4c4d487a4130f4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
12:01:40.0847 4620 AgereSoftModem - ok
12:01:41.0050 4620 [ 13f9e33747e6b41a3ff305c37db0d360 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:01:41.0081 4620 agp440 - ok
12:01:41.0206 4620 [ ae1fdf7bf7bb6c6a70f67699d880592a ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:01:41.0237 4620 aic78xx - ok
12:01:41.0268 4620 [ a1545b731579895d8cc44fc0481c1192 ] ALG C:\Windows\System32\alg.exe
12:01:41.0362 4620 ALG - ok
12:01:41.0471 4620 [ 9eaef5fc9b8e351afa7e78a6fae91f91 ] aliide C:\Windows\system32\drivers\aliide.sys
12:01:41.0487 4620 aliide - ok
12:01:41.0627 4620 [ c47344bc706e5f0b9dce369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:01:41.0658 4620 amdagp - ok
12:01:41.0674 4620 [ 9b78a39a4c173fdbc1321e0dd659b34c ] amdide C:\Windows\system32\drivers\amdide.sys
12:01:41.0689 4620 amdide - ok
12:01:41.0736 4620 [ 18f29b49ad23ecee3d2a826c725c8d48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
12:01:41.0814 4620 AmdK7 - ok
12:01:41.0845 4620 [ 93ae7f7dd54ab986a6f1a1b37be7442d ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:01:41.0908 4620 AmdK8 - ok
12:01:42.0095 4620 [ c27d46b06d340293670450fce9dfb166 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:01:42.0111 4620 AntiVirSchedulerService - ok
12:01:42.0251 4620 [ 72d90e56563165984224493069c69ed4 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:01:42.0282 4620 AntiVirService - ok
12:01:42.0345 4620 [ c6d704c7f0434dc791aac37cac4b6e14 ] Appinfo C:\Windows\System32\appinfo.dll
12:01:42.0423 4620 Appinfo - ok
12:01:42.0438 4620 [ 5d2888182fb46632511acee92fdad522 ] arc C:\Windows\system32\drivers\arc.sys
12:01:42.0454 4620 arc - ok
12:01:42.0485 4620 [ 5e2a321bd7c8b3624e41fdec3e244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:01:42.0516 4620 arcsas - ok
12:01:42.0547 4620 [ 53b202abee6455406254444303e87be1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:01:42.0625 4620 AsyncMac - ok
12:01:42.0657 4620 [ 2d9c903dc76a66813d350a562de40ed9 ] atapi C:\Windows\system32\drivers\atapi.sys
12:01:42.0672 4620 atapi - ok
12:01:42.0828 4620 [ f32fee7cb2ee32c1f808409bc8019701 ] athr C:\Windows\system32\DRIVERS\athr.sys
12:01:42.0984 4620 athr - ok
12:01:43.0140 4620 [ 68e2a1a0407a66cf50da0300852424ab ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:01:43.0171 4620 AudioEndpointBuilder - ok
12:01:43.0187 4620 [ 68e2a1a0407a66cf50da0300852424ab ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:01:43.0218 4620 Audiosrv - ok
12:01:43.0281 4620 [ 1e4114685de1ffa9675e09c6a1fb3f4b ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:01:43.0312 4620 avgntflt - ok
12:01:43.0374 4620 [ 0f78d3dae6dedd99ae54c9491c62adf2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:01:43.0390 4620 avipbb - ok
12:01:43.0452 4620 [ 08015d34f6fdd0b355805bad978497c3 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
12:01:43.0686 4620 bcm4sbxp - ok
12:01:43.0795 4620 [ 6163664c7e9cd110af70180c126c3fdc ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
12:01:43.0811 4620 BcmSqlStartupSvc - ok
12:01:43.0858 4620 [ 67e506b75bd5326a3ec7b70bd014dfb6 ] Beep C:\Windows\system32\drivers\Beep.sys
12:01:43.0951 4620 Beep - ok
12:01:44.0076 4620 [ c789af0f724fda5852fb9a7d3a432381 ] BFE C:\Windows\System32\bfe.dll
12:01:44.0154 4620 BFE - ok
12:01:44.0279 4620 [ 93952506c6d67330367f7e7934b6a02f ] BITS C:\Windows\System32\qmgr.dll
12:01:44.0419 4620 BITS - ok
12:01:44.0466 4620 [ d4df28447741fd3d953526e33a617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
12:01:44.0544 4620 blbdrive - ok
12:01:44.0591 4620 [ 35f376253f687bde63976ccb3f2108ca ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:01:44.0685 4620 bowser - ok
12:01:44.0763 4620 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
12:01:44.0794 4620 BrFiltLo - ok
12:01:44.0794 4620 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
12:01:44.0872 4620 BrFiltUp - ok
12:01:44.0919 4620 [ a3629a0c4226f9e9c72faaeebc3ad33c ] Browser C:\Windows\System32\browser.dll
12:01:45.0028 4620 Browser - ok
12:01:45.0090 4620 [ b304e75cff293029eddf094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
12:01:45.0199 4620 Brserid - ok
12:01:45.0231 4620 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
12:01:45.0324 4620 BrSerWdm - ok
12:01:45.0324 4620 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
12:01:45.0418 4620 BrUsbMdm - ok
12:01:45.0433 4620 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
12:01:45.0543 4620 BrUsbSer - ok
12:01:45.0636 4620 [ 6d39c954799b63ba866910234cf7d726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
12:01:45.0792 4620 BthEnum - ok
12:01:45.0870 4620 [ 9a966a8e86d1771911ae34a20d11bff3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:01:45.0933 4620 BTHMODEM - ok
12:01:45.0964 4620 [ 5904efa25f829bf84ea6fb045134a1d8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:01:46.0042 4620 BthPan - ok
12:01:46.0089 4620 [ 611ff3f2f095c8d4a6d4cfd9dcc09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
12:01:46.0182 4620 BTHPORT - ok
12:01:46.0291 4620 [ a4c8377fa4a994e07075107dbe2e3dce ] BthServ C:\Windows\System32\bthserv.dll
12:01:46.0401 4620 BthServ - ok
12:01:46.0525 4620 [ d330803eab2a15caec7f011f1d4cb30e ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
12:01:46.0541 4620 BTHUSB - ok
12:01:46.0759 4620 [ 3ea1a20dc0ca1ad23e7aa8c37a91bcd1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
12:01:46.0775 4620 btwaudio - ok
12:01:46.0978 4620 [ 195872e48a7fb01f8bc9b800f70f4054 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
12:01:46.0993 4620 btwavdt - ok
12:01:47.0071 4620 [ 0724e7d6c9b6a289eddda33fa8176e80 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
12:01:47.0071 4620 btwrchid - ok
12:01:47.0165 4620 [ 7add03e75beb9e6dd102c3081d29840a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:01:47.0227 4620 cdfs - ok
12:01:47.0305 4620 [ 6b4bffb9becd728097024276430db314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:01:47.0383 4620 cdrom - ok
12:01:47.0539 4620 [ 312ec3e37a0a1f2006534913e37b4423 ] CertPropSvc C:\Windows\System32\certprop.dll
12:01:47.0602 4620 CertPropSvc - ok
12:01:47.0633 4620 [ e5d4133f37219dbcfe102bc61072589d ] circlass C:\Windows\system32\drivers\circlass.sys
12:01:47.0695 4620 circlass - ok
12:01:47.0836 4620 [ d7659d3b5b92c31e84e53c1431f35132 ] CLFS C:\Windows\system32\CLFS.sys
12:01:47.0867 4620 CLFS - ok
12:01:48.0054 4620 [ 8ee772032e2fe80a924f3b8dd5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:01:48.0070 4620 clr_optimization_v2.0.50727_32 - ok
12:01:48.0195 4620 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:01:48.0210 4620 clr_optimization_v4.0.30319_32 - ok
12:01:48.0319 4620 [ 99afc3795b58cc478fbbbcdc658fcb56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:01:48.0366 4620 CmBatt - ok
12:01:48.0429 4620 [ 0ca25e686a4928484e9fdabd168ab629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:01:48.0444 4620 cmdide - ok
12:01:48.0491 4620 [ 6afef0b60fa25de07c0968983ee4f60a ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:01:48.0522 4620 Compbatt - ok
12:01:48.0522 4620 COMSysApp - ok
12:01:48.0553 4620 [ 741e9dff4f42d2d8477d0fc1dc0df871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:01:48.0585 4620 crcdisk - ok
12:01:48.0631 4620 [ 1f07becdca750766a96cda811ba86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
12:01:48.0709 4620 Crusoe - ok
12:01:48.0897 4620 [ 75c6a297e364014840b48eccd7525e30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:01:48.0943 4620 CryptSvc - ok
12:01:49.0084 4620 [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:01:49.0146 4620 DcomLaunch - ok
