Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Und noch ein GVU Angriff :(

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.05.2013, 20:12   #1
Khael
 
Und noch ein GVU Angriff :( - Standard

Und noch ein GVU Angriff :(



Hallo!

Nachdem ihr mir beim letzten Mal so SUPER und kompetent beim Entfernen eines Trojaners geholfen habt (hier nochmal ein ausdrückliches DANKE ) möchte ich mich nochmal an euch wenden.

Diesmal hat es meine Freundin erwischt. Sie hat sich heute den GVU Trojaner eingefangen (er lässt sogar die im Laptop eingebaute Kamera filmen). Das Betriebssystem ist Windows Vista.

Nachdem sie sich den Trojaner eingefangen hat hat sie sofort das Internet ausgemacht. Den Laptop konnte sie danach noch im Abgesicherten Modus starten, da hat noch alles funktioniert. Allerdings hat sie keinerlei Änderungen mehr in den Systemeinstellungen gemacht und den PC wieder runtergefahren. Seitdem nicht mehr hochgefahren und wir hoffen, ihr könnt uns weiterhelfen.

Wir würden uns sehr freuen!

Alt 17.05.2013, 20:14   #2
markusg
/// Malware-holic
 
Und noch ein GVU Angriff :( - Standard

Und noch ein GVU Angriff :(



kommst du an nen pc mit brenner?
download:
http://filepony.de/download-isoburner/
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die
Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
         
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs
__________________

__________________

Alt 17.05.2013, 21:07   #3
Khael
 
Und noch ein GVU Angriff :( - Standard

Und noch ein GVU Angriff :(



Hallo Markus,

OTLPENet ist auf CD gebrannt und damit wurde der PC gebootet.
Ich habe dann die OTLPE exe gestartet und es kommt nur die Option "choose Windows Directory". Vorausgewählt ist "my Computer" aber wenn ich mit OK bestätige kommt die Meldung "no Windows installations found".
Wenn ich einen anderen Ordner wähle kommt die Meldung "Target is not Windows 2000 or later".

Was kann ich nun tun?
__________________

Alt 17.05.2013, 21:12   #4
markusg
/// Malware-holic
 
Und noch ein GVU Angriff :( - Standard

Und noch ein GVU Angriff :(



alles nacheinander aufklappen, und den ordner wind, bzw WINDOWS suchen und draufklicken und los gehts.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.05.2013, 22:20   #5
Khael
 
Und noch ein GVU Angriff :( - Standard

Und noch ein GVU Angriff :(



So, das ist erstmal erledigt.
Allerdings habe ich nach dem Scan nur ein log bekommen (oder gefunden). Reicht das oder habe ich etwas übersehen?

Code:
ATTFilter
OTL logfile created on: 5/17/2013 11:26:22 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.43 Gb Total Space | 12.50 Gb Free Space | 5.75% Space Free | Partition Type: NTFS
Drive D: | 68.72 Gb Total Space | 68.57 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.87 Gb Free Space | 100.00% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/05/15 12:23:58 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/06 04:38:23 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013/04/13 15:12:22 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/29 05:48:06 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/03/29 05:47:17 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/02/28 12:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/06/02 10:58:20 | 000,246,520 | ---- | M] () [Disabled] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/11 19:47:44 | 000,036,352 | ---- | M] () [On_Demand] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2008/08/13 23:59:52 | 000,100,920 | ---- | M] () [Auto] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2008/01/22 04:35:52 | 000,103,808 | ---- | M] () [Disabled] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/03 07:24:54 | 000,125,496 | ---- | M] () [Disabled] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (VNUSB)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (ipswuio)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2013/03/29 05:48:25 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/03/29 05:48:25 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/03/29 05:48:25 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 10:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/25 02:14:34 | 000,024,880 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\OXUDIDRV_x32.sys -- (OXUDIDRV)
DRV - [2009/12/11 19:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/09/28 03:55:38 | 000,052,656 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\OXSDIDRV_x32.sys -- (OXSDIDRV_x32) Oxford Semi eSATA Filter (x32)
DRV - [2009/09/05 00:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/08/28 13:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/08/04 16:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2009/07/10 06:04:42 | 001,067,008 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/06/25 23:56:16 | 000,030,264 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2009/01/14 15:51:50 | 000,230,952 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2008/12/24 04:39:43 | 000,014,392 | ---- | M] (ATK0100) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2008/11/03 03:03:27 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/08/10 22:14:11 | 001,752,704 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/05/29 12:21:04 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV - [2008/05/23 20:25:42 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/07 02:00:45 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CRFILTER.sys -- (CRFILTER)
DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/09/10 03:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/08/03 00:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/07/24 14:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2005/02/23 09:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=hp&babsrc=lnkry_nt
IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 B9 0B 43 9C 29 CB 01  [binary data]
IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Cathrin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Cathrin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/09/07 17:14:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/13 15:12:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/13 15:12:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/13 15:12:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/13 15:12:13 | 000,000,000 | ---D | M]
 
[2011/06/26 04:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cathrin\AppData\Roaming\Mozilla\Extensions
[2012/12/31 07:38:09 | 000,002,101 | ---- | M] () -- C:\Users\Cathrin\AppData\Roaming\Mozilla\Firefox\Profiles\e8w3q7kr.default-1355078513750\searchplugins\googlede.xml
[2013/04/13 15:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2013/04/13 15:12:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2013/04/13 15:12:22 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/12/08 09:26:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/12/08 09:26:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/12/08 09:26:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/12/08 09:26:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/12/08 09:26:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/12/08 09:26:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (jZip Toolbar) - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipdtx.dll ()
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (UrlHelper Class) - {41C4AA37-1DDD-4345-B8DC-734E4B38414D} - C:\Program Files\Windows jZip Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (jZip Toolbar) - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipdtx.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows jZip Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\Cathrin_ON_C..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\Cathrin_ON_C..\Run: [ctfmon.exe] C:\ProgramData\zdhft.dat (Hilgraeve, Inc.)
O4 - HKU\Cathrin_ON_C..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\Cathrin_ON_C..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O7 - HKU\Cathrin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\Cathrin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Cathrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Cathrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI83E4~1\Datamngr\datamngr.dll) - C:\Program Files\Windows jZip Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI83E4~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows jZip Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{78f7d924-f8e9-11e0-81ab-00261856b50a}\Shell - "" = AutoRun
O33 - MountPoints2\{78f7d924-f8e9-11e0-81ab-00261856b50a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{831e02c7-613b-11e1-b5d6-00261856b50a}\Shell - "" = AutoRun
O33 - MountPoints2\{831e02c7-613b-11e1-b5d6-00261856b50a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{ed4ca8ac-ed9a-11de-873f-00261856b50a}\Shell\AutoRun\command - "" = F:\tvoj/zauvjek.exe
O33 - MountPoints2\{ed4ca8ac-ed9a-11de-873f-00261856b50a}\Shell\explore\command - "" = F:\tvoj/zauvjek.exe
O33 - MountPoints2\{ed4ca8ac-ed9a-11de-873f-00261856b50a}\Shell\open\command - "" = F:\tvoj/zauvjek.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe - ()
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk - C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe - (Philips)
MsConfig - StartUpReg: ACMON - hkey= - key= - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: ATKMEDIA - hkey= - key= - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: NapsterShell - hkey= - key= - C:\Program Files\Napster\napster.exe (Napster)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SearchSettings - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SweetIM - hkey= - key= - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
MsConfig - StartUpReg: swg - hkey= - key= -  File not found
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/17 14:11:44 | 000,131,072 | ---- | C] (Hilgraeve, Inc.) -- C:\ProgramData\zdhft.dat
[2013/05/17 14:11:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013/05/08 17:42:12 | 000,000,000 | ---D | C] -- C:\Users\Cathrin\Desktop\Kamera
[2013/05/07 01:41:08 | 000,000,000 | ---D | C] -- C:\Users\Cathrin\Desktop\Ejercicios_de_comprensi¾n_de_lectura_y_exprensi¾n_escrita
[2013/05/06 16:22:45 | 000,000,000 | ---D | C] -- C:\Users\Cathrin\Desktop\Creating Culture
[2011/02/11 04:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2008/11/03 03:03:27 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[5 C:\Users\Cathrin\Desktop\*.tmp files -> C:\Users\Cathrin\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/17 15:50:53 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2013/05/17 15:50:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/17 15:50:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/17 15:50:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/17 15:50:43 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/17 14:28:48 | 000,069,632 | ---- | M] () -- C:\Users\Cathrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/17 14:14:00 | 095,023,320 | ---- | M] () -- C:\ProgramData\tfhdz.pad
[2013/05/17 14:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/17 14:11:58 | 000,000,869 | ---- | M] () -- C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/17 14:11:57 | 000,002,610 | ---- | M] () -- C:\ProgramData\tfhdz.js
[2013/05/17 14:11:44 | 000,131,072 | ---- | M] (Hilgraeve, Inc.) -- C:\ProgramData\zdhft.dat
[2013/05/17 14:11:44 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013/05/17 14:09:05 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/16 03:42:03 | 000,002,617 | ---- | M] () -- C:\Users\Cathrin\Desktop\Microsoft Word 2010.lnk
[2013/05/15 16:29:53 | 000,634,274 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/15 16:29:53 | 000,600,832 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/15 16:29:53 | 000,129,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/15 16:29:53 | 000,106,450 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/15 12:23:57 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/15 12:23:57 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/01 20:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/04/22 03:21:28 | 000,000,000 | ---- | M] () -- C:\Users\Cathrin\Documents\englischvokabeln
[2013/04/21 08:07:40 | 000,483,433 | ---- | M] () -- C:\Users\Cathrin\Desktop\FLT_2EY6L61831_0.pdf
[2013/04/21 07:56:12 | 000,483,467 | ---- | M] () -- C:\Users\Cathrin\Desktop\FLT_SWUGDP14826_0.pdf
[2013/04/21 06:45:03 | 000,000,032 | -H-- | M] () -- C:\Users\Cathrin\Documents\Database.kdb.lock
[2013/04/18 03:38:33 | 000,482,372 | ---- | M] () -- C:\Users\Cathrin\Desktop\FLT_ZAVQQ81831_0.pdf
[5 C:\Users\Cathrin\Desktop\*.tmp files -> C:\Users\Cathrin\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/17 14:11:58 | 000,000,869 | ---- | C] () -- C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/17 14:11:57 | 000,002,610 | ---- | C] () -- C:\ProgramData\tfhdz.js
[2013/05/17 14:11:45 | 095,023,320 | ---- | C] () -- C:\ProgramData\tfhdz.pad
[2013/04/22 03:21:28 | 000,000,000 | ---- | C] () -- C:\Users\Cathrin\Documents\englischvokabeln
[2013/04/21 08:07:40 | 000,483,433 | ---- | C] () -- C:\Users\Cathrin\Desktop\FLT_2EY6L61831_0.pdf
[2013/04/21 07:56:12 | 000,483,467 | ---- | C] () -- C:\Users\Cathrin\Desktop\FLT_SWUGDP14826_0.pdf
[2013/04/18 03:38:32 | 000,482,372 | ---- | C] () -- C:\Users\Cathrin\Desktop\FLT_ZAVQQ81831_0.pdf
[2013/04/18 03:31:10 | 000,000,032 | -H-- | C] () -- C:\Users\Cathrin\Documents\Database.kdb.lock
[2012/01/04 08:38:50 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/10/09 10:44:08 | 000,024,880 | ---- | C] () -- C:\Windows\System32\drivers\OXUDIDRV_x32.sys
[2011/07/18 08:17:43 | 000,024,206 | ---- | C] () -- C:\Users\Cathrin\AppData\Roaming\UserTile.png
[2011/06/10 03:08:19 | 000,000,000 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\{77189E06-2564-4644-8567-85630887824B}
[2011/05/08 16:22:45 | 000,000,000 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\{C5B4F3CF-DF58-4D46-9D68-E894AD10FF5C}
[2010/12/31 22:33:17 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/12/31 22:33:17 | 000,005,026 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2010/12/31 22:33:17 | 000,000,491 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2010/10/27 09:12:02 | 000,001,940 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/08/27 10:34:24 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/08/25 14:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 14:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 14:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 13:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/01/26 05:54:25 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/12/21 10:17:00 | 000,000,680 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\d3d9caps.dat
[2009/10/20 15:58:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 15:58:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/28 03:55:38 | 000,052,656 | ---- | C] () -- C:\Windows\System32\drivers\OXSDIDRV_x32.sys
[2009/09/28 03:55:16 | 000,048,688 | ---- | C] () -- C:\Windows\System32\OXSDICIN_x32.dll
[2009/09/13 08:22:38 | 000,069,632 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/08 16:36:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 09:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/26 00:06:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2009/06/25 23:59:24 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/06/25 23:58:52 | 000,230,952 | ---- | C] () -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys
[2009/06/25 23:56:25 | 000,057,344 | ---- | C] () -- C:\Windows\System32\LogonStart.dll
[2009/06/25 23:54:19 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/06/25 23:10:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/25 23:38:39 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2008/12/23 16:36:14 | 000,106,496 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008/08/10 22:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/05/22 11:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008/05/11 23:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/04/16 07:11:34 | 000,634,274 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/04/16 07:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/04/16 07:11:34 | 000,129,426 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/04/16 07:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/04/16 06:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008/04/07 02:00:45 | 000,005,120 | ---- | C] () -- C:\Windows\System32\CRFILTER.dll
[2007/03/20 11:44:02 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,393,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,600,832 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,106,450 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/07/09 12:31:18 | 000,155,700 | ---- | C] () -- C:\Windows\System32\ODMA32.DLL
 