12:01:49.0177 4620 [ 622c41a07ca7e6dd91770f50d532cb6c ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:01:49.0271 4620 DfsC - ok
12:01:49.0427 4620 [ 2cc3dcfb533a1035b13dcab6160ab38b ] DFSR C:\Windows\system32\DFSR.exe
12:01:49.0630 4620 DFSR - ok
12:01:49.0723 4620 [ 9028559c132146fb75eb7acf384b086a ] Dhcp C:\Windows\System32\dhcpcsvc.dll
12:01:49.0801 4620 Dhcp - ok
12:01:49.0864 4620 [ 5d4aefc3386920236a548271f8f1af6a ] disk C:\Windows\system32\drivers\disk.sys
12:01:49.0879 4620 disk - ok
12:01:49.0942 4620 [ 57d762f6f5974af0da2be88a3349baaa ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:01:50.0035 4620 Dnscache - ok
12:01:50.0098 4620 [ 324fd74686b1ef5e7c19a8af49e748f6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:01:50.0145 4620 dot3svc - ok
12:01:50.0301 4620 [ a622e888f8aa2f6b49e9bc466f0e5def ] DPS C:\Windows\system32\dps.dll
12:01:50.0347 4620 DPS - ok
12:01:50.0488 4620 [ 97fef831ab90bee128c9af390e243f80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:01:50.0535 4620 drmkaud - ok
12:01:50.0675 4620 [ c68ac676b0ef30cfbb1080adce49eb1f ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:01:50.0722 4620 DXGKrnl - ok
12:01:50.0769 4620 [ 5425f74ac0c1dbd96a1e04f17d63f94c ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
12:01:50.0878 4620 E1G60 - ok
12:01:50.0940 4620 [ c0b95e40d85cd807d614e264248a45b9 ] EapHost C:\Windows\System32\eapsvc.dll
12:01:51.0034 4620 EapHost - ok
12:01:51.0159 4620 [ 7f64ea048dcfac7acf8b4d7b4e6fe371 ] Ecache C:\Windows\system32\drivers\ecache.sys
12:01:51.0190 4620 Ecache - ok
12:01:51.0393 4620 [ 9be3744d295a7701eb425332014f0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:01:51.0486 4620 ehRecvr - ok
12:01:51.0517 4620 [ ad1870c8e5d6dd340c829e6074bf3c3f ] ehSched C:\Windows\ehome\ehsched.exe
12:01:51.0580 4620 ehSched - ok
12:01:51.0642 4620 [ c27c4ee8926e74aa72efcab24c5242c3 ] ehstart C:\Windows\ehome\ehstart.dll
12:01:51.0705 4620 ehstart - ok
12:01:51.0783 4620 [ 23b62471681a124889978f6295b3f4c6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:01:51.0814 4620 elxstor - ok
12:01:51.0923 4620 [ 4e6b23dfc917ea39306b529b773950f4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
12:01:52.0063 4620 EMDMgmt - ok
12:01:52.0126 4620 [ 3db974f3935483555d7148663f726c61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:01:52.0204 4620 ErrDev - ok
12:01:52.0266 4620 [ 67058c46504bc12d821f38cf99b7b28f ] EventSystem C:\Windows\system32\es.dll
12:01:52.0329 4620 EventSystem - ok
12:01:52.0656 4620 [ 2d41d7250f73272946de04ff7a19761e ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:01:52.0687 4620 EvtEng ( UnsignedFile.Multi.Generic ) - warning
12:01:52.0687 4620 EvtEng - detected UnsignedFile.Multi.Generic (1)
12:01:52.0859 4620 [ 22b408651f9123527bcee54b4f6c5cae ] exfat C:\Windows\system32\drivers\exfat.sys
12:01:52.0921 4620 exfat - ok
12:01:52.0984 4620 [ 1e9b9a70d332103c52995e957dc09ef8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:01:53.0015 4620 fastfat - ok
12:01:53.0077 4620 [ afe1e8b9782a0dd7fb46bbd88e43f89a ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:01:53.0140 4620 fdc - ok
12:01:53.0218 4620 [ 6629b5f0e98151f4afdd87567ea32ba3 ] fdPHost C:\Windows\system32\fdPHost.dll
12:01:53.0265 4620 fdPHost - ok
12:01:53.0296 4620 [ 89ed56dce8e47af40892778a5bd31fd2 ] FDResPub C:\Windows\system32\fdrespub.dll
12:01:53.0374 4620 FDResPub - ok
12:01:53.0436 4620 [ a8c0139a884861e3aae9cfe73b208a9f ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:01:53.0467 4620 FileInfo - ok
12:01:53.0530 4620 [ 0ae429a696aecbc5970e3cf2c62635ae ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:01:53.0592 4620 Filetrace - ok
12:01:53.0608 4620 [ 85b7cf99d532820495d68d747fda9ebd ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:01:53.0670 4620 flpydisk - ok
12:01:53.0748 4620 [ 01334f9ea68e6877c4ef05d3ea8abb05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:01:53.0779 4620 FltMgr - ok
12:01:53.0951 4620 [ 8ce364388c8eca59b14b539179276d44 ] FontCache C:\Windows\system32\FntCache.dll
12:01:54.0107 4620 FontCache - ok
12:01:54.0263 4620 [ c7fbdd1ed42f82bfa35167a5c9803ea3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:01:54.0279 4620 FontCache3.0.0.0 - ok
12:01:54.0341 4620 [ b972a66758577e0bfd1de0f91aaa27b5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:01:54.0388 4620 Fs_Rec - ok
12:01:54.0481 4620 [ 34582a6e6573d54a07ece5fe24a126b5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:01:54.0513 4620 gagp30kx - ok
12:01:54.0606 4620 [ cd5d0aeee35dfd4e986a5aa1500a6e66 ] gpsvc C:\Windows\System32\gpsvc.dll
12:01:54.0684 4620 gpsvc - ok
12:01:54.0809 4620 [ cb04c744be0a61b1d648faed182c3b59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:01:54.0903 4620 HdAudAddService - ok
12:01:55.0059 4620 [ 062452b7ffd68c8c042a6261fe8dff4a ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:01:55.0168 4620 HDAudBus - ok
12:01:55.0215 4620 [ 1338520e78d90154ed6be8f84de5fceb ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:01:55.0324 4620 HidBth - ok
12:01:55.0417 4620 [ ff3160c3a2445128c5a6d9b076da519e ] HidIr C:\Windows\system32\drivers\hidir.sys
12:01:55.0511 4620 HidIr - ok
12:01:55.0558 4620 [ 84067081f3318162797385e11a8f0582 ] hidserv C:\Windows\system32\hidserv.dll
12:01:55.0683 4620 hidserv - ok
12:01:55.0745 4620 [ 854ca287ab7faf949617a788306d967e ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:01:55.0776 4620 HidUsb - ok
12:01:55.0854 4620 [ d8ad255b37da92434c26e4876db7d418 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:01:55.0917 4620 hkmsvc - ok
12:01:55.0948 4620 [ 16ee7b23a009e00d835cdb79574a91a6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
12:01:55.0979 4620 HpCISSs - ok
12:01:56.0104 4620 [ f870aa3e254628ebeafe754108d664de ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:01:56.0213 4620 HTTP - ok
12:01:56.0275 4620 [ c6b032d69650985468160fc9937cf5b4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
12:01:56.0307 4620 i2omp - ok
12:01:56.0338 4620 [ 22d56c8184586b7a1f6fa60be5f5a2bd ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:01:56.0400 4620 i8042prt - ok
12:01:56.0525 4620 [ 496db78e6a0c4c44023d9a92b4a7ac31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
12:01:56.0697 4620 ialm - ok
12:01:56.0806 4620 [ 3e349157986c533e3cbeb8c1e17290bb ] iaNvStor C:\Windows\system32\DRIVERS\iaNvStor.sys
12:01:56.0821 4620 iaNvStor - ok
12:01:56.0946 4620 [ abfebc5f846c71afebd7f8f6ba740c03 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:01:56.0962 4620 iaStor - ok
12:01:57.0149 4620 [ 54155ea1b0df185878e0fc9ec3ac3a14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
12:01:57.0180 4620 iaStorV - ok
12:01:57.0274 4620 [ 98477b08e61945f974ed9fdc4cb6bdab ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:01:57.0321 4620 idsvc - ok
12:01:57.0336 4620 [ 2d077bf86e843f901d8db709c95b49a5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:01:57.0352 4620 iirsp - ok
12:01:57.0508 4620 [ 9908d8a397b76cd8d31d0d383c5773c9 ] IKEEXT C:\Windows\System32\ikeext.dll
12:01:57.0648 4620 IKEEXT - ok
12:01:57.0820 4620 [ ffd2b3bc042596abe785d3c15f51ab46 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:01:57.0929 4620 IntcAzAudAddService - ok
12:01:58.0054 4620 [ 83aa759f3189e6370c30de5dc5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
12:01:58.0069 4620 intelide - ok
12:01:58.0241 4620 [ 224191001e78c89dfa78924c3ea595ff ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:01:58.0303 4620 intelppm - ok
12:01:58.0366 4620 [ 9ac218c6e6105477484c6fdbe7d409a4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:01:58.0444 4620 IPBusEnum - ok
12:01:58.0537 4620 [ 62c265c38769b864cb25b4bcf62df6c3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:01:58.0615 4620 IpFilterDriver - ok
12:01:58.0740 4620 [ 1998bd97f950680bb55f55a7244679c2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:01:58.0865 4620 iphlpsvc - ok
12:01:58.0865 4620 IpInIp - ok
12:01:58.0896 4620 [ b25aaf203552b7b3491139d582b39ad1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
12:01:58.0943 4620 IPMIDRV - ok
12:01:58.0974 4620 [ 8793643a67b42cec66490b2a0cf92d68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
12:01:59.0037 4620 IPNAT - ok
12:01:59.0052 4620 [ 109c0dfb82c3632fbd11949b73aeeac9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:01:59.0083 4620 IRENUM - ok
12:01:59.0130 4620 [ 6c70698a3e5c4376c6ab5c7c17fb0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:01:59.0146 4620 isapnp - ok
12:01:59.0302 4620 [ 232fa340531d940aac623b121a595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:01:59.0333 4620 iScsiPrt - ok
12:01:59.0427 4620 [ bced60d16156e428f8df8cf27b0df150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
12:01:59.0458 4620 iteatapi - ok
12:01:59.0505 4620 [ 06fa654504a498c30adca8bec4e87e7e ] iteraid C:\Windows\system32\drivers\iteraid.sys
12:01:59.0536 4620 iteraid - ok
12:01:59.0551 4620 [ 37605e0a8cf00cbba538e753e4344c6e ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:01:59.0567 4620 kbdclass - ok
12:01:59.0707 4620 [ 18247836959ba67e3511b62846b9c2e0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:01:59.0801 4620 kbdhid - ok
12:01:59.0879 4620 [ a3e186b4b935905b829219502557314e ] KeyIso C:\Windows\system32\lsass.exe
12:01:59.0957 4620 KeyIso - ok
12:02:00.0035 4620 [ ebc507f129df8f0e0ca270dcfc0cf87f ] KMDFMEMIO C:\Windows\system32\DRIVERS\kmdfmemio.sys
12:02:00.0097 4620 KMDFMEMIO - ok
12:02:00.0207 4620 [ 4a1445efa932a3baf5bdb02d7131ee20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:02:00.0238 4620 KSecDD - ok
12:02:00.0378 4620 [ 8078f8f8f7a79e2e6b494523a828c585 ] KtmRm C:\Windows\system32\msdtckrm.dll
12:02:00.0456 4620 KtmRm - ok
12:02:00.0550 4620 [ 1bf5eebfd518dd7298434d8c862f825d ] LanmanServer C:\Windows\system32\srvsvc.dll
12:02:00.0612 4620 LanmanServer - ok
12:02:00.0784 4620 [ 1db69705b695b987082c8baec0c6b34f ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:02:00.0831 4620 LanmanWorkstation - ok
12:02:01.0018 4620 [ c215e09622118383b236dd56c2065183 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:02:01.0033 4620 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
12:02:01.0033 4620 LightScribeService - detected UnsignedFile.Multi.Generic (1)
12:02:01.0096 4620 [ d1c5883087a0c3f1344d9d55a44901f6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:02:01.0143 4620 lltdio - ok
12:02:01.0267 4620 [ 2d5a428872f1442631d0959a34abff63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:02:01.0345 4620 lltdsvc - ok
12:02:01.0423 4620 [ 35d40113e4a5b961b6ce5c5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:02:01.0501 4620 lmhosts - ok
12:02:01.0533 4620 [ c7e15e82879bf3235b559563d4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:02:01.0548 4620 LSI_FC - ok
12:02:01.0611 4620 [ ee01ebae8c9bf0fa072e0ff68718920a ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:02:01.0642 4620 LSI_SAS - ok
12:02:01.0704 4620 [ 912a04696e9ca30146a62afa1463dd5c ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:02:01.0735 4620 LSI_SCSI - ok
12:02:01.0767 4620 [ 8f5c7426567798e62a3b3614965d62cc ] luafv C:\Windows\system32\drivers\luafv.sys
12:02:01.0829 4620 luafv - ok
12:02:01.0876 4620 [ aef9babb8a506bc4ce0451a64aaded46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:02:01.0938 4620 Mcx2Svc - ok
12:02:01.0985 4620 [ 0001ce609d66632fa17b84705f658879 ] megasas C:\Windows\system32\drivers\megasas.sys
12:02:02.0001 4620 megasas - ok
12:02:02.0047 4620 [ c252f32cd9a49dbfc25ecf26ebd51a99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
12:02:02.0079 4620 MegaSR - ok
12:02:02.0250 4620 [ 123271bd5237ab991dc5c21fdf8835eb ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:02:02.0266 4620 Microsoft Office Groove Audit Service - ok
12:02:02.0297 4620 [ 1076ffcffaae8385fd62dfcb25ac4708 ] MMCSS C:\Windows\system32\mmcss.dll
12:02:02.0391 4620 MMCSS - ok
12:02:02.0437 4620 [ e13b5ea0f51ba5b1512ec671393d09ba ] Modem C:\Windows\system32\drivers\modem.sys
12:02:02.0500 4620 Modem - ok
12:02:02.0578 4620 [ 0a9bb33b56e294f686abb7c1e4e2d8a8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:02:02.0656 4620 monitor - ok
12:02:02.0671 4620 [ 5bf6a1326a335c5298477754a506d263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:02:02.0703 4620 mouclass - ok
12:02:02.0703 4620 [ 93b8d4869e12cfbe663915502900876f ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:02:02.0749 4620 mouhid - ok
12:02:02.0812 4620 [ bdafc88aa6b92f7842416ea6a48e1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
12:02:02.0827 4620 MountMgr - ok
12:02:02.0968 4620 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:02:02.0983 4620 MozillaMaintenance - ok
12:02:03.0108 4620 [ 511d011289755dd9f9a7579fb0b064e6 ] mpio C:\Windows\system32\drivers\mpio.sys
12:02:03.0139 4620 mpio - ok
12:02:03.0155 4620 [ 22241feba9b2defa669c8cb0a8dd7d2e ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:02:03.0202 4620 mpsdrv - ok
12:02:03.0311 4620 [ 5de62c6e9108f14f6794060a9bdecaec ] MpsSvc C:\Windows\system32\mpssvc.dll
12:02:03.0405 4620 MpsSvc - ok
12:02:03.0436 4620 [ 4fbbb70d30fd20ec51f80061703b001e ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
12:02:03.0467 4620 Mraid35x - ok
12:02:03.0545 4620 [ 82cea0395524aacfeb58ba1448e8325c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:02:03.0623 4620 MRxDAV - ok
12:02:03.0732 4620 [ 1e94971c4b446ab2290deb71d01cf0c2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:02:03.0795 4620 mrxsmb - ok
12:02:03.0904 4620 [ 4fccb34d793b116423209c0f8b7a3b03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:02:03.0951 4620 mrxsmb10 - ok
12:02:03.0966 4620 [ c3cb1b40ad4a0124d617a1199b0b9d7c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:02:04.0013 4620 mrxsmb20 - ok
12:02:04.0075 4620 [ 28023e86f17001f7cd9b15a5bc9ae07d ] msahci C:\Windows\system32\drivers\msahci.sys
12:02:04.0091 4620 msahci - ok
12:02:04.0138 4620 [ 4468b0f385a86ecddaf8d3ca662ec0e7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:02:04.0153 4620 msdsm - ok
12:02:04.0169 4620 [ fd7520cc3a80c5fc8c48852bb24c6ded ] MSDTC C:\Windows\System32\msdtc.exe
12:02:04.0247 4620 MSDTC - ok
12:02:04.0387 4620 [ a9927f4a46b816c92f461acb90cf8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:02:04.0590 4620 Msfs - ok
12:02:04.0621 4620 [ 0f400e306f385c56317357d6dea56f62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:02:04.0637 4620 msisadrv - ok
12:02:04.0731 4620 [ 85466c0757a23d9a9aecdc0755203cb2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:02:04.0824 4620 MSiSCSI - ok
12:02:04.0840 4620 msiserver - ok
12:02:04.0887 4620 [ d8c63d34d9c9e56c059e24ec7185cc07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:02:04.0949 4620 MSKSSRV - ok
12:02:04.0996 4620 [ 1d373c90d62ddb641d50e55b9e78d65e ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:02:05.0043 4620 MSPCLOCK - ok
12:02:05.0105 4620 [ b572da05bf4e098d4bba3a4734fb505b ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:02:05.0167 4620 MSPQM - ok
12:02:05.0230 4620 [ b49456d70555de905c311bcda6ec6adb ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:02:05.0261 4620 MsRPC - ok
12:02:05.0339 4620 [ e384487cb84be41d09711c30ca79646c ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:02:05.0355 4620 mssmbios - ok