========== LOP Check ==========
 
[2012/02/14 20:39:33 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Broad Intelligence
[2012/04/11 08:04:37 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Canon
[2011/03/01 15:46:34 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Desktopicon
[2013/05/17 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Dropbox
[2012/10/27 17:07:01 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\DVDVideoSoft
[2012/06/16 17:50:29 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/03/01 15:46:34 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\FreeAudioPack
[2011/07/04 08:47:47 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\go
[2011/11/11 06:21:36 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\ICQ
[2012/11/04 16:14:12 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\KeePass
[2012/10/27 17:06:17 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\OpenCandy
[2009/09/20 16:35:59 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\OpenOffice.org
[2012/04/11 10:21:11 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\pdfforge
[2011/07/18 08:17:42 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\PeerNetworking
[2009/09/07 17:48:53 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Sony
[2011/01/18 09:22:43 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Swiss Academic Software
[2011/06/24 04:30:45 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Tific
[2011/11/11 06:59:57 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\TP
[2012/11/04 16:14:14 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Wise Registry Cleaner
[2013/02/22 15:23:22 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/12/31 22:20:51 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS
[2011/06/26 04:31:24 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2010/08/26 06:08:49 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2012/04/11 08:05:12 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJ
[2011/03/15 18:33:48 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEGV
[2010/09/13 10:39:52 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEPPEX
[2010/08/26 07:58:34 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJMyPrinter
[2012/04/11 08:05:12 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM
[2012/04/11 08:04:37 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2010/08/26 07:58:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJSolutionMenu
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/07/04 08:48:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Easybits GO
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/01/18 09:07:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Gibraltar
[2010/06/17 08:40:27 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2011/09/14 17:53:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations
[2010/02/08 07:26:32 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2010/07/19 05:40:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Messenger Plus!
[2009/11/19 20:58:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Napster
[2013/05/17 23:50:58 | 000,000,000 | ---D | M] -- C:\ProgramData\P4G
[2009/09/07 16:50:16 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings
[2009/09/07 17:48:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/07/19 05:48:17 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM
[2011/01/18 09:00:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Swiss Academic Software
[2011/06/26 04:22:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/02/25 17:42:40 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications
[2009/10/26 19:53:20 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2012/04/11 06:49:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Xerox
[2009/10/04 12:25:54 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/11/04 17:12:51 | 000,000,262 | ---- | M] () -- C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job
[2012/11/04 17:14:42 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\Net4Switch.job
[2013/05/03 16:39:31 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009/08/08 14:47:47 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009/06/25 23:56:16 | 000,000,000 | ---D | M] -- C:\ADSM_PData_0150
[2009/06/26 00:06:29 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT
[2011/03/02 15:27:09 | 000,000,000 | ---D | M] -- C:\ATI
[2010/01/26 10:30:40 | 000,000,000 | -HSD | M] -- C:\Boot
[2012/06/14 03:03:25 | 000,000,000 | ---D | M] -- C:\da29c26338e2dce0904969
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012/01/05 22:03:00 | 000,000,000 | -HSD | M] -- C:\found.000
[2012/01/06 07:35:07 | 000,000,000 | -HSD | M] -- C:\found.001
[2012/03/02 16:52:35 | 000,000,000 | -HSD | M] -- C:\found.002
[2009/06/25 23:35:50 | 000,000,000 | ---D | M] -- C:\Intel
[2012/02/27 10:10:51 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/03/02 15:41:44 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009/09/20 16:30:45 | 000,000,000 | ---D | M] -- C:\OpenOffice.org 3.1 (de) Installation Files
[2008/01/20 22:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2009/09/07 17:02:09 | 000,000,000 | ---D | M] -- C:\Philips
[2013/05/14 12:04:39 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/05/17 14:14:00 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2013/05/17 14:16:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009/09/07 17:15:28 | 000,000,000 | ---D | M] -- C:\temp
[2009/08/08 14:34:49 | 000,000,000 | R--D | M] -- C:\Users
[2013/05/17 23:50:58 | 000,000,000 | ---D | M] -- C:\Windows
[2010/05/18 12:00:09 | 000,000,000 | ---D | M] -- C:\zanic
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/06/25 23:23:20 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/06/25 23:23:19 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/06/25 23:23:19 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/06/25 23:23:20 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/02/11 05:11:49 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009/02/11 05:11:49 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 22:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008/01/20 22:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008/01/20 22:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008/01/20 22:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008/01/20 22:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 02:28:19 | 000,142,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\fontext.dll
[2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\shell32.dll
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:7631EA83
< End of report >
         


Alt 17.05.2013, 22:26   #6
markusg
/// Malware-holic
 
Und noch ein GVU Angriff :( - Standard

Und noch ein GVU Angriff :(



edit
__________________
--> Und noch ein GVU Angriff :(

Alt 17.05.2013, 22:28   #7
markusg
/// Malware-holic
 
Und noch ein GVU Angriff :( - Standard

Und noch ein GVU Angriff :(



hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O4 - Startup: C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - HKU\Cathrin_ON_C..\Run: [ctfmon.exe] C:\ProgramData\zdhft.dat (Hilgraeve, Inc.)
[2013/05/17 14:11:58 | 000,000,869 | ---- | C] () -- C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/17 14:11:57 | 000,002,610 | ---- | C] () -- C:\ProgramData\tfhdz.js
[2013/05/17 14:11:45 | 095,023,320 | ---- | C] () -- C:\ProgramData\tfhdz.pad
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.


falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.05.2013, 13:55   #8
Khael
 
Und noch ein GVU Angriff :( - Standard

Und noch ein GVU Angriff :(



Also, ich habe bei OTL den fix eingetragen und durchlaufen lassen. Anschließend wollte er rebooten, nachdem ich das bestätigt habe ist aber nichts passiert. Also habe ich manuell den PC runter- und normal wieder hochgefahren.
Die Sperre vom Trojaner ist jetzt weg, allerdings finde ich den Report nicht. Es gibt zwar einen OTL Bericht über C:\ mit dem passenden Änderungsdatum, aber inhaltlich konnte ich auf den ersten Blick keinen Unterschied zum letzten OTL Log sehen. Trotzdem hochladen?
Anschließend wollte ich im Ordner _OTL die movedfiles in einen zip komprimierten Ordner packen, aber es kommt die Meldung "Datei nicht gefunden oder keine Leseberechtigung". Gleichzeitig meldet Avira "Zugriff auf Datei...., die ein Virus oder unerwünschtes Programm JS/Agent.480412 enthält, wurde verweigert.

EDIT: Beim zweiten Versuch hat das zippen geklappt, die Datei ist hochgeladen. Hat problemlos geklappt

Und hier das OTL log bei dem ich mir nicht sicher bin obs das gleiche ist wie gestern:

Code:
ATTFilter
OTL logfile created on: 5/17/2013 11:26:22 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.43 Gb Total Space | 12.50 Gb Free Space | 5.75% Space Free | Partition Type: NTFS
Drive D: | 68.72 Gb Total Space | 68.57 Gb Free Space | 99.78% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.87 Gb Free Space | 100.00% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/05/15 12:23:58 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/06 04:38:23 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013/04/13 15:12:22 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/29 05:48:06 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/03/29 05:47:17 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/02/28 12:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/06/02 10:58:20 | 000,246,520 | ---- | M] () [Disabled] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/11 19:47:44 | 000,036,352 | ---- | M] () [On_Demand] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2008/08/13 23:59:52 | 000,100,920 | ---- | M] () [Auto] -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2008/01/22 04:35:52 | 000,103,808 | ---- | M] () [Disabled] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/03 07:24:54 | 000,125,496 | ---- | M] () [Disabled] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (VNUSB)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (ipswuio)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2013/03/29 05:48:25 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/03/29 05:48:25 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/03/29 05:48:25 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 10:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/25 02:14:34 | 000,024,880 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\OXUDIDRV_x32.sys -- (OXUDIDRV)
DRV - [2009/12/11 19:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/09/28 03:55:38 | 000,052,656 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\OXSDIDRV_x32.sys -- (OXSDIDRV_x32) Oxford Semi eSATA Filter (x32)
DRV - [2009/09/05 00:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/08/28 13:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/08/04 16:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2009/07/10 06:04:42 | 001,067,008 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/06/25 23:56:16 | 000,030,264 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2009/01/14 15:51:50 | 000,230,952 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2008/12/24 04:39:43 | 000,014,392 | ---- | M] (ATK0100) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2008/11/03 03:03:27 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/08/10 22:14:11 | 001,752,704 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/05/29 12:21:04 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV - [2008/05/23 20:25:42 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/07 02:00:45 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CRFILTER.sys -- (CRFILTER)
DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/09/10 03:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/08/03 00:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/07/24 14:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2005/02/23 09:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=hp&babsrc=lnkry_nt
IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 B9 0B 43 9C 29 CB 01  [binary data]
IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Cathrin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Cathrin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Cathrin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google.de"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/09/07 17:14:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/13 15:12:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/13 15:12:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/13 15:12:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/13 15:12:13 | 000,000,000 | ---D | M]
 