12:02:05.0495 4620 MSSQL$MSSMLBIZ - ok
12:02:05.0589 4620 [ 1d89eb4e2a99cabd4e81225f4f4c4b25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:02:05.0604 4620 MSSQLServerADHelper - ok
12:02:05.0635 4620 [ 7199c1eec1e4993caf96b8c0a26bd58a ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:02:05.0682 4620 MSTEE - ok
12:02:05.0729 4620 [ 6a57b5733d4cb702c8ea4542e836b96c ] Mup C:\Windows\system32\Drivers\mup.sys
12:02:05.0745 4620 Mup - ok
12:02:05.0838 4620 [ e4eaf0c5c1b41b5c83386cf212ca9584 ] napagent C:\Windows\system32\qagentRT.dll
12:02:05.0901 4620 napagent - ok
12:02:06.0041 4620 [ 85c44fdff9cf7e72a40dcb7ec06a4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:02:06.0119 4620 NativeWifiP - ok
12:02:06.0213 4620 [ 1357274d1883f68300aeadd15d7bbb42 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:02:06.0259 4620 NDIS - ok
12:02:06.0369 4620 [ 0e186e90404980569fb449ba7519ae61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:02:06.0431 4620 NdisTapi - ok
12:02:06.0509 4620 [ d6973aa34c4d5d76c0430b181c3cd389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:02:06.0571 4620 Ndisuio - ok
12:02:06.0649 4620 [ 818f648618ae34f729fdb47ec68345c3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:02:06.0681 4620 NdisWan - ok
12:02:06.0727 4620 [ 71dab552b41936358f3b541ae5997fb3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:02:06.0759 4620 NDProxy - ok
12:02:06.0805 4620 [ bcd093a5a6777cf626434568dc7dba78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:02:06.0883 4620 NetBIOS - ok
12:02:06.0946 4620 [ ecd64230a59cbd93c85f1cd1cab9f3f6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
12:02:06.0993 4620 netbt - ok
12:02:07.0008 4620 [ a3e186b4b935905b829219502557314e ] Netlogon C:\Windows\system32\lsass.exe
12:02:07.0024 4620 Netlogon - ok
12:02:07.0149 4620 [ c8052711daecc48b982434c5116ca401 ] Netman C:\Windows\System32\netman.dll
12:02:07.0211 4620 Netman - ok
12:02:07.0351 4620 [ 2ef3bbe22e5a5acd1428ee387a0d0172 ] netprofm C:\Windows\System32\netprofm.dll
12:02:07.0414 4620 netprofm - ok
12:02:07.0476 4620 [ d6c4e4a39a36029ac0813d476fbd0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:02:07.0492 4620 NetTcpPortSharing - ok
12:02:07.0648 4620 [ 35d5458d9a1b26b2005abffbf4c1c5e7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
12:02:07.0819 4620 NETw3v32 - ok
12:02:07.0835 4620 [ 2e7fb731d4790a1bc6270accefacb36e ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:02:07.0851 4620 nfrd960 - ok
12:02:07.0897 4620 [ 2997b15415f9bbe05b5a4c1c85e0c6a2 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:02:07.0944 4620 NlaSvc - ok
12:02:07.0991 4620 [ d36f239d7cce1931598e8fb90a0dbc26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:02:08.0022 4620 Npfs - ok
12:02:08.0085 4620 [ 8bb86f0c7eea2bded6fe095d0b4ca9bd ] nsi C:\Windows\system32\nsisvc.dll
12:02:08.0163 4620 nsi - ok
12:02:08.0225 4620 [ 609773e344a97410ce4ebf74a8914fcf ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:02:08.0303 4620 nsiproxy - ok
12:02:08.0443 4620 [ 6a4a98cee84cf9e99564510dda4baa47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:02:08.0506 4620 Ntfs - ok
12:02:08.0631 4620 [ e875c093aec0c978a90f30c9e0dfbb72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
12:02:08.0709 4620 ntrigdigi - ok
12:02:08.0740 4620 [ c5dbbcda07d780bda9b685df333bb41e ] Null C:\Windows\system32\drivers\Null.sys
12:02:08.0802 4620 Null - ok
12:02:08.0865 4620 [ a103162c62c336c2cb3c5e1e2773d17b ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
12:02:08.0880 4620 NVHDA - ok
12:02:09.0239 4620 [ c526b4a24ef951ef219c3bfa1534b152 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:02:09.0723 4620 nvlddmkm - ok
12:02:09.0769 4620 [ 2edf9e7751554b42cbb60116de727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:02:09.0801 4620 nvraid - ok
12:02:09.0847 4620 [ abed0c09758d1d97db0042dbb2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:02:09.0863 4620 nvstor - ok
12:02:09.0925 4620 [ df6315ce4ff30f706abf3802d7749e70 ] nvsvc C:\Windows\system32\nvvsvc.exe
12:02:09.0972 4620 nvsvc - ok
12:02:10.0003 4620 [ 18bbdf913916b71bd54575bdb6eeac0b ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:02:10.0035 4620 nv_agp - ok
12:02:10.0035 4620 NwlnkFlt - ok
12:02:10.0035 4620 NwlnkFwd - ok
12:02:10.0237 4620 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:02:10.0269 4620 odserv - ok
12:02:10.0315 4620 [ 790e27c3db53410b40ff9ef2fd10a1d9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
12:02:10.0347 4620 ohci1394 - ok
12:02:10.0440 4620 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:02:10.0456 4620 ose - ok
12:02:10.0643 4620 [ 0c8e8e61ad1eb0b250b846712c917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
12:02:10.0768 4620 p2pimsvc - ok
12:02:10.0783 4620 [ 0c8e8e61ad1eb0b250b846712c917506 ] p2psvc C:\Windows\system32\p2psvc.dll
12:02:10.0846 4620 p2psvc - ok
12:02:10.0893 4620 [ 0fa9b5055484649d63c303fe404e5f4d ] Parport C:\Windows\system32\drivers\parport.sys
12:02:10.0971 4620 Parport - ok
12:02:11.0033 4620 [ b9c2b89f08670e159f7181891e449cd9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:02:11.0049 4620 partmgr - ok
12:02:11.0111 4620 [ 4f9a6a8a31413180d0fcb279ad5d8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
12:02:11.0251 4620 Parvdm - ok
12:02:11.0345 4620 [ c6276ad11f4bb49b58aa1ed88537f14a ] PcaSvc C:\Windows\System32\pcasvc.dll
12:02:11.0407 4620 PcaSvc - ok
12:02:11.0485 4620 [ 941dc1d19e7e8620f40bbc206981efdb ] pci C:\Windows\system32\drivers\pci.sys
12:02:11.0501 4620 pci - ok
12:02:11.0548 4620 [ fc175f5ddab666d7f4d17449a547626f ] pciide C:\Windows\system32\drivers\pciide.sys
12:02:11.0563 4620 pciide - ok
12:02:11.0610 4620 [ b7c5a8769541900f6dfa6fe0c5e4d513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:02:11.0626 4620 pcmcia - ok
12:02:11.0688 4620 [ 6349f6ed9c623b44b52ea3c63c831a92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:02:11.0782 4620 PEAUTH - ok
12:02:11.0891 4620 [ b1689df169143f57053f795390c99db3 ] pla C:\Windows\system32\pla.dll
12:02:12.0078 4620 pla - ok
12:02:12.0125 4620 [ c5e7f8a996ec0a82d508fd9064a5569e ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:02:12.0203 4620 PlugPlay - ok
12:02:12.0265 4620 [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
12:02:12.0297 4620 PNRPAutoReg - ok
12:02:12.0312 4620 [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
12:02:12.0359 4620 PNRPsvc - ok
12:02:12.0406 4620 [ d0494460421a03cd5225cca0059aa146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:02:12.0453 4620 PolicyAgent - ok
12:02:12.0577 4620 [ ecfffaec0c1ecd8dbc77f39070ea1db1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:02:12.0624 4620 PptpMiniport - ok
12:02:12.0718 4620 [ 2027293619dd0f047c584cf2e7df4ffd ] Processor C:\Windows\system32\drivers\processr.sys
12:02:12.0765 4620 Processor - ok
12:02:12.0843 4620 [ 0508faa222d28835310b7bfca7a77346 ] ProfSvc C:\Windows\system32\profsvc.dll
12:02:12.0874 4620 ProfSvc - ok
12:02:12.0905 4620 [ a3e186b4b935905b829219502557314e ] ProtectedStorage C:\Windows\system32\lsass.exe
12:02:12.0936 4620 ProtectedStorage - ok
12:02:13.0014 4620 [ 99514faa8df93d34b5589187db3aa0ba ] PSched C:\Windows\system32\DRIVERS\pacer.sys
12:02:13.0077 4620 PSched - ok
12:02:13.0170 4620 [ e42e3433dbb4cffe8fdd91eab29aea8e ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
12:02:13.0186 4620 PxHelp20 - ok
12:02:13.0311 4620 [ 0a6db55afb7820c99aa1f3a1d270f4f6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:02:13.0404 4620 ql2300 - ok
12:02:13.0420 4620 [ 81a7e5c076e59995d54bc1ed3a16e60b ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:02:13.0451 4620 ql40xx - ok
12:02:13.0513 4620 [ e9ecae663f47e6cb43962d18ab18890f ] QWAVE C:\Windows\system32\qwave.dll
12:02:13.0576 4620 QWAVE - ok
12:02:13.0623 4620 [ 9f5e0e1926014d17486901c88eca2db7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:02:13.0669 4620 QWAVEdrv - ok
12:02:13.0701 4620 [ 147d7f9c556d259924351feb0de606c3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:02:13.0810 4620 RasAcd - ok
12:02:13.0841 4620 [ f6a452eb4ceadbb51c9e0ee6b3ecef0f ] RasAuto C:\Windows\System32\rasauto.dll
12:02:13.0903 4620 RasAuto - ok
12:02:13.0935 4620 [ a214adbaf4cb47dd2728859ef31f26b0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:02:13.0997 4620 Rasl2tp - ok
12:02:14.0059 4620 [ 75d47445d70ca6f9f894b032fbc64fcf ] RasMan C:\Windows\System32\rasmans.dll
12:02:14.0122 4620 RasMan - ok
12:02:14.0184 4620 [ 509a98dd18af4375e1fc40bc175f1def ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:02:14.0231 4620 RasPppoe - ok
12:02:14.0356 4620 [ 2005f4a1e05fa09389ac85840f0a9e4d ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:02:14.0387 4620 RasSstp - ok
12:02:14.0512 4620 [ b14c9d5b9add2f84f70570bbbfaa7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:02:14.0543 4620 rdbss - ok
12:02:14.0605 4620 [ 89e59be9a564262a3fb6c4f4f1cd9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:02:14.0683 4620 RDPCDD - ok
12:02:14.0824 4620 [ fbc0bacd9c3d7f6956853f64a66e252d ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
12:02:14.0871 4620 rdpdr - ok
12:02:14.0886 4620 [ 9d91fe5286f748862ecffa05f8a0710c ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:02:14.0917 4620 RDPENCDD - ok
12:02:14.0980 4620 [ c127ebd5afab31524662c48dfceb773a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:02:15.0042 4620 RDPWD - ok
12:02:15.0183 4620 [ ed8c9f16e10c1e4c4c5d16cd04966e24 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:02:15.0229 4620 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
12:02:15.0229 4620 RegSrvc - detected UnsignedFile.Multi.Generic (1)
12:02:15.0292 4620 [ bcdd6b4804d06b1f7ebf29e53a57ece9 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:02:15.0339 4620 RemoteAccess - ok
12:02:15.0448 4620 [ 9e6894ea18daff37b63e1005f83ae4ab ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:02:15.0479 4620 RemoteRegistry - ok
12:02:15.0557 4620 [ 6482707f9f4da0ecbab43b2e0398a101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:02:15.0588 4620 RFCOMM - ok
12:02:15.0651 4620 [ 5123f83cbc4349d065534eeb6bbdc42b ] RpcLocator C:\Windows\system32\locator.exe
12:02:15.0697 4620 RpcLocator - ok
12:02:15.0869 4620 [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] RpcSs C:\Windows\system32\rpcss.dll
12:02:15.0931 4620 RpcSs - ok
12:02:16.0056 4620 [ 9c508f4074a39e8b4b31d27198146fad ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:02:16.0134 4620 rspndr - ok
12:02:16.0228 4620 [ a3e186b4b935905b829219502557314e ] SamSs C:\Windows\system32\lsass.exe
12:02:16.0243 4620 SamSs - ok
12:02:16.0477 4620 [ a9d840fa78f65857eb554229914f855c ] Samsung Update Plus C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
12:02:16.0540 4620 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - warning
12:02:16.0540 4620 Samsung Update Plus - detected UnsignedFile.Multi.Generic (1)
12:02:16.0571 4620 [ 3ce8f073a557e172b330109436984e30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:02:16.0602 4620 sbp2port - ok
12:02:16.0852 4620 [ 794d4b48dfb6e999537c7c3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
12:02:16.0914 4620 SBSDWSCService - ok
12:02:17.0179 4620 [ 77b7a11a0c3d78d3386398fbbea1b632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:02:17.0226 4620 SCardSvr - ok
12:02:17.0351 4620 [ 1a58069db21d05eb2ab58ee5753ebe8d ] Schedule C:\Windows\system32\schedsvc.dll
12:02:17.0476 4620 Schedule - ok
12:02:17.0491 4620 [ 312ec3e37a0a1f2006534913e37b4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:02:17.0523 4620 SCPolicySvc - ok
12:02:17.0601 4620 [ 126ea89bcc413ee45e3004fb0764888f ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
12:02:17.0663 4620 sdbus - ok
12:02:17.0725 4620 [ 716313d9f6b0529d03f726d5aaf6f191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:02:17.0772 4620 SDRSVC - ok
12:02:17.0819 4620 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:02:17.0928 4620 secdrv - ok
12:02:17.0975 4620 [ fd5199d4d8a521005e4b5ee7fe00fa9b ] seclogon C:\Windows\system32\seclogon.dll
12:02:18.0069 4620 seclogon - ok
12:02:18.0100 4620 [ a9bbab5759771e523f55563d6cbe140f ] SENS C:\Windows\System32\sens.dll
12:02:18.0147 4620 SENS - ok
12:02:18.0147 4620 [ 68e44e331d46f0fb38f0863a84cd1a31 ] Serenum C:\Windows\system32\drivers\serenum.sys
12:02:18.0256 4620 Serenum - ok
12:02:18.0287 4620 [ c70d69a918b178d3c3b06339b40c2e1b ] Serial C:\Windows\system32\drivers\serial.sys
12:02:18.0443 4620 Serial - ok
12:02:18.0474 4620 [ 8af3d28a879bf75db53a0ee7a4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:02:18.0505 4620 sermouse - ok
12:02:18.0537 4620 [ d2193326f729b163125610dbf3e17d57 ] SessionEnv C:\Windows\system32\sessenv.dll
12:02:18.0599 4620 SessionEnv - ok
12:02:18.0599 4620 [ 3efa810bdca87f6ecc24f9832243fe86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:02:18.0630 4620 sffdisk - ok
12:02:18.0646 4620 [ e95d451f7ea3e583aec75f3b3ee42dc5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:02:18.0739 4620 sffp_mmc - ok
12:02:18.0755 4620 [ 3d0ea348784b7ac9ea9bd9f317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:02:18.0786 4620 sffp_sd - ok
12:02:18.0817 4620 [ 46ed8e91793b2e6f848015445a0ac188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:02:18.0880 4620 sfloppy - ok
12:02:18.0989 4620 [ e1499bd0ff76b1b2fbbf1af339d91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:02:19.0036 4620 SharedAccess - ok
12:02:19.0145 4620 [ c7230fbee14437716701c15be02c27b8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:02:19.0207 4620 ShellHWDetection - ok
12:02:19.0223 4620 [ 1d76624a09a054f682d746b924e2dbc3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:02:19.0239 4620 sisagp - ok
12:02:19.0426 4620 [ 43cb7aa756c7db280d01da9b676cfde2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
12:02:19.0441 4620 SiSRaid2 - ok
12:02:19.0488 4620 [ a99c6c8b0baa970d8aa59ddc50b57f94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:02:19.0504 4620 SiSRaid4 - ok
12:02:19.0644 4620 [ 579ba0a911ff5ea70cb604cd3b744b0a ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:02:19.0660 4620 SkypeUpdate - ok
12:02:19.0863 4620 [ 862bb4cbc05d80c5b45be430e5ef872f ] slsvc C:\Windows\system32\SLsvc.exe
12:02:20.0143 4620 slsvc - ok
12:02:20.0206 4620 [ 6edc422215cd78aa8a9cde6b30abbd35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
12:02:20.0268 4620 SLUINotify - ok
12:02:20.0346 4620 [ 7b75299a4d201d6a6533603d6914ab04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:02:20.0393 4620 Smb - ok
12:02:20.0487 4620 [ 2a146a055b4401c16ee62d18b8e2a032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:02:20.0518 4620 SNMPTRAP - ok
12:02:20.0736 4620 [ 1a623f2b69e1f182f995f963c55db935 ] Sony Ericsson PCCompanion C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
12:02:20.0752 4620 Sony Ericsson PCCompanion - ok
12:02:20.0799 4620 [ 7aebdeef071fe28b0eef2cdd69102bff ] spldr C:\Windows\system32\drivers\spldr.sys
12:02:20.0814 4620 spldr - ok
12:02:20.0861 4620 [ 8554097e5136c3bf9f69fe578a1b35f4 ] Spooler C:\Windows\System32\spoolsv.exe
12:02:20.0923 4620 Spooler - ok
12:02:21.0033 4620 [ cdddec541bc3c96f91ecb48759673505 ] sptd C:\Windows\System32\Drivers\sptd.sys
12:02:21.0079 4620 sptd - ok