[2011/06/26 04:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cathrin\AppData\Roaming\Mozilla\Extensions
[2012/12/31 07:38:09 | 000,002,101 | ---- | M] () -- C:\Users\Cathrin\AppData\Roaming\Mozilla\Firefox\Profiles\e8w3q7kr.default-1355078513750\searchplugins\googlede.xml
[2013/04/13 15:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2013/04/13 15:12:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2013/04/13 15:12:22 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/12/08 09:26:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/12/08 09:26:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/12/08 09:26:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/12/08 09:26:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/12/08 09:26:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/12/08 09:26:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (jZip Toolbar) - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipdtx.dll ()
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (UrlHelper Class) - {41C4AA37-1DDD-4345-B8DC-734E4B38414D} - C:\Program Files\Windows jZip Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (jZip Toolbar) - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipdtx.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - C:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Cathrin_ON_C\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows jZip Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\Cathrin_ON_C..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\Cathrin_ON_C..\Run: [ctfmon.exe] C:\ProgramData\zdhft.dat (Hilgraeve, Inc.)
O4 - HKU\Cathrin_ON_C..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\Cathrin_ON_C..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O7 - HKU\Cathrin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\Cathrin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Cathrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Cathrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI83E4~1\Datamngr\datamngr.dll) - C:\Program Files\Windows jZip Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI83E4~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows jZip Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{78f7d924-f8e9-11e0-81ab-00261856b50a}\Shell - "" = AutoRun
O33 - MountPoints2\{78f7d924-f8e9-11e0-81ab-00261856b50a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{831e02c7-613b-11e1-b5d6-00261856b50a}\Shell - "" = AutoRun
O33 - MountPoints2\{831e02c7-613b-11e1-b5d6-00261856b50a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{ed4ca8ac-ed9a-11de-873f-00261856b50a}\Shell\AutoRun\command - "" = F:\tvoj/zauvjek.exe
O33 - MountPoints2\{ed4ca8ac-ed9a-11de-873f-00261856b50a}\Shell\explore\command - "" = F:\tvoj/zauvjek.exe
O33 - MountPoints2\{ed4ca8ac-ed9a-11de-873f-00261856b50a}\Shell\open\command - "" = F:\tvoj/zauvjek.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe - ()
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk - C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe - (Philips)
MsConfig - StartUpReg: ACMON - hkey= - key= - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: ATKMEDIA - hkey= - key= - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: NapsterShell - hkey= - key= - C:\Program Files\Napster\napster.exe (Napster)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SearchSettings - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SweetIM - hkey= - key= - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
MsConfig - StartUpReg: swg - hkey= - key= -  File not found
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/17 14:11:44 | 000,131,072 | ---- | C] (Hilgraeve, Inc.) -- C:\ProgramData\zdhft.dat
[2013/05/17 14:11:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013/05/08 17:42:12 | 000,000,000 | ---D | C] -- C:\Users\Cathrin\Desktop\Kamera
[2013/05/07 01:41:08 | 000,000,000 | ---D | C] -- C:\Users\Cathrin\Desktop\Ejercicios_de_comprensi¾n_de_lectura_y_exprensi¾n_escrita
[2013/05/06 16:22:45 | 000,000,000 | ---D | C] -- C:\Users\Cathrin\Desktop\Creating Culture
[2011/02/11 04:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2008/11/03 03:03:27 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[5 C:\Users\Cathrin\Desktop\*.tmp files -> C:\Users\Cathrin\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/17 15:50:53 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2013/05/17 15:50:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/17 15:50:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/17 15:50:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/17 15:50:43 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/17 14:28:48 | 000,069,632 | ---- | M] () -- C:\Users\Cathrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/17 14:14:00 | 095,023,320 | ---- | M] () -- C:\ProgramData\tfhdz.pad
[2013/05/17 14:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/17 14:11:58 | 000,000,869 | ---- | M] () -- C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/17 14:11:57 | 000,002,610 | ---- | M] () -- C:\ProgramData\tfhdz.js
[2013/05/17 14:11:44 | 000,131,072 | ---- | M] (Hilgraeve, Inc.) -- C:\ProgramData\zdhft.dat
[2013/05/17 14:11:44 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013/05/17 14:09:05 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/16 03:42:03 | 000,002,617 | ---- | M] () -- C:\Users\Cathrin\Desktop\Microsoft Word 2010.lnk
[2013/05/15 16:29:53 | 000,634,274 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/05/15 16:29:53 | 000,600,832 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/15 16:29:53 | 000,129,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/05/15 16:29:53 | 000,106,450 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/15 12:23:57 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/15 12:23:57 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/01 20:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/04/22 03:21:28 | 000,000,000 | ---- | M] () -- C:\Users\Cathrin\Documents\englischvokabeln
[2013/04/21 08:07:40 | 000,483,433 | ---- | M] () -- C:\Users\Cathrin\Desktop\FLT_2EY6L61831_0.pdf
[2013/04/21 07:56:12 | 000,483,467 | ---- | M] () -- C:\Users\Cathrin\Desktop\FLT_SWUGDP14826_0.pdf
[2013/04/21 06:45:03 | 000,000,032 | -H-- | M] () -- C:\Users\Cathrin\Documents\Database.kdb.lock
[2013/04/18 03:38:33 | 000,482,372 | ---- | M] () -- C:\Users\Cathrin\Desktop\FLT_ZAVQQ81831_0.pdf
[5 C:\Users\Cathrin\Desktop\*.tmp files -> C:\Users\Cathrin\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/17 14:11:58 | 000,000,869 | ---- | C] () -- C:\Users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013/05/17 14:11:57 | 000,002,610 | ---- | C] () -- C:\ProgramData\tfhdz.js
[2013/05/17 14:11:45 | 095,023,320 | ---- | C] () -- C:\ProgramData\tfhdz.pad
[2013/04/22 03:21:28 | 000,000,000 | ---- | C] () -- C:\Users\Cathrin\Documents\englischvokabeln
[2013/04/21 08:07:40 | 000,483,433 | ---- | C] () -- C:\Users\Cathrin\Desktop\FLT_2EY6L61831_0.pdf
[2013/04/21 07:56:12 | 000,483,467 | ---- | C] () -- C:\Users\Cathrin\Desktop\FLT_SWUGDP14826_0.pdf
[2013/04/18 03:38:32 | 000,482,372 | ---- | C] () -- C:\Users\Cathrin\Desktop\FLT_ZAVQQ81831_0.pdf
[2013/04/18 03:31:10 | 000,000,032 | -H-- | C] () -- C:\Users\Cathrin\Documents\Database.kdb.lock
[2012/01/04 08:38:50 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/10/09 10:44:08 | 000,024,880 | ---- | C] () -- C:\Windows\System32\drivers\OXUDIDRV_x32.sys
[2011/07/18 08:17:43 | 000,024,206 | ---- | C] () -- C:\Users\Cathrin\AppData\Roaming\UserTile.png
[2011/06/10 03:08:19 | 000,000,000 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\{77189E06-2564-4644-8567-85630887824B}
[2011/05/08 16:22:45 | 000,000,000 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\{C5B4F3CF-DF58-4D46-9D68-E894AD10FF5C}
[2010/12/31 22:33:17 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/12/31 22:33:17 | 000,005,026 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2010/12/31 22:33:17 | 000,000,491 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2010/10/27 09:12:02 | 000,001,940 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/08/27 10:34:24 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/08/25 14:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 14:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 14:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 13:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/01/26 05:54:25 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/12/21 10:17:00 | 000,000,680 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\d3d9caps.dat
[2009/10/20 15:58:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 15:58:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/28 03:55:38 | 000,052,656 | ---- | C] () -- C:\Windows\System32\drivers\OXSDIDRV_x32.sys
[2009/09/28 03:55:16 | 000,048,688 | ---- | C] () -- C:\Windows\System32\OXSDICIN_x32.dll
[2009/09/13 08:22:38 | 000,069,632 | ---- | C] () -- C:\Users\Cathrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/08 16:36:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 09:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 09:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/26 00:06:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2009/06/25 23:59:24 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/06/25 23:58:52 | 000,230,952 | ---- | C] () -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys
[2009/06/25 23:56:25 | 000,057,344 | ---- | C] () -- C:\Windows\System32\LogonStart.dll
[2009/06/25 23:54:19 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/06/25 23:10:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/25 23:38:39 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2008/12/23 16:36:14 | 000,106,496 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008/08/10 22:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/05/22 11:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008/05/11 23:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/04/16 07:11:34 | 000,634,274 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/04/16 07:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/04/16 07:11:34 | 000,129,426 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/04/16 07:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/04/16 06:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008/04/07 02:00:45 | 000,005,120 | ---- | C] () -- C:\Windows\System32\CRFILTER.dll
[2007/03/20 11:44:02 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,393,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,600,832 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,106,450 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/07/09 12:31:18 | 000,155,700 | ---- | C] () -- C:\Windows\System32\ODMA32.DLL
 
========== LOP Check ==========
 
[2012/02/14 20:39:33 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Broad Intelligence
[2012/04/11 08:04:37 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Canon
[2011/03/01 15:46:34 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Desktopicon
[2013/05/17 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Dropbox
[2012/10/27 17:07:01 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\DVDVideoSoft
[2012/06/16 17:50:29 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/03/01 15:46:34 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\FreeAudioPack
[2011/07/04 08:47:47 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\go
[2011/11/11 06:21:36 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\ICQ
[2012/11/04 16:14:12 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\KeePass
[2012/10/27 17:06:17 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\OpenCandy
[2009/09/20 16:35:59 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\OpenOffice.org
[2012/04/11 10:21:11 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\pdfforge
[2011/07/18 08:17:42 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\PeerNetworking
[2009/09/07 17:48:53 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Sony
[2011/01/18 09:22:43 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Swiss Academic Software
[2011/06/24 04:30:45 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Tific
[2011/11/11 06:59:57 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\TP
[2012/11/04 16:14:14 | 000,000,000 | ---D | M] -- C:\Users\Cathrin\AppData\Roaming\Wise Registry Cleaner
[2013/02/22 15:23:22 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/12/31 22:20:51 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS
[2011/06/26 04:31:24 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2010/08/26 06:08:49 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2012/04/11 08:05:12 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJ
[2011/03/15 18:33:48 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEGV
[2010/09/13 10:39:52 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEPPEX
[2010/08/26 07:58:34 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJMyPrinter
[2012/04/11 08:05:12 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM
[2012/04/11 08:04:37 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2010/08/26 07:58:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJSolutionMenu
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/07/04 08:48:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Easybits GO
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/01/18 09:07:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Gibraltar
[2010/06/17 08:40:27 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2011/09/14 17:53:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations
[2010/02/08 07:26:32 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2010/07/19 05:40:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Messenger Plus!
[2009/11/19 20:58:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Napster
[2013/05/17 23:50:58 | 000,000,000 | ---D | M] -- C:\ProgramData\P4G
[2009/09/07 16:50:16 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings
[2009/09/07 17:48:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/07/19 05:48:17 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM
[2011/01/18 09:00:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Swiss Academic Software
[2011/06/26 04:22:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/02/25 17:42:40 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications
[2009/10/26 19:53:20 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2012/04/11 06:49:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Xerox
[2009/10/04 12:25:54 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/11/04 17:12:51 | 000,000,262 | ---- | M] () -- C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job
[2012/11/04 17:14:42 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\Net4Switch.job
[2013/05/03 16:39:31 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009/08/08 14:47:47 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009/06/25 23:56:16 | 000,000,000 | ---D | M] -- C:\ADSM_PData_0150
[2009/06/26 00:06:29 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT
[2011/03/02 15:27:09 | 000,000,000 | ---D | M] -- C:\ATI
[2010/01/26 10:30:40 | 000,000,000 | -HSD | M] -- C:\Boot
[2012/06/14 03:03:25 | 000,000,000 | ---D | M] -- C:\da29c26338e2dce0904969
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012/01/05 22:03:00 | 000,000,000 | -HSD | M] -- C:\found.000
[2012/01/06 07:35:07 | 000,000,000 | -HSD | M] -- C:\found.001
[2012/03/02 16:52:35 | 000,000,000 | -HSD | M] -- C:\found.002
[2009/06/25 23:35:50 | 000,000,000 | ---D | M] -- C:\Intel
[2012/02/27 10:10:51 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/03/02 15:41:44 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009/09/20 16:30:45 | 000,000,000 | ---D | M] -- C:\OpenOffice.org 3.1 (de) Installation Files
[2008/01/20 22:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2009/09/07 17:02:09 | 000,000,000 | ---D | M] -- C:\Philips
[2013/05/14 12:04:39 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/05/17 14:14:00 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2013/05/17 14:16:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009/09/07 17:15:28 | 000,000,000 | ---D | M] -- C:\temp
[2009/08/08 14:34:49 | 000,000,000 | R--D | M] -- C:\Users
[2013/05/17 23:50:58 | 000,000,000 | ---D | M] -- C:\Windows
[2010/05/18 12:00:09 | 000,000,000 | ---D | M] -- C:\zanic
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/06/25 23:23:20 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/06/25 23:23:19 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/06/25 23:23:19 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/06/25 23:23:20 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/02/11 05:11:49 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009/02/11 05:11:49 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 22:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008/01/20 22:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008/01/20 22:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008/01/20 22:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008/01/20 22:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 02:28:19 | 000,142,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\fontext.dll
[2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\shell32.dll
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:7631EA83
< End of report >
         

Geändert von Khael (18.05.2013 um 14:37 Uhr)

Alt 19.05.2013, 18:35   #9
markusg
/// Malware-holic
 
Und noch ein GVU Angriff :( - Standard

Und noch ein GVU Angriff :(



Hi
kommst du wieder in den normalen Modus?
Dann:
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.05.2013, 13:39   #10
Khael
 