12:02:21.0688 4620 [ 86ebd8b1f23e743aad21f4d5b4d40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:02:21.0719 4620 SQLBrowser - ok
12:02:21.0828 4620 [ d89083c4eb02daca8f944b0e05e57f9d ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:02:21.0844 4620 SQLWriter - ok
12:02:22.0000 4620 [ 41987f9fc0e61adf54f581e15029ad91 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:02:22.0203 4620 srv - ok
12:02:22.0296 4620 [ ff33aff99564b1aa534f58868cbe41ef ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:02:22.0390 4620 srv2 - ok
12:02:22.0421 4620 [ 7605c0e1d01a08f3ecd743f38b834a44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:02:22.0499 4620 srvnet - ok
12:02:22.0561 4620 [ 03d50b37234967433a5ea5ba72bc0b62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:02:22.0639 4620 SSDPSRV - ok
12:02:22.0702 4620 [ a36ee93698802cd899f98bfd553d8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
12:02:22.0702 4620 ssmdrv - ok
12:02:22.0749 4620 [ 6f1a32e7b7b30f004d9a20afadb14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:02:22.0827 4620 SstpSvc - ok
12:02:22.0951 4620 [ 5de7d67e49b88f5f07f3e53c4b92a352 ] stisvc C:\Windows\System32\wiaservc.dll
12:02:23.0045 4620 stisvc - ok
12:02:23.0139 4620 [ ab80c9dde1f8d9f9f946365205ed55eb ] StkCMini C:\Windows\system32\Drivers\StkCMini.sys
12:02:23.0217 4620 StkCMini - ok
12:02:23.0263 4620 [ 45062bf3aeeb2febe29a67d0448571db ] StkSSrv C:\Windows\System32\StkCSrv.exe
12:02:23.0279 4620 StkSSrv - ok
12:02:23.0373 4620 [ 7ba58ecf0c0a9a69d44b3dca62becf56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:02:23.0388 4620 swenum - ok
12:02:23.0529 4620 [ f21fd248040681cca1fb6c9a03aaa93d ] swprv C:\Windows\System32\swprv.dll
12:02:23.0575 4620 swprv - ok
12:02:23.0622 4620 [ 192aa3ac01df071b541094f251deed10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
12:02:23.0638 4620 Symc8xx - ok
12:02:23.0653 4620 [ 8c8eb8c76736ebaf3b13b633b2e64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
12:02:23.0685 4620 Sym_hi - ok
12:02:23.0685 4620 [ 8072af52b5fd103bbba387a1e49f62cb ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
12:02:23.0700 4620 Sym_u3 - ok
12:02:23.0794 4620 [ 451e8037e2eb6da6bdf0a66f65d1810b ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:02:23.0825 4620 SynTP - ok
12:02:23.0919 4620 [ 9a51b04e9886aa4ee90093586b0ba88d ] SysMain C:\Windows\system32\sysmain.dll
12:02:24.0012 4620 SysMain - ok
12:02:24.0106 4620 [ 2dca225eae15f42c0933e998ee0231c3 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:02:24.0137 4620 TabletInputService - ok
12:02:24.0231 4620 [ d7673e4b38ce21ee54c59eeeb65e2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:02:24.0324 4620 TapiSrv - ok
12:02:24.0371 4620 [ cb05822cd9cc6c688168e113c603dbe7 ] TBS C:\Windows\System32\tbssvc.dll
12:02:24.0433 4620 TBS - ok
12:02:24.0527 4620 [ 27d470dabc77bc60d0a3b0e4deb6cb91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:02:24.0605 4620 Tcpip - ok
12:02:24.0621 4620 [ 27d470dabc77bc60d0a3b0e4deb6cb91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
12:02:24.0699 4620 Tcpip6 - ok
12:02:24.0855 4620 [ 608c345a255d82a6289c2d468eb41fd7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:02:24.0901 4620 tcpipreg - ok
12:02:24.0995 4620 [ 5dcf5e267be67a1ae926f2df77fbcc56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:02:25.0042 4620 TDPIPE - ok
12:02:25.0042 4620 [ 389c63e32b3cefed425b61ed92d3f021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:02:25.0089 4620 TDTCP - ok
12:02:25.0135 4620 [ 76b06eb8a01fc8624d699e7045303e54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:02:25.0213 4620 tdx - ok
12:02:25.0276 4620 [ 3cad38910468eab9a6479e2f01db43c7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:02:25.0291 4620 TermDD - ok
12:02:25.0369 4620 [ bb95da09bef6e7a131bff3ba5032090d ] TermService C:\Windows\System32\termsrv.dll
12:02:25.0588 4620 TermService - ok
12:02:25.0681 4620 [ c7230fbee14437716701c15be02c27b8 ] Themes C:\Windows\system32\shsvcs.dll
12:02:25.0713 4620 Themes - ok
12:02:25.0744 4620 [ 1076ffcffaae8385fd62dfcb25ac4708 ] THREADORDER C:\Windows\system32\mmcss.dll
12:02:25.0775 4620 THREADORDER - ok
12:02:25.0822 4620 [ ec74e77d0eb004bd3a809b5f8fb8c2ce ] TrkWks C:\Windows\System32\trkwks.dll
12:02:25.0853 4620 TrkWks - ok
12:02:25.0962 4620 [ 97d9d6a04e3ad9b6c626b9931db78dba ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:02:25.0993 4620 TrustedInstaller - ok
12:02:26.0040 4620 [ dcf0f056a2e4f52287264f5ab29cf206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:02:26.0118 4620 tssecsrv - ok
12:02:26.0181 4620 [ caecc0120ac49e3d2f758b9169872d38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
12:02:26.0227 4620 tunmp - ok
12:02:26.0274 4620 [ 300db877ac094feab0be7688c3454a9c ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:02:26.0305 4620 tunnel - ok
12:02:26.0352 4620 [ 7d33c4db2ce363c8518d2dfcf533941f ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:02:26.0383 4620 uagp35 - ok
12:02:26.0461 4620 [ d9728af68c4c7693cb100b8441cbdec6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:02:26.0493 4620 udfs - ok
12:02:26.0555 4620 [ ecef404f62863755951e09c802c94ad5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:02:26.0602 4620 UI0Detect - ok
12:02:26.0680 4620 [ b0acfdc9e4af279e9116c03e014b2b27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:02:26.0695 4620 uliagpkx - ok
12:02:26.0836 4620 [ 9224bb254f591de4ca8d572a5f0d635c ] uliahci C:\Windows\system32\drivers\uliahci.sys
12:02:26.0883 4620 uliahci - ok
12:02:26.0929 4620 [ 8514d0e5cd0534467c5fc61be94a569f ] UlSata C:\Windows\system32\drivers\ulsata.sys
12:02:26.0961 4620 UlSata - ok
12:02:27.0007 4620 [ 38c3c6e62b157a6bc46594fada45c62b ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
12:02:27.0023 4620 ulsata2 - ok
12:02:27.0163 4620 [ 32cff9f809ae9aed85464492bf3e32d2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:02:27.0288 4620 umbus - ok
12:02:27.0538 4620 [ 68308183f4ae0be7bf8ecd07cb297999 ] upnphost C:\Windows\System32\upnphost.dll
12:02:27.0756 4620 upnphost - ok
12:02:27.0897 4620 [ caf811ae4c147ffcd5b51750c7f09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:02:27.0990 4620 usbccgp - ok
12:02:28.0068 4620 [ e9476e6c486e76bc4898074768fb7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:02:28.0177 4620 usbcir - ok
12:02:28.0302 4620 [ 79e96c23a97ce7b8f14d310da2db0c9b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:02:28.0380 4620 usbehci - ok
12:02:28.0443 4620 [ 4673bbcb006af60e7abddbe7a130ba42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:02:28.0521 4620 usbhub - ok
12:02:28.0614 4620 [ 38dbc7dd6cc5a72011f187425384388b ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:02:28.0692 4620 usbohci - ok
12:02:28.0755 4620 [ b51e52acf758be00ef3a58ea452fe360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
12:02:28.0817 4620 usbprint - ok
12:02:28.0879 4620 [ be3da31c191bc222d9ad503c5224f2ad ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:02:28.0973 4620 USBSTOR - ok
12:02:29.0020 4620 [ 814d653efc4d48be3b04a307eceff56f ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:02:29.0051 4620 usbuhci - ok
12:02:29.0098 4620 [ e67998e8f14cb0627a769f6530bcb352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:02:29.0191 4620 usbvideo - ok
12:02:29.0332 4620 [ 1509e705f3ac1d474c92454a5c2dd81f ] UxSms C:\Windows\System32\uxsms.dll
12:02:29.0472 4620 UxSms - ok
12:02:29.0550 4620 [ cd88d1b7776dc17a119049742ec07eb4 ] vds C:\Windows\System32\vds.exe
12:02:29.0597 4620 vds - ok
12:02:29.0691 4620 [ 87b06e1f30b749a114f74622d013f8d4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:02:29.0737 4620 vga - ok