Und noch ein GVU Angriff :( - Standard

Und noch ein GVU Angriff :(



Alles klar, so weit so gut

Code:
ATTFilter
14:34:14.0498 5896  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:34:14.0748 5896  ============================================================
14:34:14.0748 5896  Current date / time: 2013/05/20 14:34:14.0748
14:34:14.0748 5896  SystemInfo:
14:34:14.0748 5896  
14:34:14.0748 5896  OS Version: 6.0.6002 ServicePack: 2.0
14:34:14.0748 5896  Product type: Workstation
14:34:14.0748 5896  ComputerName: CATHRINS_LAPPI
14:34:14.0748 5896  UserName: Cathrin
14:34:14.0748 5896  Windows directory: C:\Windows
14:34:14.0748 5896  System windows directory: C:\Windows
14:34:14.0748 5896  Processor architecture: Intel x86
14:34:14.0748 5896  Number of processors: 2
14:34:14.0748 5896  Page size: 0x1000
14:34:14.0748 5896  Boot type: Normal boot
14:34:14.0748 5896  ============================================================
14:34:15.0731 5896  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:34:15.0731 5896  ============================================================
14:34:15.0731 5896  \Device\Harddisk0\DR0:
14:34:15.0731 5896  MBR partitions:
14:34:15.0731 5896  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770D7A, BlocksNum 0x1B2DC400
14:34:15.0762 5896  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1CABE800, BlocksNum 0x896EEC1
14:34:15.0762 5896  ============================================================
14:34:15.0840 5896  C: <-> \Device\Harddisk0\DR0\Partition1
14:34:15.0918 5896  D: <-> \Device\Harddisk0\DR0\Partition2
14:34:15.0918 5896  ============================================================
14:34:15.0918 5896  Initialize success
14:34:15.0918 5896  ============================================================
14:35:21.0259 1876  ============================================================
14:35:21.0259 1876  Scan started
14:35:21.0259 1876  Mode: Manual; SigCheck; TDLFS; 
14:35:21.0259 1876  ============================================================
14:35:22.0866 1876  ================ Scan system memory ========================
14:35:22.0866 1876  System memory - ok
14:35:22.0866 1876  ================ Scan services =============================
14:35:23.0037 1876  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
14:35:23.0209 1876  ACDaemon - ok
14:35:23.0396 1876  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
14:35:23.0412 1876  ACPI - ok
14:35:23.0505 1876  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:35:23.0521 1876  AdobeARMservice - ok
14:35:23.0630 1876  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:35:23.0661 1876  AdobeFlashPlayerUpdateSvc - ok
14:35:23.0708 1876  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:35:23.0755 1876  adp94xx - ok
14:35:23.0786 1876  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:35:23.0817 1876  adpahci - ok
14:35:23.0849 1876  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
14:35:23.0880 1876  adpu160m - ok
14:35:23.0927 1876  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:35:23.0942 1876  adpu320 - ok
14:35:24.0036 1876  [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService     C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
14:35:24.0114 1876  ADSMService ( UnsignedFile.Multi.Generic ) - warning
14:35:24.0114 1876  ADSMService - detected UnsignedFile.Multi.Generic (1)
14:35:24.0145 1876  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:35:24.0207 1876  AeLookupSvc - ok
14:35:24.0254 1876  [ A7B8A3A79D35215D798A300DF49ED23F ] Afc             C:\Windows\system32\drivers\Afc.sys
14:35:24.0301 1876  Afc ( UnsignedFile.Multi.Generic ) - warning
14:35:24.0301 1876  Afc - detected UnsignedFile.Multi.Generic (1)
14:35:24.0348 1876  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
14:35:24.0410 1876  AFD - ok
14:35:24.0457 1876  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:35:24.0473 1876  agp440 - ok
14:35:24.0535 1876  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
14:35:24.0691 1876  aic78xx - ok
14:35:24.0707 1876  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
14:35:24.0819 1876  ALG - ok
14:35:24.0882 1876  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:35:24.0897 1876  aliide - ok
14:35:24.0914 1876  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:35:24.0945 1876  amdagp - ok
14:35:24.0976 1876  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:35:25.0007 1876  amdide - ok
14:35:25.0007 1876  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
14:35:25.0101 1876  AmdK7 - ok
14:35:25.0148 1876  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:35:25.0226 1876  AmdK8 - ok
14:35:25.0429 1876  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:35:25.0460 1876  AntiVirSchedulerService - ok
14:35:25.0600 1876  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:35:25.0616 1876  AntiVirService - ok
14:35:25.0756 1876  [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:35:25.0850 1876  AntiVirWebService - ok
14:35:25.0912 1876  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
14:35:26.0131 1876  Appinfo - ok
14:35:26.0287 1876  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:35:26.0505 1876  Apple Mobile Device - ok
14:35:26.0567 1876  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
14:35:26.0583 1876  arc - ok
14:35:26.0614 1876  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:35:26.0645 1876  arcsas - ok
14:35:26.0661 1876  [ 104DB777372411C55850C4A2AE6877EF ] AsDsm           C:\Windows\system32\drivers\AsDsm.sys
14:35:26.0677 1876  AsDsm - ok
14:35:26.0723 1876  [ EB1807795CD3EEAA3288B4A30DE254E8 ] ASLDRService    C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
14:35:26.0723 1876  ASLDRService - ok
14:35:26.0755 1876  [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP          C:\Program Files\ATKGFNEX\ASMMAP.sys
14:35:26.0786 1876  ASMMAP - ok
14:35:26.0817 1876  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:35:26.0864 1876  AsyncMac - ok
14:35:27.0004 1876  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:35:27.0020 1876  atapi - ok
14:35:27.0207 1876  [ 2846F5EE802889D500FCF5CC48B28381 ] athr            C:\Windows\system32\DRIVERS\athr.sys
14:35:27.0628 1876  athr - ok
14:35:27.0659 1876  [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv     C:\Program Files\ATKGFNEX\GFNEXSrv.exe
14:35:27.0691 1876  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
14:35:27.0691 1876  ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
14:35:27.0769 1876  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:35:27.0862 1876  AudioEndpointBuilder - ok
14:35:27.0893 1876  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:35:27.0925 1876  Audiosrv - ok
14:35:28.0003 1876  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:35:28.0034 1876  avgntflt - ok
14:35:28.0065 1876  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:35:28.0096 1876  avipbb - ok
14:35:28.0174 1876  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:35:28.0517 1876  avkmgr - ok
14:35:28.0564 1876  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:35:28.0642 1876  Beep - ok
14:35:28.0720 1876  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
14:35:28.0829 1876  BFE - ok
14:35:28.0970 1876  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
14:35:29.0157 1876  BITS - ok
14:35:29.0219 1876  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
14:35:29.0297 1876  blbdrive - ok
14:35:29.0469 1876  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:35:29.0516 1876  Bonjour Service - ok
14:35:29.0594 1876  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:35:29.0719 1876  bowser - ok
14:35:29.0781 1876  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
14:35:29.0828 1876  BrFiltLo - ok
14:35:29.0844 1876  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
14:35:29.0920 1876  BrFiltUp - ok
14:35:29.0951 1876  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
14:35:30.0029 1876  Browser - ok
14:35:30.0076 1876  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
14:35:30.0295 1876  Brserid - ok
14:35:30.0388 1876  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
14:35:30.0513 1876  BrSerWdm - ok
14:35:30.0591 1876  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
14:35:30.0700 1876  BrUsbMdm - ok
14:35:30.0731 1876  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
14:35:30.0825 1876  BrUsbSer - ok
14:35:30.0872 1876  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:35:30.0950 1876  BTHMODEM - ok
14:35:30.0981 1876  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:35:31.0090 1876  cdfs - ok
14:35:31.0121 1876  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:35:31.0199 1876  cdrom - ok
14:35:31.0231 1876  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:35:31.0371 1876  CertPropSvc - ok
14:35:31.0449 1876  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
14:35:31.0511 1876  circlass - ok
14:35:31.0527 1876  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
14:35:31.0574 1876  CLFS - ok
14:35:31.0683 1876  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:35:31.0777 1876  clr_optimization_v2.0.50727_32 - ok
14:35:31.0964 1876  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:35:32.0307 1876  clr_optimization_v4.0.30319_32 - ok
14:35:32.0338 1876  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:35:32.0385 1876  CmBatt - ok
14:35:32.0416 1876  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:35:32.0432 1876  cmdide - ok
14:35:32.0463 1876  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:35:32.0479 1876  Compbatt - ok
14:35:32.0479 1876  COMSysApp - ok
14:35:32.0525 1876  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:35:32.0541 1876  crcdisk - ok
14:35:32.0603 1876  [ D18893845AE1C5833B5B2EA9B7F5C670 ] CRFILTER        C:\Windows\system32\DRIVERS\CRFILTER.sys
14:35:32.0713 1876  CRFILTER - ok
14:35:32.0759 1876  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
14:35:32.0947 1876  Crusoe - ok
14:35:33.0009 1876  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:35:33.0103 1876  CryptSvc - ok
14:35:33.0259 1876  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:35:33.0321 1876  DcomLaunch - ok
14:35:33.0383 1876  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:35:33.0446 1876  DfsC - ok
14:35:33.0758 1876  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
14:35:34.0569 1876  DFSR - ok
14:35:34.0616 1876  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
14:35:34.0678 1876  Dhcp - ok
14:35:34.0725 1876  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
14:35:34.0741 1876  disk - ok
14:35:34.0819 1876  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:35:34.0912 1876  Dnscache - ok
14:35:34.0929 1876  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:35:35.0013 1876  dot3svc - ok
14:35:35.0091 1876  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
14:35:35.0169 1876  DPS - ok
14:35:35.0247 1876  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:35:35.0341 1876  drmkaud - ok
14:35:35.0419 1876  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:35:35.0512 1876  DXGKrnl - ok
14:35:35.0575 1876  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
14:35:35.0684 1876  E1G60 - ok
14:35:35.0715 1876  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
14:35:35.0762 1876  EapHost - ok
14:35:35.0809 1876  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
14:35:35.0840 1876  Ecache - ok
14:35:36.0058 1876  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:35:36.0230 1876  ehRecvr - ok
14:35:36.0261 1876  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
14:35:36.0339 1876  ehSched - ok
14:35:36.0355 1876  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
14:35:36.0386 1876  ehstart - ok
14:35:36.0511 1876  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:35:36.0589 1876  elxstor - ok
14:35:36.0698 1876  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
14:35:36.0745 1876  EMDMgmt - ok
14:35:36.0807 1876  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:35:36.0901 1876  ErrDev - ok
14:35:36.0932 1876  [ 3C1D6B99320C64EB3423E229128D5182 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
14:35:36.0948 1876  ETD - ok
14:35:37.0166 1876  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
14:35:37.0228 1876  EventSystem - ok
14:35:37.0275 1876  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
14:35:37.0400 1876  exfat - ok
14:35:37.0416 1876  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:35:37.0462 1876  fastfat - ok
14:35:37.0525 1876  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:35:37.0603 1876  fdc - ok
14:35:37.0634 1876  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:35:37.0650 1876  fdPHost - ok
14:35:37.0696 1876  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:35:37.0774 1876  FDResPub - ok
14:35:37.0790 1876  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:35:37.0837 1876  FileInfo - ok
14:35:37.0868 1876  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:35:38.0024 1876  Filetrace - ok
14:35:38.0024 1876  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:35:38.0086 1876  flpydisk - ok
14:35:38.0133 1876  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:35:38.0164 1876  FltMgr - ok
14:35:38.0289 1876  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
14:35:38.0430 1876  FontCache - ok
14:35:38.0508 1876  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:35:38.0523 1876  FontCache3.0.0.0 - ok
14:35:38.0586 1876  [ 491E9D9A26A745F6AE7D570849F4BD87 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
14:35:38.0601 1876  fssfltr - ok
14:35:38.0976 1876  [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
14:35:39.0272 1876  fsssvc - ok
14:35:39.0319 1876  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:35:39.0381 1876  Fs_Rec - ok
14:35:39.0444 1876  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:35:39.0475 1876  gagp30kx - ok
14:35:39.0522 1876  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:35:39.0553 1876  GEARAspiWDM - ok
14:35:39.0756 1876  [ 31B40F40E09513ADDC460F6A297AD474 ] ghaio           C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
14:35:39.0787 1876  ghaio - ok
14:35:39.0818 1876  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:35:39.0896 1876  gpsvc - ok
14:35:40.0005 1876  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
14:35:40.0021 1876  gupdate - ok
14:35:40.0021 1876  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:35:40.0022 1876  gupdatem - ok
14:35:40.0098 1876  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:35:40.0129 1876  gusvc - ok
14:35:40.0176 1876  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:35:40.0269 1876  HdAudAddService - ok
14:35:40.0363 1876  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:35:40.0441 1876  HDAudBus - ok
14:35:40.0472 1876  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:35:40.0534 1876  HidBth - ok
14:35:40.0675 1876  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:35:40.0737 1876  HidIr - ok
14:35:40.0846 1876  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
14:35:41.0034 1876  hidserv - ok
14:35:41.0252 1876  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:35:41.0314 1876  HidUsb - ok
14:35:41.0361 1876  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:35:41.0455 1876  hkmsvc - ok
14:35:41.0470 1876  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
14:35:41.0517 1876  HpCISSs - ok
14:35:41.0595 1876  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:35:41.0845 1876  HTTP - ok
14:35:41.0892 1876  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
14:35:41.0985 1876  i2omp - ok
14:35:42.0001 1876  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:35:42.0094 1876  i8042prt - ok
14:35:42.0141 1876  [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
14:35:42.0188 1876  iaStor - ok
14:35:42.0235 1876  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
14:35:42.0266 1876  iaStorV - ok
14:35:42.0360 1876  [ 5C7D72EAB04B1DF8C5D2ACC6551FDE49 ] ICQ Service     C:\Program Files\ICQ6Toolbar\ICQ Service.exe
14:35:42.0391 1876  ICQ Service - ok
14:35:42.0484 1876  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:35:42.0656 1876  idsvc - ok
14:35:43.0483 1876  [ DCE0B53570703CCE580D066F89EF58CD ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
14:35:47.0373 1876  igfx - ok
14:35:47.0404 1876  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:35:47.0435 1876  iirsp - ok
14:35:47.0575 1876  [ 755519F49906B73C1FE9CBBF75E347EA ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
14:35:47.0607 1876  IJPLMSVC - ok
14:35:47.0794 1876  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
14:35:47.0903 1876  IKEEXT - ok
14:35:47.0981 1876  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:35:47.0997 1876  intelide - ok
14:35:48.0043 1876  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:35:48.0106 1876  intelppm - ok
14:35:48.0153 1876  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:35:48.0199 1876  IPBusEnum - ok
14:35:48.0293 1876  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:35:48.0355 1876  IpFilterDriver - ok
14:35:48.0480 1876  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:35:48.0527 1876  iphlpsvc - ok
14:35:48.0527 1876  IpInIp - ok
14:35:48.0574 1876  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
14:35:48.0621 1876  IPMIDRV - ok
14:35:48.0667 1876  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
14:35:48.0699 1876  IPNAT - ok
14:35:48.0901 1876  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:35:48.0933 1876  iPod Service - ok
14:35:48.0933 1876  ipswuio - ok
14:35:48.0964 1876  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:35:48.0995 1876  IRENUM - ok
14:35:49.0042 1876  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:35:49.0073 1876  isapnp - ok
14:35:49.0291 1876  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
14:35:49.0307 1876  iScsiPrt - ok
14:35:49.0354 1876  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
14:35:49.0385 1876  iteatapi - ok
14:35:49.0432 1876  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
14:35:49.0447 1876  iteraid - ok
14:35:49.0479 1876  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:35:49.0510 1876  kbdclass - ok
14:35:49.0588 1876  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:35:49.0650 1876  kbdhid - ok
14:35:49.0681 1876  [ 7F2B8D0B31FB4A797E5786EF124C5A80 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
14:35:49.0697 1876  kbfiltr - ok
14:35:49.0728 1876  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
14:35:49.0837 1876  KeyIso - ok
14:35:49.0931 1876  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:35:50.0025 1876  KSecDD - ok
14:35:50.0118 1876  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:35:50.0226 1876  KtmRm - ok
14:35:50.0387 1876  [ 24ABDDEB766C8459F9D562EB083B6CB8 ] L1E             C:\Windows\system32\DRIVERS\L1E60x86.sys
14:35:50.0402 1876  L1E - ok
14:35:50.0605 1876  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:35:50.0667 1876  LanmanServer - ok
14:35:50.0699 1876  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:35:50.0792 1876  LanmanWorkstation - ok
14:35:50.0870 1876  [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:35:50.0933 1876  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:35:50.0933 1876  LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:35:50.0979 1876  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:35:51.0057 1876  lltdio - ok
14:35:51.0151 1876  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:35:51.0229 1876  lltdsvc - ok
14:35:51.0260 1876  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:35:51.0307 1876  lmhosts - ok
14:35:51.0354 1876  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:35:51.0385 1876  LSI_FC - ok
14:35:51.0401 1876  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:35:51.0432 1876  LSI_SAS - ok
14:35:51.0463 1876  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:35:51.0479 1876  LSI_SCSI - ok
14:35:51.0557 1876  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
14:35:51.0603 1876  luafv - ok
14:35:51.0650 1876  [ 8039F480C192DD99FED4EBC71FFBF795 ] lullaby         C:\Windows\system32\DRIVERS\lullaby.sys
14:35:51.0666 1876  lullaby - ok
14:35:51.0713 1876  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:35:51.0915 1876  Mcx2Svc - ok
14:35:51.0962 1876  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:35:51.0993 1876  megasas - ok
14:35:52.0040 1876  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
14:35:52.0196 1876  MegaSR - ok
14:35:52.0243 1876  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
14:35:52.0305 1876  MMCSS - ok
14:35:52.0337 1876  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
14:35:52.0430 1876  Modem - ok
14:35:52.0555 1876  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:35:52.0617 1876  monitor - ok
14:35:52.0742 1876  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:35:52.0758 1876  mouclass - ok
14:35:52.0789 1876  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:35:52.0945 1876  mouhid - ok
14:35:52.0961 1876  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
14:35:52.0992 1876  MountMgr - ok
14:35:53.0101 1876  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:35:53.0132 1876  MozillaMaintenance - ok
14:35:53.0163 1876  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:35:53.0195 1876  mpio - ok
14:35:53.0210 1876  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:35:53.0288 1876  mpsdrv - ok
14:35:53.0351 1876  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:35:53.0507 1876  MpsSvc - ok
14:35:53.0553 1876  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
14:35:53.0585 1876  Mraid35x - ok
14:35:53.0631 1876  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:35:53.0663 1876  MRxDAV - ok
14:35:53.0803 1876  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:35:53.0834 1876  mrxsmb - ok
14:35:53.0928 1876  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:35:53.0975 1876  mrxsmb10 - ok
14:35:54.0053 1876  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:35:54.0146 1876  mrxsmb20 - ok
14:35:54.0193 1876  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
14:35:54.0224 1876  msahci - ok
14:35:54.0427 1876  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:35:54.0458 1876  msdsm - ok
14:35:54.0474 1876  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
14:35:54.0552 1876  MSDTC - ok
14:35:54.0645 1876  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:35:54.0677 1876  Msfs - ok
14:35:54.0723 1876  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:35:54.0739 1876  msisadrv - ok
14:35:54.0770 1876  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:35:54.0848 1876  MSiSCSI - ok
14:35:54.0864 1876  msiserver - ok
14:35:54.0895 1876  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:35:54.0957 1876  MSKSSRV - ok
14:35:54.0973 1876  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:35:55.0051 1876  MSPCLOCK - ok
14:35:55.0098 1876  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:35:55.0145 1876  MSPQM - ok
14:35:55.0176 1876  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:35:55.0238 1876  MsRPC - ok
14:35:55.0285 1876  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:35:55.0285 1876  mssmbios - ok
14:35:55.0316 1876  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:35:55.0371 1876  MSTEE - ok
14:35:55.0403 1876  [ BB16693616427EAC1A436E106EA8D318 ] MTsensor        C:\Windows\system32\DRIVERS\ATKACPI.sys
14:35:55.0418 1876  MTsensor - ok
14:35:55.0449 1876  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
14:35:55.0465 1876  Mup - ok
14:35:55.0512 1876  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
14:35:55.0590 1876  napagent - ok
14:35:55.0683 1876  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:35:55.0933 1876  NativeWifiP - ok
14:35:55.0980 1876  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:35:56.0011 1876  NDIS - ok
14:35:56.0042 1876  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:35:56.0089 1876  NdisTapi - ok
14:35:56.0151 1876  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:35:56.0214 1876  Ndisuio - ok
14:35:56.0245 1876  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:35:56.0292 1876  NdisWan - ok
14:35:56.0354 1876  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:35:56.0385 1876  NDProxy - ok
14:35:56.0432 1876  [ 29C45722E20572B6440B57E3359E73EE ] Netaapl         C:\Windows\system32\DRIVERS\netaapl.sys
14:35:56.0448 1876  Netaapl ( UnsignedFile.Multi.Generic ) - warning
14:35:56.0448 1876  Netaapl - detected UnsignedFile.Multi.Generic (1)
14:35:56.0510 1876  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:35:56.0573 1876  NetBIOS - ok
14:35:56.0619 1876  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
14:35:56.0682 1876  netbt - ok
14:35:56.0713 1876  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
14:35:56.0729 1876  Netlogon - ok
14:35:56.0807 1876  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
14:35:56.0869 1876  Netman - ok
14:35:56.0900 1876  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
14:35:56.0994 1876  netprofm - ok
14:35:57.0072 1876  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:35:57.0087 1876  NetTcpPortSharing - ok
14:35:57.0134 1876  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:35:57.0150 1876  nfrd960 - ok
14:35:57.0197 1876  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:35:57.0243 1876  NlaSvc - ok
14:35:57.0290 1876  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:35:57.0353 1876  Npfs - ok
14:35:57.0384 1876  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
14:35:57.0431 1876  nsi - ok
14:35:57.0477 1876  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:35:57.0540 1876  nsiproxy - ok
14:35:57.0602 1876  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:35:57.0696 1876  Ntfs - ok
14:35:57.0743 1876  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
14:35:57.0821 1876  ntrigdigi - ok
14:35:57.0852 1876  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
14:35:58.0179 1876  Null - ok
14:35:58.0242 1876  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:35:58.0289 1876  nvraid - ok
14:35:58.0320 1876  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:35:58.0335 1876  nvstor - ok
14:35:58.0398 1876  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:35:58.0429 1876  nv_agp - ok
14:35:58.0429 1876  NwlnkFlt - ok
14:35:58.0445 1876  NwlnkFwd - ok
14:35:58.0476 1876  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
14:35:58.0507 1876  ohci1394 - ok
14:35:58.0585 1876  [ CCAF7108859B6B1698A4223E2760B578 ] OpenVPNService  C:\Program Files\OpenVPN\bin\openvpnserv.exe
14:35:58.0616 1876  OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
14:35:58.0616 1876  OpenVPNService - detected UnsignedFile.Multi.Generic (1)
14:35:58.0679 1876  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:35:58.0694 1876  ose - ok
14:35:58.0881 1876  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:35:59.0115 1876  osppsvc - ok
14:35:59.0147 1876  [ 257190D58444732B68919C573368B64D ] OXSDIDRV_x32    C:\Windows\system32\DRIVERS\OXSDIDRV_x32.sys
14:35:59.0162 1876  OXSDIDRV_x32 - ok
14:35:59.0240 1876  [ 8F534A8630F6BABA92E14531F96906CD ] OXUDIDRV        C:\Windows\system32\Drivers\OXUDIDRV_X32.sys
14:35:59.0256 1876  OXUDIDRV - ok
14:35:59.0318 1876  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
14:35:59.0443 1876  p2pimsvc - ok
14:35:59.0505 1876  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:35:59.0537 1876  p2psvc - ok
14:35:59.0630 1876  [ 81A0921E2A3FDCF840E43AF64BF96EA2 ] PAC7302         C:\Windows\system32\DRIVERS\PAC7302.SYS
14:35:59.0739 1876  PAC7302 - ok
14:35:59.0786 1876  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
14:35:59.0895 1876  Parport - ok
14:35:59.0958 1876  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:35:59.0973 1876  partmgr - ok
14:36:00.0005 1876  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
14:36:00.0083 1876  Parvdm - ok
14:36:00.0114 1876  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:36:00.0192 1876  PcaSvc - ok
14:36:00.0239 1876  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
14:36:00.0270 1876  pci - ok
14:36:00.0301 1876  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
14:36:00.0332 1876  pciide - ok
14:36:00.0363 1876  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:36:00.0395 1876  pcmcia - ok
14:36:00.0430 1876  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:36:00.0593 1876  PEAUTH - ok
14:36:00.0780 1876  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
14:36:01.0061 1876  pla - ok
14:36:01.0154 1876  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:36:01.0217 1876  PlugPlay - ok
14:36:01.0248 1876  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
14:36:01.0263 1876  PNRPAutoReg - ok
14:36:01.0373 1876  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
14:36:01.0404 1876  PNRPsvc - ok
14:36:01.0482 1876  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:36:01.0544 1876  PolicyAgent - ok
14:36:01.0591 1876  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:36:01.0653 1876  PptpMiniport - ok
14:36:01.0685 1876  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
14:36:01.0747 1876  Processor - ok
14:36:01.0794 1876  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:36:01.0841 1876  ProfSvc - ok
14:36:01.0872 1876  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:36:01.0903 1876  ProtectedStorage - ok
14:36:01.0934 1876  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
14:36:01.0981 1876  PSched - ok
14:36:02.0012 1876  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
14:36:02.0059 1876  PxHelp20 - ok
14:36:02.0121 1876  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:36:02.0277 1876  ql2300 - ok
14:36:02.0355 1876  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:36:02.0387 1876  ql40xx - ok
14:36:02.0465 1876  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
14:36:02.0543 1876  QWAVE - ok
14:36:02.0589 1876  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:36:02.0636 1876  QWAVEdrv - ok
14:36:02.0667 1876  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:36:02.0730 1876  RasAcd - ok
14:36:02.0761 1876  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
14:36:02.0839 1876  RasAuto - ok
14:36:02.0886 1876  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:36:02.0933 1876  Rasl2tp - ok
14:36:02.0979 1876  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
14:36:03.0011 1876  RasMan - ok
14:36:03.0042 1876  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:36:03.0104 1876  RasPppoe - ok
14:36:03.0151 1876  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:36:03.0198 1876  RasSstp - ok
14:36:03.0229 1876  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:36:03.0291 1876  rdbss - ok
14:36:03.0354 1876  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:36:03.0401 1876  RDPCDD - ok
14:36:03.0432 1876  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
14:36:03.0479 1876  rdpdr - ok
14:36:03.0494 1876  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:36:03.0541 1876  RDPENCDD - ok
14:36:03.0572 1876  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:36:03.0650 1876  RDPWD - ok
14:36:03.0681 1876  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:36:03.0744 1876  RemoteAccess - ok
14:36:03.0791 1876  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:36:03.0837 1876  RemoteRegistry - ok
14:36:03.0884 1876  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
14:36:03.0962 1876  RpcLocator - ok
14:36:04.0087 1876  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
14:36:04.0290 1876  RpcSs - ok
14:36:04.0337 1876  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:36:04.0383 1876  rspndr - ok
14:36:04.0415 1876  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
14:36:04.0446 1876  SamSs - ok
14:36:04.0461 1876  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:36:04.0493 1876  sbp2port - ok
14:36:04.0524 1876  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:36:04.0555 1876  SCardSvr - ok
14:36:04.0617 1876  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
14:36:04.0664 1876  Schedule - ok
14:36:04.0695 1876  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:36:04.0711 1876  SCPolicySvc - ok
14:36:04.0773 1876  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
14:36:04.0836 1876  sdbus - ok