12:02:29.0753 4620 [ 2e93ac0a1d8c79d019db6c51f036636c ] VgaSave C:\Windows\System32\drivers\vga.sys
12:02:29.0800 4620 VgaSave - ok
12:02:29.0878 4620 [ 5d7159def58a800d5781ba3a879627bc ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:02:29.0893 4620 viaagp - ok
12:02:29.0893 4620 [ c4f3a691b5bad343e6249bd8c2d45dee ] ViaC7 C:\Windows\system32\drivers\viac7.sys
12:02:29.0940 4620 ViaC7 - ok
12:02:30.0003 4620 [ aadf5587a4063f52c2c3fed7887426fc ] viaide C:\Windows\system32\drivers\viaide.sys
12:02:30.0018 4620 viaide - ok
12:02:30.0081 4620 [ 69503668ac66c77c6cd7af86fbdf8c43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:02:30.0096 4620 volmgr - ok
12:02:30.0221 4620 [ 23e41b834759917bfd6b9a0d625d0c28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:02:30.0268 4620 volmgrx - ok
12:02:30.0455 4620 [ 147281c01fcb1df9252de2a10d5e7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:02:30.0486 4620 volsnap - ok
12:02:30.0580 4620 [ 587253e09325e6bf226b299774b728a9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:02:30.0611 4620 vsmraid - ok
12:02:30.0720 4620 [ db3d19f850c6eb32bdcb9bc0836acddb ] VSS C:\Windows\system32\vssvc.exe
12:02:30.0861 4620 VSS - ok
12:02:31.0017 4620 [ 96ea68b9eb310a69c25ebb0282b2b9de ] W32Time C:\Windows\system32\w32time.dll
12:02:31.0063 4620 W32Time - ok
12:02:31.0079 4620 [ 48dfee8f1af7c8235d4e626f0c4fe031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:02:31.0141 4620 WacomPen - ok
12:02:31.0173 4620 [ 55201897378cca7af8b5efd874374a26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:02:31.0219 4620 Wanarp - ok
12:02:31.0235 4620 [ 55201897378cca7af8b5efd874374a26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:02:31.0266 4620 Wanarpv6 - ok
12:02:31.0344 4620 [ a3cd60fd826381b49f03832590e069af ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:02:31.0391 4620 wcncsvc - ok
12:02:31.0500 4620 [ 11bcb7afcdd7aadacb5746f544d3a9c7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:02:31.0609 4620 WcsPlugInService - ok
12:02:31.0656 4620 [ 78fe9542363f297b18c027b2d7e7c07f ] Wd C:\Windows\system32\drivers\wd.sys
12:02:31.0672 4620 Wd - ok
12:02:31.0812 4620 [ b6f0a7ad6d4bd325fbcd8bac96cd8d96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:02:31.0906 4620 Wdf01000 - ok
12:02:31.0999 4620 [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:02:32.0077 4620 WdiServiceHost - ok
12:02:32.0077 4620 [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:02:32.0124 4620 WdiSystemHost - ok
12:02:32.0187 4620 [ 04c37d8107320312fbae09926103d5e2 ] WebClient C:\Windows\System32\webclnt.dll
12:02:32.0249 4620 WebClient - ok
12:02:32.0343 4620 [ ae3736e7e8892241c23e4ebbb7453b60 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:02:32.0499 4620 Wecsvc - ok
12:02:32.0608 4620 [ 670ff720071ed741206d69bd995ea453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:02:32.0655 4620 wercplsupport - ok
12:02:32.0733 4620 [ 32b88481d3b326da6deb07b1d03481e7 ] WerSvc C:\Windows\System32\WerSvc.dll
12:02:32.0779 4620 WerSvc - ok
12:02:32.0904 4620 [ 4575aa12561c5648483403541d0d7f2b ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:02:32.0967 4620 WinDefend - ok
12:02:32.0982 4620 WinHttpAutoProxySvc - ok
12:02:33.0263 4620 [ 6b2a1d0e80110e3d04e6863c6e62fd8a ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:02:33.0294 4620 Winmgmt - ok
12:02:33.0497 4620 [ 7cfe68bdc065e55aa5e8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
12:02:33.0684 4620 WinRM - ok
12:02:33.0809 4620 [ c008405e4feeb069e30da1d823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:02:34.0012 4620 Wlansvc - ok
12:02:34.0105 4620 [ 2e7255d172df0b8283cdfb7b433b864e ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:02:34.0137 4620 WmiAcpi - ok
12:02:34.0277 4620 [ 43be3875207dcb62a85c8c49970b66cc ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:02:34.0339 4620 wmiApSrv - ok
12:02:34.0480 4620 [ 3978704576a121a9204f8cc49a301a9b ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:02:34.0667 4620 WMPNetworkSvc - ok
12:02:34.0776 4620 [ cfc5a04558f5070cee3e3a7809f3ff52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:02:34.0932 4620 WPCSvc - ok
12:02:35.0041 4620 [ 801fbdb89d472b3c467eb112a0fc9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:02:35.0104 4620 WPDBusEnum - ok
12:02:35.0431 4620 [ dcf3e3edf5109ee8bc02fe6e1f045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:02:35.0494 4620 WPFFontCache_v0400 - ok
12:02:35.0603 4620 [ e3a3cb253c0ec2494d4a61f5e43a389c ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:02:35.0634 4620 ws2ifsl - ok
12:02:35.0712 4620 [ 1ca6c40261ddc0425987980d0cd2aaab ] wscsvc C:\Windows\System32\wscsvc.dll
12:02:35.0790 4620 wscsvc - ok
12:02:35.0790 4620 WSearch - ok
12:02:36.0305 4620 [ fc3ec24fce372c89423e015a2ac1a31e ] wuauserv C:\Windows\system32\wuaueng.dll
12:02:36.0430 4620 wuauserv - ok
12:02:36.0492 4620 [ ac13cb789d93412106b0fb6c7eb2bcb6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:02:36.0555 4620 WUDFRd - ok
12:02:36.0664 4620 [ 575a4190d989f64732119e4114045a4f ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:02:36.0742 4620 wudfsvc - ok
12:02:36.0882 4620 [ 04e268adfc81964c49dc0c082d520f7e ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
12:02:36.0976 4620 yukonwlh - ok
12:02:37.0007 4620 ================ Scan global ===============================
12:02:37.0085 4620 (f31eebc1a1c81fd04005489cc3dcdfe7) C:\Windows\system32\basesrv.dll
12:02:37.0303 4620 (d2293b069e4b63dc17b2f08d45e71124) C:\Windows\system32\winsrv.dll
12:02:37.0319 4620 (d2293b069e4b63dc17b2f08d45e71124) C:\Windows\system32\winsrv.dll
12:02:37.0475 4620 (d4e6d91c1349b7bfb3599a6ada56851b) C:\Windows\system32\services.exe
12:02:37.0475 4620 [Global] - ok
12:02:37.0475 4620 ================ Scan MBR ==================================
12:02:37.0506 4620 MBR (0x1B8) (61a349592c4728853f4a90ff78f7628e) \Device\Harddisk0\DR0
12:02:39.0019 4620 \Device\Harddisk0\DR0 - ok
12:02:39.0019 4620 ================ Scan VBR ==================================
12:02:39.0066 4620 Boot (0x1200) (41702a5fb39a547a11acf8cc8a51cb0d) \Device\Harddisk0\DR0\Partition1
12:02:39.0144 4620 \Device\Harddisk0\DR0\Partition1 - ok
12:02:39.0253 4620 Boot (0x1200) (e31862d79da056ba2e4431907d1cf684) \Device\Harddisk0\DR0\Partition2
12:02:39.0331 4620 \Device\Harddisk0\DR0\Partition2 - ok
12:02:39.0331 4620 ============================================================
12:02:39.0331 4620 Scan finished
12:02:39.0331 4620 ============================================================
12:02:39.0347 4796 Detected object count: 4
12:02:39.0347 4796 Actual detected object count: 4
12:03:37.0566 4796 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:37.0566 4796 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:03:37.0582 4796 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:37.0582 4796 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:03:37.0582 4796 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:37.0582 4796 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:03:37.0582 4796 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - skipped by user
12:03:37.0582 4796 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
16.08.2012, 12:02
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware - Avira abgeschaltet Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 12:40
| #23 |
| | Malware - Avira abgeschaltetCode:
ATTFilter ComboFix 12-08-16.01 - *** 16.08.2012 13:15:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1902 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-16 bis 2012-08-16 ))))))))))))))))))))))))))))))
.
.