14:36:04.0883 1876  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:36:04.0929 1876  SDRSVC - ok
14:36:04.0961 1876  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:36:05.0039 1876  secdrv - ok
14:36:05.0070 1876  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
14:36:05.0117 1876  seclogon - ok
14:36:05.0148 1876  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
14:36:05.0210 1876  SENS - ok
14:36:05.0257 1876  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:36:05.0304 1876  Serenum - ok
14:36:05.0335 1876  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
14:36:05.0413 1876  Serial - ok
14:36:05.0444 1876  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:36:05.0475 1876  sermouse - ok
14:36:05.0508 1876  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:36:05.0564 1876  SessionEnv - ok
14:36:05.0579 1876  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:36:05.0626 1876  sffdisk - ok
14:36:05.0673 1876  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:36:05.0720 1876  sffp_mmc - ok
14:36:05.0767 1876  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:36:05.0845 1876  sffp_sd - ok
14:36:05.0891 1876  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:36:06.0032 1876  sfloppy - ok
14:36:06.0110 1876  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:36:06.0172 1876  SharedAccess - ok
14:36:06.0250 1876  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:36:06.0328 1876  ShellHWDetection - ok
14:36:06.0359 1876  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:36:06.0391 1876  sisagp - ok
14:36:06.0484 1876  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
14:36:06.0515 1876  SiSRaid2 - ok
14:36:06.0625 1876  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:36:06.0656 1876  SiSRaid4 - ok
14:36:06.0734 1876  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
14:36:06.0749 1876  SkypeUpdate - ok
14:36:06.0859 1876  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
14:36:07.0077 1876  slsvc - ok
14:36:07.0139 1876  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
14:36:07.0202 1876  SLUINotify - ok
14:36:07.0264 1876  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:36:07.0295 1876  Smb - ok
14:36:07.0436 1876  [ C8A58FC905C9184FA70E37F71060C64D ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
14:36:07.0592 1876  smserial - ok
14:36:07.0654 1876  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:36:07.0841 1876  SNMPTRAP - ok
14:36:07.0919 1876  [ 060F51141B20B8156804446A04AB8B2A ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
14:36:08.0200 1876  SNP2UVC - ok
14:36:08.0231 1876  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
14:36:08.0247 1876  spldr - ok
14:36:08.0341 1876  [ 739DB668DBD812285ECC553E64A5E212 ] spmgr           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
14:36:08.0372 1876  spmgr - ok
14:36:08.0419 1876  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
14:36:08.0497 1876  Spooler - ok
14:36:08.0559 1876  [ 43E8E8238FF52A807D5C17F1AE5CC49C ] SRS_PremiumSound_Service C:\Windows\system32\drivers\srs_PremiumSound_i386.sys
14:36:08.0590 1876  SRS_PremiumSound_Service - ok
14:36:08.0653 1876  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:36:08.0715 1876  srv - ok
14:36:08.0746 1876  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:36:08.0840 1876  srv2 - ok
14:36:08.0887 1876  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:36:08.0933 1876  srvnet - ok
14:36:08.0980 1876  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:36:09.0027 1876  SSDPSRV - ok
14:36:09.0058 1876  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
14:36:09.0074 1876  ssmdrv - ok
14:36:09.0089 1876  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:36:09.0121 1876  SstpSvc - ok
14:36:09.0199 1876  [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
14:36:09.0245 1876  StillCam - ok
14:36:09.0292 1876  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
14:36:09.0339 1876  stisvc - ok
14:36:09.0370 1876  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:36:09.0401 1876  swenum - ok
14:36:09.0433 1876  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
14:36:09.0495 1876  swprv - ok
14:36:09.0526 1876  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
14:36:09.0542 1876  Symc8xx - ok
14:36:09.0573 1876  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
14:36:09.0589 1876  Sym_hi - ok
14:36:09.0620 1876  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
14:36:09.0635 1876  Sym_u3 - ok
14:36:09.0682 1876  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
14:36:09.0760 1876  SysMain - ok
14:36:09.0807 1876  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:36:09.0838 1876  TabletInputService - ok
14:36:09.0885 1876  [ 5C7C939BBD03784FE58C80578D065CC9 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
14:36:09.0932 1876  tap0901 - ok
14:36:09.0979 1876  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:36:10.0025 1876  TapiSrv - ok
14:36:10.0072 1876  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
14:36:10.0103 1876  TBS - ok
14:36:10.0166 1876  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:36:10.0259 1876  Tcpip - ok
14:36:10.0353 1876  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
14:36:10.0384 1876  Tcpip6 - ok
14:36:10.0415 1876  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:36:10.0447 1876  tcpipreg - ok
14:36:10.0525 1876  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:36:10.0588 1876  TDPIPE - ok
14:36:10.0614 1876  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:36:10.0688 1876  TDTCP - ok
14:36:10.0719 1876  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:36:10.0781 1876  tdx - ok
14:36:10.0813 1876  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:36:10.0844 1876  TermDD - ok
14:36:10.0891 1876  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
14:36:10.0922 1876  TermService - ok
14:36:10.0953 1876  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
14:36:10.0984 1876  Themes - ok
14:36:10.0984 1876  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
14:36:11.0015 1876  THREADORDER - ok
14:36:11.0047 1876  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
14:36:11.0109 1876  TrkWks - ok
14:36:11.0249 1876  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:36:11.0312 1876  TrustedInstaller - ok
14:36:11.0374 1876  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:36:11.0421 1876  tssecsrv - ok
14:36:11.0468 1876  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
14:36:11.0515 1876  tunmp - ok
14:36:11.0608 1876  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:36:11.0702 1876  tunnel - ok
14:36:11.0749 1876  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:36:11.0780 1876  uagp35 - ok
14:36:11.0827 1876  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:36:11.0889 1876  udfs - ok
14:36:11.0920 1876  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:36:11.0983 1876  UI0Detect - ok
14:36:12.0014 1876  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:36:12.0061 1876  uliagpkx - ok
14:36:12.0076 1876  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
14:36:12.0139 1876  uliahci - ok
14:36:12.0170 1876  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
14:36:12.0201 1876  UlSata - ok
14:36:12.0232 1876  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
14:36:12.0248 1876  ulsata2 - ok
14:36:12.0279 1876  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:36:12.0326 1876  umbus - ok
14:36:12.0357 1876  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
14:36:12.0419 1876  upnphost - ok
14:36:12.0513 1876  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
14:36:12.0575 1876  USBAAPL - ok
14:36:12.0622 1876  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:36:12.0669 1876  usbaudio - ok
14:36:12.0700 1876  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:36:12.0763 1876  usbccgp - ok
14:36:12.0809 1876  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:36:12.0903 1876  usbcir - ok
14:36:12.0934 1876  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:36:12.0981 1876  usbehci - ok
14:36:13.0028 1876  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:36:13.0059 1876  usbhub - ok
14:36:13.0090 1876  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:36:13.0168 1876  usbohci - ok
14:36:13.0246 1876  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:36:13.0309 1876  usbprint - ok
14:36:13.0355 1876  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:36:13.0449 1876  usbscan - ok
14:36:13.0480 1876  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:36:13.0543 1876  USBSTOR - ok
14:36:13.0574 1876  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
14:36:13.0636 1876  usbuhci - ok
14:36:13.0683 1876  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
14:36:13.0745 1876  usbvideo - ok
14:36:13.0792 1876  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
14:36:13.0839 1876  UxSms - ok
14:36:13.0901 1876  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
14:36:13.0964 1876  vds - ok
14:36:14.0026 1876  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:36:14.0073 1876  vga - ok
14:36:14.0104 1876  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:36:14.0167 1876  VgaSave - ok
14:36:14.0198 1876  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:36:14.0229 1876  viaagp - ok
14:36:14.0291 1876  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
14:36:14.0338 1876  ViaC7 - ok
14:36:14.0401 1876  [ A6CAB31A6CFCD41E5213A924B2413EF1 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
14:36:14.0510 1876  VIAHdAudAddService - ok
14:36:14.0557 1876  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
14:36:14.0572 1876  viaide - ok
14:36:14.0588 1876  VNUSB - ok
14:36:14.0603 1876  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:36:14.0650 1876  volmgr - ok
14:36:14.0681 1876  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:36:14.0713 1876  volmgrx - ok
14:36:14.0775 1876  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:36:14.0806 1876  volsnap - ok
14:36:14.0837 1876  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:36:14.0853 1876  vsmraid - ok
14:36:14.0915 1876  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
14:36:15.0056 1876  VSS - ok
14:36:15.0103 1876  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
14:36:15.0134 1876  W32Time - ok
14:36:15.0165 1876  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:36:15.0243 1876  WacomPen - ok
14:36:15.0274 1876  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
14:36:15.0337 1876  Wanarp - ok
14:36:15.0337 1876  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:36:15.0368 1876  Wanarpv6 - ok
14:36:15.0399 1876  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:36:15.0477 1876  wcncsvc - ok
14:36:15.0524 1876  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:36:15.0586 1876  WcsPlugInService - ok
14:36:15.0633 1876  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
14:36:15.0649 1876  Wd - ok
14:36:15.0711 1876  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:36:15.0770 1876  Wdf01000 - ok
14:36:15.0786 1876  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:36:15.0848 1876  WdiServiceHost - ok
14:36:15.0848 1876  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:36:15.0895 1876  WdiSystemHost - ok
14:36:15.0926 1876  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
14:36:15.0957 1876  WebClient - ok
14:36:16.0004 1876  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:36:16.0113 1876  Wecsvc - ok
14:36:16.0145 1876  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:36:16.0223 1876  wercplsupport - ok
14:36:16.0285 1876  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:36:16.0316 1876  WerSvc - ok
14:36:16.0363 1876  [ 090A2B8F055343815556A01F725F6C35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
14:36:16.0394 1876  WimFltr - ok
14:36:16.0457 1876  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
14:36:16.0488 1876  WinDefend - ok
14:36:16.0488 1876  WinHttpAutoProxySvc - ok
14:36:16.0550 1876  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:36:16.0628 1876  Winmgmt - ok
14:36:16.0691 1876  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
14:36:16.0847 1876  WinRM - ok
14:36:16.0925 1876  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:36:17.0034 1876  Wlansvc - ok
14:36:17.0174 1876  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:36:17.0252 1876  wlidsvc - ok
14:36:17.0315 1876  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
14:36:17.0361 1876  WmiAcpi - ok
14:36:17.0424 1876  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:36:17.0471 1876  wmiApSrv - ok
14:36:17.0564 1876  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
14:36:17.0611 1876  WMPNetworkSvc - ok
14:36:17.0673 1876  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:36:17.0751 1876  WPCSvc - ok
14:36:17.0798 1876  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:36:17.0829 1876  WPDBusEnum - ok
14:36:17.0876 1876  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
14:36:17.0907 1876  WpdUsb - ok
14:36:18.0235 1876  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:36:18.0422 1876  WPFFontCache_v0400 - ok
14:36:18.0469 1876  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:36:18.0531 1876  ws2ifsl - ok
14:36:18.0859 1876  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
14:36:18.0890 1876  wscsvc - ok
14:36:18.0968 1876  [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
14:36:19.0015 1876  WSDPrintDevice - ok
14:36:19.0015 1876  WSearch - ok
14:36:19.0483 1876  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
14:36:20.0060 1876  wuauserv - ok
14:36:20.0263 1876  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:36:20.0341 1876  WudfPf - ok
14:36:20.0419 1876  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:36:20.0466 1876  WUDFRd - ok
14:36:20.0528 1876  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:36:20.0575 1876  wudfsvc - ok
14:36:20.0798 1876  [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
14:36:20.0928 1876  yukonwlh - ok
14:36:20.0943 1876  ================ Scan global ===============================
14:36:21.0146 1876  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:36:21.0240 1876  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
14:36:21.0520 1876  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
14:36:21.0723 1876  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
14:36:21.0739 1876  [Global] - ok
14:36:21.0739 1876  ================ Scan MBR ==================================
14:36:21.0801 1876  [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk0\DR0
14:36:47.0875 1876  \Device\Harddisk0\DR0 - ok
14:36:47.0875 1876  ================ Scan VBR ==================================
14:36:47.0969 1876  [ 604CB0A657BCC8549EAD1E7C96F4BA11 ] \Device\Harddisk0\DR0\Partition1
14:36:47.0985 1876  \Device\Harddisk0\DR0\Partition1 - ok
14:36:48.0141 1876  [ 46E1066CEA6A1C59F538FE8C86DAEEA9 ] \Device\Harddisk0\DR0\Partition2
14:36:48.0156 1876  \Device\Harddisk0\DR0\Partition2 - ok
14:36:48.0156 1876  ============================================================
14:36:48.0156 1876  Scan finished
14:36:48.0156 1876  ============================================================
14:36:48.0172 2716  Detected object count: 6
14:36:48.0172 2716  Actual detected object count: 6
14:37:21.0836 2716  ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
14:37:21.0836 2716  ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:37:21.0836 2716  Afc ( UnsignedFile.Multi.Generic ) - skipped by user
14:37:21.0836 2716  Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:37:21.0836 2716  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:37:21.0836 2716  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:37:21.0852 2716  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:37:21.0852 2716  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:37:21.0852 2716  Netaapl ( UnsignedFile.Multi.Generic ) - skipped by user
14:37:21.0852 2716  Netaapl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:37:21.0852 2716  OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
14:37:21.0852 2716  OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 20.05.2013, 13:49   #11
markusg
/// Malware-holic
 
Und noch ein GVU Angriff :( - Standard

Und noch ein GVU Angriff :(



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.05.2013, 14:35   #12
Khael
 
Und noch ein GVU Angriff :( - Standard

Und noch ein GVU Angriff :(



Hat alles ohne Fehlermeldung geklappt

Code:
ATTFilter
ComboFix 13-05-18.04 - Cathrin 20.05.2013  15:09:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3036.1259 [GMT 2:00]
ausgeführt von:: c:\users\Cathrin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\ASPG_icon.ico
c:\programdata\rundll32.exe
c:\users\Cathrin\5466023.dll
c:\users\Cathrin\AppData\Roaming\Desktopicon
c:\users\Cathrin\AppData\Roaming\Desktopicon\config.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-20 bis 2013-05-20  ))))))))))))))))))))))))))))))
.
.
2013-05-20 14:23 . 2013-05-20 14:23	9310	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-05-20 14:23 . 2013-05-20 14:23	8646	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-05-20 14:23 . 2013-05-20 14:23	8613	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-05-20 14:23 . 2013-05-20 14:23	6429	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-05-20 14:23 . 2013-05-20 14:23	63115	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-05-20 14:23 . 2013-05-20 14:23	5927	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2013-05-20 14:23 . 2013-05-20 14:23	4599	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-05-20 14:23 . 2013-05-20 14:23	1651	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2013-05-20 14:22 . 2013-05-20 14:22	8288	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2013-05-20 14:22 . 2013-05-20 14:22	6910	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2013-05-20 14:22 . 2013-05-20 14:22	6208	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2013-05-20 14:22 . 2013-05-20 14:22	18541	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2013-05-20 14:22 . 2013-05-20 14:22	51852	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2013-05-20 14:22 . 2013-05-20 14:22	8782	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-05-20 14:22 . 2013-05-20 14:22	7271	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-05-20 14:22 . 2013-05-20 14:22	23327	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-05-20 14:22 . 2013-05-20 14:22	20719	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2013-05-20 13:23 . 2013-05-20 13:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-20 12:54 . 2013-05-20 12:54	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCA3FE3B-4ABF-4BB4-9A37-CA04842BD20C}\offreg.dll
2013-05-20 12:40 . 2013-05-13 23:49	7016152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCA3FE3B-4ABF-4BB4-9A37-CA04842BD20C}\mpengine.dll
2013-05-18 20:56 . 2011-07-13 02:55	2237440	----a-r-	C:\OTLPE.exe
2013-05-18 20:56 . 2013-05-18 15:25	--------	d-----w-	C:\_OTL
2013-05-18 15:22 . 2013-05-05 19:12	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-17 18:06 . 2013-04-15 14:20	638328	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-17 18:06 . 2013-04-13 10:56	37376	----a-w-	c:\windows\system32\cdd.dll
2013-05-17 18:05 . 2013-04-09 01:36	2049024	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 15:04 . 2009-06-26 04:06	45056	----a-w-	c:\windows\system32\acovcnt.exe
2013-05-15 16:23 . 2012-04-15 10:29	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-15 16:23 . 2011-08-20 07:34	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2012-11-01 08:48	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-03-29 09:48 . 2012-11-01 08:40	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-29 09:48 . 2012-11-01 08:40	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-29 09:48 . 2012-11-01 08:40	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-11 13:25 . 2013-04-10 20:18	3603816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-10 20:18	3551080	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-09 20:41 . 2013-03-09 20:41	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-09 20:41 . 2012-11-16 23:33	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-09 20:41 . 2010-06-16 16:57	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-09 03:45 . 2013-04-10 20:18	49152	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-10 20:18	64000	----a-w-	c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-04-10 20:16	376320	----a-w-	c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-10 20:18	2067968	----a-w-	c:\windows\system32\mstscax.dll
2013-03-03 19:07 . 2013-04-10 20:18	1082232	----a-w-	c:\windows\system32\drivers\ntfs.sys
2008-12-23 20:36 . 2008-12-23 20:36	106496	----a-w-	c:\program files\Common Files\CPInstallAction.dll
2013-04-13 19:12 . 2013-04-13 19:12	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54	175912	----a-w-	c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{76aeea42-e04a-4b62-83ab-df4b2be2541e}]
2010-06-13 17:10	2734688	----a-w-	c:\program files\MessengerPlusLive_Germany_TB\tbMess.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54	175912	----a-w-	c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{76aeea42-e04a-4b62-83ab-df4b2be2541e}"= "c:\program files\MessengerPlusLive_Germany_TB\tbMess.dll" [2010-06-13 2734688]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{76aeea42-e04a-4b62-83ab-df4b2be2541e}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E}"= "c:\program files\MessengerPlusLive_Germany_TB\tbMess.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{76aeea42-e04a-4b62-83ab-df4b2be2541e}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Cathrin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Cathrin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Cathrin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-03-20 3261688]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-05-18 323584]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-16 1474560]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-03-06 424352]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-06-26 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-06-26 47672]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-09-30 237568]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-06 345312]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Cathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Cathrin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\WI83E4~1\Datamngr\datamngr.dll c:\progra~1\WI83E4~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk]
backup=c:\windows\pss\Philips GoGear VIBE Device Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
2008-10-01 06:02	851968	----a-w-	c:\program files\ASUS\Splendid\ACMON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 18:17	207424	----a-w-	c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2008-12-29 17:21	159744	----a-w-	c:\program files\ASUS\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 16:06	1848648	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-10 16:20	689488	----a-w-	c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52	104936	----a-w-	c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2007-11-19 02:19	128352	----a-w-	c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 11:35	152392	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 17:16	2363392	----a-w-	c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2008-12-18 22:30	323216	----a-w-	c:\program files\Napster\napster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04	252848	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2010-06-07 13:32	111928	----a-r-	c:\program files\SweetIM\Messenger\SweetIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 88947350
*Deregistered* - 88947350
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 16:23]
.
2012-11-04 c:\windows\Tasks\ASUS SmartLogon Console Sensor.job
- c:\program files\ASUS\SmartLogon\sensorsrv.exe [2008-12-09 22:00]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 13:36]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 13:36]
.
2012-11-04 c:\windows\Tasks\Net4Switch.job
- c:\program files\ASUS\Net4Switch\Net4Switch.exe [2011-01-01 12:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=hp&babsrc=lnkry_nt
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=76523d0e-8eba-4612-9bc7-6be76dcdab92&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Cathrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\users\Cathrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Cathrin\AppData\Roaming\Mozilla\Firefox\Profiles\e8w3q7kr.default-1355078513750\
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-05-20 15:25
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\users\Cathrin\AppData\Local\Temp\catchme.dll 53248 bytes executable
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 2
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(640)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
Zeit der Fertigstellung: 2013-05-20  15:29:43
ComboFix-quarantined-files.txt  2013-05-20 13:29
.
Vor Suchlauf: 14 Verzeichnis(se), 20.211.150.848 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 22.617.776.128 Bytes frei
.
- - End Of File - - 2399E09787DC521A015495ADE9A3F520
         

Alt 20.05.2013, 14:39   #13
markusg
/// Malware-holic
 
Und noch ein GVU Angriff :( - Standard

Und noch ein GVU Angriff :(



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.05.2013, 17:35   #14
Khael
 
Und noch ein GVU Angriff :( - Standard

Und noch ein GVU Angriff :(



Bitte sehr :

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.20.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Cathrin :: CATHRINS_LAPPI [Administrator]

20.05.2013 15:45:42
mbam-log-2013-05-20 (15-45-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 428090
Laufzeit: 2 Stunde(n), 45 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Qoobox\Quarantine\C\Users\Cathrin\5466023.dll.vir (Trojan.FakeMS.INC) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles.zip (Trojan.FakeMS.INC) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\05182013_165650\C_ProgramData\zdhft.dat (Trojan.FakeMS.INC) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 20.05.2013, 17:39   #15
markusg
/// Malware-holic
 
Und noch ein GVU Angriff :( - Standard

Und noch ein GVU Angriff :(



sieht gut aus.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Und noch ein GVU Angriff :(
abgesicherten, angriff, applaus, betriebssystem, eingefangen, entferne, entfernen, filme, freundin, gen, griff, heute, hoffe, interne, internet, kompetent, konnte, laptop, modus, nicht mehr, sofort, starte, starten, super, trojaners, windows, würde, Änderungen



Ähnliche Themen: Und noch ein GVU Angriff :(


  1. Trotz Patches: Android- und iOS-Apps noch anfällig für Freak-Angriff
    Nachrichten - 19.03.2015 (0)
  2. DDoS angriff? :(
    Plagegeister aller Art und deren Bekämpfung - 26.10.2014 (7)
  3. erneuter GVU Angriff!
    Plagegeister aller Art und deren Bekämpfung - 03.07.2013 (16)
  4. Angriff auf zap-hosting.com
    Nachrichten - 02.07.2013 (0)
  5. GUV Angriff
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (31)
  6. Trojaner angriff
    Log-Analyse und Auswertung - 05.02.2012 (1)
  7. Angriff auf Website
    Diskussionsforum - 26.08.2011 (1)
  8. Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!
    Plagegeister aller Art und deren Bekämpfung - 18.05.2010 (26)
  9. immer noch sdfadf.df Files nach conficker.L Angriff
    Plagegeister aller Art und deren Bekämpfung - 29.10.2009 (10)
  10. Dos-Angriff?
    Plagegeister aller Art und deren Bekämpfung - 14.08.2009 (43)
  11. Angriff von: BDS/Ciadoor.N.10
    Log-Analyse und Auswertung - 19.03.2008 (2)
  12. Hacker Angriff ?
    Antiviren-, Firewall- und andere Schutzprogramme - 05.02.2008 (10)
  13. Trojaner Angriff, Help
    Plagegeister aller Art und deren Bekämpfung - 21.09.2005 (9)
  14. Angriff
    Antiviren-, Firewall- und andere Schutzprogramme - 14.09.2005 (2)
  15. Angriff bei homebanking?!
    Plagegeister aller Art und deren Bekämpfung - 07.05.2005 (10)
  16. Helkern angriff
    Plagegeister aller Art und deren Bekämpfung - 31.08.2004 (4)
  17. Outpost Angriff ???
    Antiviren-, Firewall- und andere Schutzprogramme - 11.03.2003 (3)

Zum Thema Und noch ein GVU Angriff :( - Hallo! Nachdem ihr mir beim letzten Mal so SUPER und kompetent beim Entfernen eines Trojaners geholfen habt (hier nochmal ein ausdrückliches DANKE ) möchte ich mich nochmal an euch wenden. - Und noch ein GVU Angriff :(...
Archiv
Du betrachtest: Und noch ein GVU Angriff :( auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.