2012-08-16 11:24 . 2012-08-16 11:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 09:53 . 2012-08-16 09:54 -------- d-----w- c:\program files\DownloadManager
2012-08-16 09:52 . 2012-08-16 09:52 -------- d-----w- c:\programdata\Browser Manager
2012-08-16 09:52 . 2012-08-16 09:52 317 ----a-w- C:\user.js
2012-08-16 09:51 . 2012-08-16 09:51 -------- d-----w- c:\users\***\AppData\Roaming\Babylon
2012-08-16 09:51 . 2012-08-16 09:51 -------- d-----w- c:\programdata\Babylon
2012-08-16 01:04 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 19:06 . 2012-08-15 19:06 -------- d-----w- C:\_OTL
2012-08-15 18:55 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-08 16:30 . 2012-08-08 16:30 -------- d-----w- c:\program files\ESET
2012-08-04 02:40 . 2012-08-04 02:40 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-08-04 02:40 . 2012-08-04 02:40 -------- d-----w- c:\programdata\Malwarebytes
2012-08-04 02:40 . 2012-08-08 15:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-04 02:40 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-03 16:07 . 2012-08-03 20:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-03 16:07 . 2012-08-03 16:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-03 08:55 . 2012-08-03 08:55 -------- d-----w- c:\users\***\AppData\Roaming\Avira
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 20:46 . 2012-04-30 15:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 20:46 . 2011-05-27 13:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-12 18:52 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-12 18:52 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-12 18:49 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-22 17:41 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 17:41 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 17:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 17:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 17:41 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 17:41 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 17:40 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 17:40 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 17:40 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-12 18:49 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-12 18:49 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-08-03 20:45 . 2011-11-21 16:43 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-10-21 433872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"ICQ"="c:\program files\ICQ7.7\ICQ.exe" [2012-03-31 127040]
"Facebook Update"="c:\users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-03-17 08:59 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 99364439
*Deregistered* - 99364439
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 08:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 20:46]
.
2012-08-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4052529140-588982613-92189222-1003Core.job
- c:\users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-10 18:52]
.
2012-08-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4052529140-588982613-92189222-1003UA.job
- c:\users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-10 18:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?affID=110809&tt=130812_ppcs2_3312_1&babsrc=HP_ss&mntrId=38faa0a200000000000000234eeb1283
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to Mp3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=110809&tt=130812_ppcs2_3312_1&babsrc=HP_ss&mntrId=38faa0a200000000000000234eeb1283
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110809&tt=130812_ppcs2_3312_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 38faa0a200000000000000234eeb1283
FF - user.js: extensions.BabylonToolbar.instlDay - 15568
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.611:52
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-16 13:24
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2656)
c:\windows\system32\btmmhook.dll
.
Zeit der Fertigstellung: 2012-08-16 13:27:34
ComboFix-quarantined-files.txt 2012-08-16 11:27
.
Vor Suchlauf: 8 Verzeichnis(se), 71.429.595.136 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 74.088.697.856 Bytes frei
.
- - End Of File - - B23278B9C7750E9AAC95C372B0F818D1
|
|
16.08.2012, 14:00
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware - Avira abgeschaltet Du hast dir ja schon wieder Toolbar-Müll installiert  Bitte den adwCleaner neu runterladen!! adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 14:09
| #25 |
| | Malware - Avira abgeschaltet Hallo. Diese Toolbar hab ich tatsächlich von eurer Seite. AUs diesem Thread: http://www.trojaner-board.de/82358-t...entfernen.html Im Zweiten Beitrag ganz oben ist eine Anzeige. Ich dachte dies sei der reguläre Download Link für den TDSSKiller und habe viel zu spät bemerkt, dass es sich anscheinend um einen Download Manager oder ähnliches handelt. Einen Screenshot mit dem ANzeige Banner habe ich angehängt. Hier die Logdatei: Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/16/2012 at 15:05:04
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : ***
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\***\AppData\Roaming\Babylon
Folder Found : C:\ProgramData\Babylon
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
***** [Registry] *****
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKLM\SOFTWARE\Babylon
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110809&tt=130812_ppcs2_3312_1&babsrc=HP_ss&mntrId=38faa0a200000000000000234eeb1283
[HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=110809&tt=130812_ppcs2_3312_1&babsrc=HP_ss&mntrId=38faa0a200000000000000234eeb1283
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110809&tt=130812_ppcs2_3312_1&babsrc=NT_ss&mntrId=38faa0a200000000000000234eeb1283
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\prefs.js
Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110809&tt=130812_ppcs2_3312_1&babs[...]
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110809&tt=130812_ppcs2_3312_[...]
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.id", "38faa0a200000000000000234eeb1283");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15568");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110809&tt=130812_ppcs2_3312_1");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110809&tt=13081[...]
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.611:52:26");
*************************
AdwCleaner[R1].txt - [16240 octets] - [13/08/2012 20:01:32]
AdwCleaner[S1].txt - [16840 octets] - [13/08/2012 20:38:58]
AdwCleaner[R2].txt - [4022 octets] - [16/08/2012 15:05:04]
########## EOF - C:\AdwCleaner[R2].txt - [4150 octets] ##########
|
|
16.08.2012, 14:11
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware - Avira abgeschaltet Dasist ziemlich unglücklich Du hast leider adwCleaner nicht neu runtergeladen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 14:40
| #27 |
| | Malware - Avira abgeschaltet Hier das neue Log mit aktuellem ADW: Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/16/2012 at 15:38:34
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : ***
# Boot Mode : Normal
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\***\AppData\Roaming\Babylon
Folder Found : C:\ProgramData\Babylon
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
***** [Registry] *****
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKLM\SOFTWARE\Babylon
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110809&tt=130812_ppcs2_3312_1&babsrc=HP_ss&mntrId=38faa0a200000000000000234eeb1283
[HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=110809&tt=130812_ppcs2_3312_1&babsrc=HP_ss&mntrId=38faa0a200000000000000234eeb1283
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110809&tt=130812_ppcs2_3312_1&babsrc=NT_ss&mntrId=38faa0a200000000000000234eeb1283
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\prefs.js
Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110809&tt=130812_ppcs2_3312_1&babs[...]
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110809&tt=130812_ppcs2_3312_[...]
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.id", "38faa0a200000000000000234eeb1283");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15568");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110809&tt=130812_ppcs2_3312_1");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110809&tt=13081[...]
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.611:52:26");
*************************
AdwCleaner[R1].txt - [16240 octets] - [13/08/2012 20:01:32]
AdwCleaner[S1].txt - [16840 octets] - [13/08/2012 20:38:58]
AdwCleaner[R2].txt - [4089 octets] - [16/08/2012 15:05:04]
AdwCleaner[R3].txt - [4129 octets] - [16/08/2012 15:38:34]
########## EOF - C:\AdwCleaner[R3].txt - [4257 octets] ##########
|
|
17.08.2012, 17:37
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware - Avira abgeschaltet adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.08.2012, 11:31
| #29 |
| | Malware - Avira abgeschaltetCode:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/20/2012 at 12:22:39
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : ***
# Boot Mode : Normal
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\***\AppData\Roaming\Babylon
Folder Deleted : C:\ProgramData\Babylon
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
***** [Registry] *****
Key Deleted : HKLM\SOFTWARE\Babylon
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110809&tt=130812_ppcs2_3312_1&babsrc=HP_ss&mntrId=38faa0a200000000000000234eeb1283 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=110809&tt=130812_ppcs2_3312_1&babsrc=HP_ss&mntrId=38faa0a200000000000000234eeb1283 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110809&tt=130812_ppcs2_3312_1&babsrc=NT_ss&mntrId=38faa0a200000000000000234eeb1283 --> hxxp://www.google.com
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\prefs.js
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5um2nqxm.default\user.js ... Deleted !
Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110809&tt=130812_ppcs2_3312_1&babs[...]
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110809&tt=130812_ppcs2_3312_[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "38faa0a200000000000000234eeb1283");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15568");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110809&tt=130812_ppcs2_3312_1");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110809&tt=13081[...]
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.611:52:26");
*************************
AdwCleaner[R1].txt - [16240 octets] - [13/08/2012 20:01:32]
AdwCleaner[S1].txt - [16840 octets] - [13/08/2012 20:38:58]
AdwCleaner[R2].txt - [4089 octets] - [16/08/2012 15:05:04]
AdwCleaner[R3].txt - [4196 octets] - [16/08/2012 15:38:34]
AdwCleaner[S2].txt - [4431 octets] - [20/08/2012 12:22:39]
########## EOF - C:\AdwCleaner[S2].txt - [4559 octets] ##########
|
|
21.08.2012, 11:38
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware - Avira abgeschaltet Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Malware - Avira abgeschaltet |
| antivir, avira, bho, conduit, converter, error, firefox, flash player, google, home, install.exe, internet, ip-adresse, limited.com/facebook, logfile, malware, malware gefunden, microsoft office 2003, mozilla, mp3, object, office 2007, realtek, registry, scan, security, server, software, system, trojaner, usb, vista |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
